[
https://issues.apache.org/jira/browse/HADOOP-18691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17709653#comment-17709653
]
ASF GitHub Bot commented on HADOOP-18691:
-----------------------------------------
xBis7 opened a new pull request, #5540:
URL: https://github.com/apache/hadoop/pull/5540
<!--
Thanks for sending a pull request!
1. If this is your first time, please read our contributor guidelines:
https://cwiki.apache.org/confluence/display/HADOOP/How+To+Contribute
2. Make sure your PR title starts with JIRA issue id, e.g.,
'HADOOP-17799. Your PR title ...'.
-->
### Description of PR
This patch will help up solve a FairCallQueue impersonation issue we have on
the Apache Ozone project.
<strong> The issue: </strong> On Ozone the FairCallQueue doesn't work when
used with the Ozone S3G. The OzoneManager and the S3G are using a single
permanent connection for communication, which is hiding all S3G client users
under a special S3G user. For every request that comes through the S3G,
`getUserGroupInformation()` from the Schedulable returns the special `s3g`
user. Therefore, there is no impersonation and the FairCallQueue is ineffective.
We would like to expose the `CallerContext` field from the `Call` class and
use that to carry the information needed by the `IdentityProvider`. On Ozone,
we will set the correct information on the `CallerContext` before issuing the
request and then provide an `IdentityProvider` implementation which will access
the new `CallerContext` getter and use it to return the username to
`makeIdentity()`.
Here is a draft patch on Ozone side that utilizes these changes:
https://github.com/apache/ozone/pull/4116
### How was this patch tested?
No new tests were added for this patch as it doesn't make any functional
changes but only exposing existing data. It was tested on Ozone side.
Here is a gist with steps and information on how the FairCallQueue was
tested using this patch and an `OzoneIdentityProvider` impl:
https://gist.github.com/xBis7/b8247986e718417a4b48320eab6efeda
### For code changes:
- [x] Does the title or this PR starts with the corresponding JIRA issue id
(e.g. 'HADOOP-17799. Your PR title ...')?
- [ ] Object storage: have the integration tests been executed and the
endpoint declared according to the connector-specific documentation?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the `LICENSE`, `LICENSE-binary`,
`NOTICE-binary` files?
> Add a CallerContext getter on the Schedulable interface
> -------------------------------------------------------
>
> Key: HADOOP-18691
> URL: https://issues.apache.org/jira/browse/HADOOP-18691
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Christos Bisias
> Priority: Major
>
> We would like to add a default *{color:#00875a}CallerContext{color}* getter
> on the *{color:#00875a}Schedulable{color}* interface
> {code:java}
> default public CallerContext getCallerContext() {
> return null;
> } {code}
> and then override it on the
> *{color:#00875a}i{color}{color:#00875a}{*}pc/{*}Server.Call{color}* class
> {code:java}
> @Override
> public CallerContext getCallerContext() {
> return this.callerContext;
> } {code}
> to expose the already existing *{color:#00875a}callerContext{color}* field.
>
> This change will help us access the *{color:#00875a}CallerContext{color}* on
> an Apache Ozone *{color:#00875a}IdentityProvider{color}* implementation.
> On Ozone side the *{color:#00875a}FairCallQueue{color}* doesn't work with the
> Ozone S3G, because all users are masked under a special S3G user and there is
> no impersonation. Therefore, the FCQ reads only 1 user and becomes
> ineffective. We can use the *{color:#00875a}CallerContext{color}* field to
> store the current user and access it on the Ozone
> {*}{color:#00875a}IdentityProvider{color}{*}.
>
> This is a presentation with the proposed approach.
> [https://docs.google.com/presentation/d/1iChpCz_qf-LXiPyvotpOGiZ31yEUyxAdU4RhWMKo0c0/edit#slide=id.p]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
