hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12953) New API for libhdfs to get FileSystem object as a proxy user
Date Mon, 04 Apr 2016 15:15:25 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12953?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15224313#comment-15224313
] 

Hadoop QA commented on HADOOP-12953:
------------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 9s {color} | {color:blue}
Docker mode activated. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s {color} | {color:green}
The patch does not contain any @author tags. {color} |
| {color:red}-1{color} | {color:red} test4tests {color} | {color:red} 0m 0s {color} | {color:red}
The patch doesn't appear to include any new or modified tests. Please justify why no new tests
are needed for this patch. Also please list what manual steps were performed to verify this
patch. {color} |
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 1m 21s {color} | {color:blue}
Maven dependency ordering for branch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 6m 38s {color}
| {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 5m 34s {color} |
{color:green} trunk passed with JDK v1.8.0_77 {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 33s {color} |
{color:green} trunk passed with JDK v1.7.0_95 {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 1m 7s {color}
| {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 14s {color} |
{color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 26s {color}
| {color:green} trunk passed {color} |
| {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m 0s {color} | {color:blue}
Skipped branch modules with no Java source: hadoop-hdfs-project/hadoop-hdfs-native-client
{color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 29s {color} |
{color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 2s {color} | {color:green}
trunk passed with JDK v1.8.0_77 {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 13s {color} |
{color:green} trunk passed with JDK v1.7.0_95 {color} |
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 14s {color} | {color:blue}
Maven dependency ordering for patch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 51s {color}
| {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 5m 43s {color} |
{color:green} the patch passed with JDK v1.8.0_77 {color} |
| {color:green}+1{color} | {color:green} cc {color} | {color:green} 5m 43s {color} | {color:green}
the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 5m 43s {color} | {color:green}
the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 6m 31s {color} |
{color:green} the patch passed with JDK v1.7.0_95 {color} |
| {color:green}+1{color} | {color:green} cc {color} | {color:green} 6m 31s {color} | {color:green}
the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 6m 31s {color} | {color:green}
the patch passed {color} |
| {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 1m 4s {color} | {color:red}
root: patch generated 9 new + 131 unchanged - 0 fixed = 140 total (was 131) {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 10s {color} |
{color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 25s {color}
| {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s {color}
| {color:green} Patch has no whitespace issues. {color} |
| {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m 0s {color} | {color:blue}
Skipped patch modules with no Java source: hadoop-hdfs-project/hadoop-hdfs-native-client {color}
|
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m 43s {color} |
{color:green} the patch passed {color} |
| {color:red}-1{color} | {color:red} javadoc {color} | {color:red} 3m 3s {color} | {color:red}
hadoop-common-project_hadoop-common-jdk1.8.0_77 with JDK v1.8.0_77 generated 1 new + 1 unchanged
- 0 fixed = 2 total (was 1) {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 1s {color} | {color:green}
the patch passed with JDK v1.8.0_77 {color} |
| {color:red}-1{color} | {color:red} javadoc {color} | {color:red} 4m 36s {color} | {color:red}
hadoop-common-project_hadoop-common-jdk1.7.0_95 with JDK v1.7.0_95 generated 1 new + 13 unchanged
- 0 fixed = 14 total (was 13) {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 13s {color} |
{color:green} the patch passed with JDK v1.7.0_95 {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green} 7m 21s {color} | {color:green}
hadoop-common in the patch passed with JDK v1.8.0_77. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green} 0m 32s {color} | {color:green}
hadoop-hdfs-native-client in the patch passed with JDK v1.8.0_77. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green} 7m 24s {color} | {color:green}
hadoop-common in the patch passed with JDK v1.7.0_95. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green} 0m 32s {color} | {color:green}
hadoop-hdfs-native-client in the patch passed with JDK v1.7.0_95. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 24s {color}
| {color:green} Patch does not generate ASF License warnings. {color} |
| {color:black}{color} | {color:black} {color} | {color:black} 64m 5s {color} | {color:black}
{color} |
\\
\\
|| Subsystem || Report/Notes ||
| Docker |  Image:yetus/hadoop:fbe3e86 |
| JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12796835/HADOOP-12953.002.patch
|
| JIRA Issue | HADOOP-12953 |
| Optional Tests |  asflicense  compile  javac  javadoc  mvninstall  mvnsite  unit  findbugs
 checkstyle  cc  |
| uname | Linux a0201710b697 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12
UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh |
| git revision | trunk / 5092c94 |
| Default Java | 1.7.0_95 |
| Multi-JDK versions |  /usr/lib/jvm/java-8-oracle:1.8.0_77 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_95
|
| findbugs | v3.0.0 |
| checkstyle | https://builds.apache.org/job/PreCommit-HADOOP-Build/9019/artifact/patchprocess/diff-checkstyle-root.txt
|
| javadoc | hadoop-common-project_hadoop-common-jdk1.8.0_77: https://builds.apache.org/job/PreCommit-HADOOP-Build/9019/artifact/patchprocess/diff-javadoc-javadoc-hadoop-common-project_hadoop-common-jdk1.8.0_77.txt
|
| javadoc | hadoop-common-project_hadoop-common-jdk1.7.0_95: https://builds.apache.org/job/PreCommit-HADOOP-Build/9019/artifact/patchprocess/diff-javadoc-javadoc-hadoop-common-project_hadoop-common-jdk1.7.0_95.txt
|
| JDK v1.7.0_95  Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/9019/testReport/
|
| modules | C:  hadoop-common-project/hadoop-common   hadoop-hdfs-project/hadoop-hdfs-native-client
 U: . |
| Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/9019/console |
| Powered by | Apache Yetus 0.2.0   http://yetus.apache.org |


This message was automatically generated.



> New API for libhdfs to get FileSystem object as a proxy user
> ------------------------------------------------------------
>
>                 Key: HADOOP-12953
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12953
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs
>    Affects Versions: 2.7.2
>            Reporter: Uday Kale
>            Assignee: Uday Kale
>         Attachments: HADOOP-12953.001.patch, HADOOP-12953.002.patch
>
>
> Secure impersonation in HDFS needs users to create proxy users and work with those. In
libhdfs, the hdfsBuilder accepts a userName but calls FileSytem.get() or FileSystem.newInstance()
with the user name to connect as. But, both these interfaces use getBestUGI() to get the UGI
for the given user. This is not necessarily true for all services whose end-users would not
access HDFS directly, but go via the service to first get authenticated with LDAP, then the
service owner can impersonate the end-user to eventually provide the underlying data.
> For such services that authenticate end-users via LDAP, the end users are not authenticated
by Kerberos, so their authentication details wont be in the Kerberos ticket cache. HADOOP_PROXY_USER
is not a thread-safe way to get this either. 
> Hence the need for the new API for libhdfs to get the FileSystem object as a proxy user
using the 'secure impersonation' recommendations. This approach is  secure since HDFS authenticates
the service owner and then validates the right for the service owner to impersonate the given
user as allowed by hadoop.proxyusers.* parameters of HDFS config.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message