[jira] [Updated] (HDDS-5205) Make admin check work for SCM HA cluster

[Bharat Viswanadham (Jira)]

     [ 
https://issues.apache.org/jira/browse/HDDS-5205?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bharat Viswanadham updated HDDS-5205:
-------------------------------------
    Description: 
By default, the user started principal is added to scmAdminUsernames.


{code:java}
    String scmUsername = UserGroupInformation.getCurrentUser().getUserName();
    if (!scmAdminUsernames.contains(scmUsername)) {
      scmAdminUsernames.add(scmUsername);
    }
{code}


In HA cluster, when kinit with scm2 principal when scm1 is leader, we get 
access denied as we check getUserName() and also when adding to adminlist we 
use getUserName.

In OM we don't have this kind of issue, as getShortUserName() is used.


{code:java}
  String omSPN = UserGroupInformation.getCurrentUser().getShortUserName();
    if (!ozAdmins.contains(omSPN)) {
      ozAdmins.add(omSPN);
    }
{code}


  was:
By default, the user started principal is added to scmAdminUsernames.

    String scmUsername = UserGroupInformation.getCurrentUser().getUserName();
    if (!scmAdminUsernames.contains(scmUsername)) {
      scmAdminUsernames.add(scmUsername);
    }

In HA cluster, when kinit with scm2 principal when scm1 is leader, we get 
access denied as we check getUserName() and also when adding to adminlist we 
use getUserName.

In OM we don't have this kind of issue, as getShortUserName() is used.


{code:java}
  String omSPN = UserGroupInformation.getCurrentUser().getShortUserName();
    if (!ozAdmins.contains(omSPN)) {
      ozAdmins.add(omSPN);
    }
{code}



> Make admin check work for SCM HA cluster
> ----------------------------------------
>
>                 Key: HDDS-5205
>                 URL: https://issues.apache.org/jira/browse/HDDS-5205
>             Project: Apache Ozone
>          Issue Type: Task
>            Reporter: Bharat Viswanadham
>            Assignee: Bharat Viswanadham
>            Priority: Major
>
> By default, the user started principal is added to scmAdminUsernames.
> {code:java}
>     String scmUsername = UserGroupInformation.getCurrentUser().getUserName();
>     if (!scmAdminUsernames.contains(scmUsername)) {
>       scmAdminUsernames.add(scmUsername);
>     }
> {code}
> In HA cluster, when kinit with scm2 principal when scm1 is leader, we get 
> access denied as we check getUserName() and also when adding to adminlist we 
> use getUserName.
> In OM we don't have this kind of issue, as getShortUserName() is used.
> {code:java}
>   String omSPN = UserGroupInformation.getCurrentUser().getShortUserName();
>     if (!ozAdmins.contains(omSPN)) {
>       ozAdmins.add(omSPN);
>     }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org
For additional commands, e-mail: issues-h...@ozone.apache.org