HADOOP-14029. Fix KMSClientProvider for non-secure proxyuser use case. Contributed by Xiaoyu Yao.
This commit is contained in:
parent
7bc333ad41
commit
2034315763
@ -1096,13 +1096,14 @@ private UserGroupInformation getActualUgi() throws IOException {
|
|||||||
// Use real user for proxy user
|
// Use real user for proxy user
|
||||||
actualUgi = currentUgi.getRealUser();
|
actualUgi = currentUgi.getRealUser();
|
||||||
}
|
}
|
||||||
|
if (UserGroupInformation.isSecurityEnabled() &&
|
||||||
if (!containsKmsDt(actualUgi) &&
|
!containsKmsDt(actualUgi) &&
|
||||||
!actualUgi.hasKerberosCredentials()) {
|
!actualUgi.hasKerberosCredentials()) {
|
||||||
// Use login user for user that does not have either
|
// Use login user is only necessary when Kerberos is enabled
|
||||||
|
// but the actual user does not have either
|
||||||
// Kerberos credential or KMS delegation token for KMS operations
|
// Kerberos credential or KMS delegation token for KMS operations
|
||||||
LOG.debug("using loginUser no KMS Delegation Token "
|
LOG.debug("Using loginUser when Kerberos is enabled but the actual user" +
|
||||||
+ "no Kerberos Credentials");
|
" does not have either KMS Delegation Token or Kerberos Credentials");
|
||||||
actualUgi = UserGroupInformation.getLoginUser();
|
actualUgi = UserGroupInformation.getLoginUser();
|
||||||
}
|
}
|
||||||
return actualUgi;
|
return actualUgi;
|
||||||
|
@ -2419,7 +2419,11 @@ public Void run() throws Exception {
|
|||||||
|
|
||||||
public void doWebHDFSProxyUserTest(final boolean kerberos) throws Exception {
|
public void doWebHDFSProxyUserTest(final boolean kerberos) throws Exception {
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.security.authentication", "kerberos");
|
if (kerberos) {
|
||||||
|
conf.set("hadoop.security.authentication", "kerberos");
|
||||||
|
}
|
||||||
|
UserGroupInformation.setConfiguration(conf);
|
||||||
|
|
||||||
final File testDir = getTestDir();
|
final File testDir = getTestDir();
|
||||||
conf = createBaseKMSConf(testDir, conf);
|
conf = createBaseKMSConf(testDir, conf);
|
||||||
if (kerberos) {
|
if (kerberos) {
|
||||||
|
Loading…
Reference in New Issue
Block a user