Hadoop Common
  1. Hadoop Common
  2. HADOOP-10469 ProxyUser improvements
  3. HADOOP-10467

Enable proxyuser specification to support list of users in addition to list of groups.

    Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5.0
    • Component/s: security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      Today , the proxy user specification supports only list of groups. In some cases, it is useful to specify the list of users in addition to list of groups.

      1. HADOOP-10467.patch
        14 kB
        Benoy Antony
      2. HADOOP-10467.patch
        14 kB
        Benoy Antony
      3. HADOOP-10467.patch
        15 kB
        Benoy Antony
      4. HADOOP-10467.patch
        16 kB
        Benoy Antony
      5. HADOOP-10467.patch
        11 kB
        Benoy Antony
      6. HADOOP-10467.patch
        11 kB
        Benoy Antony
      7. HADOOP-10467.patch
        11 kB
        Benoy Antony
      8. HADOOP-10467.patch
        12 kB
        Benoy Antony
      9. HADOOP-10467.patch
        12 kB
        Benoy Antony

        Issue Links

          Activity

          Hide
          Benoy Antony added a comment -

          A new configuration property - hadoop.proxyuser.<superusername>.usergroups is added. This accepts values of the following format : user1,user2spacegroup1,group2. The special value of * implies anyone.
          The current property hadoop.proxyuser.<superusername>.groups is maintained. The allowed groups will be the union of groups specified via .usergroups and .groups.

          Attaching the patch.

          Show
          Benoy Antony added a comment - A new configuration property - hadoop.proxyuser.<superusername>.usergroups is added. This accepts values of the following format : user1,user2spacegroup1,group2. The special value of * implies anyone. The current property hadoop.proxyuser.<superusername>.groups is maintained. The allowed groups will be the union of groups specified via .usergroups and .groups. Attaching the patch.
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12639042/HADOOP-10467.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 1 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3751//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3751//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12639042/HADOOP-10467.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 1 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common. +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3751//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3751//console This message is automatically generated.
          Hide
          Benoy Antony added a comment -

          Attaching the patch which reduces the visibility of newly introduced constant.

          Show
          Benoy Antony added a comment - Attaching the patch which reduces the visibility of newly introduced constant.
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12639211/HADOOP-10467.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 1 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3758//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3758//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12639211/HADOOP-10467.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 1 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common. +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3758//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3758//console This message is automatically generated.
          Hide
          Daryn Sharp added a comment -

          Would you please elaborate on the use case and how the current config is insufficient? Please include a conf snippet that demonstrates how this change supports the new use case.

          From a cursory glance at the code, cacheGroupsAdd appears to be a no-op for most group providers so I don't think you can rely on that for initialization.

          Show
          Daryn Sharp added a comment - Would you please elaborate on the use case and how the current config is insufficient? Please include a conf snippet that demonstrates how this change supports the new use case. From a cursory glance at the code, cacheGroupsAdd appears to be a no-op for most group providers so I don't think you can rely on that for initialization.
          Hide
          Benoy Antony added a comment -

          In some cases, it takes a longer time to add users to groups. In those situations, the ability to specify usernames in the proxyuserconfiguration will enable administrators to quickly unblock users. That's the use case.
          Similar ability is available in yarn queue acls.

          An implementation choice would have been to add a separate property for users alone. But to maintain parity with queue acls , I added usergroups which can accept users and groups. If maintaining parity with Queue ACL specification is not important, I can create a new property - users instead of usergroups.

          The syntax is user1,user2SPACEgroup1,group2 (Same as in queue acls). Since these properties are per user, they are not in core-default.xml. I can specify the syntax and new configuration in the release notes. Would that be appropriate ?

          Show
          Benoy Antony added a comment - In some cases, it takes a longer time to add users to groups. In those situations, the ability to specify usernames in the proxyuserconfiguration will enable administrators to quickly unblock users. That's the use case. Similar ability is available in yarn queue acls. An implementation choice would have been to add a separate property for users alone. But to maintain parity with queue acls , I added usergroups which can accept users and groups. If maintaining parity with Queue ACL specification is not important, I can create a new property - users instead of usergroups. The syntax is user1,user2SPACEgroup1,group2 (Same as in queue acls). Since these properties are per user, they are not in core-default.xml. I can specify the syntax and new configuration in the release notes. Would that be appropriate ?
          Hide
          Benoy Antony added a comment -

          This patch does not rely on cacheGroupsAdd . Invocation of cacheGroupsAdd was already existing to initialize NetGroups.

          I have modified the patch so that code to initialize groups s sharec for usergoups/groups.

          Show
          Benoy Antony added a comment - This patch does not rely on cacheGroupsAdd . Invocation of cacheGroupsAdd was already existing to initialize NetGroups. I have modified the patch so that code to initialize groups s sharec for usergoups/groups.
          Hide
          Benoy Antony added a comment -

          Modified hadoop-common-project/hadoop-common/src/site/apt/SecureMode.apt.vm to add documentation and the syntax of the value.

          Show
          Benoy Antony added a comment - Modified hadoop-common-project/hadoop-common/src/site/apt/SecureMode.apt.vm to add documentation and the syntax of the value.
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12640347/HADOOP-10467.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 1 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3800//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3800//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12640347/HADOOP-10467.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 1 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common. +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3800//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3800//console This message is automatically generated.
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12640347/HADOOP-10467.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 1 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3801//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3801//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12640347/HADOOP-10467.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 1 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common. +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3801//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3801//console This message is automatically generated.
          Hide
          Daryn Sharp added a comment -

          I understand now. Personally I'd find it more intuitive to have a separate key for a proxy user's allowed users. It avoids the redundancy of two ways to configure groups. More importantly I've never liked the queue acl config. Requiring a blank space at the beginning of a config to signify no users is not intuitive to the ordinary user... Unless anyone else has a strong opinion, I'd go with two keys.

          Show
          Daryn Sharp added a comment - I understand now. Personally I'd find it more intuitive to have a separate key for a proxy user's allowed users. It avoids the redundancy of two ways to configure groups. More importantly I've never liked the queue acl config. Requiring a blank space at the beginning of a config to signify no users is not intuitive to the ordinary user... Unless anyone else has a strong opinion, I'd go with two keys.
          Hide
          Benoy Antony added a comment -

          Thanks for the comments, Daryn Sharp. The attached patch supports a comma separated list of users which a superuser can impersonate.

          Show
          Benoy Antony added a comment - Thanks for the comments, Daryn Sharp . The attached patch supports a comma separated list of users which a superuser can impersonate.
          Hide
          Benoy Antony added a comment -

          Attaching the patch with the correct documentation

          Show
          Benoy Antony added a comment - Attaching the patch with the correct documentation
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12641206/HADOOP-10467.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 1 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3829//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3829//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12641206/HADOOP-10467.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 1 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common. +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3829//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3829//console This message is automatically generated.
          Hide
          Benoy Antony added a comment -

          Rebased the patch with trunk.

          Show
          Benoy Antony added a comment - Rebased the patch with trunk.
          Hide
          Benoy Antony added a comment -

          A new configuration property - hadoop.proxyuser.<superusername>.users is added.
          This accepts values of the following format : user1,user2 .
          The superuser will be able to impersonate the list of users specified via this configuration property. This is in addition to the list of groups (specified via existing configuration property hadoop.proxyuser.<superusername>.groups)
          The security documentation is also updated to reflect this new configuration.

          Show
          Benoy Antony added a comment - A new configuration property - hadoop.proxyuser.<superusername>.users is added. This accepts values of the following format : user1,user2 . The superuser will be able to impersonate the list of users specified via this configuration property. This is in addition to the list of groups (specified via existing configuration property hadoop.proxyuser.<superusername>.groups) The security documentation is also updated to reflect this new configuration.
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12641948/HADOOP-10467.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 1 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3852//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3852//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12641948/HADOOP-10467.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 1 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common. +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3852//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3852//console This message is automatically generated.
          Hide
          Benoy Antony added a comment -

          Haohui Mai , could you please review this patch ?
          I believe , I have already addressed comments from Daryn Sharp.

          Show
          Benoy Antony added a comment - Haohui Mai , could you please review this patch ? I believe , I have already addressed comments from Daryn Sharp .
          Hide
          Arpit Agarwal added a comment -

          I will review this later today.

          Show
          Arpit Agarwal added a comment - I will review this later today.
          Hide
          Arpit Agarwal added a comment - - edited

          My comments, mostly documentation and coding style.

          1. SecureMode.apt.vm: I think the following sentence is not quite accurate.
              You can configure proxy user using properties
              <<<hadoop.proxyuser.${superuser}.hosts>>> , <<<hadoop.proxyuser.${superuser}.groups>>>
              and <<<hadoop.proxyuser.${superuser}.users>>>.
            

            Instead it should be

              You can configure proxy user using properties
              <<<hadoop.proxyuser.${superuser}.hosts>>> along with either or both of <<<hadoop.proxyuser.${superuser}.groups>>>
              and <<<hadoop.proxyuser.${superuser}.users>>>.
            

            What do you think?

          2. SecureMode.apt.vm: could you also add an example for hadoop.proxyuser.oozie.users?
          3. SecureMode.apt.vm: obsolete text?
              It is possible to specify list of users and groups 
              using the property <<<hadoop.proxyuser.${superuser}.usergroups>>>.
              The syntax is user1,user2SPACEgroup1,group2
            
          4. Coding convention is not followed consistently in ProxyUsers.java. e.g. need space after )
                if (!userAuthorized){
            
