[ https://issues.apache.org/jira/browse/HDFS-13972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16810023#comment-16810023 ]
CR Hota commented on HDFS-13972: -------------------------------- [~elgoiri] Thanks for taking a look. getDatanodeReport in secured cluster will need superuser creds irrespective of code path. In chooseDatanode there is loginUser.doAs which is fundamentally using user creds and NOT superuser creds. Even if that is removed, RouterRpcClient will still use ugi that belongs to end user and not router superuser in the invokeConcurrent method. This happens because ugi is constructed in RouterRpcClient by doing {code:java} final UserGroupInformation ugi = RouterRpcServer.getRemoteUser(); {code} Hence this change is necessary for router to talk to namenode with super user privilege. As per the change this is ONLY for getDatanodeReport. > RBF: Support for Delegation Token (WebHDFS) > ------------------------------------------- > > Key: HDFS-13972 > URL: https://issues.apache.org/jira/browse/HDFS-13972 > Project: Hadoop HDFS > Issue Type: Sub-task > Reporter: Íñigo Goiri > Assignee: CR Hota > Priority: Major > Attachments: HDFS-13972-HDFS-13891.001.patch, > HDFS-13972-HDFS-13891.002.patch, HDFS-13972-HDFS-13891.003.patch, > HDFS-13972-HDFS-13891.004.patch, HDFS-13972-HDFS-13891.005.patch, > HDFS-13972-HDFS-13891.006.patch, HDFS-13972-HDFS-13891.007.patch, > HDFS-13972-HDFS-13891.008.patch, HDFS-13972-HDFS-13891.009.patch, > HDFS-13972-HDFS-13891.010.patch, HDFS-13972-HDFS-13891.011.patch, > TestRouterWebHDFSContractTokens.java > > > HDFS Router should support issuing HDFS delegation tokens through WebHDFS. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org