[SPARK-26772][YARN] Delete ServiceCredentialProvider and make HadoopDelegationTokenProvider a developer API #23686
Conversation
…dentialProviders independently
|
Test build #101824 has finished for PR 23686 at commit
|
|
cc @vanzin |
|
I'm starting to question whether we should keep this interface. It's in the yarn module, which means it's not considered public by Spark, which leads to issues (such as we don't check for compatibility, and it's been broken in the past). Pinging @mridulm for comments. It might be a better idea to perhaps make the core interface a |
|
@vanzin We do not have an alternative for custom credential providers without this, do we ? We could expose If that is the proposal, I am fine with that. |
|
Presume @vanzin meant make @mridulm All in all I think it's good idea to move the custom provider load support into |
|
I don't think the manager needs to be exposed, just the provider interface. That's the same thing on the YARN side today. BTW Gabor has already done all the rest of the work to make this possible, the only thing missing is actually making the interface public. |
|
Sorry, I meant |
|
So have we reached a consensus to drop this and expose the interface in core as a developer API? |
|
From my perspective yes but until now not yet reached to continue this PR. |
|
Test build #102254 has finished for PR 23686 at commit
|
* Removed ServiceCredentialProvider * Removed YARNHadoopDelegationTokenManager * Made HadoopDelegationTokenProvider DeveloperAPI
|
I see that you implemented the "make the core interface public" approach and deleted the YARN version; but now the PR description and the bug don't really reflect the code anymore. |
core/src/main/scala/org/apache/spark/deploy/security/HadoopDelegationTokenProvider.scala
Show resolved
Hide resolved
|
Test build #102258 has finished for PR 23686 at commit
|
gaborgsomogyi
changed the title
Yeah, updated. |
|
Test build #102293 has finished for PR 23686 at commit
|
|
Retest this please |
|
Test build #102303 has finished for PR 23686 at commit
|
|
retest this please |
|
Test build #102309 has finished for PR 23686 at commit
|
|
retest this please |
|
Test build #102331 has finished for PR 23686 at commit
|
|
retest this please |
|
Test build #102338 has finished for PR 23686 at commit
|
core/src/main/scala/org/apache/spark/deploy/security/HadoopDelegationTokenProvider.scala
Outdated
Show resolved
Hide resolved
|
Test build #102359 has finished for PR 23686 at commit
|
|
Merging to master. |
…elegationTokenProvider a developer API ## What changes were proposed in this pull request? `HadoopDelegationTokenProvider` has basically the same functionality just like `ServiceCredentialProvider` so the interfaces can be merged. `YARNHadoopDelegationTokenManager` now loads `ServiceCredentialProvider`s in one step. The drawback of this if one provider fails all others are not loaded. `HadoopDelegationTokenManager` loads `HadoopDelegationTokenProvider`s independently so it provides more robust behaviour. In this PR I've I've made the following changes: * Deleted `YARNHadoopDelegationTokenManager` and `ServiceCredentialProvider` * Made `HadoopDelegationTokenProvider` a `DeveloperApi` ## How was this patch tested? Existing unit tests. Closes apache#23686 from gaborgsomogyi/SPARK-26772. Authored-by: Gabor Somogyi <[email protected]> Signed-off-by: Marcelo Vanzin <[email protected]>
5 participants
What changes were proposed in this pull request?
HadoopDelegationTokenProviderhas basically the same functionality just likeServiceCredentialProviderso the interfaces can be merged.YARNHadoopDelegationTokenManagernow loadsServiceCredentialProviders in one step. The drawback of this if one provider fails all others are not loaded.HadoopDelegationTokenManagerloadsHadoopDelegationTokenProviders independently so it provides more robust behaviour.In this PR I've I've made the following changes:
YARNHadoopDelegationTokenManagerandServiceCredentialProviderHadoopDelegationTokenProvidera@DeveloperApiHow was this patch tested?
Existing unit tests.