hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-4764) repair test org.apache.hadoop.mapreduce.security.TestBinaryTokenFile
Date Fri, 02 Nov 2012 16:01:12 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-4764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13489507#comment-13489507
] 

Daryn Sharp commented on MAPREDUCE-4764:
----------------------------------------

This test is a bit misleadingly named.  It should have been called {{TestTokenPropagation}}.
It overlaps with other tests, so I think it can be simplified:
# create credentials, fill with a few tokens
# create job with those creds and submit
# in the task, check that the tokens in the context AND the UGI.getCurrentUser() contain the
tokens supplied at job submission.  Notably the user's UGI should not have the job token,
only what was submitted.
# since it's a minicluster, no need to write out the tokens and set a conf key for the task
to read back in the tokens.  it's all in the same process so just use a static class field
to hold the creds used to submit the job.

Then do the same thing, but this time:
# write the creds out and set the binary token file key
# create a job with empty creds and submit
# do the same context and ugi checks as before
                
> repair test org.apache.hadoop.mapreduce.security.TestBinaryTokenFile
> --------------------------------------------------------------------
>
>                 Key: MAPREDUCE-4764
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-4764
>             Project: Hadoop Map/Reduce
>          Issue Type: Improvement
>            Reporter: Ivan A. Veselovsky
>         Attachments: MAPREDUCE-4764-trunk.patch
>
>
> the test is @Ignore-ed, and fails being enabled.
> Suggested to repair it to fill the coverage gap.
> Problems fixed in the test: 
> (1) MRConfig.FRAMEWORK_NAME and YarnConfiguration.RM_PRINCIPAL properties must be correctly
set in the configuration to correctly enable the security in the way this test implies. 
> (2) The property MRJobConfig.MAPREDUCE_JOB_CREDENTIALS_BINARY now is not passed into
the Job configuration -- it is intentionally deleted from there. So, we pass the binary file
name in another dedicated property. 
> (3) The test was using deprecated cluster classes. All them are updated to the modern
analogs.
> (4) The delegation token found in the job context is now correctly compared to the one
deserialized from the binary file.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message