You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@phoenix.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2021/02/16 05:59:00 UTC
[jira] [Commented] (PHOENIX-5369)
BasePermissionsIT.testReadPermsOnTableIndexAndView test uses an incorrect
user for permission based operations
[ https://issues.apache.org/jira/browse/PHOENIX-5369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17285050#comment-17285050 ]
ASF GitHub Bot commented on PHOENIX-5369:
-----------------------------------------
stoty commented on pull request #524:
URL: https://github.com/apache/phoenix/pull/524#issuecomment-779602275
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 2m 21s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +1 :green_heart: | hbaseanti | 0m 0s | Patch does not have any anti-patterns. |
| +1 :green_heart: | @author | 0m 1s | The patch does not contain any @author tags. |
| -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. |
||| _ master Compile Tests _ |
| +1 :green_heart: | mvninstall | 19m 33s | master passed |
| +0 | hbaserecompile | 28m 38s | HBase recompiled. |
| +1 :green_heart: | compile | 1m 21s | master passed |
| +1 :green_heart: | checkstyle | 0m 47s | master passed |
| +1 :green_heart: | javadoc | 1m 7s | master passed |
| +0 :ok: | spotbugs | 4m 13s | phoenix-core in master has 959 extant spotbugs warnings. |
||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 13m 0s | the patch passed |
| +0 | hbaserecompile | 26m 16s | HBase recompiled. |
| +1 :green_heart: | compile | 1m 21s | the patch passed |
| +1 :green_heart: | javac | 1m 21s | the patch passed |
| +1 :green_heart: | checkstyle | 0m 42s | the patch passed |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | javadoc | 1m 12s | the patch passed |
| +1 :green_heart: | spotbugs | 4m 8s | the patch passed |
||| _ Other Tests _ |
| -1 :x: | unit | 108m 34s | phoenix-core in the patch failed. |
| +1 :green_heart: | asflicense | 0m 37s | The patch does not generate ASF License warnings. |
| | | 180m 18s | |
| Reason | Tests |
|-------:|:------|
| Failed junit tests | phoenix.end2end.PermissionNSDisabledIT |
| | phoenix.end2end.PermissionsCacheIT |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/Phoenix/job/Phoenix-PreCommit-GitHub-PR/job/PR-524/1/artifact/yetus-general-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/phoenix/pull/524 |
| JIRA Issue | PHOENIX-5369 |
| Optional Tests | dupname asflicense javac javadoc unit spotbugs hbaserebuild hbaseanti checkstyle compile |
| uname | Linux 3064b964bb76 4.15.0-126-generic #129-Ubuntu SMP Mon Nov 23 18:53:38 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev/phoenix-personality.sh |
| git revision | master / 6ed3caf |
| Default Java | Private Build-1.8.0_242-8u242-b08-0ubuntu3~16.04-b08 |
| unit | https://ci-hadoop.apache.org/job/Phoenix/job/Phoenix-PreCommit-GitHub-PR/job/PR-524/1/artifact/yetus-general-check/output/patch-unit-phoenix-core.txt |
| Test Results | https://ci-hadoop.apache.org/job/Phoenix/job/Phoenix-PreCommit-GitHub-PR/job/PR-524/1/testReport/ |
| Max. process+thread count | 10767 (vs. ulimit of 30000) |
| modules | C: phoenix-core U: phoenix-core |
| Console output | https://ci-hadoop.apache.org/job/Phoenix/job/Phoenix-PreCommit-GitHub-PR/job/PR-524/1/console |
| versions | git=2.7.4 maven=3.3.9 spotbugs=4.1.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
> BasePermissionsIT.testReadPermsOnTableIndexAndView test uses an incorrect user for permission based operations
> --------------------------------------------------------------------------------------------------------------
>
> Key: PHOENIX-5369
> URL: https://issues.apache.org/jira/browse/PHOENIX-5369
> Project: Phoenix
> Issue Type: Bug
> Affects Versions: 5.0.0
> Environment: {code:java}
> <hbase.version>2.1.1</hbase.version>
> {code}
> Reporter: Mehdi Salarkia
> Assignee: Mehdi Salarkia
> Priority: Minor
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> org.apache.phoenix.end2end.BasePermissionsIT uses a regular user for revoking permission on another user while invoking user does not have the permission to do that and as the result runs into the following exception.
