HADOOP-17578. Improve UGI debug log to help troubleshooting TokenCach… (#2762)

2021-03-17 10:57:11 -07:00 · 2021-03-17 10:57:11 -07:00 · b503de2328
parent 3e58d5611d
commit b503de2328
2 changed files with 20 additions and 4 deletions
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
@ -1925,11 +1925,12 @@ public class UserGroupInformation {
  @InterfaceAudience.LimitedPrivate({"HDFS", "KMS"})
  @InterfaceStability.Unstable
  public static void logUserInfo(Logger log, String caption,
-      UserGroupInformation ugi) throws IOException {
+      UserGroupInformation ugi) {
    if (log.isDebugEnabled()) {
      log.debug(caption + " UGI: " + ugi);
-      for (Token<?> token : ugi.getTokens()) {
+      for (Map.Entry<Text, Token<? extends TokenIdentifier>> kv :
-        log.debug("+token:" + token);
+          ugi.getCredentials().getTokenMap().entrySet()) {
        log.debug("+token: {} -> {}", kv.getKey(), kv.getValue());
      }
    }
  }
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/DelegationTokenIssuer.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/DelegationTokenIssuer.java
@ -21,6 +21,8 @@ import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.classification.InterfaceStability;
 import org.apache.hadoop.io.Text;
 import org.apache.hadoop.security.Credentials;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import java.io.IOException;
 import java.util.ArrayList;
@ -32,7 +34,7 @@ import java.util.List;
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce", "Yarn"})
@InterfaceStability.Unstable
 public interface DelegationTokenIssuer {
-
+  Logger TOKEN_LOG = LoggerFactory.getLogger(DelegationTokenIssuer.class);
  /**
   * The service name used as the alias for the  token in the credential
   * token map.  addDelegationTokens will use this to determine if
@ -88,15 +90,28 @@ public interface DelegationTokenIssuer {
      final List<Token<?>> tokens) throws IOException {
    final String serviceName = issuer.getCanonicalServiceName();
    // Collect token of the this issuer and then of its embedded children
    if (TOKEN_LOG.isDebugEnabled()) {
      TOKEN_LOG.debug("Search token for service {} in credentials",
          serviceName);
    }
    if (serviceName != null) {
      final Text service = new Text(serviceName);
      Token<?> token = credentials.getToken(service);
      if (token == null) {
        if (TOKEN_LOG.isDebugEnabled()) {
          TOKEN_LOG.debug("Token for service {} not found in credentials," +
              " try getDelegationToken.", serviceName);
        }
        token = issuer.getDelegationToken(renewer);
        if (token != null) {
          tokens.add(token);
          credentials.addToken(service, token);
        }
      } else {
        if (TOKEN_LOG.isDebugEnabled()) {
          TOKEN_LOG.debug("Token for service {} found in credentials," +
              "skip getDelegationToken.", serviceName);
        }
      }
    }
    // Now collect the tokens from the children.