[
https://issues.apache.org/jira/browse/HDDS-1600?focusedWorklogId=252036&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-252036
]
ASF GitHub Bot logged work on HDDS-1600:
----------------------------------------
Author: ASF GitHub Bot
Created on: 31/May/19 20:29
Start Date: 31/May/19 20:29
Worklog Time Spent: 10m
Work Description: xiaoyuyao commented on pull request #857: HDDS-1600.
Add userName and IPAddress as part of OMRequest.
URL: https://github.com/apache/hadoop/pull/857#discussion_r289540450
##########
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
##########
@@ -1753,17 +1770,26 @@ private void checkAcls(ResourceType resType, StoreType
store,
.setClientUgi(user)
.setIp(ProtobufRpcEngine.Server.getRemoteIp())
.setAclType(ACLIdentityType.USER)
- .setAclRights(acl)
+ .setAclRights(aclType)
.build();
if (!accessAuthorizer.checkAccess(obj, context)) {
LOG.warn("User {} doesn't have {} permission to access {}",
- user.getUserName(), acl, resType);
- throw new OzoneAclException("User " + user.getUserName() + " doesn't " +
- "have " + acl + " permission to access " + resType,
- ErrorCode.PERMISSION_DENIED);
+ user.getUserName(), aclType, resType);
Review comment:
The unit test failure seems related:
TestOmAcls.testOMAclsPermissionDenied
org.apache.hadoop.ozone.om.exceptions.OMException: User jenkins1000 doesn't
have CREATE permission to access volume
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 252036)
Time Spent: 1h 20m (was: 1h 10m)
> Add userName and IPAddress as part of OMRequest.
> ------------------------------------------------
>
> Key: HDDS-1600
> URL: https://issues.apache.org/jira/browse/HDDS-1600
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
> Reporter: Bharat Viswanadham
> Assignee: Bharat Viswanadham
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> In OM HA, the actual execution of request happens under GRPC context, so UGI
> object which we retrieve from ProtobufRpcEngine.Server.getRemoteUser(); will
> not be available.
> In similar manner ProtobufRpcEngine.Server.getRemoteIp().
>
> So, during preExecute(which happens under RPC context) extract userName and
> IPAddress and add it to the OMRequest, and then send the request to ratis
> server.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
