hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From x...@apache.org
Subject hadoop git commit: HADOOP-14029. Fix KMSClientProvider for non-secure proxyuser use case. Contributed by Xiaoyu Yao.
Date Fri, 27 Jan 2017 04:42:26 GMT
Repository: hadoop
Updated Branches:
  refs/heads/branch-2 17d4ba26f -> 6b602c6e3


HADOOP-14029. Fix KMSClientProvider for non-secure proxyuser use case. Contributed by Xiaoyu
Yao.

(cherry picked from commit 2034315763cd7b1eb77e96c719918fc14e2dabf6)


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/6b602c6e
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/6b602c6e
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/6b602c6e

Branch: refs/heads/branch-2
Commit: 6b602c6e3496d36a15a1f633c67f1a0e76e38b7d
Parents: 17d4ba2
Author: Xiaoyu Yao <xyao@apache.org>
Authored: Thu Jan 26 20:34:32 2017 -0800
Committer: Xiaoyu Yao <xyao@apache.org>
Committed: Thu Jan 26 20:36:43 2017 -0800

----------------------------------------------------------------------
 .../apache/hadoop/crypto/key/kms/KMSClientProvider.java  | 11 ++++++-----
 .../org/apache/hadoop/crypto/key/kms/server/TestKMS.java |  6 +++++-
 2 files changed, 11 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/6b602c6e/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
index 12ce915..e9b6677 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
@@ -1063,13 +1063,14 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension,
       // Use real user for proxy user
       actualUgi = currentUgi.getRealUser();
     }
-
-    if (!containsKmsDt(actualUgi) &&
+    if (UserGroupInformation.isSecurityEnabled() &&
+        !containsKmsDt(actualUgi) &&
         !actualUgi.hasKerberosCredentials()) {
-      // Use login user for user that does not have either
+      // Use login user is only necessary when Kerberos is enabled
+      // but the actual user does not have either
       // Kerberos credential or KMS delegation token for KMS operations
-      LOG.debug("using loginUser no KMS Delegation Token "
-          + "no Kerberos Credentials");
+      LOG.debug("Using loginUser when Kerberos is enabled but the actual user" +
+          " does not have either KMS Delegation Token or Kerberos Credentials");
       actualUgi = UserGroupInformation.getLoginUser();
     }
     return actualUgi;

http://git-wip-us.apache.org/repos/asf/hadoop/blob/6b602c6e/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
index 7a6371b..aceb872 100644
--- a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
+++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
@@ -2284,7 +2284,11 @@ public class TestKMS {
 
   public void doWebHDFSProxyUserTest(final boolean kerberos) throws Exception {
     Configuration conf = new Configuration();
-    conf.set("hadoop.security.authentication", "kerberos");
+    if (kerberos) {
+      conf.set("hadoop.security.authentication", "kerberos");
+    }
+    UserGroupInformation.setConfiguration(conf);
+
     final File testDir = getTestDir();
     conf = createBaseKMSConf(testDir, conf);
     if (kerberos) {


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org


Mime
View raw message