Repository: oozie Updated Branches: refs/heads/master 0cf2fb3e7 -> ad9d7bd38
OOZIE-2419 HBase credentials are not correctly proxied (qwertymaniac via rkanter) Project: http://git-wip-us.apache.org/repos/asf/oozie/repo Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/ad9d7bd3 Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/ad9d7bd3 Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/ad9d7bd3 Branch: refs/heads/master Commit: ad9d7bd381a473cba70cadcbf3b4d9b138896ea4 Parents: 0cf2fb3 Author: Robert Kanter <[email protected]> Authored: Tue Jan 19 11:11:14 2016 -0800 Committer: Robert Kanter <[email protected]> Committed: Tue Jan 19 11:11:14 2016 -0800 ---------------------------------------------------------------------- .../oozie/action/hadoop/HbaseCredentials.java | 18 ++++++++++++++++-- pom.xml | 2 +- release-log.txt | 1 + 3 files changed, 18 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/oozie/blob/ad9d7bd3/core/src/main/java/org/apache/oozie/action/hadoop/HbaseCredentials.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/oozie/action/hadoop/HbaseCredentials.java b/core/src/main/java/org/apache/oozie/action/hadoop/HbaseCredentials.java index d716379..307f565 100644 --- a/core/src/main/java/org/apache/oozie/action/hadoop/HbaseCredentials.java +++ b/core/src/main/java/org/apache/oozie/action/hadoop/HbaseCredentials.java @@ -19,17 +19,22 @@ package org.apache.oozie.action.hadoop; import java.io.IOException; +import java.security.PrivilegedExceptionAction; import java.util.Map; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hbase.HBaseConfiguration; import org.apache.hadoop.hbase.security.User; +import org.apache.hadoop.hbase.security.token.AuthenticationTokenIdentifier; +import org.apache.hadoop.hbase.security.token.TokenUtil; import org.apache.hadoop.mapred.JobConf; import org.apache.oozie.action.ActionExecutor.Context; import org.apache.oozie.action.hadoop.Credentials; import org.apache.oozie.action.hadoop.CredentialsProperties; import org.apache.oozie.util.XLog; import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.token.Token; +import org.apache.hadoop.security.token.TokenIdentifier; /** @@ -69,11 +74,20 @@ public class HbaseCredentials extends Credentials { injectConf(hbaseConf, jobConf); } - private void obtainToken(JobConf jobConf, Context context) throws IOException, InterruptedException { + private void obtainToken(final JobConf jobConf, Context context) throws IOException, InterruptedException { String user = context.getWorkflow().getUser(); UserGroupInformation ugi = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser()); User u = User.create(ugi); - u.obtainAuthTokenForJob(jobConf); + // A direct doAs is required here vs. User#obtainAuthTokenForJob(...) + // See OOZIE-2419 for more + Token<AuthenticationTokenIdentifier> token = u.runAs( + new PrivilegedExceptionAction<Token<AuthenticationTokenIdentifier>>() { + public Token<AuthenticationTokenIdentifier> run() throws Exception { + return TokenUtil.obtainToken(jobConf); + } + } + ); + jobConf.getCredentials().addToken(token.getService(), token); } private void addPropsConf(CredentialsProperties props, Configuration destConf) { http://git-wip-us.apache.org/repos/asf/oozie/blob/ad9d7bd3/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index a74ffab..dc519cb 100644 --- a/pom.xml +++ b/pom.xml @@ -80,7 +80,7 @@ <hadoop.majorversion>1</hadoop.majorversion> <hadooplib.version>hadoop-${hadoop.majorversion}-${project.version}</hadooplib.version> <oozie.hadoop-utils.version>hadoop-${hadoop.majorversion}-${project.version}</oozie.hadoop-utils.version> - <hbase.version>0.94.2</hbase.version> + <hbase.version>0.94.27</hbase.version> <dropwizard.metrics.version>3.1.0</dropwizard.metrics.version> http://git-wip-us.apache.org/repos/asf/oozie/blob/ad9d7bd3/release-log.txt ---------------------------------------------------------------------- diff --git a/release-log.txt b/release-log.txt index 12a0641..fcf711a 100644 --- a/release-log.txt +++ b/release-log.txt @@ -1,5 +1,6 @@ -- Oozie 4.3.0 release (trunk - unreleased) +OOZIE-2419 HBase credentials are not correctly proxied (qwertymaniac via rkanter) OOZIE-2439 FS Action no longer uses name-node from global section or default NN (rkanter) OOZIE-2435 TestCoordChangeXCommand is flakey (fdenes via rkanter) OOZIE-2428 TestSLAService, TestSLAEventGeneration flakey tests (fdenes via rkanter)
