Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-11069. KMSClientProvider should use getAuthenticationMethod() to determine if in proxyuser mode or not. (tucu)

This commit is contained in:
Alejandro Abdelnur 2014-09-05 10:04:07 -07:00
parent 71c8d735f5
commit 0f3c19c1bb
3 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-common-project/hadoop-common/CHANGES.txt
View File

@ -765,6 +765,9 @@ Release 2.6.0 - UNRELEASED
HADOOP-11067. warning message 'ssl.client.truststore.location has not HADOOP-11067. warning message 'ssl.client.truststore.location has not
been set' gets printed for hftp command. (Xiaoyu Yao via Arpit Agarwal) been set' gets printed for hftp command. (Xiaoyu Yao via Arpit Agarwal)
HADOOP-11069. KMSClientProvider should use getAuthenticationMethod() to
determine if in proxyuser mode or not. (tucu)
Release 2.5.1 - UNRELEASED Release 2.5.1 - UNRELEASED
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

6
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
View File

@ -385,9 +385,9 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension,
// if current UGI is different from UGI at constructor time, behave as // if current UGI is different from UGI at constructor time, behave as
// proxyuser // proxyuser
UserGroupInformation currentUgi = UserGroupInformation.getCurrentUser(); UserGroupInformation currentUgi = UserGroupInformation.getCurrentUser();
final String doAsUser = final String doAsUser = (currentUgi.getAuthenticationMethod() ==
(loginUgi.getShortUserName().equals(currentUgi.getShortUserName())) UserGroupInformation.AuthenticationMethod.PROXY)
? null : currentUgi.getShortUserName(); ? currentUgi.getShortUserName() : null;
// creating the HTTP connection using the current UGI at constructor time // creating the HTTP connection using the current UGI at constructor time
conn = loginUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() { conn = loginUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {

6
hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
View File

@ -1157,7 +1157,7 @@ public class TestKMS {
final URI uri = createKMSUri(getKMSUrl()); final URI uri = createKMSUri(getKMSUrl());
// proxyuser client using kerberos credentials // proxyuser client using kerberos credentials
UserGroupInformation clientUgi = UserGroupInformation. final UserGroupInformation clientUgi = UserGroupInformation.
loginUserFromKeytabAndReturnUGI("client", keytab.getAbsolutePath()); loginUserFromKeytabAndReturnUGI("client", keytab.getAbsolutePath());
clientUgi.doAs(new PrivilegedExceptionAction<Void>() { clientUgi.doAs(new PrivilegedExceptionAction<Void>() {
@Override @Override
@ -1167,7 +1167,7 @@ public class TestKMS {
// authorized proxyuser // authorized proxyuser
UserGroupInformation fooUgi = UserGroupInformation fooUgi =
UserGroupInformation.createRemoteUser("foo"); UserGroupInformation.createProxyUser("foo", clientUgi);
fooUgi.doAs(new PrivilegedExceptionAction<Void>() { fooUgi.doAs(new PrivilegedExceptionAction<Void>() {
@Override @Override
public Void run() throws Exception { public Void run() throws Exception {
@ -1179,7 +1179,7 @@ public class TestKMS {
// unauthorized proxyuser // unauthorized proxyuser
UserGroupInformation foo1Ugi = UserGroupInformation foo1Ugi =
UserGroupInformation.createRemoteUser("foo1"); UserGroupInformation.createProxyUser("foo1", clientUgi);
foo1Ugi.doAs(new PrivilegedExceptionAction<Void>() { foo1Ugi.doAs(new PrivilegedExceptionAction<Void>() {
@Override @Override
public Void run() throws Exception { public Void run() throws Exception {