You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@accumulo.apache.org by GitBox <gi...@apache.org> on 2022/10/05 20:09:28 UTC

[GitHub] [accumulo] dlmarion commented on pull request #2988: Added missing permission checks to ClientServiceHandler Thrift API methods

dlmarion commented on PR #2988:
URL: https://github.com/apache/accumulo/pull/2988#issuecomment-1265835606

   I made the following changes in #2994 
   
     1. Modified client.thrift to declare ThriftSecurityException where it's thrown
     2. Added check for system user in ClientServiceHandler to allow system process to get configuration
     3. Modified PermissionsIT so that test user always has READ permissions on table so that it can check the configuration for arbitrary properties
     
    The following tests are now passing: `AuditMessageIT, DumpConfigIT, ImportExportIT, PropStoreConfigIT, PermissionsIT`
    
    The following tests are still failing, but I think they may point to valid issues.
    
   **NamespacesIT**
    - testPermissions may be failing due to consistency
    - verifyPropertyInheritance & verifySystemPropertyInheritance, root user does not have READ permission on DEFAULT namespace.
   
   **ShellServerIT**
   cloneTable - failing on line 649, getting configuration on table that was just cloned
   cloneTableOffline - failing on line 671, getting configuration on table that was just cloned
   exporttableImporttable - failing on line 212, getting the configuration for a table that was just imported.
   
   The above tests are failing with the error:
   ```
   org.apache.accumulo.core.client.AccumuloException: org.apache.accumulo.core.client.AccumuloSecurityException: Error PERMISSION_DENIED for user root - User does not have permission to perform this action
   	at org.apache.accumulo.core.clientImpl.NamespaceOperationsImpl.getConfiguration(NamespaceOperationsImpl.java:266) ~[classes/:?]
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@accumulo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org