[jira] [Commented] (HADOOP-10776) Open up already widely-used APIs for delegation-token fetching & renewal to ecosystem projects

Mon, 22 Aug 2016 13:21:43 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15431538#comment-15431538
 ] 

Josh Elser commented on HADOOP-10776:
-------------------------------------

[~vinodkv], was avoiding o.a.h.s.token.SecretManager (and only opening up 
AbstractDelegationTokenSecretManager) intentional? A quick grep on one 
downstream project where I wired up delegation support shows that I had used 
SecretManager directly (which can probably be assumed that I copied it from 
another project).

Although, if AbstractDelegationTokenSecretManager is Public, there are still 
some abstract methods on SecretManager that I'd need to implement when 
extending AbstractDelegationTokenSecretManager (which are still LimitedPrivate).

> Open up already widely-used APIs for delegation-token fetching & renewal to 
> ecosystem projects
> ----------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-10776
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10776
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Robert Joseph Evans
>            Assignee: Vinod Kumar Vavilapalli
>            Priority: Blocker
>         Attachments: HADOOP-10776-20160822.txt
>
>
> Storm would like to be able to fetch delegation tokens and forward them on to 
> running topologies so that they can access HDFS (STORM-346).  But to do so we 
> need to open up access to some of APIs. 
> Most notably FileSystem.addDelegationTokens(), Token.renew, 
> Credentials.getAllTokens, and UserGroupInformation but there may be others.
> At a minimum adding in storm to the list of allowed API users. But ideally 
> making them public. Restricting access to such important functionality to 
> just MR really makes secure HDFS inaccessible to anything except MR, or tools 
> that reuse MR input formats.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to