[ 
https://issues.apache.org/jira/browse/YARN-2233?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Varun Vasudev updated YARN-2233:
--------------------------------

    Attachment: apache-yarn-2233.1.patch

{quote}
1.

bq. It should be noted that when cancelling a token, the token to be cancelled 
is specified by setting a header.

Any reason for specifying the token in head? If there's something 
non-intuitive, maybe we should have some in-code comments for other developers?
{quote}

I've added comments to the code explaining why this is. Jetty doesn't allow 
request bodies for DELETE methods.

{quote}
2. RPC get delegation token API doesn't have these fields, but it seems to be 
nice have. We may want to file a Jira.
{noformat}
+    long currentExpiration = ident.getIssueDate() + tokenRenewInterval;
+    long maxValidity = ident.getMaxDate();
{noformat}
{quote}

Fixed this. I've left the fields out for now to match the RPC response. I'll 
file tickets to add the information to both interfaces.

{quote}
3. Is it possible to reuse KerberosTestUtils in hadoop-auth?
{quote}

I missed this. hadoop-auth doesn't export test jars for us to use. I've changed 
the pom.xml to start generating test-jars for hadoop-auth and used 
KerberosTestUtils from there.

{quote}
4. Is this supposed to test invalid request body? It doesn't look like the 
invalid body construction in the later tests.
{noformat}
+        response =
+            resource().path("ws").path("v1").path("cluster")
+              .path("delegation-token").accept(contentType)
+              .entity(dtoken, mediaType).post(ClientResponse.class);
+        assertEquals(Status.BAD_REQUEST, response.getClientResponseStatus());
{noformat}
{quote}

This is actually a test with the renewer missing from the request body, hence 
the BAD_REQUEST.

{quote}
1. No need of "== ture".

{noformat}
+    if (usePrincipal == true) {
{noformat}

Similarly,
{noformat}
+    if (KerberosAuthenticationHandler.TYPE.equals(authType) == false) {
{noformat}
{quote}

Fixed.

{quote}
2. If I remember it correctly, callerUGI.doAs will throw 
UndeclaredThrowableException, which wraps the real raised exception. However, 
UndeclaredThrowableException is an RE, this code cannot capture it.
{noformat}
+    try {
+      resp =
+          callerUGI
+            .doAs(new PrivilegedExceptionAction<GetDelegationTokenResponse>() {
+              @Override
+              public GetDelegationTokenResponse run() throws IOException,
+                  YarnException {
+                GetDelegationTokenRequest createReq =
+                    GetDelegationTokenRequest.newInstance(renewer);
+                return rm.getClientRMService().getDelegationToken(createReq);
+              }
+            });
+    } catch (Exception e) {
+      LOG.info("Create delegation token request failed", e);
+      throw e;
+    }
{noformat}
{quote}

I'm unsure about this. RE is a sub-class of Exception. Why won't this code work?

{quote}
3. Cannot return respToken simply? The framework should generate "OK" status 
automatically, right?
{noformat}
+    return Response.status(Status.OK).entity(respToken).build();
{noformat}
{quote}

There are a few cases where we need to send a FORBIDDEN response back and the 
GenericExceptionHandler doesn't return FORBIDDEN responses.

{quote}
4. You can call tk.decodeIdentifier directly.
{noformat}
+    RMDelegationTokenIdentifier ident = new RMDelegationTokenIdentifier();
+    ByteArrayInputStream buf = new ByteArrayInputStream(tk.getIdentifier());
+    DataInputStream in = new DataInputStream(buf);
+    ident.readFields(in);
{noformat}
{quote}

Fixed. Thanks for this, cleaned up bunch of boilerplate code.

> Implement web services to create, renew and cancel delegation tokens
> --------------------------------------------------------------------
>
>                 Key: YARN-2233
>                 URL: https://issues.apache.org/jira/browse/YARN-2233
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: resourcemanager
>            Reporter: Varun Vasudev
>            Assignee: Varun Vasudev
>            Priority: Blocker
>         Attachments: apache-yarn-2233.0.patch, apache-yarn-2233.1.patch
>
>
> Implement functionality to create, renew and cancel delegation tokens.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to