[ https://issues.apache.org/jira/browse/HDFS-16129?focusedWorklogId=641146&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-641146 ]
ASF GitHub Bot logged work on HDFS-16129: ----------------------------------------- Author: ASF GitHub Bot Created on: 24/Aug/21 15:16 Start Date: 24/Aug/21 15:16 Worklog Time Spent: 10m Work Description: hadoop-yetus commented on pull request #3209: URL: https://github.com/apache/hadoop/pull/3209#issuecomment-904733944 :confetti_ball: **+1 overall** | Vote | Subsystem | Runtime | Logfile | Comment | |:----:|----------:|--------:|:--------:|:-------:| | +0 :ok: | reexec | 1m 6s | | Docker mode activated. | |||| _ Prechecks _ | | +1 :green_heart: | dupname | 0m 0s | | No case conflicting files found. | | +0 :ok: | codespell | 0m 1s | | codespell was not available. | | +1 :green_heart: | @author | 0m 0s | | The patch does not contain any @author tags. | | +1 :green_heart: | test4tests | 0m 0s | | The patch appears to include 7 new or modified test files. | |||| _ trunk Compile Tests _ | | +0 :ok: | mvndep | 12m 55s | | Maven dependency ordering for branch | | +1 :green_heart: | mvninstall | 20m 29s | | trunk passed | | +1 :green_heart: | compile | 30m 29s | | trunk passed with JDK Ubuntu-11.0.11+9-Ubuntu-0ubuntu2.20.04 | | +1 :green_heart: | compile | 18m 34s | | trunk passed with JDK Private Build-1.8.0_292-8u292-b10-0ubuntu1~20.04-b10 | | +1 :green_heart: | checkstyle | 3m 42s | | trunk passed | | +1 :green_heart: | mvnsite | 3m 17s | | trunk passed | | +1 :green_heart: | javadoc | 2m 35s | | trunk passed with JDK Ubuntu-11.0.11+9-Ubuntu-0ubuntu2.20.04 | | +1 :green_heart: | javadoc | 3m 4s | | trunk passed with JDK Private Build-1.8.0_292-8u292-b10-0ubuntu1~20.04-b10 | | +1 :green_heart: | spotbugs | 4m 23s | | trunk passed | | +1 :green_heart: | shadedclient | 14m 57s | | branch has no errors when building and testing our client artifacts. | |||| _ Patch Compile Tests _ | | +0 :ok: | mvndep | 0m 28s | | Maven dependency ordering for patch | | +1 :green_heart: | mvninstall | 1m 42s | | the patch passed | | +1 :green_heart: | compile | 21m 29s | | the patch passed with JDK Ubuntu-11.0.11+9-Ubuntu-0ubuntu2.20.04 | | +1 :green_heart: | javac | 21m 29s | | the patch passed | | +1 :green_heart: | compile | 18m 51s | | the patch passed with JDK Private Build-1.8.0_292-8u292-b10-0ubuntu1~20.04-b10 | | +1 :green_heart: | javac | 18m 51s | | the patch passed | | +1 :green_heart: | blanks | 0m 0s | | The patch has no blanks issues. | | -0 :warning: | checkstyle | 3m 33s | [/results-checkstyle-root.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3209/13/artifact/out/results-checkstyle-root.txt) | root: The patch generated 1 new + 95 unchanged - 0 fixed = 96 total (was 95) | | +1 :green_heart: | mvnsite | 3m 13s | | the patch passed | | +1 :green_heart: | xml | 0m 1s | | The patch has no ill-formed XML file. | | +1 :green_heart: | javadoc | 2m 29s | | the patch passed with JDK Ubuntu-11.0.11+9-Ubuntu-0ubuntu2.20.04 | | +1 :green_heart: | javadoc | 3m 2s | | the patch passed with JDK Private Build-1.8.0_292-8u292-b10-0ubuntu1~20.04-b10 | | +1 :green_heart: | spotbugs | 5m 1s | | the patch passed | | +1 :green_heart: | shadedclient | 14m 43s | | patch has no errors when building and testing our client artifacts. | |||| _ Other Tests _ | | +1 :green_heart: | unit | 17m 5s | | hadoop-common in the patch passed. | | +1 :green_heart: | unit | 3m 43s | | hadoop-kms in the patch passed. | | +1 :green_heart: | unit | 6m 17s | | hadoop-hdfs-httpfs in the patch passed. | | +1 :green_heart: | asflicense | 1m 0s | | The patch does not