Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
Date: Thu, 24 Nov 2016 18:20:58 +0000 (UTC)
From: "Hudson (JIRA)" <jira@apache.org>
To: common-issues@hadoop.apache.org
Message-ID: <JIRA.12725031.1404323160000.363107.1480011658635@Atlassian.JIRA>
In-Reply-To: <JIRA.12725031.1404323160000@Atlassian.JIRA>
References: <JIRA.12725031.1404323160000@Atlassian.JIRA> <JIRA.12725031.1404323160770@arcas>
Subject: [jira] [Commented] (HADOOP-10776) Open up already widely-used APIs
 for delegation-token fetching & renewal to ecosystem projects
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
archived-at: Thu, 24 Nov 2016 18:21:00 -0000


    [ https://issues.apache.org/jira/browse/HADOOP-10776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15693961#comment-15693961 ] 

Hudson commented on HADOOP-10776:
---------------------------------

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #10890 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/10890/])
HADOOP-10776 Open up already widely-used APIs for delegation-token (stevel: rev 01665e456de8d79000ce273dded5ea53aa62965a)
* (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AccessControlException.java
* (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
* (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AuthorizationException.java
* (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
* (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileSystem.java
* (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java
* (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
* (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
* (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/Token.java


> Open up already widely-used APIs for delegation-token fetching & renewal to ecosystem projects
> ----------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-10776
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10776
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Robert Joseph Evans
>            Assignee: Vinod Kumar Vavilapalli
>            Priority: Blocker
>             Fix For: 2.8.0
>
>         Attachments: HADOOP-10776-20160822.txt, HADOOP-10776-branch-2-002.patch, HADOOP-10776-branch-2-003.patch
>
>
> Storm would like to be able to fetch delegation tokens and forward them on to running topologies so that they can access HDFS (STORM-346).  But to do so we need to open up access to some of APIs. 
> Most notably FileSystem.addDelegationTokens(), Token.renew, Credentials.getAllTokens, and UserGroupInformation but there may be others.
> At a minimum adding in storm to the list of allowed API users. But ideally making them public. Restricting access to such important functionality to just MR really makes secure HDFS inaccessible to anything except MR, or tools that reuse MR input formats.


--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org