Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.0
    • Fix Version/s: 2.5.0
    • Component/s: security
    • Labels:
      None
    • Target Version/s:

      Description

      We have a requirement to support large number of superusers. (users who impersonate as another user) (http://hadoop.apache.org/docs/r1.2.1/Secure_Impersonation.html)

      Currently each superuser needs to be defined in the core-site.xml via proxyuser settings. This will be cumbersome when there are 1000 entries.

      It seems useful to have a pluggable mechanism to specify proxy user settings with the current approach as the default.

      1. HADOOP-10448.patch
        20 kB
        Benoy Antony
      2. HADOOP-10448.patch
        29 kB
        Benoy Antony
      3. HADOOP-10448.patch
        33 kB
        Benoy Antony
      4. HADOOP-10448.patch
        33 kB
        Benoy Antony
      5. HADOOP-10448.patch
        34 kB
        Benoy Antony
      6. HADOOP-10448.patch
        33 kB
        Benoy Antony
      7. HADOOP-10448.patch
        33 kB
        Benoy Antony
      8. HADOOP-10448.patch
        42 kB
        Benoy Antony
      9. HADOOP-10448.patch
        57 kB
        Benoy Antony
      10. HADOOP-10448.patch
        48 kB
        Benoy Antony
      11. HADOOP-10448.patch
        48 kB
        Benoy Antony
      12. HADOOP-10448-branch2.patch
        50 kB
        Benoy Antony

        Issue Links

          Activity

          Hide
          Benoy Antony added a comment -

          Attaching the patch .
          The current ProxyUser logic is refactored from ProxyUsers to a new class ImpersonationProvider
          Custom implementations can be plugged in by extending ImpersonationProvider and plugging the implementation via new configuration property - hadoop.security.impersonation.provider.class

          Show
          Benoy Antony added a comment - Attaching the patch . The current ProxyUser logic is refactored from ProxyUsers to a new class ImpersonationProvider Custom implementations can be plugged in by extending ImpersonationProvider and plugging the implementation via new configuration property - hadoop.security.impersonation.provider.class
          Hide
          Benoy Antony added a comment -

          The above patch is for review . It also contains patches from HADOOP-10467 and HADOOP-10471

          Show
          Benoy Antony added a comment - The above patch is for review . It also contains patches from HADOOP-10467 and HADOOP-10471
          Hide
          Benoy Antony added a comment -

          Attaching a patch after rebasing based on changes by HADOOP-10498 and HADOOP-10499

          Show
          Benoy Antony added a comment - Attaching a patch after rebasing based on changes by HADOOP-10498 and HADOOP-10499
          Hide
          Benoy Antony added a comment -

          BTW , this patch includes HADOOP-10467.

          Show
          Benoy Antony added a comment - BTW , this patch includes HADOOP-10467 .
          Hide
          Benoy Antony added a comment -

          This patch also enables concurrency without using synchronized .

          Show
          Benoy Antony added a comment - This patch also enables concurrency without using synchronized .
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12640736/HADOOP-10448.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 2 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          -1 release audit. The applied patch generated 1 release audit warnings.

          -1 core tests. The patch failed these unit tests in hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs:

          org.apache.hadoop.hdfs.server.balancer.TestBalancerWithNodeGroup

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3807//testReport/
          Release audit warnings: https://builds.apache.org/job/PreCommit-HADOOP-Build/3807//artifact/trunk/patchprocess/patchReleaseAuditProblems.txt
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3807//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12640736/HADOOP-10448.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 2 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. -1 release audit . The applied patch generated 1 release audit warnings. -1 core tests . The patch failed these unit tests in hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs: org.apache.hadoop.hdfs.server.balancer.TestBalancerWithNodeGroup +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3807//testReport/ Release audit warnings: https://builds.apache.org/job/PreCommit-HADOOP-Build/3807//artifact/trunk/patchprocess/patchReleaseAuditProblems.txt Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3807//console This message is automatically generated.
          Hide
          Benoy Antony added a comment -

          Attaching the corrected patch

          Show
          Benoy Antony added a comment - Attaching the corrected patch
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12640852/HADOOP-10448.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 2 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3814//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3814//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12640852/HADOOP-10448.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 2 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs. +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3814//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3814//console This message is automatically generated.
          Hide
          Daryn Sharp added a comment -

          A few initial observations: Less synchronization is always good, removing all synchronization will cause race conditions accessing the non-thread safe data structures during a refresh. Does it make sense for get*ConfKey methods to be part of the api? That seems like an implementation detail of a conf based provider that is inapplicable to other abstract providers.

          While I like pluggable interfaces, I have concerns about this use case. The proxy checks must be very performant to avoid stalling the jetty threads or limited number of ipc readers. Stalling the readers is pretty serious! I'm just curious what alternate implementation you intend to use? Per the conf manageability concern, we use xml includes to break the proxy user config into a separate file.

          Show
          Daryn Sharp added a comment - A few initial observations: Less synchronization is always good, removing all synchronization will cause race conditions accessing the non-thread safe data structures during a refresh. Does it make sense for get*ConfKey methods to be part of the api? That seems like an implementation detail of a conf based provider that is inapplicable to other abstract providers. While I like pluggable interfaces, I have concerns about this use case. The proxy checks must be very performant to avoid stalling the jetty threads or limited number of ipc readers. Stalling the readers is pretty serious! I'm just curious what alternate implementation you intend to use? Per the conf manageability concern, we use xml includes to break the proxy user config into a separate file.
          Hide
          Benoy Antony added a comment -

          Thanks for the comments Daryn Sharp. I have made changes to the patch based on comments.

          Less synchronization is always good, removing all synchronization will cause race conditions accessing the non-thread safe data structures during a refresh.

          Though synchronization is removed, it is still safe for different threads to share the instance of ImpersonationProvider. The instance of ImpersonationProvider is effectively immutable and it is safely published by storing its reference in a volatile field.

          Does it make sense for get*ConfKey methods to be part of the api? That seems like an implementation detail of a conf based provider that is inapplicable to other abstract providers.

          I agree and have created an interface - ImpersonationProvider . This will be implemented by DefaultImpersonationProvider and the above methods are part of DefaultImpersonationProvider.

          I'm just curious what alternate implementation you intend to use?

          My requirement is to manage the proxyusers via group membership in addition to the config based proxyusers. Users belonging to group s_<username> can impersonate <username> .

          So the sample implementation is as follows:

          SudoGroupBasedImpersonationProvider.java
          /**
          * Custom class which allows impersonation if the superuser belongs to sudo group
          * The sudo groupname is determined based on the name of the user to be impersonated.
           *
           */
          
          public class SudoGroupBasedImpersonationProvider extends DefaultImpersonationProvider{
            
            public void authorize(UserGroupInformation user, 
                String remoteAddress) throws AuthorizationException {
              
              UserGroupInformation superUser = user.getRealUser();
              if (superUser == null) {
                return;
              }
              
              //form the group name as in s_PROXIEDUSER
              String groupName = "s_" + user.getShortUserName();
              
              //check if the any of the superuser's group matches the sudo group
              for (String group : superUser.getGroupNames()) {
                if (group.equals(groupName)){
                  //match found , authorize impersonation
                  return;
                }
              }
              //revert to default proxy logic
              super.authorize(user, remoteAddress);
            }
          
          }
          
          Show
          Benoy Antony added a comment - Thanks for the comments Daryn Sharp . I have made changes to the patch based on comments. Less synchronization is always good, removing all synchronization will cause race conditions accessing the non-thread safe data structures during a refresh. Though synchronization is removed, it is still safe for different threads to share the instance of ImpersonationProvider. The instance of ImpersonationProvider is effectively immutable and it is safely published by storing its reference in a volatile field. Does it make sense for get*ConfKey methods to be part of the api? That seems like an implementation detail of a conf based provider that is inapplicable to other abstract providers. I agree and have created an interface - ImpersonationProvider . This will be implemented by DefaultImpersonationProvider and the above methods are part of DefaultImpersonationProvider . I'm just curious what alternate implementation you intend to use? My requirement is to manage the proxyusers via group membership in addition to the config based proxyusers. Users belonging to group s_<username> can impersonate <username> . So the sample implementation is as follows: SudoGroupBasedImpersonationProvider.java /** * Custom class which allows impersonation if the superuser belongs to sudo group * The sudo groupname is determined based on the name of the user to be impersonated. * */ public class SudoGroupBasedImpersonationProvider extends DefaultImpersonationProvider{ public void authorize(UserGroupInformation user, String remoteAddress) throws AuthorizationException { UserGroupInformation superUser = user.getRealUser(); if (superUser == null ) { return ; } //form the group name as in s_PROXIEDUSER String groupName = "s_" + user.getShortUserName(); //check if the any of the superuser's group matches the sudo group for ( String group : superUser.getGroupNames()) { if (group.equals(groupName)){ //match found , authorize impersonation return ; } } //revert to default proxy logic super .authorize(user, remoteAddress); } }
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12641212/HADOOP-10448.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 2 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          -1 core tests. The patch failed these unit tests in hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs:

          org.apache.hadoop.hdfs.TestDistributedFileSystem

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3827//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3827//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12641212/HADOOP-10448.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 2 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. -1 core tests . The patch failed these unit tests in hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs: org.apache.hadoop.hdfs.TestDistributedFileSystem +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3827//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3827//console This message is automatically generated.
          Hide
          Benoy Antony added a comment -

