Affects Version/s: 2.7.0
Fix Version/s: None
Having a SPNEGO authed Jersey REST client is a pre-requisite for REST operations against YARN applications and any other services in the Hadoop cluster which use Kerberos to auth, from code that uses UGI to manage identity.
There's a multiple implementations of UGI+Http bindings in the code, with org.apache.hadoop.yarn.client.api.impl.TimelineClientImpl being the one which provides Jersey client integration, and:
- delegation tokens
- doAs() support
It does all of this intermixed with the rest of the code, and is tagged as private.
I propose pulling the jersey support out into a hadoop common .net class, tagging as public+evolving, to act as the foundation for any app that needs to use UGI+SPNEGO with jersey