hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jia...@apache.org
Subject hadoop git commit: YARN-6332. Make RegistrySecurity use short user names for ZK ACLs. Contributed by Billie Rinaldi
Date Thu, 16 Mar 2017 05:00:50 GMT
Repository: hadoop
Updated Branches:
  refs/heads/branch-2 8b31ff6db -> 9f9ccb278


YARN-6332. Make RegistrySecurity use short user names for ZK ACLs. Contributed by Billie Rinaldi


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/9f9ccb27
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/9f9ccb27
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/9f9ccb27

Branch: refs/heads/branch-2
Commit: 9f9ccb27844dac735bb7ba9b01c17096ea1e7605
Parents: 8b31ff6
Author: Jian He <jianhe@apache.org>
Authored: Thu Mar 16 12:59:55 2017 +0800
Committer: Jian He <jianhe@apache.org>
Committed: Thu Mar 16 13:00:44 2017 +0800

----------------------------------------------------------------------
 .../registry/client/impl/zk/RegistrySecurity.java       | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/9f9ccb27/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
index bf6e5ba..29c3b8b 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
@@ -152,6 +152,8 @@ public class RegistrySecurity extends AbstractService {
    */
   private final List<ACL> systemACLs = new ArrayList<ACL>();
 
+  private boolean usesRealm = true;
+
   /**
    * A list of digest ACLs which can be added to permissions
    * —and cleared later.
@@ -230,6 +232,7 @@ public class RegistrySecurity extends AbstractService {
       // System Accounts
       String system = getOrFail(KEY_REGISTRY_SYSTEM_ACCOUNTS,
                                 DEFAULT_REGISTRY_SYSTEM_ACCOUNTS);
+      usesRealm = system.contains("@");
 
       systemACLs.addAll(buildACLs(system, kerberosRealm, ZooDefs.Perms.ALL));
 
@@ -393,7 +396,12 @@ public class RegistrySecurity extends AbstractService {
    * @return a new ACL
    */
   public ACL createSaslACL(UserGroupInformation ugi, int perms) {
-    String userName = ugi.getUserName();
+    String userName = null;
+    if (usesRealm) {
+      userName = ugi.getUserName();
+    } else {
+      userName = ugi.getShortUserName();
+    }
     return new ACL(perms, new Id(SCHEME_SASL, userName));
   }
 
@@ -946,7 +954,7 @@ public class RegistrySecurity extends AbstractService {
    * @return an ACL for the user
    */
   public ACL createACLfromUsername(String username, int perms) {
-    if (!username.contains("@")) {
+    if (usesRealm && !username.contains("@")) {
       username = username + "@" + kerberosRealm;
       if (LOG.isDebugEnabled()) {
         LOG.debug("Appending kerberos realm to make {}", username);


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org


Mime
View raw message