Steve Loughran created HADOOP-12770:
---------------------------------------
Summary: KMSClientProvider addDelegationTokens won't add if the
credentials contain an expired one
Key: HADOOP-12770
URL: https://issues.apache.org/jira/browse/HADOOP-12770
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.8.0
Reporter: Steve Loughran
{{KMSClientProvider addDelegationTokens}} adds delegation tokens —but skips
that step if the provided credentials already have one for the service.
There is no check to see if the existing one is actually valid; if the
credentials have an expired one, then you don't get a new token.
There is a workaround: caller has to filter token list and strip out expired
tokens. But to do that, they need to know this issue exists.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
