Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.21.0
    • Fix Version/s: 0.21.0
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed
    • Release Note:
      Hide
      Removed configuration property "hadoop.cluster.administrators". Added constructor public HttpServer(String name, String bindAddress, int port, boolean findPort, Configuration conf, AccessControlList adminsAcl) in HttpServer, which takes cluster administrators acl as a parameter.
      Show
      Removed configuration property "hadoop.cluster.administrators". Added constructor public HttpServer(String name, String bindAddress, int port, boolean findPort, Configuration conf, AccessControlList adminsAcl) in HttpServer, which takes cluster administrators acl as a parameter.

      Description

      Remove hadoop.cluster.administrators in favor of having separate configuration property name for MapReduce and HDFS projects.
      See more details on MAPREDUCE-1542.

      1. patch-6748-1.txt
        7 kB
        Amareshwari Sriramadasu
      2. patch-6748-0.21.txt
        7 kB
        Amareshwari Sriramadasu
      3. patch-6748.txt
        7 kB
        Amareshwari Sriramadasu

        Issue Links

          Activity

          Hide
          Amareshwari Sriramadasu added a comment -

          As per comment,
          when individual daemons create HTTPServer they will set appropriate administrator acl for the HTTPServer.

          Show
          Amareshwari Sriramadasu added a comment - As per comment , when individual daemons create HTTPServer they will set appropriate administrator acl for the HTTPServer.
          Hide
          Amareshwari Sriramadasu added a comment -

          Patch removes hadoop.cluster.administrators and adds adminsAcl as a parameter for the HTTPServer constructor. If no acl is passed, everyone will have access to the common servlets.

          Show
          Amareshwari Sriramadasu added a comment - Patch removes hadoop.cluster.administrators and adds adminsAcl as a parameter for the HTTPServer constructor. If no acl is passed, everyone will have access to the common servlets.
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12443840/patch-6748.txt
          against trunk revision 941508.

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 3 new or modified tests.

          +1 javadoc. The javadoc tool did not generate any warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 findbugs. The patch does not introduce any new Findbugs warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed core unit tests.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/508/testReport/
          Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/508/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
          Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/508/artifact/trunk/build/test/checkstyle-errors.html
          Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/508/console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12443840/patch-6748.txt against trunk revision 941508. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 3 new or modified tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/508/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/508/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/508/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/508/console This message is automatically generated.
          Hide
          Vinod Kumar Vavilapalli added a comment -

          I propose we get this into 0.21, otherwise we'll need a compatibility story for 0.22.

          Show
          Vinod Kumar Vavilapalli added a comment - I propose we get this into 0.21, otherwise we'll need a compatibility story for 0.22.
          Hide
          Vinod Kumar Vavilapalli added a comment -

          The patch needs a very minor merge in the testcase, it doesn't apply cleanly. Otherwise, there is only a trivial improvement for the patch - please add/retain the javadoc for the existing constructor in HttpServer.

          Show
          Vinod Kumar Vavilapalli added a comment - The patch needs a very minor merge in the testcase, it doesn't apply cleanly. Otherwise, there is only a trivial improvement for the patch - please add/retain the javadoc for the existing constructor in HttpServer.
          Hide
          Vinod Kumar Vavilapalli added a comment -

          Also to be forward compatible with changes planned in HADOOP-6715, can we change the exception message for invalid access to

           "User " + remoteUser + " is unauthorized to access this page.
           Access control list for this page: " + adminsAcl.toString() + "."
          

          instead of the present message?

          Show
          Vinod Kumar Vavilapalli added a comment - Also to be forward compatible with changes planned in HADOOP-6715 , can we change the exception message for invalid access to "User " + remoteUser + " is unauthorized to access this page. Access control list for this page: " + adminsAcl.toString() + " ." instead of the present message?
          Hide
          Vinod Kumar Vavilapalli added a comment -

          can we change the exception message for invalid access ...

          Please ignore this, it is being handled in HADOOP-6715 itself.

          Show
          Vinod Kumar Vavilapalli added a comment - can we change the exception message for invalid access ... Please ignore this, it is being handled in HADOOP-6715 itself.
          Hide
          Amareshwari Sriramadasu added a comment -

          updated to trunk and added javadoc.

          Show
          Amareshwari Sriramadasu added a comment - updated to trunk and added javadoc.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12447319/patch-6748-1.txt
          against trunk revision 955438.

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 3 new or modified tests.

          -1 javadoc. The javadoc tool appears to have generated 1 warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 findbugs. The patch does not introduce any new Findbugs warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed core unit tests.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/589/testReport/
          Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/589/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
          Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/589/artifact/trunk/build/test/checkstyle-errors.html
          Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/589/console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12447319/patch-6748-1.txt against trunk revision 955438. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 3 new or modified tests. -1 javadoc. The javadoc tool appears to have generated 1 warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/589/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/589/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/589/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/589/console This message is automatically generated.
          Hide
          Amareshwari Sriramadasu added a comment -

          -1 javadoc.

          ant javadoc passed successfully on my machine. Looking at the console output I see the following javadoc warnings:

          [exec]   [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/KerberosName.java:31: warning: sun.security.krb5.Config is Sun proprietary API and may be removed in a future release
               [exec]   [javadoc] import sun.security.krb5.Config;
               [exec]   [javadoc]                         ^
               [exec]   [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/KerberosName.java:32: warning: sun.security.krb5.KrbException is Sun proprietary API and may be removed in a future release
               [exec]   [javadoc] import sun.security.krb5.KrbException;
               [exec]   [javadoc]                         ^
               [exec]   [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/KerberosName.java:81: warning: sun.security.krb5.Config is Sun proprietary API and may be removed in a future release
               [exec]   [javadoc]   private static Config kerbConf;
               [exec]   [javadoc]                  ^
               [exec]   [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/SecurityUtil.java:33: warning: sun.security.jgss.krb5.Krb5Util is Sun proprietary API and may be removed in a future release
               [exec]   [javadoc] import sun.security.jgss.krb5.Krb5Util;
               [exec]   [javadoc]                              ^
               [exec]   [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/SecurityUtil.java:34: warning: sun.security.krb5.Credentials is Sun proprietary API and may be removed in a future release
               [exec]   [javadoc] import sun.security.krb5.Credentials;
               [exec]   [javadoc]                         ^
               [exec]   [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/SecurityUtil.java:35: warning: sun.security.krb5.PrincipalName is Sun proprietary API and may be removed in a future release
               [exec]   [javadoc] import sun.security.krb5.PrincipalName;
          

          Raised HADOOP-6830 for this.

