Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13815

TestKMS#testDelegationTokensOpsSimple and TestKMS#testDelegationTokensOpsKerberized Fails in Trunk

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.8.0, 3.0.0-alpha2
    • test
    • None
    • Reviewed

    Description

      Expected to find 'tries to renew a token with renewer' but got unexpected exception:java.io.IOException: HTTP status [403], message [org.apache.hadoop.security.AccessControlException: client tries to renew a token (kms-dt owner=client, renewer=client1, realUser=, issueDate=1479025952525, maxDate=1479630752525, sequenceNumber=1, masterKeyId=2) with non-matching renewer client1]
 at org.apache.hadoop.util.HttpExceptionUtils.validateResponse(HttpExceptionUtils.java:169)
 at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.doDelegationTokenOperation(DelegationTokenAuthenticator.java:300)
 at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.renewDelegationToken(DelegationTokenAuthenticator.java:216)
 at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.renewDelegationToken(DelegationTokenAuthenticatedURL.java:415)
 at org.apache.hadoop.crypto.key.kms.KMSClientProvider$2.run(KMSClientProvider.java:906)
 at org.apache.hadoop.crypto.key.kms.KMSClientProvider$2.run(KMSClientProvider.java:903)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.Subject.doAs(Subject.java:422)
 at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1857)
 at org.apache.hadoop.crypto.key.kms.KMSClientProvider.renewDelegationToken(KMSClientProvider.java:902)
 at org.apache.hadoop.crypto.key.kms.KMSClientProvider$KMSTokenRenewer.renew(KMSClientProvider.java:183)
 at org.apache.hadoop.security.token.Token.renew(Token.java:490)
 at org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1.run(TestKMS.java:1820)
 at org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1.run(TestKMS.java:1793)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.Subject.doAs(Subject.java:422)
 at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1857)
 at org.apache.hadoop.crypto.key.kms.server.TestKMS.doAs(TestKMS.java:292)
 at org.apache.hadoop.crypto.key.kms.server.TestKMS.access$100(TestKMS.java:80)
 at org.apache.hadoop.crypto.key.kms.server.TestKMS$14.call(TestKMS.java:1793)
 at org.apache.hadoop.crypto.key.kms.server.TestKMS$14.call(TestKMS.java:1785)
 at org.apache.hadoop.crypto.key.kms.server.TestKMS.runServer(TestKMS.java:140)
 at org.apache.hadoop.crypto.key.kms.server.TestKMS.runServer(TestKMS.java:122)
 at org.apache.hadoop.crypto.key.kms.server.TestKMS.testDelegationTokensOps(TestKMS.java:1785)
 at org.apache.hadoop.crypto.key.kms.server.TestKMS.testDelegationTokensOpsKerberized(TestKMS.java:1768)

      Reference:

      https://builds.apache.org/job/hadoop-qbt-trunk-java8-linux-x86/224/testReport/junit/

      Attachments

        1. HADOOP-13815.01.patch
          0.8 kB
          Xiao Chen
        2. HADOOP-13815.02.patch
          0.8 kB
          Xiao Chen
        3. HADOOP-13815.03.patch
          1 kB
          Xiao Chen

        Issue Links

          is broken by

          Sub-task - The sub-task of the issue HADOOP-13720 Add more info to the msgs printed in AbstractDelegationTokenSecretManager for better supportability

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Resolved

          Activity

            People

              xiaochen Xiao Chen
              brahmareddy Brahma Reddy Battula
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: