You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Aaron T. Myers (Created) (JIRA)" <ji...@apache.org> on 2012/03/08 01:12:56 UTC
[jira] [Created] (HADOOP-8152) Expand public APIs for security
library classes
Expand public APIs for security library classes
-----------------------------------------------
Key: HADOOP-8152
URL: https://issues.apache.org/jira/browse/HADOOP-8152
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 0.23.3
Reporter: Aaron T. Myers
Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Aaron T. Myers (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13250168#comment-13250168 ]
Aaron T. Myers commented on HADOOP-8152:
----------------------------------------
bq. The basic problem is that the UGI code assumes there is only one keytab in play so when there are two or more, calling reloginFromKeytab (amongst other routines) can have unpredictable results.
Makes sense. Thanks for the explanation. Would you mind filing a JIRA describing the issue? Even if you don't intend to work on it, having the problem described will be helpful to facilitate discussion.
bq. What we've been hypothesizing is changing it such that it requires saying which keytab you actually want to relogin from... which means there is a good chance that backward compatibility isn't going to be possible.
Sounds like backward compatibility could perhaps be achieved for the single-keytab case by retaining the no-arg routines, checking how many keytabs are in play, and throwing an error if a no-arg routine is called when there's more than one keytab.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Aaron T. Myers (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aaron T. Myers updated HADOOP-8152:
-----------------------------------
Attachment: HADOOP-8152.patch
Thanks a lot for the reviews, Eli and Alejandro. Here's an updated patch which incorporates your feedback.
bq. hadoop-auth packages:
Mind if we address this in a separate JIRA? Seems like a distinct issue to me.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Aaron T. Myers (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13249302#comment-13249302 ]
Aaron T. Myers commented on HADOOP-8152:
----------------------------------------
No tests are included since this just changes some audience/stability annotations.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Enis Soztutar (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13228008#comment-13228008 ]
Enis Soztutar commented on HADOOP-8152:
---------------------------------------
HBase also has it's own delegation tokens, so we should consider all of the Token-related interfaces. An HBase-like project will definitely need its own Tokens, TokenIdentifiers, TokenRenewers, etc.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.23.3
> Reporter: Aaron T. Myers
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Aaron T. Myers (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13250144#comment-13250144 ]
Aaron T. Myers commented on HADOOP-8152:
----------------------------------------
bq. Even marking something as Public+Evolving has certain implications. I don't know if I'm comfortable with some of these being marked public. Will the impacted parties understand when we break them?
I'd like to think that the impacted parties would understand. Perhaps one of the HBase folk watching this JIRA could comment? Andrew? Todd?
bq. (It is inevitable we're going to change reloginFromKeytab and likely even remove it as part of reworking UGI.)
Is it also inevitable that maintaining backward compatibility will be impossible? If it is, then we can still break them. Hence the "Evolving" annotation.
Also, could you point me toward the JIRA discussing reworking UGI? I'm not familiar with it.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Aaron T. Myers (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aaron T. Myers updated HADOOP-8152:
-----------------------------------
Attachment: HADOOP-8152.patch
Here's a patch which addresses the issue. Let me summarize the changes:
* Both UserGroupInformation and SecurityUtil are currently marked InterfaceAudience.LimitedPrivate("HDFS", "MapReduce") and InterfaceStability.Evolving. This is unchanged.
* This patch adds InterfaceAudience.Public and InterfaceStability.Evolving annotations to getCurrentUser, getLoginUser, createRemoteUser, createProxyUser, and both variants of doAs in UserGroupInformation.
* This patch adds InterfaceAudience.Public and InterfaceStability.Evolving annotations to both variants of the method "login" in SecurityUtil.
* This patch removes two cases of individual methods being marked InterfaceAudience.LimitedPrivate("HDFS", "MapReduce") in UserGroupInformation. Since the class is already annotated the same way, these seemed redundant.
My understanding of the nature of the InterfaceAudience and InterfaceStability annotations is that the most-specific annotation is what applies. Thus, just increasing the InterfaceAudience visibility of these methods should be sufficient for the purposes of dependent projects.
The methods that I chose here are the ones that I'm aware of dependent projects using. If others are aware of more, I'd be happy to add them to this patch.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Allen Wittenauer (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13249840#comment-13249840 ]
Allen Wittenauer commented on HADOOP-8152:
------------------------------------------
Even marking something as Public+Evolving has certain implications. I don't know if I'm comfortable with some of these being marked public. Will the impacted parties understand when we break them? (It is inevitable we're going to change reloginFromKeytab and likely even remove it as part of reworking UGI.)
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Andrew Purtell (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257480#comment-13257480 ]
Andrew Purtell commented on HADOOP-8152:
----------------------------------------
I think we would like to work together here. Nobody is doing obviously dumb things and asking for forgiveness later IMHO. We'd like our projects to integrate with Hadoop when its security features are enabled. Unfortunately to do so requires use of classes/methods now marked as private or whatever. This area is obviously still a work in progress and not conducive to easy reuse or extension. We can be blamed for wanting to do the right thing, but that seems counterproductive.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13260206#comment-13260206 ]
Hudson commented on HADOOP-8152:
--------------------------------
Integrated in Hadoop-Mapreduce-trunk-Commit #2139 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/2139/])
HADOOP-8152. Expand public APIs for security library classes. Contributed by Aaron T. Myers (Revision 1329541)
Result = SUCCESS
eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1329541
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Fix For: 2.0.0
>
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Aaron T. Myers (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aaron T. Myers updated HADOOP-8152:
-----------------------------------
Attachment: HADOOP-8152.patch
Thanks a lot for the input, Todd. Here's an updated patch which adds the methods you mentioned HBase makes use of.
bq. Many parts of UGI are pretty broken when multiple keytabs are in play. They should probably be fixed before marking them public.
Note that this patch is marking the interfaces evolving, not stable, so if we have a good reason to change them between releases (e.g. fixing multi-keytab support) then we certainly can.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Todd Lipcon (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13249662#comment-13249662 ]
Todd Lipcon commented on HADOOP-8152:
-------------------------------------
Looking at HBase, it seems like it's also using the following which aren't marked public by this patch:
- SecurityUtil.getServerPrincipal
- enum UGI.AuthenticationMethod (marked evolving but not marked public)
- UGI.getRealUser
- UGI.isLoginKeytabBased
- UGI.reloginFromKeytab
- UGI.reloginFromTicketCache
- UGI.getUserName
- UGI.createUserForTesting
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Allen Wittenauer (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13250153#comment-13250153 ]
Allen Wittenauer commented on HADOOP-8152:
------------------------------------------
Actually, I've been thinking a lot about this. It is pretty clear that the interested parties are sort of ignoring our interface stability markings and are willing to live with the risk of future breakage. With the strict exception of the ones documented in secure impersonation (which should obviously be public+stable) is there any actual benefit to marking these public (in any form) for those that do want to play by the rules?
bq. Also, could you point me toward the JIRA discussing reworking UGI? I'm not familiar with it.
It doesn't exist yet because I think we're the only ones to hit it and haven't had a chance to work up a patch since we've developed a somewhat nasty workaround.
The basic problem is that the UGI code assumes there is only one keytab in play so when there are two or more, calling reloginFromKeytab (amongst other routines) can have unpredictable results. What we've been hypothesizing is changing it such that it requires saying which keytab you actually want to relogin from... which means there is a good chance that backward compatibility isn't going to be possible.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Allen Wittenauer (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13249689#comment-13249689 ]
Allen Wittenauer commented on HADOOP-8152:
------------------------------------------
Many parts of UGI are pretty broken when multiple keytabs are in play. They should probably be fixed before marking them public. The fact that HBase uses them even though they aren't marked Public is HBase's problem.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13260205#comment-13260205 ]
Hudson commented on HADOOP-8152:
--------------------------------
Integrated in Hadoop-Hdfs-trunk-Commit #2197 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/2197/])
HADOOP-8152. Expand public APIs for security library classes. Contributed by Aaron T. Myers (Revision 1329541)
Result = SUCCESS
eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1329541
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Fix For: 2.0.0
>
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Eli Collins (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eli Collins updated HADOOP-8152:
--------------------------------
Resolution: Fixed
Fix Version/s: 2.0.0
Target Version/s: (was: 2.0.0)
Hadoop Flags: Reviewed
Status: Resolved (was: Patch Available)
I've committed this and merged to branch-2, thanks ATM.
@Tucu, please file a jira for the hadoop-auth follow on change.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Fix For: 2.0.0
>
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Andrew Purtell (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13225399#comment-13225399 ]
Andrew Purtell commented on HADOOP-8152:
----------------------------------------
+1 on promoting these interfaces to public, at least the methods in common use across subprojects now.
This was sent to user@hbase:
{quote}
At least on the HBase side, I'll [Andrew Purtell] take the pain once to rework our related sources if the APIs on their way to stability make one more change. However, it would be preferable to avoid further need for hacks. Use of reflection can ride over an API in transition, but it can also punt breakage due to API change to runtime, where we'd least like to see it for the first time.
{quote}
Relevant here I think.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.23.3
> Reporter: Aaron T. Myers
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257915#comment-13257915 ]
Hadoop QA commented on HADOOP-8152:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12523428/HADOOP-8152.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.fs.viewfs.TestViewFsTrash
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/871//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/871//console
This message is automatically generated.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Alejandro Abdelnur (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257529#comment-13257529 ]
Alejandro Abdelnur commented on HADOOP-8152:
--------------------------------------------
Oozie uses the following from Hadoop security:
* UserGroupInformation class:
** UserGroupInformation.setConfiguration()
** UserGroupInformation.loginUserFromKeytab()
** UserGroupInformation.createProxyUser()
** UserGroupInformation.createUserForTesting()
** UserGroupInformation.doAs()
* hadoop-auth packages:
** org.apache.hadoop.security.authentication.client
** org.apache.hadoop.security.authentication.server
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Eli Collins (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13258010#comment-13258010 ]
Eli Collins commented on HADOOP-8152:
-------------------------------------
+1 looks good to me, agree we can address hadoop-auth in another jira. The test failure is unrelated.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Daryn Sharp (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13225305#comment-13225305 ]
Daryn Sharp commented on HADOOP-8152:
-------------------------------------
Do you think the entire class apis should be exposed, or just certain methods? Opening up the methods will essentially set them in stone so we should carefully consider if the apis are exactly how we want them.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.23.3
> Reporter: Aaron T. Myers
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13249301#comment-13249301 ]
Hadoop QA commented on HADOOP-8152:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12521709/HADOOP-8152.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in .
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/838//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/838//console
This message is automatically generated.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Todd Lipcon (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13250163#comment-13250163 ]
Todd Lipcon commented on HADOOP-8152:
-------------------------------------
I generally agree that the static "loginUser" concept is a mess and should probably be killed in favor of using methods like {{loginFromKeytabAndReturnUGI}} everywhere. But I also agree with Aaron that we can mark these as evolving and it doesn't force our hand down the road.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Aaron T. Myers (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13242892#comment-13242892 ]
Aaron T. Myers commented on HADOOP-8152:
----------------------------------------
bq. Do you think the entire class apis should be exposed, or just certain methods? Opening up the methods will essentially set them in stone so we should carefully consider if the apis are exactly how we want them.
That seems reasonable to me. Is it acceptable to just leave the class InterfaceAudience annotations in place, and add more visible annotations to certain methods? Or is it that the least-visible annotation is the one that applies? Or would folks prefer that we create a new class or two which just selectively expose these interfaces?
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.23.3
> Reporter: Aaron T. Myers
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Allen Wittenauer (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257166#comment-13257166 ]
Allen Wittenauer commented on HADOOP-8152:
------------------------------------------
Lots of things are documented via javadoc that we likely wouldn't want anyone to use. There are also lots of things that are not documented (properly) in javadoc that we actually want people to use. See the compression codec interfaces, for example.
