[
https://issues.apache.org/jira/browse/HDDS-5205?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bharat Viswanadham updated HDDS-5205:
-------------------------------------
Parent: HDDS-2823
Issue Type: Sub-task (was: Task)
> Make admin check work for SCM HA cluster
> ----------------------------------------
>
> Key: HDDS-5205
> URL: https://issues.apache.org/jira/browse/HDDS-5205
> Project: Apache Ozone
> Issue Type: Sub-task
> Components: SCM HA, Security
> Reporter: Bharat Viswanadham
> Assignee: Bharat Viswanadham
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.2.0
>
>
> By default, the user started principal is added to scmAdminUsernames.
> {code:java}
> String scmUsername = UserGroupInformation.getCurrentUser().getUserName();
> if (!scmAdminUsernames.contains(scmUsername)) {
> scmAdminUsernames.add(scmUsername);
> }
> {code}
> In HA cluster, when kinit with scm2 principal when scm1 is leader, we get
> access denied as we check getUserName() and also when adding to adminlist we
> use getUserName.
> In OM we don't have this kind of issue, as getShortUserName() is used.
> {code:java}
> String omSPN = UserGroupInformation.getCurrentUser().getShortUserName();
> if (!ozAdmins.contains(omSPN)) {
> ozAdmins.add(omSPN);
> }
> {code}
> And during admin check it compares with both userName and shortUserName.
> {code:java}
> if (ozAdmins.contains(callerUgi.getShortUserName()) ||
> ozAdmins.contains(callerUgi.getUserName()) ||
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
