Github user revans2 commented on a diff in the pull request: https://github.com/apache/storm/pull/2635#discussion_r182745958 --- Diff: external/storm-autocreds/src/main/java/org/apache/storm/hbase/security/HBaseSecurityUtil.java --- @@ -52,24 +54,27 @@ private HBaseSecurityUtil() { public static UserProvider login(Map<String, Object> conf, Configuration hbaseConfig) throws IOException { //Allowing keytab based login for backward compatibility. - if (UserGroupInformation.isSecurityEnabled() && (conf.get(TOPOLOGY_AUTO_CREDENTIALS) == null || - !(((List) conf.get(TOPOLOGY_AUTO_CREDENTIALS)).contains(AutoHBase.class.getName())))) { - LOG.info("Logging in using keytab as AutoHBase is not specified for " + TOPOLOGY_AUTO_CREDENTIALS); - //insure that if keytab is used only one login per process executed - if(legacyProvider == null) { - synchronized (HBaseSecurityUtil.class) { - if(legacyProvider == null) { - legacyProvider = UserProvider.instantiate(hbaseConfig); - String keytab = (String) conf.get(STORM_KEYTAB_FILE_KEY); - if (keytab != null) { - hbaseConfig.set(STORM_KEYTAB_FILE_KEY, keytab); - } - String userName = (String) conf.get(STORM_USER_NAME_KEY); - if (userName != null) { - hbaseConfig.set(STORM_USER_NAME_KEY, userName); + if (UserGroupInformation.isSecurityEnabled()) { + List<String> autoCredentials = (List) conf.get(TOPOLOGY_AUTO_CREDENTIALS); + if ((autoCredentials == null) + || (!autoCredentials.contains(AutoHBase.class.getName()) && !autoCredentials.contains(AutoTGT.class.getName()))) { + LOG.info("Logging in using keytab as either AutoHBase or AutoTGT is specified for " + TOPOLOGY_AUTO_CREDENTIALS); --- End diff -- nit: I think it should be neither instead of either
---