generate ASF License warnings. | | | | 222m 51s | | | | Subsystem | Report/Notes | |----------:|:-------------| | Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3209/13/artifact/out/Dockerfile | | GITHUB PR | https://github.com/apache/hadoop/pull/3209 | | Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell xml | | uname | Linux ffbe3d1b7034 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | dev-support/bin/hadoop.sh | | git revision | trunk / f4cffb51d01bd310ceee065c90b7fb7e2589edaf | | Default Java | Private Build-1.8.0_292-8u292-b10-0ubuntu1~20.04-b10 | | Multi-JDK versions | /usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.11+9-Ubuntu-0ubuntu2.20.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_292-8u292-b10-0ubuntu1~20.04-b10 | | Test Results | https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3209/13/testReport/ | | Max. process+thread count | 3104 (vs. ulimit of 5500) | | modules | C: hadoop-common-project/hadoop-common hadoop-common-project/hadoop-kms hadoop-hdfs-project/hadoop-hdfs-httpfs U: . | | Console output | https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-3209/13/console | | versions | git=2.25.1 maven=3.6.3 spotbugs=4.2.2 | | Powered by | Apache Yetus 0.14.0-SNAPSHOT https://yetus.apache.org | This message was automatically generated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking ------------------- Worklog Id: (was: 641146) Time Spent: 7h 40m (was: 7.5h) > HttpFS signature secret file misusage > ------------------------------------- > > Key: HDFS-16129 > URL: https://issues.apache.org/jira/browse/HDFS-16129 > Project: Hadoop HDFS > Issue Type: Bug > Components: httpfs > Affects Versions: 3.4.0 > Reporter: Tamas Domok > Assignee: Tamas Domok > Priority: Major > Labels: pull-request-available > Time Spent: 7h 40m > Remaining Estimate: 0h > > I started to work on the YARN-10814 issue, and found this bug in the HttpFS. > I investigated the problem and I already have some fix for it. > > If the deprecated *httpfs.authentication.signature.secret.file* is not set in > the configuration (e.g.: httpfs-site.xml) then the new > *hadoop.http.authentication.signature.secret.file* config option won't be > used, it will fallback to the random secret provider silently. > The _HttpFSServerWebServer_ sets an _authFilterConfigurationPrefix_ when > building the server for the old path (*httpfs.authentication.*). Later the > _AuthenticationFilter.constructSecretProvider_ will immediately fallback to > +random+, because the config won't contain the file. If the old path was set > too, then it handled the file, and the provider was set to +file+ type. > The configuration should be based on both the old and the new prefix filter, > merging the two. The new config option should win in my opinion. > > There is another issue in the _HttpFSAuthenticationFilter_, it is closely > related. > If both config option is set then the _HttpFSAuthenticationFilter_ will fail > with an impossible file path (e.g.: > *${httpfs.config.dir}/httpfs-signature.secret*). > _HttpFSAuthenticationFilter_ constructs the configuration, filtering first > the new config prefix then the old prefix. The old prefix code works > correctly, it uses the _conf.get(key)_ > instead of the _entry.getValue()_ which gives back the file path mentioned > earlier. The code duplication can be eliminated and I think it would be > better to change the order, first adding the config options from the old path > then the new, and the new should overwrite the old values, with a warning log > message. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org