[
https://issues.apache.org/jira/browse/HADOOP-10776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15431544#comment-15431544
]
Chris Nauroth commented on HADOOP-10776:
----------------------------------------
Hello [~elserj]. {{SecretManager}} is {{Public}} and {{Evolving}} in
branch-2.8, so we won't need a change there. (That's an easy thing to miss in
diff-based reviews like this.) Thank you for your code review.
> Open up already widely-used APIs for delegation-token fetching & renewal to
> ecosystem projects
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-10776
> URL: https://issues.apache.org/jira/browse/HADOOP-10776
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Robert Joseph Evans
> Assignee: Vinod Kumar Vavilapalli
> Priority: Blocker
> Attachments: HADOOP-10776-20160822.txt
>
>
> Storm would like to be able to fetch delegation tokens and forward them on to
> running topologies so that they can access HDFS (STORM-346). But to do so we
> need to open up access to some of APIs.
> Most notably FileSystem.addDelegationTokens(), Token.renew,
> Credentials.getAllTokens, and UserGroupInformation but there may be others.
> At a minimum adding in storm to the list of allowed API users. But ideally
> making them public. Restricting access to such important functionality to
> just MR really makes secure HDFS inaccessible to anything except MR, or tools
> that reuse MR input formats.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
