Sergey Shelukhin created HDFS-10757: ---------------------------------------
Summary: KMSClientProvider combined with KeyProviderCache results in wrong UGI being used Key: HDFS-10757 URL: https://issues.apache.org/jira/browse/HDFS-10757 Project: Hadoop HDFS Issue Type: Bug Reporter: Sergey Shelukhin Priority: Critical ClientContext::get gets the context from cache via a config setting based name, then KeyProviderCache stored in ClientContext gets the key provider cached by URI stored in configuration, too. KMSClientProvider caches the UGI (actualUgi) in ctor; that means in particular that all the users of DFS with KMSClientProvider in a process will get the KMS token (along with other credentials) of the first user... Either KMSClientProvider shouldn't store the UGI, or one of the caches should be UGI-aware, like the FS object cache. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org