[
https://issues.apache.org/jira/browse/HADOOP-10776?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vinod Kumar Vavilapalli updated HADOOP-10776:
---------------------------------------------
Attachment: HADOOP-10776-20160822.txt
Taking a quick crack at making some of the already very widely used security
related class public.
The patch makes the following public
- Classes: AccessControlException, Credentials, UserGroupInformation,
AuthorizationException, Token.TrivialRenewer,
AbstractDelegationTokenIdentifier, AbstractDelegationTokenSecretManager
- Methods: FileSystem.getCanonicalServiceName(),
FileSystem.addDelegationTokens()
Couple of general notes
- I'd like to skip the evolving vs public discussion for now and focus only on
visibility - so I just marked everything evolving.
- I did a quick search and obviously there are a lot more classes that need
more careful thinking. Unless I've missed some of the very obvious ones, I'd
like to make progress on getting the current ones done first.
[~revans2], [~cnauroth], [~arpitagarwal], can one or more of you quickly look
at this? Shouldn't take more than 5-10 minutes.
> Open up Delegation token fetching and renewal to STORM (Possibly others)
> ------------------------------------------------------------------------
>
> Key: HADOOP-10776
> URL: https://issues.apache.org/jira/browse/HADOOP-10776
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Robert Joseph Evans
> Priority: Blocker
> Attachments: HADOOP-10776-20160822.txt
>
>
> Storm would like to be able to fetch delegation tokens and forward them on to
> running topologies so that they can access HDFS (STORM-346). But to do so we
> need to open up access to some of APIs.
> Most notably FileSystem.addDelegationTokens(), Token.renew,
> Credentials.getAllTokens, and UserGroupInformation but there may be others.
> At a minimum adding in storm to the list of allowed API users. But ideally
> making them public. Restricting access to such important functionality to
> just MR really makes secure HDFS inaccessible to anything except MR, or tools
> that reuse MR input formats.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
