hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ivan A. Veselovsky (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-4764) repair test org.apache.hadoop.mapreduce.security.TestBinaryTokenFile
Date Fri, 09 Nov 2012 12:06:12 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-4764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13493959#comment-13493959
] 

Ivan A. Veselovsky commented on MAPREDUCE-4764:
-----------------------------------------------

Hi, Daryn,
I'd like to clarify our plan of improvements in this test.

Currently the test writes the token into a file, then sets the file name as MRJobConfig.MAPREDUCE_JOB_CREDENTIALS_BINARY
value in the config, and also passes the same file name as a value of a dedicated config property
(KEY_SECURITY_TOKEN).
In the job: it gets the tokens from the job context (context.getCredentials().getAllTokens()),
and gets the delegation token from there by the known key: let it be token X.
After that it gets the binary file name from the job config (key KEY_SECURITY_TOKEN), reads
the file, de-serializing the token: let it be token Y.
Then the job asserts X.equals(Y).

This way the binary token propagation and serialization/de-serialization is checked, and this
pretty much corresponds to the test name.

As I understand, you suggested to check also that the same delegation token is present in
UserGroupInformation.getCurrentUser().getTokens(), right?
So, If I add this check, will you be okay with that test? Or, do you have other suggestions
on how to improve it?
                
> repair test org.apache.hadoop.mapreduce.security.TestBinaryTokenFile
> --------------------------------------------------------------------
>
>                 Key: MAPREDUCE-4764
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-4764
>             Project: Hadoop Map/Reduce
>          Issue Type: Improvement
>            Reporter: Ivan A. Veselovsky
>         Attachments: MAPREDUCE-4764-trunk.patch
>
>
> the test is @Ignore-ed, and fails being enabled.
> Suggested to repair it to fill the coverage gap.
> Problems fixed in the test: 
> (1) MRConfig.FRAMEWORK_NAME and YarnConfiguration.RM_PRINCIPAL properties must be correctly
set in the configuration to correctly enable the security in the way this test implies. 
> (2) The property MRJobConfig.MAPREDUCE_JOB_CREDENTIALS_BINARY now is not passed into
the Job configuration -- it is intentionally deleted from there. So, we pass the binary file
name in another dedicated property. 
> (3) The test was using deprecated cluster classes. All them are updated to the modern
analogs.
> (4) The delegation token found in the job context is now correctly compared to the one
deserialized from the binary file.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message