          The test failure doesn't seem related.

          Show
          Benoy Antony added a comment - The test failure doesn't seem related.
          Hide
          Benoy Antony added a comment -

          Generating the patch with no prefix and minor changes.

          Show
          Benoy Antony added a comment - Generating the patch with no prefix and minor changes.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12641266/HADOOP-10448.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 2 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          -1 core tests. The patch failed these unit tests in hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs:

          org.apache.hadoop.metrics2.impl.TestMetricsSystemImpl
          org.apache.hadoop.hdfs.TestDistributedFileSystem

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3832//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3832//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12641266/HADOOP-10448.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 2 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. -1 core tests . The patch failed these unit tests in hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs: org.apache.hadoop.metrics2.impl.TestMetricsSystemImpl org.apache.hadoop.hdfs.TestDistributedFileSystem +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3832//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3832//console This message is automatically generated.
          Hide
          Daryn Sharp added a comment -

          Although the instance is immutable & volatile, no synchronization creates a concurrent race when refreshSuperUserGroupsConfiguration is initializing a new instance. The assignment occurs prior to the initialization.

          Show
          Daryn Sharp added a comment - Although the instance is immutable & volatile, no synchronization creates a concurrent race when refreshSuperUserGroupsConfiguration is initializing a new instance. The assignment occurs prior to the initialization.
          Hide
          Benoy Antony added a comment -

          From Java Concurrency in Practice:

          To publish an object safely, both the reference to the object and the object's state must be made visible to other threads at the same time. A properly constructed object can be safely published by:

          • Initializing an object reference from a static initializer;
          • Storing a reference to it into a volatile field or AtomicReference;
          • Storing a reference to it into a final field of a properly constructed object; or
          • Storing a reference to it into a field that is properly guarded by a lock.

          In this case instance of ImpersonationProvider is constructed and stored in a volatile field. So when other threads access the volatile field, they see properly constructed object.

          Show
          Benoy Antony added a comment - From Java Concurrency in Practice: To publish an object safely, both the reference to the object and the object's state must be made visible to other threads at the same time. A properly constructed object can be safely published by: Initializing an object reference from a static initializer; Storing a reference to it into a volatile field or AtomicReference; Storing a reference to it into a final field of a properly constructed object; or Storing a reference to it into a field that is properly guarded by a lock. In this case instance of ImpersonationProvider is constructed and stored in a volatile field. So when other threads access the volatile field, they see properly constructed object.
          Hide
          Benoy Antony added a comment -

          Attaching a newer patch which includes HADOOP-10566 and moves proxyserver feature out of ImpersonationProvider interface

          Show
          Benoy Antony added a comment - Attaching a newer patch which includes HADOOP-10566 and moves proxyserver feature out of ImpersonationProvider interface
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12643004/HADOOP-10448.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 3 new or modified test files.

          -1 javac. The patch appears to cause the build to fail.

          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3892//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12643004/HADOOP-10448.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 3 new or modified test files. -1 javac . The patch appears to cause the build to fail. Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3892//console This message is automatically generated.
          Hide
          Daryn Sharp added a comment -

          I think you're correct on the JMM. There was a discussion on DCL where the incomplete construction was brought up, although volative since JDK 5 appears to have fixed the problem. During the first access or a refresh, a surge of connections may cause multiple instances to be created (all but the last disposed after the check) to be created but I suppose that's a fringe event and the benefit outweighs it.

          I agree and have created an interface - ImpersonationProvider . This will be implemented by DefaultImpersonationProvider and the above methods are part of DefaultImpersonationProvider.

          Nice. My question was actually if the get*ConfKey methods need to remain in ProxyUsers and delegation directly to the DefaultImpersonationProvider? It seems they are only used by tests. Leaving them in would allow someone to use them. If they aren't using the default provider, it may be surprising that they are a no-op...

