hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ivan A. Veselovsky (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-4764) repair test org.apache.hadoop.mapreduce.security.TestBinaryTokenFile
Date Fri, 09 Nov 2012 12:06:12 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-4764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13493959#comment-13493959

Ivan A. Veselovsky commented on MAPREDUCE-4764:

Hi, Daryn,
I'd like to clarify our plan of improvements in this test.

Currently the test writes the token into a file, then sets the file name as MRJobConfig.MAPREDUCE_JOB_CREDENTIALS_BINARY
value in the config, and also passes the same file name as a value of a dedicated config property
In the job: it gets the tokens from the job context (context.getCredentials().getAllTokens()),
and gets the delegation token from there by the known key: let it be token X.
After that it gets the binary file name from the job config (key KEY_SECURITY_TOKEN), reads
the file, de-serializing the token: let it be token Y.
Then the job asserts X.equals(Y).

This way the binary token propagation and serialization/de-serialization is checked, and this
pretty much corresponds to the test name.

As I understand, you suggested to check also that the same delegation token is present in
UserGroupInformation.getCurrentUser().getTokens(), right?
So, If I add this check, will you be okay with that test? Or, do you have other suggestions
on how to improve it?
> repair test org.apache.hadoop.mapreduce.security.TestBinaryTokenFile
> --------------------------------------------------------------------
>                 Key: MAPREDUCE-4764
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-4764
>             Project: Hadoop Map/Reduce
>          Issue Type: Improvement
>            Reporter: Ivan A. Veselovsky
>         Attachments: MAPREDUCE-4764-trunk.patch
> the test is @Ignore-ed, and fails being enabled.
> Suggested to repair it to fill the coverage gap.
> Problems fixed in the test: 
> (1) MRConfig.FRAMEWORK_NAME and YarnConfiguration.RM_PRINCIPAL properties must be correctly
set in the configuration to correctly enable the security in the way this test implies. 
> (2) The property MRJobConfig.MAPREDUCE_JOB_CREDENTIALS_BINARY now is not passed into
the Job configuration -- it is intentionally deleted from there. So, we pass the binary file
name in another dedicated property. 
> (3) The test was using deprecated cluster classes. All them are updated to the modern
> (4) The delegation token found in the job context is now correctly compared to the one
deserialized from the binary file.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message