From a7b923c80c6f43f6ff621bf7572efd8c24ecf7a7 Mon Sep 17 00:00:00 2001 From: Jungtaek Lim Date: Tue, 17 Nov 2020 23:43:29 +0900 Subject: [PATCH] HADOOP-17379. AbstractS3ATokenIdentifier to set issue date == now. (#2466) Unless you explicitly set it, the issue date of a delegation token identifier is 0, which confuses spark renewal (SPARK-33440). This patch makes sure that all S3A DT identifiers have the current time as issue date, fixing the problem as far as S3A tokens are concerned. Contributed by Jungtaek Lim. --- .../auth/delegation/AbstractS3ATokenIdentifier.java | 9 +++++++++ .../delegation/TestS3ADelegationTokenSupport.java | 11 +++++++++++ 2 files changed, 20 insertions(+) diff --git a/hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/auth/delegation/AbstractS3ATokenIdentifier.java b/hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/auth/delegation/AbstractS3ATokenIdentifier.java index c86134e03f..f859f4772f 100644 --- a/hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/auth/delegation/AbstractS3ATokenIdentifier.java +++ b/hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/auth/delegation/AbstractS3ATokenIdentifier.java @@ -24,6 +24,7 @@ import java.io.DataOutput; import java.io.IOException; import java.net.URI; +import java.time.Clock; import java.util.Objects; import java.util.UUID; @@ -140,6 +141,7 @@ protected AbstractS3ATokenIdentifier( final URI uri) { super(kind, owner, renewer, realUser); this.uri = requireNonNull(uri); + initializeIssueDate(); } /** @@ -164,6 +166,13 @@ protected AbstractS3ATokenIdentifier( */ protected AbstractS3ATokenIdentifier(final Text kind) { super(kind); + initializeIssueDate(); + } + + private void initializeIssueDate() { + Clock clock = Clock.systemDefaultZone(); + long now = clock.millis(); + setIssueDate(now); } public String getBucket() { diff --git a/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/delegation/TestS3ADelegationTokenSupport.java b/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/delegation/TestS3ADelegationTokenSupport.java index 516022e7e5..88d9ebfcdf 100644 --- a/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/delegation/TestS3ADelegationTokenSupport.java +++ b/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/auth/delegation/TestS3ADelegationTokenSupport.java @@ -38,6 +38,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; /** * Unit tests related to S3A DT support. @@ -58,6 +59,14 @@ public void testSessionTokenKind() throws Throwable { assertEquals(SESSION_TOKEN_KIND, identifier.getKind()); } + @Test + public void testSessionTokenIssueDate() throws Throwable { + AbstractS3ATokenIdentifier identifier + = new SessionTokenIdentifier(); + assertEquals(SESSION_TOKEN_KIND, identifier.getKind()); + assertTrue("issue date is not set", identifier.getIssueDate() > 0L); + } + @Test public void testSessionTokenDecode() throws Throwable { Text alice = new Text("alice"); @@ -90,6 +99,8 @@ public void testSessionTokenDecode() throws Throwable { UserGroupInformation.AuthenticationMethod.TOKEN, decodedUser.getAuthenticationMethod()); assertEquals("origin", decoded.getOrigin()); + assertEquals("issue date", identifier.getIssueDate(), + decoded.getIssueDate()); } @Test