You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oozie.apache.org by rk...@apache.org on 2016/01/19 20:11:25 UTC

oozie git commit: OOZIE-2419 HBase credentials are not correctly proxied (qwertymaniac via rkanter)

Repository: oozie
Updated Branches:
  refs/heads/master 0cf2fb3e7 -> ad9d7bd38


OOZIE-2419 HBase credentials are not correctly proxied (qwertymaniac via rkanter)


Project: http://git-wip-us.apache.org/repos/asf/oozie/repo
Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/ad9d7bd3
Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/ad9d7bd3
Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/ad9d7bd3

Branch: refs/heads/master
Commit: ad9d7bd381a473cba70cadcbf3b4d9b138896ea4
Parents: 0cf2fb3
Author: Robert Kanter <rk...@cloudera.com>
Authored: Tue Jan 19 11:11:14 2016 -0800
Committer: Robert Kanter <rk...@cloudera.com>
Committed: Tue Jan 19 11:11:14 2016 -0800

----------------------------------------------------------------------
 .../oozie/action/hadoop/HbaseCredentials.java     | 18 ++++++++++++++++--
 pom.xml                                           |  2 +-
 release-log.txt                                   |  1 +
 3 files changed, 18 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/oozie/blob/ad9d7bd3/core/src/main/java/org/apache/oozie/action/hadoop/HbaseCredentials.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/oozie/action/hadoop/HbaseCredentials.java b/core/src/main/java/org/apache/oozie/action/hadoop/HbaseCredentials.java
index d716379..307f565 100644
--- a/core/src/main/java/org/apache/oozie/action/hadoop/HbaseCredentials.java
+++ b/core/src/main/java/org/apache/oozie/action/hadoop/HbaseCredentials.java
@@ -19,17 +19,22 @@
 package org.apache.oozie.action.hadoop;
 
 import java.io.IOException;
+import java.security.PrivilegedExceptionAction;
 import java.util.Map;
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.HBaseConfiguration;
 import org.apache.hadoop.hbase.security.User;
+import org.apache.hadoop.hbase.security.token.AuthenticationTokenIdentifier;
+import org.apache.hadoop.hbase.security.token.TokenUtil;
 import org.apache.hadoop.mapred.JobConf;
 import org.apache.oozie.action.ActionExecutor.Context;
 import org.apache.oozie.action.hadoop.Credentials;
 import org.apache.oozie.action.hadoop.CredentialsProperties;
 import org.apache.oozie.util.XLog;
 import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.token.Token;
+import org.apache.hadoop.security.token.TokenIdentifier;
 
 
 /**
@@ -69,11 +74,20 @@ public class HbaseCredentials extends Credentials {
         injectConf(hbaseConf, jobConf);
     }
 
-    private void obtainToken(JobConf jobConf, Context context) throws IOException, InterruptedException {
+    private void obtainToken(final JobConf jobConf, Context context) throws IOException, InterruptedException {
         String user = context.getWorkflow().getUser();
         UserGroupInformation ugi =  UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser());
         User u = User.create(ugi);
-        u.obtainAuthTokenForJob(jobConf);
+        // A direct doAs is required here vs. User#obtainAuthTokenForJob(...)
+        // See OOZIE-2419 for more
+        Token<AuthenticationTokenIdentifier> token = u.runAs(
+            new PrivilegedExceptionAction<Token<AuthenticationTokenIdentifier>>() {
+                public Token<AuthenticationTokenIdentifier> run() throws Exception {
+                    return TokenUtil.obtainToken(jobConf);
+                }
+            }
+        );
+        jobConf.getCredentials().addToken(token.getService(), token);
     }
 
     private void addPropsConf(CredentialsProperties props, Configuration destConf) {

http://git-wip-us.apache.org/repos/asf/oozie/blob/ad9d7bd3/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index a74ffab..dc519cb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -80,7 +80,7 @@
         <hadoop.majorversion>1</hadoop.majorversion>
         <hadooplib.version>hadoop-${hadoop.majorversion}-${project.version}</hadooplib.version>
         <oozie.hadoop-utils.version>hadoop-${hadoop.majorversion}-${project.version}</oozie.hadoop-utils.version>
-        <hbase.version>0.94.2</hbase.version>
+        <hbase.version>0.94.27</hbase.version>
 
         <dropwizard.metrics.version>3.1.0</dropwizard.metrics.version>
 

http://git-wip-us.apache.org/repos/asf/oozie/blob/ad9d7bd3/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index 12a0641..fcf711a 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
 -- Oozie 4.3.0 release (trunk - unreleased)
 
+OOZIE-2419 HBase credentials are not correctly proxied (qwertymaniac via rkanter)
 OOZIE-2439 FS Action no longer uses name-node from global section or default NN (rkanter)
 OOZIE-2435 TestCoordChangeXCommand is flakey (fdenes via rkanter)
 OOZIE-2428 TestSLAService, TestSLAEventGeneration flakey tests (fdenes via rkanter)