Sergey Shelukhin created HDFS-10757:
---------------------------------------
Summary: KMSClientProvider combined with KeyProviderCache results
in wrong UGI being used
Key: HDFS-10757
URL: https://issues.apache.org/jira/browse/HDFS-10757
Project: Hadoop HDFS
Issue Type: Bug
Reporter: Sergey Shelukhin
Priority: Critical
ClientContext::get gets the context from cache via a config setting based name,
then KeyProviderCache stored in ClientContext gets the key provider cached by
URI stored in configuration, too.
KMSClientProvider caches the UGI (actualUgi) in ctor; that means in particular
that all the users of DFS with KMSClientProvider in a process will get the KMS
token (along with other credentials) of the first user...
Either KMSClientProvider shouldn't store the UGI, or one of the caches should
be UGI-aware, like the FS object cache.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
