[jira] [Resolved] (HBASE-26205) TableMRUtil#initCredentialsForCluster should use specified conf for UserProvider

Wed, 01 Sep 2021 05:59:07 -0700 


     [ 
https://issues.apache.org/jira/browse/HBASE-26205?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Duo Zhang resolved HBASE-26205.
-------------------------------
    Hadoop Flags: Reviewed
      Resolution: Fixed

Pushed to branch-2.3+.

Thanks [~lineyshinya] for contributing and [~shahrs87] for reviewing.

> TableMRUtil#initCredentialsForCluster should use specified conf for 
> UserProvider
> --------------------------------------------------------------------------------
>
>                 Key: HBASE-26205
>                 URL: https://issues.apache.org/jira/browse/HBASE-26205
>             Project: HBase
>          Issue Type: Bug
>          Components: mapreduce
>            Reporter: Shinya Yoshida
>            Assignee: Shinya Yoshida
>            Priority: Major
>             Fix For: 2.5.0, 3.0.0-alpha-2, 2.4.6, 2.3.7
>
>
> {code:java}
>   /**
>    * Obtain an authentication token, for the specified cluster, on behalf of 
> the current user
>    * and add it to the credentials for the given map reduce job.
>    *
>    * @param job The job that requires the permission.
>    * @param conf The configuration to use in connecting to the peer cluster
>    * @throws IOException When the authentication token cannot be obtained.
>    */
>   public static void initCredentialsForCluster(Job job, Configuration conf)
>       throws IOException {
>     UserProvider userProvider = 
> UserProvider.instantiate(job.getConfiguration());
>     if (userProvider.isHBaseSecurityEnabled()) {
>       try {
>         Connection peerConn = ConnectionFactory.createConnection(conf);
>         try {
>           TokenUtil.addTokenForJob(peerConn, userProvider.getCurrent(), job);
>         } finally {
>           peerConn.close();
>         }
>       } catch (InterruptedException e) {
>         LOG.info("Interrupted obtaining user authentication token");
>         Thread.interrupted();
>       }
>     }
>   }
> {code}
> TableMapReduceUtil#initCredentialsForCluster uses job's configuration instead 
> of conf in argument for UserProvider.
> This causes that token is not obtained for secure cluster in case of job's 
> configuration contains hbase.security.authentication=simple.
> Because userProvider.isHBaseSecurityEnabled() checks that 
> hbase.security.authentication is kerberos.
> If conf is configured for secure cluster, hbase.security.authentication is 
> kerberos and it's natural to use conf for UserProvider instead of job's 
> configuration in this method.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to