[
https://issues.apache.org/jira/browse/HDFS-13972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16813606#comment-16813606
]
CR Hota commented on HDFS-13972:
--------------------------------
[~brahmareddy] [~daryn] Thanks for the review.
Yes, we will restrict using getDatanodeReport to only "CREATE" webhdfs call. Am
working on changing the patch to include a privileged ugi for getDatanode
method thus not changing client protocol and restricting nefarious users from
knowing the cluster topo. Essentially in "chooseDatanode" of
RouterWebHdfsMethods, ugi will be replaced by router ugi before
getDataNodereport is invoked. This will not change ClientProtocol so a bad user
cannot invoke getDatanodeReport with super creds.
I would like to leave "RouterRpcServer.getRemoteUser()" as is as part of this
Jira and handle optimizations as Daryn suggested in a follow-up.
> RBF: Support for Delegation Token (WebHDFS)
> -------------------------------------------
>
> Key: HDFS-13972
> URL: https://issues.apache.org/jira/browse/HDFS-13972
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Reporter: Íñigo Goiri
> Assignee: CR Hota
> Priority: Major
> Attachments: HDFS-13972-HDFS-13891.001.patch,
> HDFS-13972-HDFS-13891.002.patch, HDFS-13972-HDFS-13891.003.patch,
> HDFS-13972-HDFS-13891.004.patch, HDFS-13972-HDFS-13891.005.patch,
> HDFS-13972-HDFS-13891.006.patch, HDFS-13972-HDFS-13891.007.patch,
> HDFS-13972-HDFS-13891.008.patch, HDFS-13972-HDFS-13891.009.patch,
> HDFS-13972-HDFS-13891.010.patch, HDFS-13972-HDFS-13891.011.patch,
> TestRouterWebHDFSContractTokens.java
>
>
> HDFS Router should support issuing HDFS delegation tokens through WebHDFS.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
