Is it just namenode or is it any service that has Kerberos configured?

Hi Harsh J,

Thanks for reporting the issue and providing patch. I labeled it as "supportability". I reviewed the change and have a few comments.

• The description of the property can be improved with more information. What about:

  A client-side property that describes permitted server principal pattern. It can be configured
  to control allowed realms to authenticate with, which is useful in cross-realm environment.
  

• what's the current default of this property prior to your change?
• wonder if there is any catch by changing the default pattern to "*", which essentially accepts any pattern?

-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12688010/HDFS-7546.patch
against trunk revision 1050d42.

+1 @author. The patch does not contain any @author tags.

-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.

+1 javac. The applied patch does not increase the total number of javac compiler warnings.

+1 javadoc. There were no new javadoc warning messages.

+1 eclipse:eclipse. The patch built with eclipse:eclipse.

+1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.

+1 release audit. The applied patch does not increase the total number of release audit warnings.

-1 core tests. The patch failed these unit tests in hadoop-hdfs-project/hadoop-hdfs:

org.apache.hadoop.hdfs.server.blockmanagement.TestDatanodeManager
org.apache.hadoop.hdfs.server.datanode.TestDataNodeVolumeFailureToleration

Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/9072//testReport/
Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/9072//console

This message is automatically generated.

+1 lgtm

Committed to trunk.

Thanks.

SUCCESS: Integrated in Hadoop-trunk-Commit #7053 (See https://builds.apache.org/job/Hadoop-trunk-Commit/7053/)
HDFS-7546. Document, and set an accepting default for dfs.namenode.kerberos.principal.pattern (Harsh J via aw) (aw: rev 63613c79c1042ea3d7706ed6f7eccc8cf48ff6ea)

• hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
• hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml

FAILURE: Integrated in Hadoop-Yarn-trunk-Java8 #100 (See https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/100/)
HDFS-7546. Document, and set an accepting default for dfs.namenode.kerberos.principal.pattern (Harsh J via aw) (aw: rev 63613c79c1042ea3d7706ed6f7eccc8cf48ff6ea)

• hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml
• hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

FAILURE: Integrated in Hadoop-Yarn-trunk #834 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/834/)
HDFS-7546. Document, and set an accepting default for dfs.namenode.kerberos.principal.pattern (Harsh J via aw) (aw: rev 63613c79c1042ea3d7706ed6f7eccc8cf48ff6ea)

• hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml
• hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

FAILURE: Integrated in Hadoop-Hdfs-trunk #2032 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/2032/)
HDFS-7546. Document, and set an accepting default for dfs.namenode.kerberos.principal.pattern (Harsh J via aw) (aw: rev 63613c79c1042ea3d7706ed6f7eccc8cf48ff6ea)

• hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml
• hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #101 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/101/)
HDFS-7546. Document, and set an accepting default for dfs.namenode.kerberos.principal.pattern (Harsh J via aw) (aw: rev 63613c79c1042ea3d7706ed6f7eccc8cf48ff6ea)

• hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
• hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml

FAILURE: Integrated in Hadoop-Mapreduce-trunk #2051 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2051/)
HDFS-7546. Document, and set an accepting default for dfs.namenode.kerberos.principal.pattern (Harsh J via aw) (aw: rev 63613c79c1042ea3d7706ed6f7eccc8cf48ff6ea)

• hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml
• hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

SUCCESS: Integrated in Hadoop-Hdfs-trunk-Java8 #97 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/97/)
HDFS-7546. Document, and set an accepting default for dfs.namenode.kerberos.principal.pattern (Harsh J via aw) (aw: rev 63613c79c1042ea3d7706ed6f7eccc8cf48ff6ea)

• hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
• hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml

Hi Allen Wittenauer,

You committed this fix to trunk only, did you mean to say that the fix is incompatible change? Thanks.

I committed this to trunk only because my time is more valuable than branch-2.

Hi Allen Wittenauer,

Thanks for the clarification. I created HDFS-8618 to cherry-pick to branch-2.

What I will do is to modify the corresponding CHANGES.txt to reflect that it will be fixed in branch-2 (I target it as 2.7.1), and cherry pick both HDFS-7546 and HDFS-8618 to branch-2 and branch-2.7.

Thanks.

HI Vinod Kumar Vavilapalli,

I attached an addendum patch to this jira, with the intention to commit the addendum to trunk, then cherry-pick both the commit Allen Wittenauer did for this jira and the the addendum to branch-2 and branch-2.7 (targetting 2.7.1), would you please help taking a look whether this makes sense?

Thanks much.

Yongjun Zhang, +1, let's get this minor but useful improvement into 2.7.1. Thanks.

Many thanks Vinod Kumar Vavilapalli, I cherry-picked to branch-2 and branch-2.7.

SUCCESS: Integrated in Hadoop-Yarn-trunk #964 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/964/)
Move HDFS-7546 to release 2.7.1 in CHANGES.txt. (yzhang: rev bcb3c40bed572a2dd95ce7201d893d7bf59240d5)

• hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

SUCCESS: Integrated in Hadoop-Yarn-trunk-Java8 #234 (See https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/234/)
Move HDFS-7546 to release 2.7.1 in CHANGES.txt. (yzhang: rev bcb3c40bed572a2dd95ce7201d893d7bf59240d5)

• hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

FAILURE: Integrated in Hadoop-Hdfs-trunk #2162 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/2162/)
Move HDFS-7546 to release 2.7.1 in CHANGES.txt. (yzhang: rev bcb3c40bed572a2dd95ce7201d893d7bf59240d5)

• hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

FAILURE: Integrated in Hadoop-Hdfs-trunk-Java8 #223 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/223/)
Move HDFS-7546 to release 2.7.1 in CHANGES.txt. (yzhang: rev bcb3c40bed572a2dd95ce7201d893d7bf59240d5)

• hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

FAILURE: Integrated in Hadoop-trunk-Commit #8041 (See https://builds.apache.org/job/Hadoop-trunk-Commit/8041/)
Move HDFS-7546 to release 2.7.1 in CHANGES.txt. (yzhang: rev bcb3c40bed572a2dd95ce7201d893d7bf59240d5)

• hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #232 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/232/)
Move HDFS-7546 to release 2.7.1 in CHANGES.txt. (yzhang: rev bcb3c40bed572a2dd95ce7201d893d7bf59240d5)

• hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

FAILURE: Integrated in Hadoop-Mapreduce-trunk #2180 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2180/)
Move HDFS-7546 to release 2.7.1 in CHANGES.txt. (yzhang: rev bcb3c40bed572a2dd95ce7201d893d7bf59240d5)

• hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt