Browse Source

MAPREDUCE-3475. JT can't renew its own tokens. Contributed by Daryn Sharp.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.0@1214658 13f79535-47bb-0310-9956-ffa450edef68
Matthew Foley 13 years ago
parent
commit
84b6b034f1

+ 2 - 0
CHANGES.txt

@@ -61,6 +61,8 @@ Release 1.0.0 - 2011.11.27
 
   BUG FIXES
 
+    MAPREDUCE-3475. JT can't renew its own tokens. (Daryn Sharp via mattf)
+
     HADOOP-7869. HADOOP_HOME warning happens all of the time (Owen O'Malley
     via mattf)
 

+ 9 - 1
src/mapred/org/apache/hadoop/mapred/JobClient.java

@@ -19,6 +19,8 @@ package org.apache.hadoop.mapred;
 
 import java.io.BufferedReader;
 import java.io.BufferedWriter;
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
@@ -509,7 +511,13 @@ public class JobClient extends Configured implements MRConstants, Tool  {
 
     @Override
     public boolean isManaged(Token<?> token) throws IOException {
-      return true;
+      ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
+      DelegationTokenIdentifier id = new DelegationTokenIdentifier(); 
+      id.readFields(new DataInputStream(buf));
+      // AbstractDelegationToken converts given renewer to a short name, but
+      // AbstractDelegationTokenSecretManager does not, so we have to do it
+      String loginUser = UserGroupInformation.getLoginUser().getShortUserName();
+      return loginUser.equals(id.getRenewer().toString());
     }
     
   }

+ 29 - 0
src/test/org/apache/hadoop/mapreduce/security/token/TestDelegationTokenRenewal.java

@@ -20,7 +20,9 @@ package org.apache.hadoop.mapreduce.security.token;
 
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
 import java.io.IOException;
 import java.net.InetAddress;
@@ -40,6 +42,7 @@ import org.apache.hadoop.hdfs.server.namenode.FSNamesystem;
 import org.apache.hadoop.io.Text;
 import org.apache.hadoop.mapreduce.JobID;
 import org.apache.hadoop.security.Credentials;
+import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.SecretManager.InvalidToken;
 import org.apache.hadoop.security.token.TokenRenewer;
@@ -102,10 +105,12 @@ public class TestDelegationTokenRenewal {
   }
 
   private static Configuration conf;
+  private static String trackerService = "localhost:0";
  
   @BeforeClass
   public static void setUp() throws Exception {
     conf = new Configuration();
+    conf.set("mapred.job.tracker", trackerService);
     
     // create a fake FileSystem (MyFS) and assosiate it
     // with "hdfs" schema.
@@ -220,6 +225,30 @@ public class TestDelegationTokenRenewal {
     return token1;
   }
   
+  @Test 
+  public void testLocalMRTokenRenewal() throws IOException {
+    String user = UserGroupInformation.getLoginUser().getUserName();
+    
+    DelegationTokenIdentifier ident = new DelegationTokenIdentifier(
+        new Text(user), new Text(user), null);
+    Token<?> t = new Token<DelegationTokenIdentifier>(
+        ident.getBytes(),
+        new byte[]{},
+        org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier.MAPREDUCE_DELEGATION_KIND,
+        new Text("service"));
+    assertTrue(t.isManaged());
+    
+    ident = new DelegationTokenIdentifier(
+        new Text(user), new Text(user+"-is-not-me"), null);
+    t = new Token<DelegationTokenIdentifier>(
+        ident.getBytes(),
+        new byte[]{},
+        org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier.MAPREDUCE_DELEGATION_KIND,
+        new Text("service"));
+    
+    assertFalse(t.isManaged());
+    
+  }
   
   /**
    * Basic idea of the test: