Hadoop Common
  1. Hadoop Common
  2. HADOOP-6526

Need mapping from long principal names to local OS user names

    Details

    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      We need a configurable mapping from full user names (eg. omalley@APACHE.ORG) to local user names (eg. omalley). For many organizations it is sufficient to just use the prefix, however, in the case of shared clusters there may be duplicated prefixes. A configurable mapping will let administrators resolve the issue.

      1. HADOOP-6526-y20.4.patch
        23 kB
        Jitendra Nath Pandey
      2. HADOOP-6526-y20.2.patch
        29 kB
        Jitendra Nath Pandey
      3. HADOOP-6526-3.patch
        24 kB
        Boris Shkolnik
      4. HADOOP-6526-2.patch
        24 kB
        Boris Shkolnik
      5. HADOOP-6526-1.patch
        24 kB
        Boris Shkolnik
      6. HADOOP-6526.patch
        22 kB
        Boris Shkolnik
      7. c-6526-y20.patch
        20 kB
        Owen O'Malley
      8. c-6526-y20.patch
        20 kB
        Owen O'Malley
      9. c-6526.patch
        29 kB
        Owen O'Malley
      10. 3595485.patch
        2 kB
        Konstantin Boudnik

        Issue Links

          Activity

          Owen O'Malley created issue -
          Hide
          Owen O'Malley added a comment - - edited

          Currently, UGI has getShortUserName which truncates the user name at the first '@' or '/'. I propose we replace that with a getLocalName that applies the configured mapping to create the local user name.

          The administrator creates a file (user.mapping) with one rule per a line, the rules are attempted in the order listed in the file, and only the first rules that applies is used. '*' is a wildcard that matches 0 or more characters other than '/' and '@'. The value that matched the nth '*' is available to the rules as \n.

          The translation fails with an exception if the resulting name contains either '/' or '@'.

          The default rules would be:

          */*@* -> \1
          *@* -> \1
          

          which just keeps the prefix of each principal.

          There will be a command line tool that you can invoke to translate a list of long names into their local equivalents.

          Show
          Owen O'Malley added a comment - - edited Currently, UGI has getShortUserName which truncates the user name at the first '@' or '/'. I propose we replace that with a getLocalName that applies the configured mapping to create the local user name. The administrator creates a file (user.mapping) with one rule per a line, the rules are attempted in the order listed in the file, and only the first rules that applies is used. '*' is a wildcard that matches 0 or more characters other than '/' and '@'. The value that matched the nth '*' is available to the rules as \n. The translation fails with an exception if the resulting name contains either '/' or '@'. The default rules would be: */*@* -> \1 *@* -> \1 which just keeps the prefix of each principal. There will be a command line tool that you can invoke to translate a list of long names into their local equivalents.
          Owen O'Malley made changes -
          Field Original Value New Value
          Component/s security [ 12312526 ]
          Hide
          Allen Wittenauer added a comment -

          Solaris provides gsscred at the OS level. I'm sure other OSes provide similar.

          Show
          Allen Wittenauer added a comment - Solaris provides gsscred at the OS level. I'm sure other OSes provide similar.
          Hide
          Owen O'Malley added a comment -

          The annoying thing is that Kerberos has a function (and configuration) that does it, but doesn't export the API or CLI to do it. sigh

          If someone has a cross-platform solution short of reimplmenting it ourselves, I'd love to hear it.

          Show
          Owen O'Malley added a comment - The annoying thing is that Kerberos has a function (and configuration) that does it, but doesn't export the API or CLI to do it. sigh If someone has a cross-platform solution short of reimplmenting it ourselves, I'd love to hear it.
          Jakob Homan made changes -
          Link This issue is related to HDFS-938 [ HDFS-938 ]
          Hide
          Owen O'Malley added a comment -

          Ok, after some investigation I wasn't happy.
          1. The Java Kerberos library doesn't export their auth_to_local rule translation.
          2. The Java Kerberos library has bugs (ie. simplifications) that mean they skip over the auth_to_local rules in their parsing of the Kerberos config file.

          So here is some code where you can cut and paste the rules from your krb5.conf's auth_to_local rules into core-site.xml. The downside is that the best documentation for those rules are in an_to_ln.c. sigh

          So the default rule is just "DEFAULT" which takes all principals in your default domain to their first component. "omalley@APACHE.ORG" and "omalley/admin@APACHE.ORG" to "omalley", if your default domain is APACHE.ORG.

