[HADOOP-13748] TestKMS fails in testProxyUserSimple and testDelegationTokensOpsSimple - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Duplicate
Affects Version/s: 2.8.0, 3.0.0-alpha2
Fix Version/s: None
Component/s: kms
Labels:
None

Description

Running org.apache.hadoop.crypto.key.kms.server.TestKMS
Tests run: 26, Failures: 0, Errors: 2, Skipped: 0, Time elapsed: 97.723 sec <<< FAILURE! - in org.apache.hadoop.crypto.key.kms.server.TestKMS
testProxyUserSimple(org.apache.hadoop.crypto.key.kms.server.TestKMS)  Time elapsed: 1.273 sec  <<< ERROR!
org.apache.hadoop.security.authorize.AuthorizationException: User [jzhuge] is not authorized to create key !!

testDelegationTokensOpsSimple(org.apache.hadoop.crypto.key.kms.server.TestKMS)  Time elapsed: 1.194 sec  <<< ERROR!
java.io.IOException: HTTP status [403], message [org.apache.hadoop.security.AccessControlException: jzhuge tries to renew a token with renewer client1]
	at org.apache.hadoop.util.HttpExceptionUtils.validateResponse(HttpExceptionUtils.java:169)
	at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.doDelegationTokenOperation(DelegationTokenAuthenticator.java:300)
	at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.renewDelegationToken(DelegationTokenAuthenticator.java:216)
	at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.renewDelegationToken(DelegationTokenAuthenticatedURL.java:415)
	at org.apache.hadoop.crypto.key.kms.KMSClientProvider$2.run(KMSClientProvider.java:906)
	at org.apache.hadoop.crypto.key.kms.KMSClientProvider$2.run(KMSClientProvider.java:903)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1795)
	at org.apache.hadoop.crypto.key.kms.KMSClientProvider.renewDelegationToken(KMSClientProvider.java:902)
	at org.apache.hadoop.crypto.key.kms.KMSClientProvider$KMSTokenRenewer.renew(KMSClientProvider.java:183)
	at org.apache.hadoop.security.token.Token.renew(Token.java:490)
	at org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1$1.run(TestKMS.java:1850)
	at org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1$1.run(TestKMS.java:1839)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1795)
	at org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1.run(TestKMS.java:1839)
	at org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1.run(TestKMS.java:1792)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1795)
	at org.apache.hadoop.crypto.key.kms.server.TestKMS.doAs(TestKMS.java:291)
	at org.apache.hadoop.crypto.key.kms.server.TestKMS.access$100(TestKMS.java:79)


Results :

Tests in error: 
  TestKMS.testProxyUserSimple » Authorization User [jzhuge] is not authorized to...
  TestKMS.testDelegationTokensOpsSimple:1760->testDelegationTokensOps:1784->runServer:121->runServer:139->access$100:79->doAs:291 » IO

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-13748.00.patch
23/Oct/16 15:11
1 kB
Xiaoyu Yao

Issue Links

is broken by

HADOOP-13749 KMSClientProvider combined with KeyProviderCache can result in wrong UGI being used

Resolved

is related to

HADOOP-13749 KMSClientProvider combined with KeyProviderCache can result in wrong UGI being used

Resolved

Activity

People

Assignee:: Xiaoyu Yao

Reporter:: John Zhuge

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23/Oct/16 07:04

Updated:: 23/Oct/16 15:46

Resolved:: 23/Oct/16 15:40