[
https://issues.apache.org/jira/browse/HBASE-26205?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shinya Yoshida updated HBASE-26205:
-----------------------------------
Description:
{code:java}
/**
* Obtain an authentication token, for the specified cluster, on behalf of
the current user
* and add it to the credentials for the given map reduce job.
*
* @param job The job that requires the permission.
* @param conf The configuration to use in connecting to the peer cluster
* @throws IOException When the authentication token cannot be obtained.
*/
public static void initCredentialsForCluster(Job job, Configuration conf)
throws IOException {
UserProvider userProvider =
UserProvider.instantiate(job.getConfiguration());
if (userProvider.isHBaseSecurityEnabled()) {
try {
Connection peerConn = ConnectionFactory.createConnection(conf);
try {
TokenUtil.addTokenForJob(peerConn, userProvider.getCurrent(), job);
} finally {
peerConn.close();
}
} catch (InterruptedException e) {
LOG.info("Interrupted obtaining user authentication token");
Thread.interrupted();
}
}
}
{code}
TableMapReduceUtil#initCredentialsForCluster uses job's configuration instead
of conf in argument for UserProvider.
This causes that token is not obtained for secure cluster in case of job's
configuration contains hbase.security.authentication=simple.
Because userProvider.isHBaseSecurityEnabled() checks that
hbase.security.authentication is kerberos.
If conf is configured for secure cluster, hbase.security.authentication is
kerberos and it's natural to use conf for UserProvider instead of job's
configuration in this method.
was:
{code:java}
/**
* Obtain an authentication token, for the specified cluster, on behalf of
the current user
* and add it to the credentials for the given map reduce job.
*
* @param job The job that requires the permission.
* @param conf The configuration to use in connecting to the peer cluster
* @throws IOException When the authentication token cannot be obtained.
*/
public static void initCredentialsForCluster(Job job, Configuration conf)
throws IOException {
UserProvider userProvider =
UserProvider.instantiate(job.getConfiguration());
if (userProvider.isHBaseSecurityEnabled()) {
try {
Connection peerConn = ConnectionFactory.createConnection(conf);
try {
TokenUtil.addTokenForJob(peerConn, userProvider.getCurrent(), job);
} finally {
peerConn.close();
}
} catch (InterruptedException e) {
LOG.info("Interrupted obtaining user authentication token");
Thread.interrupted();
}
}
}
{code}
TableMapReduceUtil#initCredentialsForCluster uses job's configuration instead
of conf in argument for UserProvider.
This causes that token is not obtained for secure cluster in case of job's
configuration contains hbase.security.authentication=simple.
Because userProvider.isHBaseSecurityEnabled() checks that
hbase.security.authentication is kerberos.
If conf is configured for secure cluster, hbase.security.authentication is
kerberos and it's natural to use conf for UserProvider instead of job's
configuration.
> TableMRUtil#initCredentialsForCluster should use specified conf for
> UserProvider
> --------------------------------------------------------------------------------
>
> Key: HBASE-26205
> URL: https://issues.apache.org/jira/browse/HBASE-26205
> Project: HBase
> Issue Type: Bug
> Reporter: Shinya Yoshida
> Assignee: Shinya Yoshida
> Priority: Major
>
> {code:java}
> /**
> * Obtain an authentication token, for the specified cluster, on behalf of
> the current user
> * and add it to the credentials for the given map reduce job.
> *
> * @param job The job that requires the permission.
> * @param conf The configuration to use in connecting to the peer cluster
> * @throws IOException When the authentication token cannot be obtained.
> */
> public static void initCredentialsForCluster(Job job, Configuration conf)
> throws IOException {
> UserProvider userProvider =
> UserProvider.instantiate(job.getConfiguration());
> if (userProvider.isHBaseSecurityEnabled()) {
> try {
> Connection peerConn = ConnectionFactory.createConnection(conf);
> try {
> TokenUtil.addTokenForJob(peerConn, userProvider.getCurrent(), job);
> } finally {
> peerConn.close();
> }
> } catch (InterruptedException e) {
> LOG.info("Interrupted obtaining user authentication token");
> Thread.interrupted();
> }
> }
> }
> {code}
> TableMapReduceUtil#initCredentialsForCluster uses job's configuration instead
> of conf in argument for UserProvider.
> This causes that token is not obtained for secure cluster in case of job's
> configuration contains hbase.security.authentication=simple.
> Because userProvider.isHBaseSecurityEnabled() checks that
> hbase.security.authentication is kerberos.
> If conf is configured for secure cluster, hbase.security.authentication is
> kerberos and it's natural to use conf for UserProvider instead of job's
> configuration in this method.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
