[HDDS-5205] Make admin check work for SCM HA cluster - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.2.0
Component/s: SCM HA, Security
Labels:
- pull-request-available

Description

By default, the user started principal is added to scmAdminUsernames.

    String scmUsername = UserGroupInformation.getCurrentUser().getUserName();
    if (!scmAdminUsernames.contains(scmUsername)) {
      scmAdminUsernames.add(scmUsername);
    }

In HA cluster, when kinit with scm2 principal when scm1 is leader, we get access denied as we check getUserName() and also when adding to adminlist we use getUserName.

In OM we don't have this kind of issue, as getShortUserName() is used.

  String omSPN = UserGroupInformation.getCurrentUser().getShortUserName();
    if (!ozAdmins.contains(omSPN)) {
      ozAdmins.add(omSPN);
    }

And during admin check it compares with both userName and shortUserName.

if (ozAdmins.contains(callerUgi.getShortUserName()) ||
        ozAdmins.contains(callerUgi.getUserName()) ||

Attachments

Issue Links

incorporates

HDDS-4958 Adapt admincli tests for SCM HA

Resolved

links to

GitHub Pull Request #2236

Activity

People

Assignee:: Bharat Viswanadham

Reporter:: Bharat Viswanadham

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10/May/21 12:18

Updated:: 17/May/21 10:22

Resolved:: 13/May/21 14:20