[
https://issues.apache.org/jira/browse/HDFS-16259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17425497#comment-17425497
]
Ayush Saxena commented on HDFS-16259:
-------------------------------------
{quote}I think it can be argued both ways. HDFS should have made
AccessControlException final so it was clear what Ranger should do
{quote}
Definitely yes, That is what Ranger Folks will tell, If we blame them. :)
{quote}but we cannot do that now as it will break Ranger
{quote}
HDFS will break as well, we too have {{SnapshotAccessControlException}} and
{{TraverseAccessControlException}}
I am not sure how this inconsistency got introduced and what are the reasons
for that, need to pull in the author of those codes, not sure how old the code
is.
What do you think about Compatibility? I think even if you unwrap at DfsClient
or convert to ACE at Namenode, Compatibility guidelines would definitely break
Regarding changing in the DFSClient, I think couple of APIs still do
{{re.unwrapRemoteException();}} (eg. Snapshot ones), whether we do it for this
or not. I think we someday should do this, though a breaking change, Why we
would just need to unwrap only a selective Exceptions
> Catch and re-throw sub-classes of AccessControlException thrown by any
> permission provider plugins (eg Ranger)
> --------------------------------------------------------------------------------------------------------------
>
> Key: HDFS-16259
> URL: https://issues.apache.org/jira/browse/HDFS-16259
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: namenode
> Reporter: Stephen O'Donnell
> Assignee: Stephen O'Donnell
> Priority: Major
>
> When a permission provider plugin is enabled (eg Ranger) there are some
> scenarios where it can throw a sub-class of an AccessControlException (eg
> RangerAccessControlException). If this exception is allowed to propagate up
> the stack, it can give problems in the HDFS Client, when it unwraps the
> remote exception containing the AccessControlException sub-class.
> Ideally, we should make AccessControlException final so it cannot be
> sub-classed, but that would be a breaking change at this point. Therefore I
> believe the safest thing to do, is to catch any AccessControlException that
> comes out of the permission enforcer plugin, and re-throw an
> AccessControlException instead.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
