[
https://issues.apache.org/jira/browse/DRILL-8352?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James Turton updated DRILL-8352:
--------------------------------
Description:
With Vault authn configured, with the consequence that Drill's users are not
known to the local OS, messages such as the following are logged by the Hadoop
libs used by Drill.
{code:java}
09:33:30.805 [qtp2108455110-42] WARN o.a.h.s.ShellBasedUnixGroupsMapping -
unable to return groups for user user-1-1
org.apache.hadoop.security.ShellBasedUnixGroupsMapping$PartialGroupNameException:
The user name 'user-1-1' is not found. id: user-1-1: no such user
id: user-1-1: no such user
at
org.apache.hadoop.security.ShellBasedUnixGroupsMapping.resolvePartialGroupNames(ShellBasedUnixGroupsMapping.java:294)
at
org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:207)
at
org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:97)
at
org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback.getGroups(JniBasedUnixGroupsMappingWithFallback.java:51)
at
org.apache.hadoop.security.Groups$GroupCacheLoader.fetchGroupList(Groups.java:387)
at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:321)
at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:270)
at
com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3529)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2278)
at
com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2155)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2045)
at com.google.common.cache.LocalCache.get(LocalCache.java:3962)
at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3985)
at
com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4946)
at org.apache.hadoop.security.Groups.getGroups(Groups.java:228)
at
org.apache.hadoop.security.UserGroupInformation.getGroups(UserGroupInformation.java:1620)
at
org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1608)
at
org.apache.drill.exec.util.ImpersonationUtil.hasAdminPrivileges(ImpersonationUtil.java:244)
at
org.apache.drill.exec.server.rest.auth.DrillRestLoginService.login(DrillRestLoginService.java:85)
at
org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:67)
at
org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:89)
at
org.eclipse.jetty.security.authentication.DeferredAuthentication.authenticate(DeferredAuthentication.java:66)
at org.eclipse.jetty.server.Request.getUserPrincipal(Request.java:1715)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
{code}
was:
With Vault authn configured, with the consequence that Drill's users are not
known to the local OS, messages such as the following are logged by Drill.
{code:java}
09:33:30.805 [qtp2108455110-42] WARN o.a.h.s.ShellBasedUnixGroupsMapping -
unable to return groups for user user-1-1
org.apache.hadoop.security.ShellBasedUnixGroupsMapping$PartialGroupNameException:
The user name 'user-1-1' is not found. id: user-1-1: no such user
id: user-1-1: no such user
at
org.apache.hadoop.security.ShellBasedUnixGroupsMapping.resolvePartialGroupNames(ShellBasedUnixGroupsMapping.java:294)
at
org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:207)
at
org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:97)
at
org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback.getGroups(JniBasedUnixGroupsMappingWithFallback.java:51)
at
org.apache.hadoop.security.Groups$GroupCacheLoader.fetchGroupList(Groups.java:387)
at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:321)
at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:270)
at
com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3529)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2278)
at
com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2155)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2045)
at com.google.common.cache.LocalCache.get(LocalCache.java:3962)
at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3985)
at
com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4946)
at org.apache.hadoop.security.Groups.getGroups(Groups.java:228)
at
org.apache.hadoop.security.UserGroupInformation.getGroups(UserGroupInformation.java:1620)
at
org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1608)
at
org.apache.drill.exec.util.ImpersonationUtil.hasAdminPrivileges(ImpersonationUtil.java:244)
at
org.apache.drill.exec.server.rest.auth.DrillRestLoginService.login(DrillRestLoginService.java:85)
at
org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:67)
at
org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:89)
at
org.eclipse.jetty.security.authentication.DeferredAuthentication.authenticate(DeferredAuthentication.java:66)
at org.eclipse.jetty.server.Request.getUserPrincipal(Request.java:1715)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
{code}
> Log noise when attempting to look up Unix user groups for a non-existent user
> -----------------------------------------------------------------------------
>
> Key: DRILL-8352
> URL: https://issues.apache.org/jira/browse/DRILL-8352
> Project: Apache Drill
> Issue Type: Improvement
> Components: Security
> Affects Versions: 1.20.2
> Reporter: James Turton
> Assignee: James Turton
> Priority: Minor
>
> With Vault authn configured, with the consequence that Drill's users are not
> known to the local OS, messages such as the following are logged by the
> Hadoop libs used by Drill.
> {code:java}
> 09:33:30.805 [qtp2108455110-42] WARN o.a.h.s.ShellBasedUnixGroupsMapping -
> unable to return groups for user user-1-1
> org.apache.hadoop.security.ShellBasedUnixGroupsMapping$PartialGroupNameException:
> The user name 'user-1-1' is not found. id: user-1-1: no such user
> id: user-1-1: no such user
> at
> org.apache.hadoop.security.ShellBasedUnixGroupsMapping.resolvePartialGroupNames(ShellBasedUnixGroupsMapping.java:294)
> at
> org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:207)
> at
> org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:97)
> at
> org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback.getGroups(JniBasedUnixGroupsMappingWithFallback.java:51)
> at
> org.apache.hadoop.security.Groups$GroupCacheLoader.fetchGroupList(Groups.java:387)
> at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:321)
> at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:270)
> at
> com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3529)
> at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2278)
> at
> com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2155)
> at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2045)
> at com.google.common.cache.LocalCache.get(LocalCache.java:3962)
> at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3985)
> at
> com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4946)
> at org.apache.hadoop.security.Groups.getGroups(Groups.java:228)
> at
> org.apache.hadoop.security.UserGroupInformation.getGroups(UserGroupInformation.java:1620)
> at
> org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1608)
> at
> org.apache.drill.exec.util.ImpersonationUtil.hasAdminPrivileges(ImpersonationUtil.java:244)
> at
> org.apache.drill.exec.server.rest.auth.DrillRestLoginService.login(DrillRestLoginService.java:85)
> at
> org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:67)
> at
> org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:89)
> at
> org.eclipse.jetty.security.authentication.DeferredAuthentication.authenticate(DeferredAuthentication.java:66)
> at org.eclipse.jetty.server.Request.getUserPrincipal(Request.java:1715)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
