[
https://issues.apache.org/jira/browse/HDFS-6986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14118902#comment-14118902
]
Alejandro Abdelnur commented on HDFS-6986:
------------------------------------------
The changes in {{DistributedFileSystem.java}} should be something like:
{code}
@Override
public Token<?>[] addDelegationTokens(String renewer, Credentials
credentials)
throws IOException {
Token<?>[] tokens = super.addDelegationTokens(renewer, credentials);
if (dfs.getKeyProvider() != null) {
KeyProviderDelegationTokenExtension keyProviderDelegationTokenExtension =
KeyProviderDelegationTokenExtension.
createKeyProviderDelegationTokenExtension(dfs.getKeyProvider());
Token<?>[] kpTokens = keyProviderDelegationTokenExtension.
addDelegationTokens(renewer, credentials);
if (tokens != null && kpTokens != null) {
Token<?>[] all = new Token<?>[tokens.length + kpTokens.length];
System.arraycopy(tokens, 0, all, 0, tokens.length);
System.arraycopy(kpTokens, 0, all, tokens.length, kpTokens.length);
tokens = all;
} else {
tokens = (tokens != null) ? tokens : kpTokens;
}
}
return tokens;
}
{code}
And {{DFSClient}} should expose the keyprovider via a {{getKeyProvider()}}
method.
> DistributedFileSystem must get delegation tokens from configured KeyProvider
> ----------------------------------------------------------------------------
>
> Key: HDFS-6986
> URL: https://issues.apache.org/jira/browse/HDFS-6986
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: security
> Affects Versions: 2.6.0
> Reporter: Alejandro Abdelnur
> Assignee: Zhe Zhang
>
> {{KeyProvider}} via {{KeyProviderDelegationTokenExtension}} provides
> delegation tokens. {{DistributedFileSystem}} should augment the HDFS
> delegation tokens with the keyprovider ones so tasks can interact with
> keyprovider when it is a client/server impl (KMS).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
