[
https://issues.apache.org/jira/browse/HADOOP-14935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16200755#comment-16200755
]
Steve Loughran commented on HADOOP-14935:
-----------------------------------------
Patch 003: patch 002 with some test tuning.
I'm happy with the production code, just getting those tests right in terms of
coverage.
This is what I'v done the new test cases (But leaving the others ones alone)
* used {{recursiveDelete}} as the delete operation in teardown, instead of
{{allowRecursiveDelete; delete}}.
* stripped off the {{ContractTestUtils.}} prefix to the static methods from
that class, as they are all imported now
This is what the new rename tests do.
+added more negative permissions tests; pulled out the probe into its own
assert, with an error string generated if the tests actually work
TODO
* I want the tests to always check the get status auth path, which should be
done by enabling the option in {{createConfiguration()}} the way we are now
doing with the security settings. Otherwise this patch adds a new codepath
which doesn't get tested in the unit tests unless/until someone looks at the
code and remembers to do this. Having it turned on all the time should simplify
the {{addAuthRuleGetFileStatus}} methods and give better coverage.
* testAccessWhenPermissionsMatch should be split into three separate.
* I'm afraid you'll have to patch the new testRename tests to set up their
permissions
Testing: Azure ireland. Everything worked, which makes me think that without
the filestatus security enable, the tests aren't exploring the new checks
(otherwise the new rename tests would fail, wouldn't they?)
[~snayak]: if you can pick up patch 002 & see what you can do about the todo
list, we should be good to go in.
> Azure: POSIX permissions are taking effect in access() method even when
> authorization is enabled
> ------------------------------------------------------------------------------------------------
>
> Key: HADOOP-14935
> URL: https://issues.apache.org/jira/browse/HADOOP-14935
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/azure
> Affects Versions: 2.9.0
> Reporter: Santhosh G Nayak
> Assignee: Santhosh G Nayak
> Attachments: HADOOP-14935-003.patch, HADOOP-14935.1.patch,
> HADOOP-14935.2.patch
>
>
> FileSystem implementation class for azure i.e. {{NativeAzureFileSystem}} does
> not override {{access(path,mode)}} method and uses the default implementation
> from the base class. This base implementaion uses the POSIX permissions to
> check if the requested user has access to given path or not even when
> authorization is enabled, which is incorrect.
> {{NativeAzureFileSystem.access()}} in authorization enabled mode should use
> the authorization mechanism provided instead of relying on the POSIX
> permission ons. So the proposal is to override {{FileSystem.access()}} method
> in {{NativeAzureFileSystem}} such that it honors the authorization mechanism
> configured in authorization enabled mode and falls back to POSIX permissions
> otherwise.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
