[
https://issues.apache.org/jira/browse/HDFS-16259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17425573#comment-17425573
]
Stephen O'Donnell commented on HDFS-16259:
------------------------------------------
{quote}
What do you think about Compatibility? I think even if you unwrap at DfsClient
or convert to ACE at Namenode, Compatibility guidelines would definitely break
{quote}
This is why I think catching the enforcer exceptions in the Namenode and
throwing a plain AccessControlException is the safest bet, at least for the 3.3
and 3.2 branches. Perhaps we should do something different on trunk that may be
incompatible, eg change the client.
Nothing that calls the DFS Client should depend on a Ranger or other plugin
defined exception coming out of the DFS client, and the way the client has been
coded, it doesn't expect it either, as it only unwraps specific exceptions
right now.
{quote}
Why we would just need to unwrap only a selective Exceptions
{quote}
Yea I agree, this was a strange decision. It means that sometimes you get a
useful exception, and others you get a RemoteException, and with
RemoteException you cannot even call "getCause()" on it to get the real
exception. It would probably have been better to unwrap the remote exception
always and just return the real cause to the caller.
> Catch and re-throw sub-classes of AccessControlException thrown by any
> permission provider plugins (eg Ranger)
> --------------------------------------------------------------------------------------------------------------
>
> Key: HDFS-16259
> URL: https://issues.apache.org/jira/browse/HDFS-16259
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: namenode
> Reporter: Stephen O'Donnell
> Assignee: Stephen O'Donnell
> Priority: Major
>
> When a permission provider plugin is enabled (eg Ranger) there are some
> scenarios where it can throw a sub-class of an AccessControlException (eg
> RangerAccessControlException). If this exception is allowed to propagate up
> the stack, it can give problems in the HDFS Client, when it unwraps the
> remote exception containing the AccessControlException sub-class.
> Ideally, we should make AccessControlException final so it cannot be
> sub-classed, but that would be a breaking change at this point. Therefore I
> believe the safest thing to do, is to catch any AccessControlException that
> comes out of the permission enforcer plugin, and re-throw an
> AccessControlException instead.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