          The translations rules have 3 sections:
          <base><filter><substitution>

          The base consists of a number that represents the number of components in the principal name excluding the realm and the pattern for building the name from the sections of the principal name. The base uses $0 to mean the realm, $1 to mean the first component and $2 to mean the second component.

          [1:$1@$0] translates "omalley@APACHE.ORG" to "omalley@APACHE.ORG"
          [2:$1] translates "omalley/admin@APACHE.ORG" to "omalley"
          [2:$1%$2] translates "omalley/admin@APACHE.ORG" to "omalley%admin"

          The filter is a regex in parens that must the generated string for the rule to apply.

          "(.*%admin)" will take any string that ends in "%admin"
          "(.*@ACME.COM)" will take any string that ends in "@ACME.COM"

          Finally, the substitution is a sed rule to translate a regex into a fixed string.

          "s/@ACME\.COM//" removes the first instance of "@ACME.COM".
          "s/@[A-Z]*\.COM//" removes the first instance of "@" followed by a name followed by ".COM".
          "s/X/Y/g" replaces all of the "X" in the name with "Y"

          So, if your default realm was APACHE.ORG, but you also wanted to take all principals from ACME.COM that had a single component "joe@ACME.COM", you'd do:

          RULE:[1:$1@$0](.@ACME.ORG)s/@.//
          DEFAULT

          To also translate the names with a second component, you'd make the rules:

          RULE:[1:$1@$0](.@ACME.ORG)s/@.//
          RULE:[2:$1@$0](.@ACME.ORG)s/@.//
          DEFAULT

          If you want to treat all principals from APACHE.ORG with /admin as "admin", your rules would look like:

          RULE[2:$1%$2@$0](.%admin@APACHE.ORG)s/./admin/
          DEFAULT

          Show
          Owen O'Malley added a comment - Ok, after some investigation I wasn't happy. 1. The Java Kerberos library doesn't export their auth_to_local rule translation. 2. The Java Kerberos library has bugs (ie. simplifications) that mean they skip over the auth_to_local rules in their parsing of the Kerberos config file. So here is some code where you can cut and paste the rules from your krb5.conf's auth_to_local rules into core-site.xml. The downside is that the best documentation for those rules are in an_to_ln.c. sigh So the default rule is just "DEFAULT" which takes all principals in your default domain to their first component. "omalley@APACHE.ORG" and "omalley/admin@APACHE.ORG" to "omalley", if your default domain is APACHE.ORG. The translations rules have 3 sections: <base><filter><substitution> The base consists of a number that represents the number of components in the principal name excluding the realm and the pattern for building the name from the sections of the principal name. The base uses $0 to mean the realm, $1 to mean the first component and $2 to mean the second component. [1:$1@$0] translates "omalley@APACHE.ORG" to "omalley@APACHE.ORG" [2:$1] translates "omalley/admin@APACHE.ORG" to "omalley" [2:$1%$2] translates "omalley/admin@APACHE.ORG" to "omalley%admin" The filter is a regex in parens that must the generated string for the rule to apply. "(.*%admin)" will take any string that ends in "%admin" "(.*@ACME.COM)" will take any string that ends in "@ACME.COM" Finally, the substitution is a sed rule to translate a regex into a fixed string. "s/@ACME\.COM//" removes the first instance of "@ACME.COM". "s/@ [A-Z] *\.COM//" removes the first instance of "@" followed by a name followed by ".COM". "s/X/Y/g" replaces all of the "X" in the name with "Y" So, if your default realm was APACHE.ORG, but you also wanted to take all principals from ACME.COM that had a single component "joe@ACME.COM", you'd do: RULE: [1:$1@$0] (. @ACME.ORG)s/@. // DEFAULT To also translate the names with a second component, you'd make the rules: RULE: [1:$1@$0] (. @ACME.ORG)s/@. // RULE: [2:$1@$0] (. @ACME.ORG)s/@. // DEFAULT If you want to treat all principals from APACHE.ORG with /admin as "admin", your rules would look like: RULE [2:$1%$2@$0] (. %admin@APACHE.ORG)s/. /admin/ DEFAULT
          Owen O'Malley made changes -
          Attachment c-6526.patch [ 12438148 ]
          Hide
          Allen Wittenauer added a comment -

          I wonder if it would be worthwhile talking to the ApacheDS folks. Maybe their stack can deal with all of these weird-isms.

