subject:"\[3\/4\] phoenix git commit\: PHOENIX\-4749 Allow impersonation when SPNEGO is disabled"

[3/4] phoenix git commit: PHOENIX-4749 Allow impersonation when SPNEGO is disabled

2018-05-25 Thread pboado

PHOENIX-4749 Allow impersonation when SPNEGO is disabled

Client impersonation is no longer tied to SPNEGO auth.

Signed-off-by: Josh Elser 


Project: http://git-wip-us.apache.org/repos/asf/phoenix/repo
Commit: http://git-wip-us.apache.org/repos/asf/phoenix/commit/58082f81
Tree: http://git-wip-us.apache.org/repos/asf/phoenix/tree/58082f81
Diff: http://git-wip-us.apache.org/repos/asf/phoenix/diff/58082f81

Branch: refs/heads/4.x-cdh5.14
Commit: 58082f8100a82d637c8f5102e16204e51b7cf86d
Parents: f7a27e2
Author: Alex Araujo 
Authored: Wed May 23 16:28:48 2018 +0100
Committer: Pedro Boado 
Committed: Fri May 25 22:58:29 2018 +0100

--
 .../phoenix/queryserver/server/QueryServer.java | 90 +++-
 .../server/QueryServerConfigurationTest.java| 72 
 2 files changed, 121 insertions(+), 41 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/phoenix/blob/58082f81/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
--
diff --git 
a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
 
b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
index 8436086..e3f0f52 100644
--- 
a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
+++ 
b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
@@ -54,6 +54,7 @@ import org.apache.phoenix.queryserver.register.Registry;
 import org.apache.phoenix.util.InstanceResolver;
 
 import java.io.File;
+import java.io.IOException;
 import java.lang.management.ManagementFactory;
 import java.lang.management.RuntimeMXBean;
 import java.net.InetAddress;
@@ -197,7 +198,7 @@ public final class QueryServer extends Configured 
implements Tool, Runnable {
   
QueryServicesOptions.DEFAULT_QUERY_SERVER_DISABLE_KERBEROS_LOGIN);
 
   // handle secure cluster credentials
-  if (isKerberos && !disableSpnego && !disableLogin) {
+  if (isKerberos && !disableLogin) {
 hostname = Strings.domainNamePointerToHostName(DNS.getDefaultHost(
 getConf().get(QueryServices.QUERY_SERVER_DNS_INTERFACE_ATTRIB, 
"default"),
 getConf().get(QueryServices.QUERY_SERVER_DNS_NAMESERVER_ATTRIB, 
"default")));
@@ -230,47 +231,9 @@ public final class QueryServer extends Configured 
implements Tool, Runnable {
   final HttpServer.Builder builder = new 
HttpServer.Builder().withPort(port)
   .withHandler(service, getSerialization(getConf()));
 
-  // Enable SPNEGO and Impersonation when using Kerberos
+  // Enable client auth when using Kerberos auth for HBase
   if (isKerberos) {
-UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
-LOG.debug("Current user is " + ugi);
-if (!ugi.hasKerberosCredentials()) {
-  ugi = UserGroupInformation.getLoginUser();
-  LOG.debug("Current user does not have Kerberos credentials, using 
instead " + ugi);
-}
-
-// Make sure the proxyuser configuration is up to date
-ProxyUsers.refreshSuperUserGroupsConfiguration(getConf());
-
-String keytabPath = 
getConf().get(QueryServices.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB);
-File keytab = new File(keytabPath);
-String httpKeytabPath = 
getConf().get(QueryServices.QUERY_SERVER_HTTP_KEYTAB_FILENAME_ATTRIB, null);
-String httpPrincipal = 
getConf().get(QueryServices.QUERY_SERVER_KERBEROS_HTTP_PRINCIPAL_ATTRIB, null);
-// Backwards compat for a configuration key change
-if (httpPrincipal == null) {
-  httpPrincipal = 
getConf().get(QueryServices.QUERY_SERVER_KERBEROS_HTTP_PRINCIPAL_ATTRIB_LEGACY, 
null);
-}
-File httpKeytab = null;
-if (null != httpKeytabPath)
-  httpKeytab = new File(httpKeytabPath);
-
-String realmsString = 
getConf().get(QueryServices.QUERY_SERVER_KERBEROS_ALLOWED_REALMS, null);
-String[] additionalAllowedRealms = null;
-if (null != realmsString) {
-additionalAllowedRealms = StringUtils.split(realmsString, ',');
-}
-
-// Enable SPNEGO and impersonation (through standard Hadoop 
configuration means)
-if ((null != httpKeytabPath) && (null != httpPrincipal))
-  builder.withSpnego(httpPrincipal, additionalAllowedRealms)
-  .withAutomaticLogin(httpKeytab)
-  .withImpersonation(new PhoenixDoAsCallback(ugi, getConf()));
-else
-  builder.withSpnego(ugi.getUserName(), additionalAllowedRealms)
-  .withAutomaticLogin(keytab)
-  .withImpersonation(new PhoenixDoAsCallback(ugi, getConf()));
-
-
+

[3/4] phoenix git commit: PHOENIX-4749 Allow impersonation when SPNEGO is disabled

2018-05-25 Thread pboado

PHOENIX-4749 Allow impersonation when SPNEGO is disabled

Client impersonation is no longer tied to SPNEGO auth.

Signed-off-by: Josh Elser 


Project: http://git-wip-us.apache.org/repos/asf/phoenix/repo
Commit: http://git-wip-us.apache.org/repos/asf/phoenix/commit/58082f81
Tree: http://git-wip-us.apache.org/repos/asf/phoenix/tree/58082f81
Diff: http://git-wip-us.apache.org/repos/asf/phoenix/diff/58082f81

Branch: refs/heads/4.x-cdh5.13
Commit: 58082f8100a82d637c8f5102e16204e51b7cf86d
Parents: f7a27e2
Author: Alex Araujo 
Authored: Wed May 23 16:28:48 2018 +0100
Committer: Pedro Boado 
Committed: Fri May 25 22:58:29 2018 +0100

--
 .../phoenix/queryserver/server/QueryServer.java | 90 +++-
 .../server/QueryServerConfigurationTest.java| 72 
 2 files changed, 121 insertions(+), 41 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/phoenix/blob/58082f81/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
--
diff --git 
a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
 
b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
index 8436086..e3f0f52 100644
--- 
a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
+++ 
b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
@@ -54,6 +54,7 @@ import org.apache.phoenix.queryserver.register.Registry;
 import org.apache.phoenix.util.InstanceResolver;
 
 import java.io.File;
+import java.io.IOException;
 import java.lang.management.ManagementFactory;
 import java.lang.management.RuntimeMXBean;
 import java.net.InetAddress;
@@ -197,7 +198,7 @@ public final class QueryServer extends Configured 
implements Tool, Runnable {
   
QueryServicesOptions.DEFAULT_QUERY_SERVER_DISABLE_KERBEROS_LOGIN);
 
   // handle secure cluster credentials
-  if (isKerberos && !disableSpnego && !disableLogin) {
+  if (isKerberos && !disableLogin) {
 hostname = Strings.domainNamePointerToHostName(DNS.getDefaultHost(
 getConf().get(QueryServices.QUERY_SERVER_DNS_INTERFACE_ATTRIB, 
"default"),
 getConf().get(QueryServices.QUERY_SERVER_DNS_NAMESERVER_ATTRIB, 
"default")));
@@ -230,47 +231,9 @@ public final class QueryServer extends Configured 
implements Tool, Runnable {
   final HttpServer.Builder builder = new 
HttpServer.Builder().withPort(port)
   .withHandler(service, getSerialization(getConf()));
 
-  // Enable SPNEGO and Impersonation when using Kerberos
+  // Enable client auth when using Kerberos auth for HBase
   if (isKerberos) {
-UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
-LOG.debug("Current user is " + ugi);
-if (!ugi.hasKerberosCredentials()) {
-  ugi = UserGroupInformation.getLoginUser();
-  LOG.debug("Current user does not have Kerberos credentials, using 
instead " + ugi);
-}
-
-// Make sure the proxyuser configuration is up to date
-ProxyUsers.refreshSuperUserGroupsConfiguration(getConf());
-
-String keytabPath = 
getConf().get(QueryServices.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB);
-File keytab = new File(keytabPath);
-String httpKeytabPath = 
getConf().get(QueryServices.QUERY_SERVER_HTTP_KEYTAB_FILENAME_ATTRIB, null);
-String httpPrincipal = 
getConf().get(QueryServices.QUERY_SERVER_KERBEROS_HTTP_PRINCIPAL_ATTRIB, null);
-// Backwards compat for a configuration key change
-if (httpPrincipal == null) {
-  httpPrincipal = 
getConf().get(QueryServices.QUERY_SERVER_KERBEROS_HTTP_PRINCIPAL_ATTRIB_LEGACY, 
null);
-}
-File httpKeytab = null;
-if (null != httpKeytabPath)
-  httpKeytab = new File(httpKeytabPath);
-
-String realmsString = 
getConf().get(QueryServices.QUERY_SERVER_KERBEROS_ALLOWED_REALMS, null);
-String[] additionalAllowedRealms = null;
-if (null != realmsString) {
-additionalAllowedRealms = StringUtils.split(realmsString, ',');
-}
-
-// Enable SPNEGO and impersonation (through standard Hadoop 
configuration means)
-if ((null != httpKeytabPath) && (null != httpPrincipal))
-  builder.withSpnego(httpPrincipal, additionalAllowedRealms)
-  .withAutomaticLogin(httpKeytab)
-  .withImpersonation(new PhoenixDoAsCallback(ugi, getConf()));
-else
-  builder.withSpnego(ugi.getUserName(), additionalAllowedRealms)
-  .withAutomaticLogin(keytab)
-  .withImpersonation(new PhoenixDoAsCallback(ugi, getConf()));
-
-
+

[3/4] phoenix git commit: PHOENIX-4749 Allow impersonation when SPNEGO is disabled

2018-05-25 Thread pboado

PHOENIX-4749 Allow impersonation when SPNEGO is disabled

Client impersonation is no longer tied to SPNEGO auth.

Signed-off-by: Josh Elser 


Project: http://git-wip-us.apache.org/repos/asf/phoenix/repo
Commit: http://git-wip-us.apache.org/repos/asf/phoenix/commit/58082f81
Tree: http://git-wip-us.apache.org/repos/asf/phoenix/tree/58082f81
Diff: http://git-wip-us.apache.org/repos/asf/phoenix/diff/58082f81

Branch: refs/heads/4.x-cdh5.12
Commit: 58082f8100a82d637c8f5102e16204e51b7cf86d
Parents: f7a27e2
Author: Alex Araujo 
Authored: Wed May 23 16:28:48 2018 +0100
Committer: Pedro Boado 
Committed: Fri May 25 22:58:29 2018 +0100

--
 .../phoenix/queryserver/server/QueryServer.java | 90 +++-
 .../server/QueryServerConfigurationTest.java| 72 
 2 files changed, 121 insertions(+), 41 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/phoenix/blob/58082f81/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
--
diff --git 
a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
 
b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
index 8436086..e3f0f52 100644
--- 
a/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
+++ 
b/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java
@@ -54,6 +54,7 @@ import org.apache.phoenix.queryserver.register.Registry;
 import org.apache.phoenix.util.InstanceResolver;
 
 import java.io.File;
+import java.io.IOException;
 import java.lang.management.ManagementFactory;
 import java.lang.management.RuntimeMXBean;
 import java.net.InetAddress;
@@ -197,7 +198,7 @@ public final class QueryServer extends Configured 
implements Tool, Runnable {
   
QueryServicesOptions.DEFAULT_QUERY_SERVER_DISABLE_KERBEROS_LOGIN);
 
   // handle secure cluster credentials
-  if (isKerberos && !disableSpnego && !disableLogin) {
+  if (isKerberos && !disableLogin) {
 hostname = Strings.domainNamePointerToHostName(DNS.getDefaultHost(
 getConf().get(QueryServices.QUERY_SERVER_DNS_INTERFACE_ATTRIB, 
"default"),
 getConf().get(QueryServices.QUERY_SERVER_DNS_NAMESERVER_ATTRIB, 
"default")));
@@ -230,47 +231,9 @@ public final class QueryServer extends Configured 
implements Tool, Runnable {
   final HttpServer.Builder builder = new 
HttpServer.Builder().withPort(port)
   .withHandler(service, getSerialization(getConf()));
 
-  // Enable SPNEGO and Impersonation when using Kerberos
+  // Enable client auth when using Kerberos auth for HBase
   if (isKerberos) {
-UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
-LOG.debug("Current user is " + ugi);
-if (!ugi.hasKerberosCredentials()) {
-  ugi = UserGroupInformation.getLoginUser();
-  LOG.debug("Current user does not have Kerberos credentials, using 
instead " + ugi);
-}
-
-// Make sure the proxyuser configuration is up to date
-ProxyUsers.refreshSuperUserGroupsConfiguration(getConf());
-
-String keytabPath = 
getConf().get(QueryServices.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB);
-File keytab = new File(keytabPath);
-String httpKeytabPath = 
getConf().get(QueryServices.QUERY_SERVER_HTTP_KEYTAB_FILENAME_ATTRIB, null);
-String httpPrincipal = 
getConf().get(QueryServices.QUERY_SERVER_KERBEROS_HTTP_PRINCIPAL_ATTRIB, null);
-// Backwards compat for a configuration key change
-if (httpPrincipal == null) {
-  httpPrincipal = 
getConf().get(QueryServices.QUERY_SERVER_KERBEROS_HTTP_PRINCIPAL_ATTRIB_LEGACY, 
null);
-}
-File httpKeytab = null;
-if (null != httpKeytabPath)
-  httpKeytab = new File(httpKeytabPath);
-
-String realmsString = 
getConf().get(QueryServices.QUERY_SERVER_KERBEROS_ALLOWED_REALMS, null);
-String[] additionalAllowedRealms = null;
-if (null != realmsString) {
-additionalAllowedRealms = StringUtils.split(realmsString, ',');
-}
-
-// Enable SPNEGO and impersonation (through standard Hadoop 
configuration means)
-if ((null != httpKeytabPath) && (null != httpPrincipal))
-  builder.withSpnego(httpPrincipal, additionalAllowedRealms)
-  .withAutomaticLogin(httpKeytab)
-  .withImpersonation(new PhoenixDoAsCallback(ugi, getConf()));
-else
-  builder.withSpnego(ugi.getUserName(), additionalAllowedRealms)
-  .withAutomaticLogin(keytab)
-  .withImpersonation(new PhoenixDoAsCallback(ugi, getConf()));
-
-
+

[3/4] phoenix git commit: PHOENIX-4749 Allow impersonation when SPNEGO is disabled

[3/4] phoenix git commit: PHOENIX-4749 Allow impersonation when SPNEGO is disabled

[3/4] phoenix git commit: PHOENIX-4749 Allow impersonation when SPNEGO is disabled

3 matches

Site Navigation

Mail list logo

Footer information