[
https://issues.apache.org/jira/browse/HDFS-17378?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lars Francke updated HDFS-17378:
--------------------------------
Description:
In HDFS-14743 the operationType was implemented as a thread-local, which
requires the caller to set the thread-local before calling the
{{AccessControlEnforcer}} interface.
Most operations will set the operationType to a String, but some operations set
it to `null`.
This causes the FSPermissionChecker to always call the old (deprecated)
{{AccessControlEnforcer.checkPermission}} API (see
[https://github.com/apache/hadoop/blob/50d256ef3c2531563bc6ba96dec6b78e154b4697/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java#L431])
Instead of setting the operationType to `null` (e.g.
[here|https://github.com/apache/hadoop/blob/50d256ef3c2531563bc6ba96dec6b78e154b4697/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java#L2767])
we should set the correct value.
was:
In HDFS-14743 the operationType was implemented as a thread-local, which
requires the caller to set the thread-local before calling the
{{AccessControlEnforcer}} interface.
Most operations will set the operationType to a String, but some operations set
it to `null`.
This causes the FSPermissionChecker to always the old (deprecated)
{{AccessControlEnforcer.checkPermission}} API (see
[https://github.com/apache/hadoop/blob/50d256ef3c2531563bc6ba96dec6b78e154b4697/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java#L431])
Instead of setting the operationType to `null` (e.g.
[here|https://github.com/apache/hadoop/blob/50d256ef3c2531563bc6ba96dec6b78e154b4697/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java#L2767])
we should set the correct value.
> Missing operationType for some operations in authorizer
> -------------------------------------------------------
>
> Key: HDFS-17378
> URL: https://issues.apache.org/jira/browse/HDFS-17378
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: hdfs
> Affects Versions: 3.3.6
> Reporter: Sebastian Bernauer
> Priority: Minor
>
> In HDFS-14743 the operationType was implemented as a thread-local, which
> requires the caller to set the thread-local before calling the
> {{AccessControlEnforcer}} interface.
> Most operations will set the operationType to a String, but some operations
> set it to `null`.
> This causes the FSPermissionChecker to always call the old (deprecated)
> {{AccessControlEnforcer.checkPermission}} API (see
> [https://github.com/apache/hadoop/blob/50d256ef3c2531563bc6ba96dec6b78e154b4697/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java#L431])
> Instead of setting the operationType to `null` (e.g.
> [here|https://github.com/apache/hadoop/blob/50d256ef3c2531563bc6ba96dec6b78e154b4697/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java#L2767])
> we should set the correct value.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
