hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Shelukhin (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-10757) KMSClientProvider combined with KeyProviderCache results in wrong UGI being used
Date Fri, 12 Aug 2016 00:56:22 GMT
Sergey Shelukhin created HDFS-10757:
---------------------------------------

             Summary: KMSClientProvider combined with KeyProviderCache results in wrong UGI
being used
                 Key: HDFS-10757
                 URL: https://issues.apache.org/jira/browse/HDFS-10757
             Project: Hadoop HDFS
          Issue Type: Bug
            Reporter: Sergey Shelukhin
            Priority: Critical


ClientContext::get gets the context from cache via a config setting based name, then KeyProviderCache
stored in ClientContext gets the key provider cached by URI stored in configuration, too.
KMSClientProvider caches the UGI (actualUgi) in ctor; that means in particular that all the
users of DFS with KMSClientProvider in a process will get the KMS token (along with other
credentials) of the first user...

Either KMSClientProvider shouldn't store the UGI, or one of the caches should be UGI-aware,
like the FS object cache.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org


Mime
View raw message