          Minor nit is the whitespace inconsistencies. There are cases of double spaces, no space between if and paren, no space between class and curly, spaces between method call and paren, etc.

          Show
          Daryn Sharp added a comment - I think you're correct on the JMM. There was a discussion on DCL where the incomplete construction was brought up, although volative since JDK 5 appears to have fixed the problem. During the first access or a refresh, a surge of connections may cause multiple instances to be created (all but the last disposed after the check) to be created but I suppose that's a fringe event and the benefit outweighs it. I agree and have created an interface - ImpersonationProvider . This will be implemented by DefaultImpersonationProvider and the above methods are part of DefaultImpersonationProvider. Nice. My question was actually if the get*ConfKey methods need to remain in ProxyUsers and delegation directly to the DefaultImpersonationProvider ? It seems they are only used by tests. Leaving them in would allow someone to use them. If they aren't using the default provider, it may be surprising that they are a no-op... Minor nit is the whitespace inconsistencies. There are cases of double spaces, no space between if and paren, no space between class and curly, spaces between method call and paren, etc.
          Hide
          Benoy Antony added a comment -

          My question was actually if the get*ConfKey methods need to remain in ProxyUsers and delegation directly to the DefaultImpersonationProvider? It seems they are only used by tests. Leaving them in would allow someone to use them. If they aren't using the default provider, it may be surprising that they are a no-op...

          I got it. I can remove them from ProxyUsers and modify all the references to directly invoke DefaultImpersonationProvider methods. That will make ProxyUsers cleaner.

          These are currently accessed only from tests in hadoop code. Unfortunately they are also accessed from TestHadoop20SAuthBridge.java in Hive. HBase does not use these methods. May be hive test can also be modified to DefaultImpersonationProvider directly.

          Show
          Benoy Antony added a comment - My question was actually if the get*ConfKey methods need to remain in ProxyUsers and delegation directly to the DefaultImpersonationProvider? It seems they are only used by tests. Leaving them in would allow someone to use them. If they aren't using the default provider, it may be surprising that they are a no-op... I got it. I can remove them from ProxyUsers and modify all the references to directly invoke DefaultImpersonationProvider methods. That will make ProxyUsers cleaner. These are currently accessed only from tests in hadoop code. Unfortunately they are also accessed from TestHadoop20SAuthBridge.java in Hive. HBase does not use these methods. May be hive test can also be modified to DefaultImpersonationProvider directly.
          Hide
          Benoy Antony added a comment -

          Attaching patch which moves all the implementation specific functions from ProxyUsers to DefaultImpersonationProvider .

          This patch also carries patches from HADOOP-10467, HADOOP-10471 and HADOOP-10566 which this feature is dependent upon.

          Show
          Benoy Antony added a comment - Attaching patch which moves all the implementation specific functions from ProxyUsers to DefaultImpersonationProvider . This patch also carries patches from HADOOP-10467 , HADOOP-10471 and HADOOP-10566 which this feature is dependent upon.
          Hide
          Benoy Antony added a comment -

          Resubmitting the patch to trigger a build

          Show
          Benoy Antony added a comment - Resubmitting the patch to trigger a build
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12643282/HADOOP-10448.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 11 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          -1 core tests. The patch failed these unit tests in hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs hadoop-hdfs-project/hadoop-hdfs-nfs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager:

          org.apache.hadoop.yarn.server.resourcemanager.TestClientRMService
          org.apache.hadoop.hdfs.server.balancer.TestBalancerWithNodeGroup

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3908//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3908//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12643282/HADOOP-10448.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 11 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. -1 core tests . The patch failed these unit tests in hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs hadoop-hdfs-project/hadoop-hdfs-nfs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager: org.apache.hadoop.yarn.server.resourcemanager.TestClientRMService org.apache.hadoop.hdfs.server.balancer.TestBalancerWithNodeGroup +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3908//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3908//console This message is automatically generated.
          Hide
          Benoy Antony added a comment -

          The two test failures are unrelated. One of them is being addressed through YARN-2018.

          Show
          Benoy Antony added a comment - The two test failures are unrelated. One of them is being addressed through YARN-2018 .
          Hide
          Suresh Srinivas added a comment -

          Daryn Sharp, do you have any further comments?

          Show
          Suresh Srinivas added a comment - Daryn Sharp , do you have any further comments?
          Hide
          Daryn Sharp added a comment -

          +1 Quickly scanned it and my prior comments appear to have been addressed. Nice work!

          Show
          Daryn Sharp added a comment - +1 Quickly scanned it and my prior comments appear to have been addressed. Nice work!
          Hide
          Benoy Antony added a comment -

          All the dependent patches are in trunk.
          Attaching the rebased patch.

          Suresh Srinivas, Could you please review and commit this ?

          Show
          Benoy Antony added a comment - All the dependent patches are in trunk. Attaching the rebased patch. Suresh Srinivas , Could you please review and commit this ?
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12646652/HADOOP-10448.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 10 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          -1 core tests. The patch failed these unit tests in hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs hadoop-hdfs-project/hadoop-hdfs-nfs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager:

          org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.TestFairScheduler

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3966//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3966//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12646652/HADOOP-10448.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 10 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. -1 core tests . The patch failed these unit tests in hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs hadoop-hdfs-project/hadoop-hdfs-nfs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager: org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.TestFairScheduler +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3966//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3966//console This message is automatically generated.
          Hide
          Arpit Agarwal added a comment -

          Hi Benoy Antony,

          During ImpersonationProvider initialization:

            public static void authorize(UserGroupInformation user, 
                String remoteAddress) throws AuthorizationException {
              if (sip==null) {
                refreshSuperUserGroupsConfiguration(); 
              }
          

          and in refreshSuperUserGroupsConfiguration

          public static void refreshSuperUserGroupsConfiguration(Configuration conf) {    
              sip = getInstance(conf);
          ...
          

          So the first few calls could be serviced by different ImpersonationProvider objects.

          Is this acceptable behavior? It should be documented if so.

          Show
          Arpit Agarwal added a comment - Hi Benoy Antony , During ImpersonationProvider initialization: public static void authorize(UserGroupInformation user, String remoteAddress) throws AuthorizationException { if (sip== null ) { refreshSuperUserGroupsConfiguration(); } and in refreshSuperUserGroupsConfiguration public static void refreshSuperUserGroupsConfiguration(Configuration conf) { sip = getInstance(conf); ... So the first few calls could be serviced by different ImpersonationProvider objects. Is this acceptable behavior? It should be documented if so.
          Hide
          Benoy Antony added a comment -

          Thanks for pointing it out, Arpit. Daryn also mentioned this .

          During the first access or a refresh, a surge of connections may cause multiple instances to be created (all but the last disposed after the check) to be created but I suppose that's a fringe event and the benefit outweighs it.

          I'll document this in the source code as well as in the security documentation. I'll post a patch soon.

          Show
          Benoy Antony added a comment - Thanks for pointing it out, Arpit. Daryn also mentioned this . During the first access or a refresh, a surge of connections may cause multiple instances to be created (all but the last disposed after the check) to be created but I suppose that's a fringe event and the benefit outweighs it. I'll document this in the source code as well as in the security documentation. I'll post a patch soon.
          Hide
          Benoy Antony added a comment -

          Added comments in the code to indicate the behavior.
          I am not sure if I need to indicate this in the security documentation as it is a detail. Multiple instances will be created anyway via the refresh command and older instances will be garbage collected.

          Show
          Benoy Antony added a comment - Added comments in the code to indicate the behavior. I am not sure if I need to indicate this in the security documentation as it is a detail. Multiple instances will be created anyway via the refresh command and older instances will be garbage collected.
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12647394/HADOOP-10448.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 10 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs hadoop-hdfs-project/hadoop-hdfs-nfs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3981//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3981//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12647394/HADOOP-10448.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 10 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs hadoop-hdfs-project/hadoop-hdfs-nfs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager. +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3981//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3981//console This message is automatically generated.
          Hide
          Arpit Agarwal added a comment -

          Thanks for adding that Benoy. The code comment is useful as a note to future maintainers that the behavior is intentional, since the 'almost singleton' behavior is confusing on first read.

          I will commit it on Jenkins +1.

          Show
          Arpit Agarwal added a comment - Thanks for adding that Benoy. The code comment is useful as a note to future maintainers that the behavior is intentional, since the 'almost singleton' behavior is confusing on first read. I will commit it on Jenkins +1.
          Hide
          Arpit Agarwal added a comment -

          I committed it to trunk but hit merge conflicts in branch-2. Benoy, could you please post a branch-2 patch?

          Show
          Arpit Agarwal added a comment - I committed it to trunk but hit merge conflicts in branch-2. Benoy, could you please post a branch-2 patch?
          Hide
          Hudson added a comment -

          SUCCESS: Integrated in Hadoop-trunk-Commit #5624 (See https://builds.apache.org/job/Hadoop-trunk-Commit/5624/)
          HADOOP-10448. Support pluggable mechanism to specify proxy user settings (Contributed by Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1598396)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ImpersonationProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/MiniRPCBenchmark.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/TestReaddir.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestWrites.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestRefreshUserMappings.java
          • /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMAdminService.java
          Show
          Hudson added a comment - SUCCESS: Integrated in Hadoop-trunk-Commit #5624 (See https://builds.apache.org/job/Hadoop-trunk-Commit/5624/ ) HADOOP-10448 . Support pluggable mechanism to specify proxy user settings (Contributed by Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1598396 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ImpersonationProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/MiniRPCBenchmark.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/TestReaddir.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestWrites.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestRefreshUserMappings.java /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMAdminService.java
          Hide
          Benoy Antony added a comment -

          Thanks you Arpit Agarwal for committing this patch to trunk.

          Attaching the patch for branch-2 . This also includes HADOOP-9968 which was committed only to trunk. That seems to be reason for merge conflicts for the two files - ProxyUsers.java and TestProxyUsers.java.

          Show
          Benoy Antony added a comment - Thanks you Arpit Agarwal for committing this patch to trunk. Attaching the patch for branch-2 . This also includes HADOOP-9968 which was committed only to trunk. That seems to be reason for merge conflicts for the two files - ProxyUsers.java and TestProxyUsers.java.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12647474/HADOOP-10448-branch2.patch
          against trunk revision .

          -1 patch. The patch command could not apply the patch.

          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3984//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12647474/HADOOP-10448-branch2.patch against trunk revision . -1 patch . The patch command could not apply the patch. Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3984//console This message is automatically generated.
          Hide
          Arpit Agarwal added a comment - - edited

          Merged to branch-2 along with HADOOP-9968 via r1598440 .

          Thanks for generating the merge patch Benoy Antony!

          Show
          Arpit Agarwal added a comment - - edited Merged to branch-2 along with HADOOP-9968 via r1598440 . Thanks for generating the merge patch Benoy Antony !
          Hide
          Hudson added a comment -

          FAILURE: Integrated in Hadoop-Yarn-trunk #568 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/568/)
          HADOOP-10448. Support pluggable mechanism to specify proxy user settings (Contributed by Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1598396)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ImpersonationProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/MiniRPCBenchmark.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/TestReaddir.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestWrites.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestRefreshUserMappings.java
          • /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMAdminService.java
          Show
          Hudson added a comment - FAILURE: Integrated in Hadoop-Yarn-trunk #568 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/568/ ) HADOOP-10448 . Support pluggable mechanism to specify proxy user settings (Contributed by Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1598396 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ImpersonationProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/MiniRPCBenchmark.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/TestReaddir.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestWrites.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestRefreshUserMappings.java /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMAdminService.java
          Hide
          Hudson added a comment -

          FAILURE: Integrated in Hadoop-Hdfs-trunk #1759 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1759/)
          HADOOP-10448. Support pluggable mechanism to specify proxy user settings (Contributed by Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1598396)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ImpersonationProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/MiniRPCBenchmark.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/TestReaddir.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestWrites.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestRefreshUserMappings.java
          • /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMAdminService.java
          Show
          Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk #1759 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1759/ ) HADOOP-10448 . Support pluggable mechanism to specify proxy user settings (Contributed by Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1598396 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ImpersonationProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/MiniRPCBenchmark.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/TestReaddir.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestWrites.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestRefreshUserMappings.java /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMAdminService.java
          Hide
          Hudson added a comment -

          FAILURE: Integrated in Hadoop-Mapreduce-trunk #1786 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1786/)
          HADOOP-10448. Support pluggable mechanism to specify proxy user settings (Contributed by Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1598396)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ImpersonationProvider.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/MiniRPCBenchmark.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/TestReaddir.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestWrites.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java
          • /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestRefreshUserMappings.java
          • /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMAdminService.java
          Show
          Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk #1786 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1786/ ) HADOOP-10448 . Support pluggable mechanism to specify proxy user settings (Contributed by Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1598396 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ImpersonationProvider.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/MiniRPCBenchmark.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/TestReaddir.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestWrites.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestRefreshUserMappings.java /hadoop/common/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestRMAdminService.java

            People

            • Assignee:
              Benoy Antony
              Reporter:
              Benoy Antony
            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development