[
https://issues.apache.org/jira/browse/HADOOP-13638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15511347#comment-15511347
]
Wei-Chiu Chuang commented on HADOOP-13638:
------------------------------------------
Here's what I did to verify the patch:
Configure a CDH Hadoop cluster using LdapGroupsMapping and KMS. The KMS ACL
rule denies "group1" from decrypting the key. I added additional log at
{{Groups#<init>}} to print the class name of the GroupMapping resolution
object. Subsequently, I started KMS and do a few operations in a HDFS
encryption zone to observe the class name printed.
> KMS should set UGI's Configuration object properly
> --------------------------------------------------
>
> Key: HADOOP-13638
> URL: https://issues.apache.org/jira/browse/HADOOP-13638
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms
> Reporter: Wei-Chiu Chuang
> Assignee: Wei-Chiu Chuang
> Attachments: HADOOP-13638.001.patch
>
>
> We found that the Configuration object in UGI in KMS server is not
> initialized properly, therefore it does not load core-site.xml from
> {{KMSConfiguration.KMS_CONFIG_DIR}}.
> This becomes a problem when the Hadoop cluster uses LdapGroupsMapping for
> group resolution, because the UGI in KMS falls back to the default
> JniBasedUnixGroupsMappingWithFallback (defined in core-default.xml) and is
> thus not consistent with the Hadoop cluster.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
