diff --git a/pom.xml b/pom.xml
index 5d3d3c1..e9c0c05 100644
--- a/pom.xml
+++ b/pom.xml
@@ -37,6 +37,7 @@
2.17
2.24.1
+ 1.19.2
3.3.2
3.12.1
diff --git a/src/main/java/tech/stackable/hadoop/StackableGroupMapper.java b/src/main/java/tech/stackable/hadoop/StackableGroupMapper.java
index b1ee34a..e827d3a 100644
--- a/src/main/java/tech/stackable/hadoop/StackableGroupMapper.java
+++ b/src/main/java/tech/stackable/hadoop/StackableGroupMapper.java
@@ -21,12 +21,8 @@
public class StackableGroupMapper implements GroupMappingServiceProvider {
- private static final Logger LOG = LoggerFactory.getLogger(StackableGroupMapper.class);
-
public static final String OPA_MAPPING_URL_PROP = "hadoop.security.group.mapping.opa.policy.url";
- // response base field: see https://www.openpolicyagent.org/docs/latest/rest-api/#response-message
- private static final String OPA_RESULT_FIELD = "result";
-
+ private static final Logger LOG = LoggerFactory.getLogger(StackableGroupMapper.class);
private final HttpClient httpClient = HttpClient.newHttpClient();
private final ObjectMapper json;
private URI opaUri;
@@ -59,12 +55,10 @@ public StackableGroupMapper() {
.setSerializationInclusion(JsonInclude.Include.NON_NULL);
}
- private static class OpaQueryResult {
- public List result;
- }
-
/**
- * Returns list of groups for a user.
+ * Returns list of groups for a user. Internally Hadoop will pass the short name to this function,
+ * but this prevents us from effectively separating users with the same names but with different
+ * kerberos principals.
*
* @param user get groups for this user
* @return list of groups for a given user
@@ -139,4 +133,8 @@ public void cacheGroupsAdd(List groups) {
"ignoring cacheGroupsAdd for groups [{}]: caching should be provided by the policy provider",
groups);
}
+
+ private static class OpaQueryResult {
+ public List result;
+ }
}