Override ClientOptions.User if KerberosClient is set

This prevents a subtle misconfiguration whereby User being set prevents the realm from being set, which then breaks any communication with the namenode.
colinmarc · Mar 23, 2022 · 1dee011 · 1dee011
1 parent ff27ef8
commit 1dee011
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 12 deletions.
diff --git a/client.go b/client.go
@@ -57,8 +57,8 @@ type ClientOptions struct {
 	// Addresses specifies the namenode(s) to connect to.
 	Addresses []string
 	// User specifies which HDFS user the client will act as. It is required
-	// unless kerberos authentication is enabled, in which case it will be
-	// determined from the provided credentials if empty.
+	// unless kerberos authentication is enabled, in which case it is overridden
+	// by the username set in KerberosClient.
 	User string
 	// UseDatanodeHostname specifies whether the client should connect to the
 	// datanodes via hostname (which is useful in multi-homed setups) or IP

diff --git a/internal/rpc/namenode.go b/internal/rpc/namenode.go
@@ -58,8 +58,8 @@ type NamenodeConnectionOptions struct {
 	// Addresses specifies the namenode(s) to connect to.
 	Addresses []string
 	// User specifies which HDFS user the client will act as. It is required
-	// unless kerberos authentication is enabled, in which case it will be
-	// determined from the provided credentials if empty.
+	// unless kerberos authentication is enabled, in which case it is overridden
+	// by the username set in KerberosClient.
 	User string
 	// DialFunc is used to connect to the namenodes. If nil, then
 	// (&net.Dialer{}).DialContext is used.
@@ -94,14 +94,12 @@ func NewNamenodeConnection(options NamenodeConnectionOptions) (*NamenodeConnecti
 
 	var user, realm string
 	user = options.User
-	if user == "" {
-		if options.KerberosClient != nil {
-			creds := options.KerberosClient.Credentials
-			user = creds.UserName()
-			realm = creds.Realm()
-		} else {
-			return nil, errors.New("user not specified")
-		}
+	if options.KerberosClient != nil {
+		creds := options.KerberosClient.Credentials
+		user = creds.UserName()
+		realm = creds.Realm()
+	} else if user == "" {
+		return nil, errors.New("user not specified")
 	}
 
 	// The ClientID is reused here both in the RPC headers (which requires a