[jira] [Commented] (HDDS-1900) Remove UpdateBucket handler which supports add/remove Acl

Wed, 07 Aug 2019 21:06:39 -0700 


    [ 
https://issues.apache.org/jira/browse/HDDS-1900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16902655#comment-16902655
 ] 

Hudson commented on HDDS-1900:
------------------------------

FAILURE: Integrated in Jenkins build Hadoop-trunk-Commit #17061 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/17061/])
HDDS-1900. Remove UpdateBucket handler which supports add/remove Acl. (github: 
rev 70b4617cfe69fcbde0dca88827b92505d0925c3d)
* (edit) 
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/ozShell/TestOzoneShell.java
* (edit) 
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/BucketCommands.java
* (edit) hadoop-hdds/docs/content/shell/BucketCommands.md
* (edit) hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell.robot
* (delete) 
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/UpdateBucketHandler.java


> Remove UpdateBucket handler which supports add/remove Acl
> ---------------------------------------------------------
>
>                 Key: HDDS-1900
>                 URL: https://issues.apache.org/jira/browse/HDDS-1900
>             Project: Hadoop Distributed Data Store
>          Issue Type: Bug
>            Reporter: Bharat Viswanadham
>            Assignee: Bharat Viswanadham
>            Priority: Critical
>              Labels: pull-request-available
>             Fix For: 0.4.1, 0.5.0
>
>          Time Spent: 2h 50m
>  Remaining Estimate: 0h
>
> This Jira is to remove bucket update handler.
> To add acl/remove acl we should use ozone sh bucket addacl/ozone sh bucket 
> removeacl.
>  
> Otherwise, when security is enabled, old Bucket update handler, uses 
> setBucketProperty and that checks acl acces for WRITE, whereas when 
> add/remove Acl we should check access for WRITE_ACL.
>  
> If we have both ways, even if a USER does not have WRITE_ACL can still 
> add/remove Acls on a bucket.
>  
> This Jira is to clean up the old code and fix this security issue.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to