Uploaded image for project: 'Hadoop Map/Reduce'
  1. Hadoop Map/Reduce
  2. MAPREDUCE-3849

Change TokenCache's reading of the binary token file

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.23.1, 2.0.0-alpha
    • 0.23.2
    • security
    • None

    Description

      When obtaining the tokens for a FileSystem, the TokenCache will read the binary token file if a token is not already in the Credentials. However, it will overwrite any existing tokens in the Credentials with the contents of the binary token file if a single token is missing. This may cause new tokens to be replaced with invalid/cancelled tokens from the binary file. The new tokens will not be canceled, and thus "leak" in the namenode until they expire.

      The binary tokens should be merged with, but not replace, existing tokens in the Credentials.

      The code that reads the binary token file is prefaced with:

      //TODO: Need to come up with a better place to put
      //this block of code to do with reading the file
      

      Also, the loading of the binary token file is the only reason that the TokenCache has to use getCanonicalService. If this linkage can be broken, then the 1-to-1 filesystem to token service coupling may be removed. And use of getCanonicalService can be removed in a subsequent jira.

      Attachments

        1. MAPREDUCE-3849.patch
          2 kB
          Daryn Sharp
        2. MAPREDUCE-3849-2.patch
          8 kB
          Daryn Sharp

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            daryn Daryn Sharp
            daryn Daryn Sharp
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment