[
https://issues.apache.org/jira/browse/HBASE-12581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14227457#comment-14227457
]
ramkrishna.s.vasudevan commented on HBASE-12581:
------------------------------------------------
Ok I found the issue. I don't think it is not a problem with the test or the
way things work. I still need to see whether the recent Connection related
changes is slowing things in any way.
The problem is this
We create a table for every test and set OWNER as the owner of the table with
RWXCA. So this information of adding owner to the table is used in the
ACL.postCreateTableHandler. We create a HTable instance on the ACL table and
do a put saying OWNER is the owner of the table.
The ACL.postPut() is the place where we add this information to the table ZK.
But this tests just after creating the table tries to add a PUT to the user
table with ACL permissions for the other user - but the operation is performed
as part of OWNER.
The initial check whether a WRITE permission is associated with a user first
happens in ACL.prePut
{code}
User user = getActiveUser();
checkForReservedTagPresence(user, put);
RegionCoprocessorEnvironment env = c.getEnvironment();
Map<byte[],? extends Collection<Cell>> families = put.getFamilyCellMap();
AuthResult authResult = permissionGranted(OpType.PUT, user, env, families,
Action.WRITE);
logResult(authResult);
if (!authResult.isAllowed()) {
if (cellFeaturesEnabled && !compatibleEarlyTermination) {
put.setAttribute(CHECK_COVERING_PERM, TRUE);
} else {
throw new AccessDeniedException("Insufficient permissions " +
authResult.toContextString());
}
}
{code}
Now as the postPut update for the updateACL in ZK has not yet completed by this
time we see that the user does not have permission on the table directly.
Hence the flow further tries to see if the permission is added as a Cell ACL
for the user OWNER. Anyway that is not there and so the test fails in
ACL.preBatchMutate
{code}
if (!authResult.isAllowed()) {
throw new AccessDeniedException("Insufficient permissions "
+ authResult.toContextString());
}
{code}
I do think this could even be a real time problem also if just after creating a
table with a owner, if a Put happens that put may be denied access as happens
in the test.
Introducing a sleep after setUp() method of the test makes the test pass
consistently.
> TestCellACLWithMultipleVersions failing since task 5 HBASE-12404 (HBASE-12404
> addendum)
> ---------------------------------------------------------------------------------------
>
> Key: HBASE-12581
> URL: https://issues.apache.org/jira/browse/HBASE-12581
> Project: HBase
> Issue Type: Bug
> Components: test
> Reporter: stack
> Assignee: stack
> Priority: Critical
> Fix For: 2.0.0, 0.99.2
>
> Attachments: 12581.addendum.txt, 12581.txt, acls.txt
>
>
> TestCellACLWithMultipleVersions failed after HBASE-12404 went in (though it
> passed twice on hadoopqa!). Fails locally too. Here, make a Connection when
> we go to check perms. That seems to fix it. Going to commit since patch is
> just more of hbase-12404... this is in essence and addendum.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