          Show
          Allen Wittenauer added a comment - I wonder if it would be worthwhile talking to the ApacheDS folks. Maybe their stack can deal with all of these weird-isms.
          Hide
          Jitendra Nath Pandey added a comment -

          Patch for hadoop 20 uploaded.

          Several tests and code at other places too had to be changed because createRemoteUser and similar APIs have been changed to throw IOException. This patch would be simiplified if those APIs throw a RuntimeException instead of IOException. Do we really need to throw IOException?

          Show
          Jitendra Nath Pandey added a comment - Patch for hadoop 20 uploaded. Several tests and code at other places too had to be changed because createRemoteUser and similar APIs have been changed to throw IOException. This patch would be simiplified if those APIs throw a RuntimeException instead of IOException. Do we really need to throw IOException?
          Jitendra Nath Pandey made changes -
          Attachment HADOOP-6526-y20.2.patch [ 12438997 ]
          Hide
          Owen O'Malley added a comment -

          This patch is for yahoo 20s, so shouldn't be committed. It modifies the previous patch by catching the IOExceptions and making them runtime exceptions.

          Show
          Owen O'Malley added a comment - This patch is for yahoo 20s, so shouldn't be committed. It modifies the previous patch by catching the IOExceptions and making them runtime exceptions.
          Owen O'Malley made changes -
          Attachment c-6526-y20.patch [ 12439049 ]
          Hide
          Owen O'Malley added a comment -

          An updated patch that ignores short names.

          Show
          Owen O'Malley added a comment - An updated patch that ignores short names.
          Owen O'Malley made changes -
          Attachment c-6526-y20.patch [ 12439076 ]
          Hide
          Jitendra Nath Pandey added a comment -

          New patch for hadoop 20.
          This patch fixes a few unit tests which were failing in the absence of mapping rules.

          Show
          Jitendra Nath Pandey added a comment - New patch for hadoop 20. This patch fixes a few unit tests which were failing in the absence of mapping rules.
          Jitendra Nath Pandey made changes -
          Attachment HADOOP-6526-y20.4.patch [ 12439139 ]
          Hide
          Konstantin Boudnik added a comment -

          Latest patch introduces src/test/krb5.conf which is needed by a couple of tests only. The use of this configuration file for some tests is enabled by the property java.security.krb5.conf. Kerberos has a bug in the implementation of the logic around this property (see http://bugs.sun.com/view_bug.do?bug_id=6857795)

          This badly affects any tests running from under ant environment (i.e. Herriot tests (HADOOP-6332)) and on another hand isn't sufficient for Eclipse environment.

          Show
          Konstantin Boudnik added a comment - Latest patch introduces src/test/krb5.conf which is needed by a couple of tests only. The use of this configuration file for some tests is enabled by the property java.security.krb5.conf. Kerberos has a bug in the implementation of the logic around this property (see http://bugs.sun.com/view_bug.do?bug_id=6857795 ) This badly affects any tests running from under ant environment (i.e. Herriot tests ( HADOOP-6332 )) and on another hand isn't sufficient for Eclipse environment.
          Hide
          Konstantin Boudnik added a comment -

          Another issue is that the setting affects all tests. This is especially bad for tests which are running on an actual cluster but from the source workspace i.e. Herriot tests. This settings forces default realm to be set to APACHE.ORG which is non-sensical in environments with different realm names.

          A better way is to set this property directly in the functional tests requiring this config file. Other tests shouldn't be affected.

          This is dirty hack to workaround the problem, although we shouldn't be modifying the whole build just because of a couple of tests requiring a custom config file.

          Show
          Konstantin Boudnik added a comment - Another issue is that the setting affects all tests. This is especially bad for tests which are running on an actual cluster but from the source workspace i.e. Herriot tests. This settings forces default realm to be set to APACHE.ORG which is non-sensical in environments with different realm names. A better way is to set this property directly in the functional tests requiring this config file. Other tests shouldn't be affected. This is dirty hack to workaround the problem, although we shouldn't be modifying the whole build just because of a couple of tests requiring a custom config file.
          Konstantin Boudnik made changes -
          Attachment 3595485.patch [ 12442917 ]
          Hide
          Konstantin Boudnik added a comment -

          The patch is done on top of the last HADOOP-6526-y20.4.patch and isn't for commit.

