Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11973

Ensure ZkDelegationTokenSecretManager namespace znodes get created with ACLs

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.6.0
    • Fix Version/s: 2.8.0, 2.7.1, 3.0.0-alpha1
    • Component/s: security
    • Labels:
      None

      Description

      I recently added an ACL Provider to the curator framework instance I pass to the ZkDelegationTokenSecretManager, and notice some strangeness around ACLs.

      I set: "zk-dt-secret-manager.znodeWorkingPath" to:
      "solr/zkdtsm"

      and notice that
      /solr/zkdtsm/
      /solr/zkdtsm/ZKDTSMRoot
      do not have ACLs

      but all the znodes under /solr/zkdtsm/ZKDTSMRoot have ACLs. From adding some logging, it looks like the ACLProvider is never called for /solr/zkdtsm and /solr/zkdtsm/ZKDTSMRoot. I don't know if that's a Curator or ZkDelegationTokenSecretManager issue.

        Attachments

        1. HADOOP-11973.patch
          6 kB
          Gregory Chanan
        2. HADOOP-11973v2.patch
          6 kB
          Gregory Chanan
        3. HADOOP-11973v3.patch
          6 kB
          Gregory Chanan

        Issue Links

          Activity

            People

            • Assignee:
              gchanan Gregory Chanan
              Reporter:
              gchanan Gregory Chanan

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment