Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-17379. AbstractS3ATokenIdentifier to set issue date == now. (#2466) 

Unless you explicitly set it, the issue date of a delegation token identifier is 0, which confuses spark renewal (SPARK-33440). This patch makes sure that all S3A DT identifiers have the current time as issue date, fixing the problem as far as S3A tokens are concerned.

Contributed by Jungtaek Lim.

Change-Id: Ic80ac7895612a1aa669459c73a78a9c17ecf0c0d
This commit is contained in:
Jungtaek Lim 2020-11-17 23:43:29 +09:00 committed by Steve Loughran
parent be108159b1
commit 22039a14ff
No known key found for this signature in database
GPG Key ID: D22CF846DBB162A0
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/auth/delegation/AbstractS3ATokenIdentifier.java
View File

@ -24,6 +24,7 @@ import java.io.DataInputStream;
import java.io.DataOutput;
import java.io.IOException;
import java.net.URI;
import java.time.Clock;
import java.util.Objects;
import java.util.UUID;
@ -140,6 +141,7 @@ public abstract class AbstractS3ATokenIdentifier
final URI uri) {
super(kind, owner, renewer, realUser);
this.uri = requireNonNull(uri);
initializeIssueDate();
}
/**
@ -164,6 +166,13 @@ public abstract class AbstractS3ATokenIdentifier
*/
protected AbstractS3ATokenIdentifier(final Text kind) {
super(kind);
initializeIssueDate();
}
private void initializeIssueDate() {
Clock clock = Clock.systemDefaultZone();
long now = clock.millis();
setIssueDate(now);
}
public String getBucket() {

11
hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/delegation/TestS3ADelegationTokenSupport.java
View File

@ -38,6 +38,7 @@ import static org.apache.hadoop.fs.s3a.auth.delegation.DelegationConstants.SESSI
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
/**
* Unit tests related to S3A DT support.
@ -58,6 +59,14 @@ public class TestS3ADelegationTokenSupport {
assertEquals(SESSION_TOKEN_KIND, identifier.getKind());
}
@Test
public void testSessionTokenIssueDate() throws Throwable {
AbstractS3ATokenIdentifier identifier
= new SessionTokenIdentifier();
assertEquals(SESSION_TOKEN_KIND, identifier.getKind());
assertTrue("issue date is not set", identifier.getIssueDate() > 0L);
}
@Test
public void testSessionTokenDecode() throws Throwable {
Text alice = new Text("alice");
@ -90,6 +99,8 @@ public class TestS3ADelegationTokenSupport {
UserGroupInformation.AuthenticationMethod.TOKEN,
decodedUser.getAuthenticationMethod());
assertEquals("origin", decoded.getOrigin());
assertEquals("issue date", identifier.getIssueDate(),
decoded.getIssueDate());
}
@Test