hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10776) Open up Delegation token fetching and renewal to STORM (Possibly others)
Date Tue, 08 Jul 2014 00:03:34 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14054310#comment-14054310
] 

Chris Nauroth commented on HADOOP-10776:
----------------------------------------

Hi, [~revans2].  I am +1 for the proposal to make the necessary APIs public.  I think it's
the practical choice at this point.  If we consider the example of {{FileSystem#addDelegationTokens}},
the method was added 2 years ago for 2.0.2-alpha, and the signature has not changed since
then.  That indicates stability.  I also know that other projects have called this method
despite the limited-private risk, so that's another sign that there is a general need for
a public interface for using delegation tokens.

> Open up Delegation token fetching and renewal to STORM (Possibly others)
> ------------------------------------------------------------------------
>
>                 Key: HADOOP-10776
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10776
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Robert Joseph Evans
>
> Storm would like to be able to fetch delegation tokens and forward them on to running
topologies so that they can access HDFS (STORM-346).  But to do so we need to open up access
to some of APIs. 
> Most notably FileSystem.addDelegationTokens(), Token.renew, Credentials.getAllTokens,
and UserGroupInformation but there may be others.
> At a minimum adding in storm to the list of allowed API users. But ideally making them
public. Restricting access to such important functionality to just MR really makes secure
HDFS inaccessible to anything except MR, or tools that reuse MR input formats.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message