Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Reviewed
Description
/** * Obtain an authentication token, for the specified cluster, on behalf of the current user * and add it to the credentials for the given map reduce job. * * @param job The job that requires the permission. * @param conf The configuration to use in connecting to the peer cluster * @throws IOException When the authentication token cannot be obtained. */ public static void initCredentialsForCluster(Job job, Configuration conf) throws IOException { UserProvider userProvider = UserProvider.instantiate(job.getConfiguration()); if (userProvider.isHBaseSecurityEnabled()) { try { Connection peerConn = ConnectionFactory.createConnection(conf); try { TokenUtil.addTokenForJob(peerConn, userProvider.getCurrent(), job); } finally { peerConn.close(); } } catch (InterruptedException e) { LOG.info("Interrupted obtaining user authentication token"); Thread.interrupted(); } } }
TableMapReduceUtil#initCredentialsForCluster uses job's configuration instead of conf in argument for UserProvider.
This causes that token is not obtained for secure cluster in case of job's configuration contains hbase.security.authentication=simple.
Because userProvider.isHBaseSecurityEnabled() checks that hbase.security.authentication is kerberos.
If conf is configured for secure cluster, hbase.security.authentication is kerberos and it's natural to use conf for UserProvider instead of job's configuration in this method.
Attachments
Issue Links
- links to