Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-17379. AbstractS3ATokenIdentifier to set issue date == now. (#2466) 

Unless you explicitly set it, the issue date of a delegation token identifier is 0, which confuses spark renewal (SPARK-33440). This patch makes sure that all S3A DT identifiers have the current time as issue date, fixing the problem as far as S3A tokens are concerned.

Contributed by Jungtaek Lim.
This commit is contained in:
Jungtaek Lim 2020-11-17 23:43:29 +09:00 committed by GitHub
parent b57f04cd5b
commit a7b923c80c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/auth/delegation/AbstractS3ATokenIdentifier.java
View File

@ -24,6 +24,7 @@ import java.io.DataInputStream;
import java.io.DataOutput;
import java.io.IOException;
import java.net.URI;
import java.time.Clock;
import java.util.Objects;
import java.util.UUID;
@ -140,6 +141,7 @@ public abstract class AbstractS3ATokenIdentifier
final URI uri) {
super(kind, owner, renewer, realUser);
this.uri = requireNonNull(uri);
initializeIssueDate();
}
/**
@ -164,6 +166,13 @@ public abstract class AbstractS3ATokenIdentifier
*/
protected AbstractS3ATokenIdentifier(final Text kind) {
super(kind);
initializeIssueDate();
}
private void initializeIssueDate() {
Clock clock = Clock.systemDefaultZone();
long now = clock.millis();
setIssueDate(now);
}
public String getBucket() {

11
hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/delegation/TestS3ADelegationTokenSupport.java
View File

@ -38,6 +38,7 @@ import static org.apache.hadoop.fs.s3a.auth.delegation.DelegationConstants.SESSI
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
/**
* Unit tests related to S3A DT support.
@ -58,6 +59,14 @@ public class TestS3ADelegationTokenSupport {
assertEquals(SESSION_TOKEN_KIND, identifier.getKind());
}
@Test
public void testSessionTokenIssueDate() throws Throwable {
AbstractS3ATokenIdentifier identifier
= new SessionTokenIdentifier();
assertEquals(SESSION_TOKEN_KIND, identifier.getKind());
assertTrue("issue date is not set", identifier.getIssueDate() > 0L);
}
@Test
public void testSessionTokenDecode() throws Throwable {
Text alice = new Text("alice");
@ -90,6 +99,8 @@ public class TestS3ADelegationTokenSupport {
UserGroupInformation.AuthenticationMethod.TOKEN,
decodedUser.getAuthenticationMethod());
assertEquals("origin", decoded.getOrigin());
assertEquals("issue date", identifier.getIssueDate(),
decoded.getIssueDate());
}
@Test