[ https://issues.apache.org/jira/browse/ZOOKEEPER-2014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15566745#comment-15566745 ]
Hadoop QA commented on ZOOKEEPER-2014: -------------------------------------- -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12832770/ZOOKEEPER-2014.patch against trunk revision f78061aafb19b102c37cb6d744ec6258d5f5b66e. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 45 new or modified tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 2 new Findbugs (version 2.0.3) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3481//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3481//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3481//console This message is automatically generated. > Only admin should be allowed to reconfig a cluster > -------------------------------------------------- > > Key: ZOOKEEPER-2014 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2014 > Project: ZooKeeper > Issue Type: Bug > Components: server > Affects Versions: 3.5.0 > Reporter: Raul Gutierrez Segales > Assignee: Michael Han > Priority: Blocker > Fix For: 3.5.3 > > Attachments: ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, > ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, > ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, > ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch > > > ZOOKEEPER-107 introduces reconfiguration support via the reconfig() call. We > should, at the very least, ensure that only the Admin can reconfigure a > cluster. Perhaps restricting access to /zookeeper/config as well, though this > is debatable. Surely one could ensure Admin only access via an ACL, but that > would leave everyone who doesn't use ACLs unprotected. We could also force a > default ACL to make it a bit more consistent (maybe). > Finally, making reconfig() only available to Admins means they have to run > with zookeeper.DigestAuthenticationProvider.superDigest (which I am not sure > if everyone does, or how would it work with other authentication providers). > Review board https://reviews.apache.org/r/51546/ -- This message was sent by Atlassian JIRA (v6.3.4#6332)