> {code:java}
> 2019-06-24 14:05:54,108 DEBUG [main] org.apache.hadoop.hbase.client.RpcRetryingCallerImpl(131): Call exception, tries=10, retries=16, started=38507 ms ago, cancelled=false, msg=java.io.IOException: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=regularUser1_N000002, scope=hbase:acl, family=l:regularUser2_N000003, params=[table=hbase:acl,family=l:regularUser2_N000003],action=WRITE)
> at org.apache.hadoop.hbase.security.User.runAsLoginUser(User.java:185)
> at org.apache.hadoop.hbase.security.access.AccessController.revoke(AccessController.java:2118)
> at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService$1.revoke(AccessControlProtos.java:10031)
> at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService.callMethod(AccessControlProtos.java:10192)
> at org.apache.hadoop.hbase.regionserver.HRegion.execService(HRegion.java:8203)
> at org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion(RSRpcServices.java:2423)
> at org.apache.hadoop.hbase.regionserver.RSRpcServices.execService(RSRpcServices.java:2405)
> at org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:42010)
> at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:413)
> at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:130)
> at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:324)
> at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:304)
> Caused by: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=regularUser1_N000002, scope=hbase:acl, family=l:regularUser2_N000003, params=[table=hbase:acl,family=l:regularUser2_N000003],action=WRITE)
> at org.apache.hadoop.hbase.security.access.AccessController.preDelete(AccessController.java:1552)
> at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$26.call(RegionCoprocessorHost.java:990)
> at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$26.call(RegionCoprocessorHost.java:987)
> at org.apache.hadoop.hbase.coprocessor.CoprocessorHost$ObserverOperationWithoutResult.callObserver(CoprocessorHost.java:540)
> at org.apache.hadoop.hbase.coprocessor.CoprocessorHost.execOperation(CoprocessorHost.java:614)
> at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preDelete(RegionCoprocessorHost.java:987)
> at org.apache.hadoop.hbase.regionserver.HRegion$MutationBatchOperation.callPreMutateCPHook(HRegion.java:3709)
> at org.apache.hadoop.hbase.regionserver.HRegion$MutationBatchOperation.access$800(HRegion.java:3470)
> at org.apache.hadoop.hbase.regionserver.HRegion$MutationBatchOperation$1.visit(HRegion.java:3539)
> at org.apache.hadoop.hbase.regionserver.HRegion$BatchOperation.visitBatchOperations(HRegion.java:3084)
> at org.apache.hadoop.hbase.regionserver.HRegion$MutationBatchOperation.checkAndPrepare(HRegion.java:3529)
> at org.apache.hadoop.hbase.regionserver.HRegion.batchMutate(HRegion.java:3968)
> at org.apache.hadoop.hbase.regionserver.HRegion.batchMutate(HRegion.java:3902)
> at org.apache.hadoop.hbase.regionserver.HRegion.batchMutate(HRegion.java:3893)
> at org.apache.hadoop.hbase.regionserver.HRegion.batchMutate(HRegion.java:3907)
> at org.apache.hadoop.hbase.regionserver.HRegion.doBatchMutate(HRegion.java:4234)
> at org.apache.hadoop.hbase.regionserver.HRegion.delete(HRegion.java:2923)
> at org.apache.hadoop.hbase.regionserver.RSRpcServices.mutate(RSRpcServices.java:2853)
> at org.apache.hadoop.hbase.client.ClientServiceCallable.doMutate(ClientServiceCallable.java:55)
> at org.apache.hadoop.hbase.client.HTable$2.rpcCall(HTable.java:498)
> at org.apache.hadoop.hbase.client.HTable$2.rpcCall(HTable.java:493)
> at org.apache.hadoop.hbase.client.RegionServerCallable.call(RegionServerCallable.java:127)
> at org.apache.hadoop.hbase.client.RpcRetryingCallerImpl.callWithRetries(RpcRetryingCallerImpl.java:107)
> at org.apache.hadoop.hbase.client.HTable.delete(HTable.java:503)
> at org.apache.hadoop.hbase.security.access.AccessControlLists.removePermissionRecord(AccessControlLists.java:262)
> at org.apache.hadoop.hbase.security.access.AccessControlLists.removeUserPermission(AccessControlLists.java:246)
> at org.apache.hadoop.hbase.security.access.AccessController$8.run(AccessController.java:2124)
> at org.apache.hadoop.hbase.security.access.AccessController$8.run(AccessController.java:2118)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1962)
> at org.apache.hadoop.security.SecurityUtil.doAsUser(SecurityUtil.java:514)
> at org.apache.hadoop.security.SecurityUtil.doAsLoginUser(SecurityUtil.java:495)
> at sun.reflect.GeneratedMethodAccessor112.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.hadoop.hbase.util.Methods.call(Methods.java:40)
> at org.apache.hadoop.hbase.security.User.runAsLoginUser(User.java:183)
> ... 11 more
> , details=row '' on table 'hbase:acl' at region=hbase:acl,,1561410247401.d0b5e1997224dadc6c06b2a492b99a08., hostname=localhost,55921,1561410236573, seqNum=2, exception=java.io.IOException: java.io.IOException: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=regularUser1_N000002, scope=hbase:acl, family=l:regularUser2_N000003, params=[table=hbase:acl,family=l:regularUser2_N000003],action=WRITE)
> at org.apache.hadoop.hbase.security.User.runAsLoginUser(User.java:185)
> at org.apache.hadoop.hbase.security.access.AccessController.revoke(AccessController.java:2118)
> at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService$1.revoke(AccessControlProtos.java:10031)
> at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService.callMethod(AccessControlProtos.java:10192)
> at org.apache.hadoop.hbase.regionserver.HRegion.execService(HRegion.java:8203)
> at org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion(RSRpcServices.java:2423)
> at org.apache.hadoop.hbase.regionserver.RSRpcServices.execService(RSRpcServices.java:2405)
> at org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:42010)
> at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:413)
> at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:130)
> at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:324)
> at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:304)
> {code}
> This seems to be caused by this HBase fix https://issues.apache.org/jira/browse/HBASE-21385 which has changed the way HBase Delete operation works.
> On Hbase 2.1.0 and below this was working because the user behind the request was null (because it was an RPC call, see org.apache.hadoop.hbase.security.access.AccessController#getActiveUser) and fell back to the system user which always had permission for any operations.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)