[
https://issues.apache.org/jira/browse/HBASE-29599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shanmukha Haripriya Kota reassigned HBASE-29599:
------------------------------------------------
Assignee: Shanmukha Haripriya Kota
> Delegation token renewer name mismatch for S3 when using Ranger RAZ
> -------------------------------------------------------------------
>
> Key: HBASE-29599
> URL: https://issues.apache.org/jira/browse/HBASE-29599
> Project: HBase
> Issue Type: Bug
> Components: security
> Reporter: Karthik Palanisamy
> Assignee: Shanmukha Haripriya Kota
> Priority: Minor
> Attachments: Screenshot 2025-09-16 at 10.48.51 AM.png
>
>
> {{org.apache.hadoop.hbase.security.token.FsDelegationToken#acquireDelegationToken}}
> currently passed hardcoded renewer name as {{{}"renewer"{}}}. This should be
> actual username or account name by the caller. This works fine for the hdfs
> filesystem, but fails for S3 when Ranger RAZ is enabled, because RAZ
> validates the renewer against the current user. These HBase codes that
> request delegation tokens need to be fixed.
> * HBase Table Export
> * SecureBulkLoad Manager
> * HFile Replicator
> * BulkLoad HFile Tool
> !Screenshot 2025-09-16 at 10.48.51 AM.png!
> Ranger RAZ pre-check: {color:#0747a6}+_*RazS3ATokenRenewer.java#L146*_+{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
