Hi,
I am working on https://issues.apache.org/jira/browse/STORM-444. The task is
very similar to https://issues.apache.org/jira/browse/OOZIE-961. Basically in
storm secure mode we would like to fetch topology/job submitter user’s
credentials on behalf of them on our master node and auto populate these
credentials on worker nodes. However I noticed that the only allowed methods
supported by User class requires either a jobConf or a combination of kind and
service (not real sure what those are). We do not have any job configuration
because the user is probably just trying to talk to Hbase outside of any map
reduce context. The questions I have are
Is there any value in adding a user.getDelegationToken that just returns all
the tokens?
In absence of the above API, given User class is just a wrapper around the
UserGroupInformation class should the following be sufficient?
if(UserGroupInformation.isSecurityEnabled) {
Configuration hbaseConf = HBaseConfiguration.create();
UserGroupInformation.setConfiguration(hbaseConf);
UserGroupInformation ugi =
UserGroupInformation.getCurrentUser();
UserGroupInformation proxyUser =
UserGroupInformation.createProxyUser(topologyOrJobSubmitterUser, ugi);
User u = User.create(ugi);
if(u.isHBaseSecurityEnabled()) {
Credentials credentials= proxyUser.getCredentials();
}
}
return credentails;
Appreciate the help.
Thanks
Parth
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
