You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@falcon.apache.org by "Shwetha G S (JIRA)" <ji...@apache.org> on 2014/07/08 10:35:38 UTC

[jira] [Commented] (FALCON-497) Able to submit feed even though owner of storage specified (location type=data) is different from the ACL owner

    [ https://issues.apache.org/jira/browse/FALCON-497?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14054645#comment-14054645 ] 

Shwetha G S commented on FALCON-497:
------------------------------------

Currently, feed authorisation is done just for submit and update and not other operations(like schedule), which is pretty confusing and its mostly useful for schedule. Will add authorisation as part of another jira. Thanks [~samarthg] for pointing this out

> Able to submit feed even though owner of storage specified (location type=data) is different from the ACL owner
> ---------------------------------------------------------------------------------------------------------------
>
>                 Key: FALCON-497
>                 URL: https://issues.apache.org/jira/browse/FALCON-497
>             Project: Falcon
>          Issue Type: Bug
>          Components: general
>    Affects Versions: 0.6
>         Environment: QA
>            Reporter: Karishma Gulati
>            Assignee: Shwetha G S
>             Fix For: 0.6
>
>         Attachments: FALCON-497.patch
>
>
> {code:xml}
> <?xml version="1.0" encoding="UTF-8"?>
> <feed xmlns="uri:falcon:feed:0.1" name="raaw-logs16-784f11fb-0952-4b0e-ae17-a767f094068a" description="clicks log">
>   <partitions>
>     <partition name="country"/>
>     <partition name="colo"/>
>   </partitions>
>   <frequency>minutes(20)</frequency>
>   <timezone>UTC</timezone>
>   <late-arrival cut-off="hours(6)"/>
>   <clusters>
>     <cluster name="corp-456c8ba1-00d9-46d2-a9c1-f5e0a561f8cc" type="source">
>       <validity start="2009-02-01T00:00Z" end="2099-05-01T00:00Z"/>
>       <retention limit="months(9000)" action="delete"/>
>     </cluster>
>   </clusters>
>   <locations>
>     <location type="data" path="/samarth/input-data/rawLogs/${YEAR}/${MONTH}/${DAY}/${HOUR}/${MINUTE}"/>
>     <location type="stats" path="/projects/ivory/clicksStats"/>
>     <location type="meta" path="/projects/ivory/clicksMetaData"/>
>   </locations>
>   <ACL owner="karishma" group="group" permission="0x755"/>
>   <schema location="/schema/clicks" provider="protobuf"/>
>   <properties>
>     <property name="field1" value="value1"/>
>     <property name="field2" value="value2"/>
>   </properties>
> </feed>
> {code}
> If location path (type=data) exists in hdfs, and the feed is submitted with an ACL owner different from the storage owner, instead of getting an error, I'm succesfully able to submit the feed. 
> In falcon, the owner of the entire path 
> {code:xml}
> <location type="data" path="/samarth/input-data/rawLogs/${YEAR}/${MONTH}/${DAY}/${HOUR}/${MINUTE}"/>
> {code}
> (including the variables) is being checked for, instead of just that of "/samarth/input-data/rawLogs/".
> The feature successfully works if the location paths (type=meta or type=stats) exist on hdfs, and the owner of these is different from the ACL owner.In that case, I'm not allowed to submit the feed, and get the following error: 
> {code:xml}
>  <?xml version="1.0" encoding="UTF-8"?>
> <result>
>   <status>FAILED</status>
>   <message>ua1/Can't validate storage ACL (URI hdfs://192.168.138.27:8020)Feed ACL owner karishma doesn't match the actual file owner dataqa</message>
>   <requestId>ua1/15509f1d-2341-4ada-a119-b2d120a3d3fd</requestId>
> </result>
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)