You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by GitBox <gi...@apache.org> on 2020/08/27 18:05:48 UTC

[GitHub] [hadoop] liuml07 commented on a change in pull request #2245: HADOOP-17159 Ability for forceful relogin in UserGroupInformation class

liuml07 commented on a change in pull request #2245:
URL: https://github.com/apache/hadoop/pull/2245#discussion_r478602120



##########
File path: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
##########
@@ -1215,23 +1215,43 @@ private void fixKerberosTicketOrder() {
    * Re-Login a user in from a keytab file. Loads a user identity from a keytab
    * file and logs them in. They become the currently logged-in user. This
    * method assumes that {@link #loginUserFromKeytab(String, String)} had
-   * happened already.
-   * The Subject field of this UserGroupInformation object is updated to have
-   * the new credentials.
+   * happened already. The Subject field of this UserGroupInformation object is
+   * updated to have the new credentials.
+   *
    * @throws IOException
    * @throws KerberosAuthException on a failure
    */
   @InterfaceAudience.Public
   @InterfaceStability.Evolving
   public synchronized void reloginFromKeytab() throws IOException {
+    reloginFromKeytab(false);
+  }
+
+  /**
+   * Force re-Login a user in from a keytab file. Loads a user identity from a
+   * keytab file and logs them in. They become the currently logged-in user.
+   * This method assumes that {@link #loginUserFromKeytab(String, String)} had
+   * happened already. The Subject field of this UserGroupInformation object is
+   * updated to have the new credentials.
+   *
+   * @param ignoreTimeElapsed Force re-login irrespective of the time of last
+   *                          login
+   * @throws IOException
+   * @throws KerberosAuthException on a failure
+   */
+  @InterfaceAudience.Public
+  @InterfaceStability.Evolving
+  public synchronized void reloginFromKeytab(boolean ignoreTimeElapsed)

Review comment:
       I'm thinking of the same problem of the same method signature when potential Hadoop 2 code calling `reloginFromKeytab(false)` upgrades to Hadoop 3. Because of the same method name and a bool parameter, users most likely will not notice the parameter value is for different meanings: in Hadoop 2 here, the bool parameter is for `ignoreTimeElapsed` where in Hadoop 3 it is actually for `checkTGT`.
   
   So is it better to:
   1. Make this new API `public synchronized void reloginFromKeytab(boolean ignoreTimeElapsed)` private
   2. AND we also add the new API as in Hadoop 3: `public void forceReloginFromKeytab()`.
   
   That way, the application code which forces login will have the same code between Hadoop 2 and 3. And the other new API `reloginFromKeytab(boolean)` is private in UGI both in Hadoop 2 and 3.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org