Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-13951

HDFS DelegationTokenFetcher can't print non-HDFS tokens in a tokenfile

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 3.2.0
    • 3.3.0
    • tools
    • None

    Description

      the fetchdt command can fetch tokens for filesystems other than hdfs (s3a, abfs, etc), but it can't print them, as it assumes all tokens in the file are subclasses of org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier & uses this fact in its decoding. It deserializes the token byte array without checking kind and so ends up with invalid data.

      Fix: ask the tokens to decode themselves; only call toStableString() if an HDFS token.

      Attachments

        1. HDFS-13951-001.patch
          6 kB
          Steve Loughran

        Issue Links

          is part of

          Sub-task - The sub-task of the issue HADOOP-14556 S3A to support Delegation Tokens

          • Major - Major loss of function.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. HDFS-14060 HDFS fetchdt command to return error codes on success/failure

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-15808 Harden Token service loader use

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              stevel@apache.org Steve Loughran
              stevel@apache.org Steve Loughran
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: