Home Explore Help
Register Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

HADOOP-11069. KMSClientProvider should use getAuthenticationMethod() to determine if in proxyuser mode or not. (tucu)

Alejandro Abdelnur 10 years ago
parent
71c8d735f5
commit
0f3c19c1bb
3 changed files with 9 additions and 6 deletions
Unified View Show Diff Stats
  1. 3 0
      hadoop-common-project/hadoop-common/CHANGES.txt
  2. 3 3
      hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
  3. 3 3
      hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java

+ 3 - 0
hadoop-common-project/hadoop-common/CHANGES.txt
View File 

@@ -765,6 +765,9 @@ Release 2.6.0 - UNRELEASED
 
     HADOOP-11067. warning message 'ssl.client.truststore.location has not
 
     HADOOP-11067. warning message 'ssl.client.truststore.location has not
 
     been set' gets printed for hftp command. (Xiaoyu Yao via Arpit Agarwal)
 
     been set' gets printed for hftp command. (Xiaoyu Yao via Arpit Agarwal)
 
 
 
+    HADOOP-11069. KMSClientProvider should use getAuthenticationMethod() to
 
+    determine if in proxyuser mode or not. (tucu)
 
+
 
 Release 2.5.1 - UNRELEASED
 
 Release 2.5.1 - UNRELEASED
 
 
 
   INCOMPATIBLE CHANGES
 
   INCOMPATIBLE CHANGES

+ 3 - 3
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
View File 

@@ -385,9 +385,9 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension,
 
       // if current UGI is different from UGI at constructor time, behave as
 
       // if current UGI is different from UGI at constructor time, behave as
 
       // proxyuser
 
       // proxyuser
 
       UserGroupInformation currentUgi = UserGroupInformation.getCurrentUser();
 
       UserGroupInformation currentUgi = UserGroupInformation.getCurrentUser();
 
-      final String doAsUser =
 
-          (loginUgi.getShortUserName().equals(currentUgi.getShortUserName()))
 
-          ? null : currentUgi.getShortUserName();
 
+      final String doAsUser = (currentUgi.getAuthenticationMethod() ==
 
+          UserGroupInformation.AuthenticationMethod.PROXY)
 
+                              ? currentUgi.getShortUserName() : null;
 
 
 
       // creating the HTTP connection using the current UGI at constructor time
 
       // creating the HTTP connection using the current UGI at constructor time
 
       conn = loginUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {
 
       conn = loginUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {

+ 3 - 3
hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
View File 

@@ -1157,7 +1157,7 @@ public class TestKMS {
 
         final URI uri = createKMSUri(getKMSUrl());
 
         final URI uri = createKMSUri(getKMSUrl());
 
 
 
         // proxyuser client using kerberos credentials
 
         // proxyuser client using kerberos credentials
 
-        UserGroupInformation clientUgi = UserGroupInformation.
 
+        final UserGroupInformation clientUgi = UserGroupInformation.
 
             loginUserFromKeytabAndReturnUGI("client", keytab.getAbsolutePath());
 
             loginUserFromKeytabAndReturnUGI("client", keytab.getAbsolutePath());
 
         clientUgi.doAs(new PrivilegedExceptionAction<Void>() {
 
         clientUgi.doAs(new PrivilegedExceptionAction<Void>() {
 
           @Override
 
           @Override
 
@@ -1167,7 +1167,7 @@ public class TestKMS {
 
 
 
             // authorized proxyuser
 
             // authorized proxyuser
 
             UserGroupInformation fooUgi =
 
             UserGroupInformation fooUgi =
 
-                UserGroupInformation.createRemoteUser("foo");
 
+                UserGroupInformation.createProxyUser("foo", clientUgi);
 
             fooUgi.doAs(new PrivilegedExceptionAction<Void>() {
 
             fooUgi.doAs(new PrivilegedExceptionAction<Void>() {
 
               @Override
 
               @Override
 
               public Void run() throws Exception {
 
               public Void run() throws Exception {
 
@@ -1179,7 +1179,7 @@ public class TestKMS {
 
 
 
             // unauthorized proxyuser
 
             // unauthorized proxyuser
 
             UserGroupInformation foo1Ugi =
 
             UserGroupInformation foo1Ugi =
 
-                UserGroupInformation.createRemoteUser("foo1");
 
+                UserGroupInformation.createProxyUser("foo1", clientUgi);
 
             foo1Ugi.doAs(new PrivilegedExceptionAction<Void>() {
 
             foo1Ugi.doAs(new PrivilegedExceptionAction<Void>() {
 
               @Override
 
               @Override
 
               public Void run() throws Exception {
 
               public Void run() throws Exception {