I'm speaking specifically of http://hadoop.apache.org/common/docs/r1.0.0/Secure_Impersonation.html as pointed out by Harsh.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13260204#comment-13260204 ]
Hudson commented on HADOOP-8152:
--------------------------------
Integrated in Hadoop-Common-trunk-Commit #2123 (See [https://builds.apache.org/job/Hadoop-Common-trunk-Commit/2123/])
HADOOP-8152. Expand public APIs for security library classes. Contributed by Aaron T. Myers (Revision 1329541)
Result = SUCCESS
eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1329541
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Fix For: 2.0.0
>
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Ashutosh Chauhan (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13224882#comment-13224882 ]
Ashutosh Chauhan commented on HADOOP-8152:
------------------------------------------
+1. Hive uses them. Either make it public or LimitedPrivate(HDFS,MR,Hive,HBase) will be fine.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.23.3
> Reporter: Aaron T. Myers
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13260533#comment-13260533 ]
Hudson commented on HADOOP-8152:
--------------------------------
Integrated in Hadoop-Mapreduce-trunk #1059 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1059/])
HADOOP-8152. Expand public APIs for security library classes. Contributed by Aaron T. Myers (Revision 1329541)
Result = FAILURE
eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1329541
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Fix For: 2.0.0
>
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Eli Collins (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257156#comment-13257156 ]
Eli Collins commented on HADOOP-8152:
-------------------------------------
I agree the UGI methods should be annotated public since, per Harsh, we provide user-facing documentation on how to use them. I would extend the @InterfaceAudience for UGI to include HBase, Hive and Oozie since these are "closely related projects" that use UGI that we don't want to break, or alternatively add a class-level comment to this effect so people understand why we're calling out specific methods as public in a limited private class. I agree w/ the overall approach, and otherwise the patch looks good to me.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Harsh J (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13225080#comment-13225080 ]
Harsh J commented on HADOOP-8152:
---------------------------------
We also have public docs on letting users use UserGroupInformation for secure impersonation, at http://hadoop.apache.org/common/docs/r1.0.0/Secure_Impersonation.html (for example).
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.23.3
> Reporter: Aaron T. Myers
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Jitendra Nath Pandey (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13225367#comment-13225367 ]
Jitendra Nath Pandey commented on HADOOP-8152:
----------------------------------------------
I agree with Daryn, we should figure out a way to selectively open the APIs.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.23.3
> Reporter: Aaron T. Myers
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13260507#comment-13260507 ]
Hudson commented on HADOOP-8152:
--------------------------------
Integrated in Hadoop-Hdfs-trunk #1024 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1024/])
HADOOP-8152. Expand public APIs for security library classes. Contributed by Aaron T. Myers (Revision 1329541)
Result = FAILURE
eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1329541
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Fix For: 2.0.0
>
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Aaron T. Myers (Assigned) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aaron T. Myers reassigned HADOOP-8152:
--------------------------------------
Assignee: Aaron T. Myers
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.23.3
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Hadoop QA (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13249720#comment-13249720 ]
Hadoop QA commented on HADOOP-8152:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12521917/HADOOP-8152.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in .
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/840//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/840//console
This message is automatically generated.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Allen Wittenauer (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257160#comment-13257160 ]
Allen Wittenauer commented on HADOOP-8152:
------------------------------------------
We should only mark the methods that are *specifically* called out in the documentation, not nearly as many as this patch does. I'm pretty much -1 on any patch that marks undocumented methods as public.
Additionally, since HBase, Hive, and Oozie are using methods that are private without communicating their need beforehand, I see no reason to change the InterfaceAudience. Using the methods, doing a release, and then asking for forgiveness is inexcusable. They could have easily have asked us to change prior to them doing a release. Since they didn't, they clearly don't care about the stability levels.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Aaron T. Myers (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aaron T. Myers updated HADOOP-8152:
-----------------------------------
Target Version/s: 2.0.0 (was: 0.23.3)
Affects Version/s: (was: 0.23.3)
2.0.0
Status: Patch Available (was: Open)
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8152) Expand public APIs for security
library classes
Posted by "Eli Collins (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257164#comment-13257164 ]
Eli Collins commented on HADOOP-8152:
-------------------------------------
@Allen, these projects started using these classes when they were just public, before we added the interface annotations. Ie these methods weren't private when they started using them. And all the methods are documented via javadoc. So you can't infer these projects don't care about stability, and therefore it's OK to break them. Given this, I think we should include these closely-related projects, that we don't want to break, in the limited private set.
> Expand public APIs for security library classes
> -----------------------------------------------
>
> Key: HADOOP-8152
> URL: https://issues.apache.org/jira/browse/HADOOP-8152
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods. Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more generally public.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira