rich7420 opened a new pull request, #10756:
URL: https://github.com/apache/ozone/pull/10756
This reverts commit 6f0b5a3b3909239fa672883317fec3bf84c202c8 (#10469).
## Why
As reported by @ChenSammi on #10469, the change breaks internal OM writes
that
rely on a `ugi.doAs()` identity. For example the object TTL service creating
a
`.Trash/.../Current` directory fails on the apply path with:
```
UNAUTHORIZED ... AuthenticationException: User info is not set. Please check
client auth credentials
at OMClientRequest.createUGIForApi(OMClientRequest.java:391)
at OMKeyRequest.getAclsForDir(OMKeyRequest.java:388)
at OMKeyRequest.createDirectoryInfoWithACL(...)
at OMKeyRequest.getAllMissingParentDirInfo(...)
at OMDirectoryCreateRequestWithFSO.validateAndUpdateCache(...)
```
`createUGIForApi()` is also reached from `validateAndUpdateCache` via
`getAclsForDir` during directory creation, so an internal `doAs()` write
hits it
on the apply path. The removed `getUserIfNotExists` used `getCurrentUser()`,
which inside the service `doAs()` block resolves to the real caller;
dropping it
leaves the identity unset and the request fails closed.
Reverting to restore the previous behavior. The original goal (not falling
back
to the OM starter user) can be re-attempted separately with a narrower
approach
that keeps the fallback but skips only the OM starter user, and with
coverage for
the object TTL / doAs path.
## Tested
`mvn -pl :ozone-manager test` for the affected requests
(`TestOMClientRequestWithUserInfo`, `TestOMAllocateBlockRequest`,
`TestOMKeyDeleteRequest`, `TestOMKeyRenameRequest`) pass; module compiles.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]