Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13815

TestKMS#testDelegationTokensOpsSimple and TestKMS#testDelegationTokensOpsKerberized Fails in Trunk

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.8.0, 3.0.0-alpha2
    • Component/s: test
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Expected to find 'tries to renew a token with renewer' but got unexpected exception:java.io.IOException: HTTP status [403], message [org.apache.hadoop.security.AccessControlException: client tries to renew a token (kms-dt owner=client, renewer=client1, realUser=, issueDate=1479025952525, maxDate=1479630752525, sequenceNumber=1, masterKeyId=2) with non-matching renewer client1]
       at org.apache.hadoop.util.HttpExceptionUtils.validateResponse(HttpExceptionUtils.java:169)
       at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.doDelegationTokenOperation(DelegationTokenAuthenticator.java:300)
       at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.renewDelegationToken(DelegationTokenAuthenticator.java:216)
       at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.renewDelegationToken(DelegationTokenAuthenticatedURL.java:415)
       at org.apache.hadoop.crypto.key.kms.KMSClientProvider$2.run(KMSClientProvider.java:906)
       at org.apache.hadoop.crypto.key.kms.KMSClientProvider$2.run(KMSClientProvider.java:903)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.Subject.doAs(Subject.java:422)
       at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1857)
       at org.apache.hadoop.crypto.key.kms.KMSClientProvider.renewDelegationToken(KMSClientProvider.java:902)
       at org.apache.hadoop.crypto.key.kms.KMSClientProvider$KMSTokenRenewer.renew(KMSClientProvider.java:183)
       at org.apache.hadoop.security.token.Token.renew(Token.java:490)
       at org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1.run(TestKMS.java:1820)
       at org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1.run(TestKMS.java:1793)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.Subject.doAs(Subject.java:422)
       at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1857)
       at org.apache.hadoop.crypto.key.kms.server.TestKMS.doAs(TestKMS.java:292)
       at org.apache.hadoop.crypto.key.kms.server.TestKMS.access$100(TestKMS.java:80)
       at org.apache.hadoop.crypto.key.kms.server.TestKMS$14.call(TestKMS.java:1793)
       at org.apache.hadoop.crypto.key.kms.server.TestKMS$14.call(TestKMS.java:1785)
       at org.apache.hadoop.crypto.key.kms.server.TestKMS.runServer(TestKMS.java:140)
       at org.apache.hadoop.crypto.key.kms.server.TestKMS.runServer(TestKMS.java:122)
       at org.apache.hadoop.crypto.key.kms.server.TestKMS.testDelegationTokensOps(TestKMS.java:1785)
       at org.apache.hadoop.crypto.key.kms.server.TestKMS.testDelegationTokensOpsKerberized(TestKMS.java:1768)
      

      Reference:

      https://builds.apache.org/job/hadoop-qbt-trunk-java8-linux-x86/224/testReport/junit/

        Attachments

        1. HADOOP-13815.01.patch
          0.8 kB
          Xiao Chen
        2. HADOOP-13815.02.patch
          0.8 kB
          Xiao Chen
        3. HADOOP-13815.03.patch
          1 kB
          Xiao Chen

          Issue Links

            Activity

              People

              • Assignee:
                xiaochen Xiao Chen
                Reporter:
                brahmareddy Brahma Reddy Battula
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: