Varun Vasudev created YARN-2232:
-----------------------------------
Summary: ClientRMService doesn't allow delegation token owner to
cancel their own token
Key: YARN-2232
URL: https://issues.apache.org/jira/browse/YARN-2232
Project: Hadoop YARN
Issue Type: Bug
Reporter: Varun Vasudev
Assignee: Varun Vasudev
Attachments: apache-yarn-2232.0.patch
The ClientRMSerivce doesn't allow delegation token owners to cancel their own
tokens. The root cause is this piece of code from the cancelDelegationToken
function -
{noformat}
String user = getRenewerForToken(token);
...
private String getRenewerForToken(Token<RMDelegationTokenIdentifier> token)
throws IOException {
UserGroupInformation user = UserGroupInformation.getCurrentUser();
UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
// we can always renew our own tokens
return loginUser.getUserName().equals(user.getUserName())
? token.decodeIdentifier().getRenewer().toString()
: user.getShortUserName();
}
{noformat}
It ends up passing the user short name to the cancelToken function whereas
AbstractDelegationTokenSecretManager::cancelToken expects the full user name.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
