[
https://issues.apache.org/jira/browse/HADOOP-13815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiao Chen updated HADOOP-13815:
-------------------------------
Attachment: HADOOP-13815.03.patch
Thanks [~xyao] for the review.
My initial argument is that we just want to assert the exception is failed for
token renewal, and details of that token doesn't matter. But seems both you and
Brahma lean on that direction, so I concede. :) Patch 3 to verify the token too.
> TestKMS#testDelegationTokensOpsSimple and
> TestKMS#testDelegationTokensOpsKerberized Fails in Trunk
> --------------------------------------------------------------------------------------------------
>
> Key: HADOOP-13815
> URL: https://issues.apache.org/jira/browse/HADOOP-13815
> Project: Hadoop Common
> Issue Type: Bug
> Components: test
> Reporter: Brahma Reddy Battula
> Assignee: Xiao Chen
> Attachments: HADOOP-13815.01.patch, HADOOP-13815.02.patch,
> HADOOP-13815.03.patch
>
>
> {noformat}
> Expected to find 'tries to renew a token with renewer' but got unexpected
> exception:java.io.IOException: HTTP status [403], message
> [org.apache.hadoop.security.AccessControlException: client tries to renew a
> token (kms-dt owner=client, renewer=client1, realUser=,
> issueDate=1479025952525, maxDate=1479630752525, sequenceNumber=1,
> masterKeyId=2) with non-matching renewer client1]
> at
> org.apache.hadoop.util.HttpExceptionUtils.validateResponse(HttpExceptionUtils.java:169)
> at
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.doDelegationTokenOperation(DelegationTokenAuthenticator.java:300)
> at
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.renewDelegationToken(DelegationTokenAuthenticator.java:216)
> at
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.renewDelegationToken(DelegationTokenAuthenticatedURL.java:415)
> at
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$2.run(KMSClientProvider.java:906)
> at
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$2.run(KMSClientProvider.java:903)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1857)
> at
> org.apache.hadoop.crypto.key.kms.KMSClientProvider.renewDelegationToken(KMSClientProvider.java:902)
> at
> org.apache.hadoop.crypto.key.kms.KMSClientProvider$KMSTokenRenewer.renew(KMSClientProvider.java:183)
> at org.apache.hadoop.security.token.Token.renew(Token.java:490)
> at
> org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1.run(TestKMS.java:1820)
> at
> org.apache.hadoop.crypto.key.kms.server.TestKMS$14$1.run(TestKMS.java:1793)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1857)
> at org.apache.hadoop.crypto.key.kms.server.TestKMS.doAs(TestKMS.java:292)
> at
> org.apache.hadoop.crypto.key.kms.server.TestKMS.access$100(TestKMS.java:80)
> at org.apache.hadoop.crypto.key.kms.server.TestKMS$14.call(TestKMS.java:1793)
> at org.apache.hadoop.crypto.key.kms.server.TestKMS$14.call(TestKMS.java:1785)
> at
> org.apache.hadoop.crypto.key.kms.server.TestKMS.runServer(TestKMS.java:140)
> at
> org.apache.hadoop.crypto.key.kms.server.TestKMS.runServer(TestKMS.java:122)
> at
> org.apache.hadoop.crypto.key.kms.server.TestKMS.testDelegationTokensOps(TestKMS.java:1785)
> at
> org.apache.hadoop.crypto.key.kms.server.TestKMS.testDelegationTokensOpsKerberized(TestKMS.java:1768)
> {noformat}
> *Reference:*
> https://builds.apache.org/job/hadoop-qbt-trunk-java8-linux-x86/224/testReport/junit/
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
