Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11825

Move timelineclient Jersey+Kerberos+UGI support into a public implementation

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.7.0
    • Fix Version/s: None
    • Component/s: net
    • Labels:
      None

      Description

      Having a SPNEGO authed Jersey REST client is a pre-requisite for REST operations against YARN applications and any other services in the Hadoop cluster which use Kerberos to auth, from code that uses UGI to manage identity.

      There's a multiple implementations of UGI+Http bindings in the code, with org.apache.hadoop.yarn.client.api.impl.TimelineClientImpl being the one which provides Jersey client integration, and:

      1. retry
      2. delegation tokens
      3. doAs() support

      It does all of this intermixed with the rest of the code, and is tagged as private.

      I propose pulling the jersey support out into a hadoop common .net class, tagging as public+evolving, to act as the foundation for any app that needs to use UGI+SPNEGO with jersey

        Attachments

          Activity

            People

            • Assignee:
              asuresh Arun Suresh
              Reporter:
              stevel@apache.org Steve Loughran
            • Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:

                Time Tracking

                Estimated:
                Original Estimate - 4h
                4h
                Remaining:
                Remaining Estimate - 4h
                4h
                Logged:
                Time Spent - Not Specified
                Not Specified