Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10469 ProxyUser improvements
  3. HADOOP-10565

Support IP ranges (CIDR) in proxyuser.hosts

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 2.5.0
    • security
    • None
    • Reviewed

    Description

      In some use cases, there will be many hosts from which the user can impersonate.
      This requires specifying many ips in the XML configuration.
      It is cumbersome to specify and maintain long list of ips in proxyuser.hosts
      The problem can be solved if we enable proxyuser.hosts to accept ip ranges in CIDR format.

      In addition, the current ip authorization involve a liner scan of the ips and an attempt to do InetAddress.getByName() for each ip/host.

      It may be beneficial to group this functionality of ip authorization by looking up "ip addresses/host names/ip-ranges" into a separate class. This could be reused in other usecases which require similar functionality

      Attachments

        1. HADOOP-10565.06.patch
          27 kB
          Arpit Agarwal
        2. HADOOP-10565.patch
          27 kB
          Benoy Antony
        3. HADOOP-10565.patch
          27 kB
          Benoy Antony
        4. HADOOP-10565.patch
          28 kB
          Benoy Antony
        5. HADOOP-10565.patch
          28 kB
          Benoy Antony
        6. HADOOP-10565.patch
          28 kB
          Benoy Antony

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            benoyantony Benoy Antony
            benoyantony Benoy Antony
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment