[HADOOP-11973] Ensure ZkDelegationTokenSecretManager namespace znodes get created with ACLs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.6.0
Fix Version/s: 2.8.0, 2.7.1, 3.0.0-alpha1
Component/s: security
Labels:
None

Description

I recently added an ACL Provider to the curator framework instance I pass to the ZkDelegationTokenSecretManager, and notice some strangeness around ACLs.

I set: "zk-dt-secret-manager.znodeWorkingPath" to:
"solr/zkdtsm"

and notice that
/solr/zkdtsm/
/solr/zkdtsm/ZKDTSMRoot
do not have ACLs

but all the znodes under /solr/zkdtsm/ZKDTSMRoot have ACLs. From adding some logging, it looks like the ACLProvider is never called for /solr/zkdtsm and /solr/zkdtsm/ZKDTSMRoot. I don't know if that's a Curator or ZkDelegationTokenSecretManager issue.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-11973v3.patch
19/May/15 18:32
6 kB
Gregory Chanan
HADOOP-11973v2.patch
19/May/15 00:18
6 kB
Gregory Chanan
HADOOP-11973.patch
18/May/15 22:48
6 kB
Gregory Chanan

Issue Links

is related to

CURATOR-221 ACLProvider is not respected on parent nodes after calling CuratorFramework.usingNamespace

Open

Activity

People

Assignee:: Gregory Chanan

Reporter:: Gregory Chanan

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 15/May/15 01:39

Updated:: 06/Jan/17 01:32

Resolved:: 19/May/15 18:40