          Show
          Amareshwari Sriramadasu added a comment - -1 javadoc. ant javadoc passed successfully on my machine. Looking at the console output I see the following javadoc warnings: [exec] [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/KerberosName.java:31: warning: sun.security.krb5.Config is Sun proprietary API and may be removed in a future release [exec] [javadoc] import sun.security.krb5.Config; [exec] [javadoc] ^ [exec] [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/KerberosName.java:32: warning: sun.security.krb5.KrbException is Sun proprietary API and may be removed in a future release [exec] [javadoc] import sun.security.krb5.KrbException; [exec] [javadoc] ^ [exec] [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/KerberosName.java:81: warning: sun.security.krb5.Config is Sun proprietary API and may be removed in a future release [exec] [javadoc] private static Config kerbConf; [exec] [javadoc] ^ [exec] [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/SecurityUtil.java:33: warning: sun.security.jgss.krb5.Krb5Util is Sun proprietary API and may be removed in a future release [exec] [javadoc] import sun.security.jgss.krb5.Krb5Util; [exec] [javadoc] ^ [exec] [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/SecurityUtil.java:34: warning: sun.security.krb5.Credentials is Sun proprietary API and may be removed in a future release [exec] [javadoc] import sun.security.krb5.Credentials; [exec] [javadoc] ^ [exec] [javadoc] /grid/0/hudson/hudson-slave/workspace/Hadoop-Patch-h4.grid.sp2.yahoo.net/trunk/src/java/org/apache/hadoop/security/SecurityUtil.java:35: warning: sun.security.krb5.PrincipalName is Sun proprietary API and may be removed in a future release [exec] [javadoc] import sun.security.krb5.PrincipalName; Raised HADOOP-6830 for this.
          Hide
          Amareshwari Sriramadasu added a comment -

          Patch for branch 0.21 with minor conflicts resolved.

          test-patch for branch 0.21:

               [exec] +1 overall.
               [exec]
               [exec]     +1 @author.  The patch does not contain any @author tags.
               [exec]
               [exec]     +1 tests included.  The patch appears to include 3 new or modified tests.
               [exec]
               [exec]     +1 javadoc.  The javadoc tool did not generate any warning messages.
               [exec]
               [exec]     +1 javac.  The applied patch does not increase the total number of javac compiler warnings.
               [exec]
               [exec]     +1 findbugs.  The patch does not introduce any new Findbugs warnings.
               [exec]
               [exec]     +1 release audit.  The applied patch does not increase the total number of release audit warnings.
               [exec]
          

          All unit tests passed on branch 0.21 as well.

          Show
          Amareshwari Sriramadasu added a comment - Patch for branch 0.21 with minor conflicts resolved. test-patch for branch 0.21: [exec] +1 overall. [exec] [exec] +1 @author. The patch does not contain any @author tags. [exec] [exec] +1 tests included. The patch appears to include 3 new or modified tests. [exec] [exec] +1 javadoc. The javadoc tool did not generate any warning messages. [exec] [exec] +1 javac. The applied patch does not increase the total number of javac compiler warnings. [exec] [exec] +1 findbugs. The patch does not introduce any new Findbugs warnings. [exec] [exec] +1 release audit. The applied patch does not increase the total number of release audit warnings. [exec] All unit tests passed on branch 0.21 as well.
          Hide
          Vinod Kumar Vavilapalli added a comment -

          +1 for the latest patch.

          Show
          Vinod Kumar Vavilapalli added a comment - +1 for the latest patch.
          Hide
          Amareshwari Sriramadasu added a comment -

          Thanks for the review Vinod.
          I just committed this.

          Show
          Amareshwari Sriramadasu added a comment - Thanks for the review Vinod. I just committed this.
          Hide
          Hudson added a comment -

          Integrated in Hadoop-Common-trunk-Commit #311 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk-Commit/311/)
          HADOOP-6748. Removes hadoop.cluster.administrators, cluster administrators acl is passed as parameter in constructor. Contributed by Amareshwari Sriramadasu

          Show
          Hudson added a comment - Integrated in Hadoop-Common-trunk-Commit #311 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk-Commit/311/ ) HADOOP-6748 . Removes hadoop.cluster.administrators, cluster administrators acl is passed as parameter in constructor. Contributed by Amareshwari Sriramadasu
          Hide
          Hudson added a comment -

          Integrated in Hadoop-Common-trunk #371 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk/371/)
          HADOOP-6748. Removes hadoop.cluster.administrators, cluster administrators acl is passed as parameter in constructor. Contributed by Amareshwari Sriramadasu

          Show
          Hudson added a comment - Integrated in Hadoop-Common-trunk #371 (See http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk/371/ ) HADOOP-6748 . Removes hadoop.cluster.administrators, cluster administrators acl is passed as parameter in constructor. Contributed by Amareshwari Sriramadasu

            People

            • Assignee:
              Amareshwari Sriramadasu
              Reporter:
              Amareshwari Sriramadasu
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development