You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@storm.apache.org by Ethanlm <gi...@git.apache.org> on 2018/04/16 15:51:34 UTC
[GitHub] storm pull request #2635: [STORM-3029] don't use keytab based login for hbas...
GitHub user Ethanlm opened a pull request:
https://github.com/apache/storm/pull/2635
[STORM-3029] don't use keytab based login for hbase if AutoTGT is used.
https://issues.apache.org/jira/browse/STORM-3029
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/Ethanlm/storm STORM-3029
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/storm/pull/2635.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2635
----
commit 1fda8e236c013cf47d15406ee2a94661da34069b
Author: Ethan Li <et...@...>
Date: 2018-04-16T15:49:19Z
[STORM-3029] don't use keytab based login for hbase if AutoTGT is used.
----
---
[GitHub] storm pull request #2635: [STORM-3029] don't use keytab based login for hbas...
Posted by revans2 <gi...@git.apache.org>.
Github user revans2 commented on a diff in the pull request:
https://github.com/apache/storm/pull/2635#discussion_r182745958
--- Diff: external/storm-autocreds/src/main/java/org/apache/storm/hbase/security/HBaseSecurityUtil.java ---
@@ -52,24 +54,27 @@ private HBaseSecurityUtil() {
public static UserProvider login(Map<String, Object> conf, Configuration hbaseConfig) throws IOException {
//Allowing keytab based login for backward compatibility.
- if (UserGroupInformation.isSecurityEnabled() && (conf.get(TOPOLOGY_AUTO_CREDENTIALS) == null ||
- !(((List) conf.get(TOPOLOGY_AUTO_CREDENTIALS)).contains(AutoHBase.class.getName())))) {
- LOG.info("Logging in using keytab as AutoHBase is not specified for " + TOPOLOGY_AUTO_CREDENTIALS);
- //insure that if keytab is used only one login per process executed
- if(legacyProvider == null) {
- synchronized (HBaseSecurityUtil.class) {
- if(legacyProvider == null) {
- legacyProvider = UserProvider.instantiate(hbaseConfig);
- String keytab = (String) conf.get(STORM_KEYTAB_FILE_KEY);
- if (keytab != null) {
- hbaseConfig.set(STORM_KEYTAB_FILE_KEY, keytab);
- }
- String userName = (String) conf.get(STORM_USER_NAME_KEY);
- if (userName != null) {
- hbaseConfig.set(STORM_USER_NAME_KEY, userName);
+ if (UserGroupInformation.isSecurityEnabled()) {
+ List<String> autoCredentials = (List) conf.get(TOPOLOGY_AUTO_CREDENTIALS);
+ if ((autoCredentials == null)
+ || (!autoCredentials.contains(AutoHBase.class.getName()) && !autoCredentials.contains(AutoTGT.class.getName()))) {
+ LOG.info("Logging in using keytab as either AutoHBase or AutoTGT is specified for " + TOPOLOGY_AUTO_CREDENTIALS);
--- End diff --
nit: I think it should be neither instead of either
---
[GitHub] storm issue #2635: [STORM-3029] don't use keytab based login for hbase if Au...
Posted by Ethanlm <gi...@git.apache.org>.
Github user Ethanlm commented on the issue:
https://github.com/apache/storm/pull/2635
rebased
---
[GitHub] storm issue #2635: [STORM-3029] don't use keytab based login for hbase if Au...
Posted by Ethanlm <gi...@git.apache.org>.
Github user Ethanlm commented on the issue:
https://github.com/apache/storm/pull/2635
Sorry I put this up too early. I need to do more tests.
---
[GitHub] storm pull request #2635: [STORM-3029] don't use keytab based login for hbas...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/storm/pull/2635
---