Hadoop QA commented on YARN-2232:

{color:green}+1 overall{color}.  Here are the results of testing the latest 
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author 

    {color:green}+1 tests included{color}.  The patch appears to include 1 new 
or modified test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the 
total number of javac compiler warnings.

    {color:green}+1 javadoc{color}.  There were no new javadoc warning messages.

    {color:green}+1 eclipse:eclipse{color}.  The patch built with 

    {color:green}+1 findbugs{color}.  The patch does not introduce any new 
Findbugs (version 1.3.9) warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase 
the total number of release audit warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in 

    {color:green}+1 contrib tests{color}.  The patch passed contrib unit tests.

Test results: 
Console output: https://builds.apache.org/job/PreCommit-YARN-Build/4157//console

This message is automatically generated.

> ClientRMService doesn't allow delegation token owner to cancel their own 
> token in secure mode
> ---------------------------------------------------------------------------------------------
>                 Key: YARN-2232
>                 URL: https://issues.apache.org/jira/browse/YARN-2232
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: Varun Vasudev
>            Assignee: Varun Vasudev
>         Attachments: apache-yarn-2232.0.patch, apache-yarn-2232.1.patch, 
> apache-yarn-2232.2.patch
> The ClientRMSerivce doesn't allow delegation token owners to cancel their own 
> tokens. The root cause is this piece of code from the cancelDelegationToken 
> function -
> {noformat}
> String user = getRenewerForToken(token);
> ...
> private String getRenewerForToken(Token<RMDelegationTokenIdentifier> token) 
> throws IOException {
>   UserGroupInformation user = UserGroupInformation.getCurrentUser();
>   UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
>   // we can always renew our own tokens
>   return loginUser.getUserName().equals(user.getUserName())
>       ? token.decodeIdentifier().getRenewer().toString()
>       : user.getShortUserName();
> }
> {noformat}
> It ends up passing the user short name to the cancelToken function whereas 
> AbstractDelegationTokenSecretManager::cancelToken expects the full user name. 
> This bug occurs in secure mode and is not an issue with simple auth.

This message was sent by Atlassian JIRA

Reply via email to