YARN-3725. App submission via REST API is broken in secure mode due to Timeline DT service address is empty. (Zhijie Shen via wangda)
This commit is contained in:
parent
9686261ecb
commit
5cc3fced95
@ -609,6 +609,9 @@ Release 2.7.1 - UNRELEASED
|
||||
YARN-2900. Application (Attempt and Container) Not Found in AHS results
|
||||
in Internal Server Error (500). (Zhijie Shen and Mit Desai via xgong)
|
||||
|
||||
YARN-3725. App submission via REST API is broken in secure mode due to
|
||||
Timeline DT service address is empty. (Zhijie Shen via wangda)
|
||||
|
||||
Release 2.7.0 - 2015-04-20
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
@ -368,9 +368,12 @@ public Token<TimelineDelegationTokenIdentifier> run()
|
||||
public long renewDelegationToken(
|
||||
final Token<TimelineDelegationTokenIdentifier> timelineDT)
|
||||
throws IOException, YarnException {
|
||||
boolean useHttps = YarnConfiguration.useHttps(this.getConfig());
|
||||
final String scheme = useHttps ? "https" : "http";
|
||||
final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT);
|
||||
final boolean isTokenServiceAddrEmpty =
|
||||
timelineDT.getService().toString().isEmpty();
|
||||
final String scheme = isTokenServiceAddrEmpty ? null
|
||||
: (YarnConfiguration.useHttps(this.getConfig()) ? "https" : "http");
|
||||
final InetSocketAddress address = isTokenServiceAddrEmpty ? null
|
||||
: SecurityUtil.getTokenServiceAddr(timelineDT);
|
||||
PrivilegedExceptionAction<Long> renewDTAction =
|
||||
new PrivilegedExceptionAction<Long>() {
|
||||
|
||||
@ -385,7 +388,10 @@ public Long run() throws Exception {
|
||||
DelegationTokenAuthenticatedURL authUrl =
|
||||
new DelegationTokenAuthenticatedURL(authenticator,
|
||||
connConfigurator);
|
||||
final URI serviceURI = new URI(scheme, null, address.getHostName(),
|
||||
// If the token service address is not available, fall back to use
|
||||
// the configured service address.
|
||||
final URI serviceURI = isTokenServiceAddrEmpty ? resURI
|
||||
: new URI(scheme, null, address.getHostName(),
|
||||
address.getPort(), RESOURCE_URI_STR, null, null);
|
||||
return authUrl
|
||||
.renewDelegationToken(serviceURI.toURL(), token, doAsUser);
|
||||
@ -399,9 +405,12 @@ public Long run() throws Exception {
|
||||
public void cancelDelegationToken(
|
||||
final Token<TimelineDelegationTokenIdentifier> timelineDT)
|
||||
throws IOException, YarnException {
|
||||
boolean useHttps = YarnConfiguration.useHttps(this.getConfig());
|
||||
final String scheme = useHttps ? "https" : "http";
|
||||
final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT);
|
||||
final boolean isTokenServiceAddrEmpty =
|
||||
timelineDT.getService().toString().isEmpty();
|
||||
final String scheme = isTokenServiceAddrEmpty ? null
|
||||
: (YarnConfiguration.useHttps(this.getConfig()) ? "https" : "http");
|
||||
final InetSocketAddress address = isTokenServiceAddrEmpty ? null
|
||||
: SecurityUtil.getTokenServiceAddr(timelineDT);
|
||||
PrivilegedExceptionAction<Void> cancelDTAction =
|
||||
new PrivilegedExceptionAction<Void>() {
|
||||
|
||||
@ -416,7 +425,10 @@ public Void run() throws Exception {
|
||||
DelegationTokenAuthenticatedURL authUrl =
|
||||
new DelegationTokenAuthenticatedURL(authenticator,
|
||||
connConfigurator);
|
||||
final URI serviceURI = new URI(scheme, null, address.getHostName(),
|
||||
// If the token service address is not available, fall back to use
|
||||
// the configured service address.
|
||||
final URI serviceURI = isTokenServiceAddrEmpty ? resURI
|
||||
: new URI(scheme, null, address.getHostName(),
|
||||
address.getPort(), RESOURCE_URI_STR, null, null);
|
||||
authUrl.cancelDelegationToken(serviceURI.toURL(), token, doAsUser);
|
||||
return null;
|
||||
|
@ -240,12 +240,21 @@ public UserGroupInformation call() throws Exception {
|
||||
Assert.assertEquals(new Text(HTTP_USER), tDT.getOwner());
|
||||
|
||||
// Renew token
|
||||
Assert.assertFalse(token.getService().toString().isEmpty());
|
||||
// Renew the token from the token service address
|
||||
long renewTime1 = httpUserClient.renewDelegationToken(token);
|
||||
Thread.sleep(100);
|
||||
token.setService(new Text());
|
||||
Assert.assertTrue(token.getService().toString().isEmpty());
|
||||
// If the token service address is not avaiable, it still can be renewed
|
||||
// from the configured address
|
||||
long renewTime2 = httpUserClient.renewDelegationToken(token);
|
||||
Assert.assertTrue(renewTime1 < renewTime2);
|
||||
|
||||
// Cancel token
|
||||
Assert.assertTrue(token.getService().toString().isEmpty());
|
||||
// If the token service address is not avaiable, it still can be canceled
|
||||
// from the configured address
|
||||
httpUserClient.cancelDelegationToken(token);
|
||||
// Renew should not be successful because the token is canceled
|
||||
try {
|
||||
@ -280,6 +289,8 @@ public TimelineClient run() throws Exception {
|
||||
Assert.assertTrue(renewTime1 < renewTime2);
|
||||
|
||||
// Cancel token
|
||||
Assert.assertFalse(tokenToRenew.getService().toString().isEmpty());
|
||||
// Cancel the token from the token service address
|
||||
fooUserClient.cancelDelegationToken(tokenToRenew);
|
||||
|
||||
// Renew should not be successful because the token is canceled
|
||||
|
Loading…
Reference in New Issue
Block a user