[
https://issues.apache.org/jira/browse/FALCON-497?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14054645#comment-14054645
]
Shwetha G S commented on FALCON-497:
------------------------------------
Currently, feed authorisation is done just for submit and update and not other
operations(like schedule), which is pretty confusing and its mostly useful for
schedule. Will add authorisation as part of another jira. Thanks [~samarthg]
for pointing this out
> Able to submit feed even though owner of storage specified (location
> type=data) is different from the ACL owner
> ---------------------------------------------------------------------------------------------------------------
>
> Key: FALCON-497
> URL: https://issues.apache.org/jira/browse/FALCON-497
> Project: Falcon
> Issue Type: Bug
> Components: general
> Affects Versions: 0.6
> Environment: QA
> Reporter: Karishma Gulati
> Assignee: Shwetha G S
> Fix For: 0.6
>
> Attachments: FALCON-497.patch
>
>
> {code:xml}
> <?xml version="1.0" encoding="UTF-8"?>
> <feed xmlns="uri:falcon:feed:0.1"
> name="raaw-logs16-784f11fb-0952-4b0e-ae17-a767f094068a" description="clicks
> log">
> <partitions>
> <partition name="country"/>
> <partition name="colo"/>
> </partitions>
> <frequency>minutes(20)</frequency>
> <timezone>UTC</timezone>
> <late-arrival cut-off="hours(6)"/>
> <clusters>
> <cluster name="corp-456c8ba1-00d9-46d2-a9c1-f5e0a561f8cc" type="source">
> <validity start="2009-02-01T00:00Z" end="2099-05-01T00:00Z"/>
> <retention limit="months(9000)" action="delete"/>
> </cluster>
> </clusters>
> <locations>
> <location type="data"
> path="/samarth/input-data/rawLogs/${YEAR}/${MONTH}/${DAY}/${HOUR}/${MINUTE}"/>
> <location type="stats" path="/projects/ivory/clicksStats"/>
> <location type="meta" path="/projects/ivory/clicksMetaData"/>
> </locations>
> <ACL owner="karishma" group="group" permission="0x755"/>
> <schema location="/schema/clicks" provider="protobuf"/>
> <properties>
> <property name="field1" value="value1"/>
> <property name="field2" value="value2"/>
> </properties>
> </feed>
> {code}
> If location path (type=data) exists in hdfs, and the feed is submitted with
> an ACL owner different from the storage owner, instead of getting an error,
> I'm succesfully able to submit the feed.
> In falcon, the owner of the entire path
> {code:xml}
> <location type="data"
> path="/samarth/input-data/rawLogs/${YEAR}/${MONTH}/${DAY}/${HOUR}/${MINUTE}"/>
> {code}
> (including the variables) is being checked for, instead of just that of
> "/samarth/input-data/rawLogs/".
> The feature successfully works if the location paths (type=meta or
> type=stats) exist on hdfs, and the owner of these is different from the ACL
> owner.In that case, I'm not allowed to submit the feed, and get the following
> error:
> {code:xml}
> <?xml version="1.0" encoding="UTF-8"?>
> <result>
> <status>FAILED</status>
> <message>ua1/Can't validate storage ACL (URI
> hdfs://192.168.138.27:8020)Feed ACL owner karishma doesn't match the actual
> file owner dataqa</message>
> <requestId>ua1/15509f1d-2341-4ada-a119-b2d120a3d3fd</requestId>
> </result>
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
