[HADOOP-10776] Open up already widely-used APIs for delegation-token fetching & renewal to ecosystem projects - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.8.0, 3.0.0-alpha2
Component/s: None
Labels:
None

Target Version/s:

2.8.0

Description

Storm would like to be able to fetch delegation tokens and forward them on to running topologies so that they can access HDFS (~~STORM-346~~). But to do so we need to open up access to some of APIs.

Most notably FileSystem.addDelegationTokens(), Token.renew, Credentials.getAllTokens, and UserGroupInformation but there may be others.

At a minimum adding in storm to the list of allowed API users. But ideally making them public. Restricting access to such important functionality to just MR really makes secure HDFS inaccessible to anything except MR, or tools that reuse MR input formats.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-10776-20160822.txt
22/Aug/16 20:01
7 kB
Vinod Kumar Vavilapalli
HADOOP-10776-branch-2-002.patch
24/Nov/16 13:59
8 kB
Steve Loughran
HADOOP-10776-branch-2-003.patch
24/Nov/16 16:32
10 kB
Steve Loughran

Issue Links

contains

HADOOP-12913 Drop the @LimitedPrivate maker off UGI, as its clearly untrue

Resolved

is depended upon by

HADOOP-12649 Improve Kerberos diagnostics and failure handling

Open

Activity

People

Assignee:: Vinod Kumar Vavilapalli

Reporter:: Robert Joseph Evans

Votes:: 1 Vote for this issue

Watchers:: 13 Start watching this issue

Dates

Created:: 02/Jul/14 17:46

Updated:: 29/Nov/16 01:57

Resolved:: 24/Nov/16 17:57