WebHDFS does not handle requests when the incoming x.509 is the application specific certificate

Description

In a secure Hops deployment (Hops TLS), when a Datanode receives a WebHDFS request, it opens a connection to the Namenode impersonating the user of the RPC expecting the proper certificates to be available. When the request comes outside the context of an application, we materialize the Project certificates from Hopsworks.

When a request comes from the context of an application, Datanode must materialize the application specific certificates from the ResourceManager and proceed with the request using them (app certs) to create the DFS client.

Assignee

Antonios Kouzoupis

Reporter

Antonios Kouzoupis

Labels

None

Fix versions

Affects versions

Priority

Medium
Configure