Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
Description
By default, the user started principal is added to scmAdminUsernames.
String scmUsername = UserGroupInformation.getCurrentUser().getUserName(); if (!scmAdminUsernames.contains(scmUsername)) { scmAdminUsernames.add(scmUsername); }
In HA cluster, when kinit with scm2 principal when scm1 is leader, we get access denied as we check getUserName() and also when adding to adminlist we use getUserName.
In OM we don't have this kind of issue, as getShortUserName() is used.
String omSPN = UserGroupInformation.getCurrentUser().getShortUserName(); if (!ozAdmins.contains(omSPN)) { ozAdmins.add(omSPN); }
And during admin check it compares with both userName and shortUserName.
if (ozAdmins.contains(callerUgi.getShortUserName()) ||
ozAdmins.contains(callerUgi.getUserName()) ||
Attachments
Issue Links
- incorporates
-
HDDS-4958 Adapt admincli tests for SCM HA
- Resolved
- links to