          Show
          Konstantin Boudnik added a comment - The patch is done on top of the last HADOOP-6526 -y20.4.patch and isn't for commit.
          Boris Shkolnik made changes -
          Attachment HADOOP-6526.patch [ 12446371 ]
          Boris Shkolnik made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12446371/HADOOP-6526.patch
          against trunk revision 951480.

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 10 new or modified tests.

          -1 javadoc. The javadoc tool appears to have generated 1 warning messages.

          -1 javac. The applied patch generated 1022 javac compiler warnings (more than the trunk's current 1017 warnings).

          +1 findbugs. The patch does not introduce any new Findbugs warnings.

          -1 release audit. The applied patch generated 3 release audit warnings (more than the trunk's current 2 warnings).

          +1 core tests. The patch passed core unit tests.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/563/testReport/
          Release audit warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/563/artifact/trunk/patchprocess/releaseAuditDiffWarnings.txt
          Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/563/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
          Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/563/artifact/trunk/build/test/checkstyle-errors.html
          Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/563/console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12446371/HADOOP-6526.patch against trunk revision 951480. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 10 new or modified tests. -1 javadoc. The javadoc tool appears to have generated 1 warning messages. -1 javac. The applied patch generated 1022 javac compiler warnings (more than the trunk's current 1017 warnings). +1 findbugs. The patch does not introduce any new Findbugs warnings. -1 release audit. The applied patch generated 3 release audit warnings (more than the trunk's current 2 warnings). +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/563/testReport/ Release audit warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/563/artifact/trunk/patchprocess/releaseAuditDiffWarnings.txt Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/563/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/563/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/563/console This message is automatically generated.
          Boris Shkolnik made changes -
          Link This issue incorporates HDFS-1188 [ HDFS-1188 ]
          Boris Shkolnik made changes -
          Status Patch Available [ 10002 ] Open [ 1 ]
          Hide
          Boris Shkolnik added a comment -

          fixed release warning for krb5.conf
          javadoc and javac warnings are for "warning: sun.security.krb5.Config is Sun proprietary API and may be removed in a future release
          [exec] [javac] import sun.security.krb5.Config; "

          leaving it as is.

          Show
          Boris Shkolnik added a comment - fixed release warning for krb5.conf javadoc and javac warnings are for "warning: sun.security.krb5.Config is Sun proprietary API and may be removed in a future release [exec] [javac] import sun.security.krb5.Config; " leaving it as is.
          Boris Shkolnik made changes -
          Attachment HADOOP-6526-1.patch [ 12446384 ]
          Boris Shkolnik made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12446384/HADOOP-6526-1.patch
          against trunk revision 951624.

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 11 new or modified tests.

          -1 patch. The patch command could not apply the patch.

          Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/565/console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12446384/HADOOP-6526-1.patch against trunk revision 951624. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 11 new or modified tests. -1 patch. The patch command could not apply the patch. Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/565/console This message is automatically generated.
          Hide
          Boris Shkolnik added a comment -

          rebased with the current trunk

          Show
          Boris Shkolnik added a comment - rebased with the current trunk
          Boris Shkolnik made changes -
          Attachment HADOOP-6526-2.patch [ 12446507 ]
          Boris Shkolnik made changes -
          Status Patch Available [ 10002 ] Open [ 1 ]
          Boris Shkolnik made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12446507/HADOOP-6526-2.patch
          against trunk revision 951624.

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 11 new or modified tests.

          -1 javadoc. The javadoc tool appears to have generated 1 warning messages.

          -1 javac. The applied patch generated 1022 javac compiler warnings (more than the trunk's current 1017 warnings).

          +1 findbugs. The patch does not introduce any new Findbugs warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed core unit tests.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/569/testReport/
          Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/569/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
          Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/569/artifact/trunk/build/test/checkstyle-errors.html
          Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/569/console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12446507/HADOOP-6526-2.patch against trunk revision 951624. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 11 new or modified tests. -1 javadoc. The javadoc tool appears to have generated 1 warning messages. -1 javac. The applied patch generated 1022 javac compiler warnings (more than the trunk's current 1017 warnings). +1 findbugs. The patch does not introduce any new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/569/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/569/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/569/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/569/console This message is automatically generated.
          Hide
          Owen O'Malley added a comment -

          It looks good, except I don't think there is any reason to parameterize the name of the system property (java.security.krb5.conf).

          Show
          Owen O'Malley added a comment - It looks good, except I don't think there is any reason to parameterize the name of the system property (java.security.krb5.conf).
          Hide
          Boris Shkolnik added a comment -

          both javadoc and javac warnings are related to this:
          Constructing Javadoc information...
          [exec] [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/KerberosName.java:29: warning: sun.security.krb5.Config is Sun proprietary API and may be removed in a future release
          [exec] [javadoc] import sun.security.krb5.Config;
          [exec] [javadoc] ^
          [exec] [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/KerberosName.java:30: warning: sun.security.krb5.KrbException is Sun proprietary API and may be removed in a future release
          [exec] [javadoc] import sun.security.krb5.KrbException;
          [exec] [javadoc] ^
          [exec] [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/KerberosName.java:77: warning: sun.security.krb5.Config is Sun proprietary API and may be removed in a future release
          [exec] [javadoc] private static Config kerbConf;

          Show
          Boris Shkolnik added a comment - both javadoc and javac warnings are related to this: Constructing Javadoc information... [exec] [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/KerberosName.java:29: warning: sun.security.krb5.Config is Sun proprietary API and may be removed in a future release [exec] [javadoc] import sun.security.krb5.Config; [exec] [javadoc] ^ [exec] [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/KerberosName.java:30: warning: sun.security.krb5.KrbException is Sun proprietary API and may be removed in a future release [exec] [javadoc] import sun.security.krb5.KrbException; [exec] [javadoc] ^ [exec] [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/KerberosName.java:77: warning: sun.security.krb5.Config is Sun proprietary API and may be removed in a future release [exec] [javadoc] private static Config kerbConf;
          Hide
          Boris Shkolnik added a comment -

          addressed review's comments

          Show
          Boris Shkolnik added a comment - addressed review's comments
          Boris Shkolnik made changes -
          Attachment HADOOP-6526-3.patch [ 12446722 ]
          Boris Shkolnik made changes -
          Status Patch Available [ 10002 ] Open [ 1 ]
          Boris Shkolnik made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12446722/HADOOP-6526-3.patch
          against trunk revision 953100.

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 11 new or modified tests.

          -1 javadoc. The javadoc tool appears to have generated 1 warning messages.

          -1 javac. The applied patch generated 1022 javac compiler warnings (more than the trunk's current 1017 warnings).

          +1 findbugs. The patch does not introduce any new Findbugs warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed core unit tests.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/575/testReport/
          Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/575/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
          Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/575/artifact/trunk/build/test/checkstyle-errors.html
          Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/575/console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12446722/HADOOP-6526-3.patch against trunk revision 953100. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 11 new or modified tests. -1 javadoc. The javadoc tool appears to have generated 1 warning messages. -1 javac. The applied patch generated 1022 javac compiler warnings (more than the trunk's current 1017 warnings). +1 findbugs. The patch does not introduce any new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/575/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/575/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/575/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/575/console This message is automatically generated.
          Hide
          Boris Shkolnik added a comment -

          committed to trunk.

          Show
          Boris Shkolnik added a comment - committed to trunk.
          Boris Shkolnik made changes -
          Status Patch Available [ 10002 ] Resolved [ 5 ]
          Hadoop Flags [Reviewed]
          Resolution Fixed [ 1 ]
          Hide
          Hudson added a comment -

          Integrated in Hadoop-Common-trunk-Commit #292 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk-Commit/292/)
          HADOOP-6526. Need mapping from long principal names to local OS user names

          Show
          Hudson added a comment - Integrated in Hadoop-Common-trunk-Commit #292 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk-Commit/292/ ) HADOOP-6526 . Need mapping from long principal names to local OS user names
          Hide
          Hudson added a comment -

          Integrated in Hadoop-Common-trunk #363 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk/363/)
          HADOOP-6526. Need mapping from long principal names to local OS user names

          Show
          Hudson added a comment - Integrated in Hadoop-Common-trunk #363 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk/363/ ) HADOOP-6526 . Need mapping from long principal names to local OS user names

            People

            • Assignee:
              Owen O'Malley
              Reporter:
              Owen O'Malley
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development