Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11973

Ensure ZkDelegationTokenSecretManager namespace znodes get created with ACLs

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.6.0
    • Fix Version/s: 2.8.0, 2.7.1, 3.0.0-alpha1
    • Component/s: security
    • Labels:
      None

      Description

      I recently added an ACL Provider to the curator framework instance I pass to the ZkDelegationTokenSecretManager, and notice some strangeness around ACLs.

      I set: "zk-dt-secret-manager.znodeWorkingPath" to:
      "solr/zkdtsm"

      and notice that
      /solr/zkdtsm/
      /solr/zkdtsm/ZKDTSMRoot
      do not have ACLs

      but all the znodes under /solr/zkdtsm/ZKDTSMRoot have ACLs. From adding some logging, it looks like the ACLProvider is never called for /solr/zkdtsm and /solr/zkdtsm/ZKDTSMRoot. I don't know if that's a Curator or ZkDelegationTokenSecretManager issue.

        Attachments

        1. HADOOP-11973.patch
          6 kB
          Gregory Chanan
        2. HADOOP-11973v2.patch
          6 kB
          Gregory Chanan
        3. HADOOP-11973v3.patch
          6 kB
          Gregory Chanan

          Issue Links

            Activity

              People

              • Assignee:
                gchanan Gregory Chanan
                Reporter:
                gchanan Gregory Chanan
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: