[HADOOP-14497] Logs for KMS delegation token lifecycle - ASF JIRA

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 2.9.0, 3.0.0-alpha4
Component/s: None
Labels:
None

Description

We run into quite some customer cases about authentication failures related to KMS delegation token. It would be nice to see a log for each stage of the token:
1. creation
2. renewal
3. removal upon cancel
4. remove upon expiration
So that when we correlate the logs for the same DT, we can have a good picture about what's going on, and what could have caused the authentication failure.

The same is applicable to other delegation tokens.

NOTE: When log info about delagation token, we don't want leak user's secret info.

Attachments

Add Link

Issue Links

is duplicated by

HADOOP-14496 Logs for KMS delegation token lifecycle

Resolved

Delete this link

Create Sub-Task
Options

Sub-Tasks

1.	KMS should log error details in KMSExceptionsProvider	Resolved	Xiao Chen	Actions
2.	Add more details in the log when a token is expired	Resolved	Xiao Chen	Actions
3.	Add more debug logs for delegation tokens and authentication	Resolved	Xiao Chen	Actions
4.	Add more info to the msgs printed in AbstractDelegationTokenSecretManager for better supportability	Resolved	Yongjun Zhang	Actions

Activity

Comment

$i18n.getText('security.level.explanation', $currentSelection) Viewable by All Users

Cancel

People

Assignee:

Xiao Chen

Reporter:

Yongjun Zhang

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

06/Jun/17 19:40

Updated:

12/Jun/17 18:41

Resolved:

10/Jun/17 03:38

Agile

View on Board