[jira] [Updated] (HADOOP-11973) Some ZkDelegationTokenSecretManager znodes do not have ACLs
[ https://issues.apache.org/jira/browse/HADOOP-11973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gregory Chanan updated HADOOP-11973: Status: Patch Available (was: Open) Some ZkDelegationTokenSecretManager znodes do not have ACLs --- Key: HADOOP-11973 URL: https://issues.apache.org/jira/browse/HADOOP-11973 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.6.0 Reporter: Gregory Chanan Assignee: Gregory Chanan Attachments: HADOOP-11973.patch I recently added an ACL Provider to the curator framework instance I pass to the ZkDelegationTokenSecretManager, and notice some strangeness around ACLs. I set: zk-dt-secret-manager.znodeWorkingPath to: solr/zkdtsm and notice that /solr/zkdtsm/ /solr/zkdtsm/ZKDTSMRoot do not have ACLs but all the znodes under /solr/zkdtsm/ZKDTSMRoot have ACLs. From adding some logging, it looks like the ACLProvider is never called for /solr/zkdtsm and /solr/zkdtsm/ZKDTSMRoot. I don't know if that's a Curator or ZkDelegationTokenSecretManager issue. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-11973) Some ZkDelegationTokenSecretManager znodes do not have ACLs
[ https://issues.apache.org/jira/browse/HADOOP-11973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gregory Chanan updated HADOOP-11973: Attachment: HADOOP-11973.patch Here's a patch that addresses the issue and has a test. Here's a description I wrote in CURATOR-221: {quote} Yes, although in my case it's a bit complicated. If you look at HADOOP-11973, to keep the external vs internal client impl similar, I want to initialize the final CuratorFramework object in the constructor, which means I want to use the namespace-aware version. So, I could create the nodes before I call usingNamespace, but then I have to deal with exception handling, which I don't want to do in the constructor. So essentially I have to do: call usingNamespace(ns) in the constructor in startThreads, call usingNamespace(null) and then create the parents manually. {quote} Some ZkDelegationTokenSecretManager znodes do not have ACLs --- Key: HADOOP-11973 URL: https://issues.apache.org/jira/browse/HADOOP-11973 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.6.0 Reporter: Gregory Chanan Assignee: Gregory Chanan Attachments: HADOOP-11973.patch I recently added an ACL Provider to the curator framework instance I pass to the ZkDelegationTokenSecretManager, and notice some strangeness around ACLs. I set: zk-dt-secret-manager.znodeWorkingPath to: solr/zkdtsm and notice that /solr/zkdtsm/ /solr/zkdtsm/ZKDTSMRoot do not have ACLs but all the znodes under /solr/zkdtsm/ZKDTSMRoot have ACLs. From adding some logging, it looks like the ACLProvider is never called for /solr/zkdtsm and /solr/zkdtsm/ZKDTSMRoot. I don't know if that's a Curator or ZkDelegationTokenSecretManager issue. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HADOOP-11973) Some ZkDelegationTokenSecretManager znodes do not have ACLs
[ https://issues.apache.org/jira/browse/HADOOP-11973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gregory Chanan updated HADOOP-11973: Attachment: HADOOP-11973v2.patch Fix whitespace/style and unset thread local at end of test so other tests are not affected. Some ZkDelegationTokenSecretManager znodes do not have ACLs --- Key: HADOOP-11973 URL: https://issues.apache.org/jira/browse/HADOOP-11973 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.6.0 Reporter: Gregory Chanan Assignee: Gregory Chanan Attachments: HADOOP-11973.patch, HADOOP-11973v2.patch I recently added an ACL Provider to the curator framework instance I pass to the ZkDelegationTokenSecretManager, and notice some strangeness around ACLs. I set: zk-dt-secret-manager.znodeWorkingPath to: solr/zkdtsm and notice that /solr/zkdtsm/ /solr/zkdtsm/ZKDTSMRoot do not have ACLs but all the znodes under /solr/zkdtsm/ZKDTSMRoot have ACLs. From adding some logging, it looks like the ACLProvider is never called for /solr/zkdtsm and /solr/zkdtsm/ZKDTSMRoot. I don't know if that's a Curator or ZkDelegationTokenSecretManager issue. -- This message was sent by Atlassian JIRA (v6.3.4#6332)