          1. Unnecessary edit to comment in refreshSuperUserGroupsConfiguration. I guess it was relevant in the earlier version of the patch.
          2. Comments in testWildcardUser should probably say 'user' instead of 'group'?
            Looks fine otherwise.
          Show
          Arpit Agarwal added a comment - - edited My comments, mostly documentation and coding style. SecureMode.apt.vm: I think the following sentence is not quite accurate. You can configure proxy user using properties <<<hadoop.proxyuser.${superuser}.hosts>>> , <<<hadoop.proxyuser.${superuser}.groups>>> and <<<hadoop.proxyuser.${superuser}.users>>>. Instead it should be You can configure proxy user using properties <<<hadoop.proxyuser.${superuser}.hosts>>> along with either or both of <<<hadoop.proxyuser.${superuser}.groups>>> and <<<hadoop.proxyuser.${superuser}.users>>>. What do you think? SecureMode.apt.vm: could you also add an example for hadoop.proxyuser.oozie.users ? SecureMode.apt.vm: obsolete text? It is possible to specify list of users and groups using the property <<<hadoop.proxyuser.${superuser}.usergroups>>>. The syntax is user1,user2SPACEgroup1,group2 Coding convention is not followed consistently in ProxyUsers.java. e.g. need space after ) if (!userAuthorized){ Unnecessary edit to comment in refreshSuperUserGroupsConfiguration . I guess it was relevant in the earlier version of the patch. Comments in testWildcardUser should probably say 'user' instead of 'group'? Looks fine otherwise.
          Hide
          Benoy Antony added a comment -

          Thanks for the review Arpit Agarwal. Attaching the patch addressing all the comments except the edited comment for refreshSuperUserGroupsConfiguration . This reflects the new users property for proxyuser config.

          Show
          Benoy Antony added a comment - Thanks for the review Arpit Agarwal . Attaching the patch addressing all the comments except the edited comment for refreshSuperUserGroupsConfiguration . This reflects the new users property for proxyuser config.
          Hide
          Arpit Agarwal added a comment -

          +1 pending Jenkins. Thanks for addressing the feedback.

          Daryn Sharp does the latest patch look okay to you?

          Show
          Arpit Agarwal added a comment - +1 pending Jenkins. Thanks for addressing the feedback. Daryn Sharp does the latest patch look okay to you?
          Hide
          Benoy Antony added a comment -

          Attaching a patch which removes the the updates on the comments for getProxySuperuserGroupConfKey. Very minor change.

          Show
          Benoy Antony added a comment - Attaching a patch which removes the the updates on the comments for getProxySuperuserGroupConfKey . Very minor change.
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12643774/HADOOP-10467.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 1 new or modified test files.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. There were no new javadoc warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3925//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3925//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12643774/HADOOP-10467.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 1 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common. +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/3925//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3925//console This message is automatically generated.
          Hide
          Arpit Agarwal added a comment -

          I intend to commit this late evening if there are no further comments.

          Show
          Arpit Agarwal added a comment - I intend to commit this late evening if there are no further comments.
          Hide
          Arpit Agarwal added a comment -

          +1

          I committed to trunk and branch-2. Thanks for the contribution Benoy Antony.

          Show
          Arpit Agarwal added a comment - +1 I committed to trunk and branch-2. Thanks for the contribution Benoy Antony .
          Hide
          Hudson added a comment -

          SUCCESS: Integrated in Hadoop-trunk-Commit #5596 (See https://builds.apache.org/job/Hadoop-trunk-Commit/5596/)
          HADOOP-10467. Enable proxyuser specification to support list of users in addition to list of groups. (Contributed bt Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1593162)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/SecureMode.apt.vm
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
          Show
          Hudson added a comment - SUCCESS: Integrated in Hadoop-trunk-Commit #5596 (See https://builds.apache.org/job/Hadoop-trunk-Commit/5596/ ) HADOOP-10467 . Enable proxyuser specification to support list of users in addition to list of groups. (Contributed bt Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1593162 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/SecureMode.apt.vm /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
          Hide
          Hudson added a comment -

          FAILURE: Integrated in Hadoop-Hdfs-trunk #1751 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1751/)
          HADOOP-10467. Enable proxyuser specification to support list of users in addition to list of groups. (Contributed bt Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1593162)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/SecureMode.apt.vm
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
          Show
          Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk #1751 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1751/ ) HADOOP-10467 . Enable proxyuser specification to support list of users in addition to list of groups. (Contributed bt Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1593162 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/SecureMode.apt.vm /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
          Hide
          Hudson added a comment -

          FAILURE: Integrated in Hadoop-Mapreduce-trunk #1777 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1777/)
          HADOOP-10467. Enable proxyuser specification to support list of users in addition to list of groups. (Contributed bt Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1593162)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/SecureMode.apt.vm
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
          Show
          Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk #1777 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1777/ ) HADOOP-10467 . Enable proxyuser specification to support list of users in addition to list of groups. (Contributed bt Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1593162 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/SecureMode.apt.vm /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
          Hide
          Hudson added a comment -

          SUCCESS: Integrated in Hadoop-Yarn-trunk #560 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/560/)
          HADOOP-10467. Enable proxyuser specification to support list of users in addition to list of groups. (Contributed bt Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1593162)

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/SecureMode.apt.vm
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
          Show
          Hudson added a comment - SUCCESS: Integrated in Hadoop-Yarn-trunk #560 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/560/ ) HADOOP-10467 . Enable proxyuser specification to support list of users in addition to list of groups. (Contributed bt Benoy Antony) (arp: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1593162 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/site/apt/SecureMode.apt.vm /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java

            People

            • Assignee:
              Benoy Antony
              Reporter:
              Benoy Antony
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development