[
https://issues.apache.org/jira/browse/HDFS-3433?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aaron T. Myers updated HDFS-3433:
---------------------------------
Attachment: HDFS-3433.patch
Here's a patch which addresses the issue. The ACL which is already used to
allow admin access to other HTTP servlets is extended to also allow access to
the GetImage servlet.
In addition to the automated test, I also tested this manually on a secure
cluster, by ensuring my principal could not fetch the fsimage without the ACL
in place, then adding my principal to the ACL and ensuring it then worked. I
also made sure that checkpointing still worked both with and without the ACL in
place.
> GetImageServlet should allow administrative requestors when security is
> enabled
> -------------------------------------------------------------------------------
>
> Key: HDFS-3433
> URL: https://issues.apache.org/jira/browse/HDFS-3433
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: name-node
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HDFS-3433.patch
>
>
> Currently the GetImageServlet only allows the NN and checkpointing nodes to
> connect. Since we now have the fetchImage command in DFSAdmin, we should also
> allow administrative requests as well.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
