[
https://issues.apache.org/jira/browse/DRILL-8352?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James Turton updated DRILL-8352:
--------------------------------
Description:
With Vault authn configured, with the consequence that Drill's users are not
known to the local OS, messages such as the following are logged by Drill.
{code:java}
09:33:30.805 [qtp2108455110-42] WARN o.a.h.s.ShellBasedUnixGroupsMapping -
unable to return groups for user user-1-1
org.apache.hadoop.security.ShellBasedUnixGroupsMapping$PartialGroupNameException:
The user name 'user-1-1' is not found. id: user-1-1: no such user
id: user-1-1: no such user
at
org.apache.hadoop.security.ShellBasedUnixGroupsMapping.resolvePartialGroupNames(ShellBasedUnixGroupsMapping.java:294)
at
org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:207)
at
org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:97)
at
org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback.getGroups(JniBasedUnixGroupsMappingWithFallback.java:51)
at
org.apache.hadoop.security.Groups$GroupCacheLoader.fetchGroupList(Groups.java:387)
at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:321)
at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:270)
at
com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3529)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2278)
at
com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2155)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2045)
at com.google.common.cache.LocalCache.get(LocalCache.java:3962)
at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3985)
at
com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4946)
at org.apache.hadoop.security.Groups.getGroups(Groups.java:228)
at
org.apache.hadoop.security.UserGroupInformation.getGroups(UserGroupInformation.java:1620)
at
org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1608)
at
org.apache.drill.exec.util.ImpersonationUtil.hasAdminPrivileges(ImpersonationUtil.java:244)
at
org.apache.drill.exec.server.rest.auth.DrillRestLoginService.login(DrillRestLoginService.java:85)
at
org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:67)
at
org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:89)
at
org.eclipse.jetty.security.authentication.DeferredAuthentication.authenticate(DeferredAuthentication.java:66)
at org.eclipse.jetty.server.Request.getUserPrincipal(Request.java:1715)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
{code}
was:
With Vault authn configured, with the consequence that Drill's users are not
known to the local OS, messages such as the following are logged by Drill.
{noformat}
docker-compose-sap-main-drill-1 | 09:33:30.805
[qtp2108455110-42] WARN o.a.h.s.ShellBasedUnixGroupsMapping - unable to return
groups for user user-1-1
docker-compose-sap-main-drill-1 |
org.apache.hadoop.security.ShellBasedUnixGroupsMapping$PartialGroupNameException:
The user name 'user-1-1' is not found. id: user-1-1: no such user
docker-compose-sap-main-drill-1 | id: user-1-1: no
such user
docker-compose-sap-main-drill-1 |
docker-compose-sap-main-drill-1 | at
org.apache.hadoop.security.ShellBasedUnixGroupsMapping.resolvePartialGroupNames(ShellBasedUnixGroupsMapping.java:294)
docker-compose-sap-main-drill-1 | at
org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:207)
docker-compose-sap-main-drill-1 | at
org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:97)
docker-compose-sap-main-drill-1 | at
org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback.getGroups(JniBasedUnixGroupsMappingWithFallback.java:51)
docker-compose-sap-main-drill-1 | at
org.apache.hadoop.security.Groups$GroupCacheLoader.fetchGroupList(Groups.java:387)
docker-compose-sap-main-drill-1 | at
org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:321)
docker-compose-sap-main-drill-1 | at
org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:270)
docker-compose-sap-main-drill-1 | at
com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3529)
docker-compose-sap-main-drill-1 | at
com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2278)
docker-compose-sap-main-drill-1 | at
com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2155)
docker-compose-sap-main-drill-1 | at
com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2045)
docker-compose-sap-main-drill-1 | at
com.google.common.cache.LocalCache.get(LocalCache.java:3962)
docker-compose-sap-main-drill-1 | at
com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3985)
docker-compose-sap-main-drill-1 | at
com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4946)
docker-compose-sap-main-drill-1 | at
org.apache.hadoop.security.Groups.getGroups(Groups.java:228)
docker-compose-sap-main-drill-1 | at
org.apache.hadoop.security.UserGroupInformation.getGroups(UserGroupInformation.java:1620)
docker-compose-sap-main-drill-1 | at
org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1608)
docker-compose-sap-main-drill-1 | at
org.apache.drill.exec.util.ImpersonationUtil.hasAdminPrivileges(ImpersonationUtil.java:244)
docker-compose-sap-main-drill-1 | at
org.apache.drill.exec.server.rest.auth.DrillRestLoginService.login(DrillRestLoginService.java:85)
docker-compose-sap-main-drill-1 | at
org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:67)
docker-compose-sap-main-drill-1 | at
org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:89)
docker-compose-sap-main-drill-1 | at
org.eclipse.jetty.security.authentication.DeferredAuthentication.authenticate(DeferredAuthentication.java:66)
docker-compose-sap-main-drill-1 | at
org.eclipse.jetty.server.Request.getUserPrincipal(Request.java:1715)
docker-compose-sap-main-drill-1 | at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
docker-compose-sap-main-drill-1 | at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
{noformat}
> Log noise when attempting to look up Unix user groups for a non-existent user
> -----------------------------------------------------------------------------
>
> Key: DRILL-8352
> URL: https://issues.apache.org/jira/browse/DRILL-8352
> Project: Apache Drill
> Issue Type: Improvement
> Components: Security
> Affects Versions: 1.20.2
> Reporter: James Turton
> Assignee: James Turton
> Priority: Minor
>
> With Vault authn configured, with the consequence that Drill's users are not
> known to the local OS, messages such as the following are logged by Drill.
>
> {code:java}
> 09:33:30.805 [qtp2108455110-42] WARN o.a.h.s.ShellBasedUnixGroupsMapping -
> unable to return groups for user user-1-1
> org.apache.hadoop.security.ShellBasedUnixGroupsMapping$PartialGroupNameException:
> The user name 'user-1-1' is not found. id: user-1-1: no such user
> id: user-1-1: no such user
> at
> org.apache.hadoop.security.ShellBasedUnixGroupsMapping.resolvePartialGroupNames(ShellBasedUnixGroupsMapping.java:294)
> at
> org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:207)
> at
> org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:97)
> at
> org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback.getGroups(JniBasedUnixGroupsMappingWithFallback.java:51)
> at
> org.apache.hadoop.security.Groups$GroupCacheLoader.fetchGroupList(Groups.java:387)
> at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:321)
> at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:270)
> at
> com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3529)
> at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2278)
> at
> com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2155)
> at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2045)
> at com.google.common.cache.LocalCache.get(LocalCache.java:3962)
> at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3985)
> at
> com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4946)
> at org.apache.hadoop.security.Groups.getGroups(Groups.java:228)
> at
> org.apache.hadoop.security.UserGroupInformation.getGroups(UserGroupInformation.java:1620)
> at
> org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1608)
> at
> org.apache.drill.exec.util.ImpersonationUtil.hasAdminPrivileges(ImpersonationUtil.java:244)
> at
> org.apache.drill.exec.server.rest.auth.DrillRestLoginService.login(DrillRestLoginService.java:85)
> at
> org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:67)
> at
> org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:89)
> at
> org.eclipse.jetty.security.authentication.DeferredAuthentication.authenticate(DeferredAuthentication.java:66)
> at org.eclipse.jetty.server.Request.getUserPrincipal(Request.java:1715)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
