[
https://issues.apache.org/jira/browse/HBASE-14475?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14907607#comment-14907607
]
Hadoop QA commented on HBASE-14475:
-----------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12762293/14475-v2.txt
against master branch at commit 8db7a6eb079018e3f94cc366ef85211d7a90f749.
ATTACHMENT ID: 12762293
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 3 new
or modified tests.
{color:green}+1 hadoop versions{color}. The patch compiles with all
supported hadoop versions (2.4.0 2.4.1 2.5.0 2.5.1 2.5.2 2.6.0 2.7.0 2.7.1)
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 protoc{color}. The applied patch does not increase the
total number of protoc compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:green}+1 checkstyle{color}. The applied patch does not increase the
total number of checkstyle errors
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 lineLengths{color}. The patch does not introduce lines
longer than 100
{color:green}+1 site{color}. The mvn post-site goal succeeds with this patch.
{color:red}-1 core tests{color}. The patch failed these unit tests:
org.apache.hadoop.hbase.master.procedure.TestWALProcedureStoreOnHDFS
{color:red}-1 core zombie tests{color}. There are 1 zombie test(s):
at
org.apache.hadoop.hbase.regionserver.TestHRegion.testFlushCacheWhileScanning(TestHRegion.java:3756)
Test results:
https://builds.apache.org/job/PreCommit-HBASE-Build/15732//testReport/
Release Findbugs (version 2.0.3) warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/15732//artifact/patchprocess/newFindbugsWarnings.html
Checkstyle Errors:
https://builds.apache.org/job/PreCommit-HBASE-Build/15732//artifact/patchprocess/checkstyle-aggregate.html
Console output:
https://builds.apache.org/job/PreCommit-HBASE-Build/15732//console
This message is automatically generated.
> Region split requests are always audited with "hbase" user rather than
> request user
> -----------------------------------------------------------------------------------
>
> Key: HBASE-14475
> URL: https://issues.apache.org/jira/browse/HBASE-14475
> Project: HBase
> Issue Type: Bug
> Reporter: Enis Soztutar
> Assignee: Ted Yu
> Fix For: 2.0.0, 1.2.0, 1.3.0, 0.98.15, 1.0.3, 1.1.3
>
> Attachments: 14475-v2.txt
>
>
> [~madhan.neethiraj] from Ranger reported that when a region split request is
> initiated from the user, we always audit (and do the permission check)
> against the hbase user, not the request user.
> The issue is that a split request that is coming from the user is only
> processed at a later time from the CompactSplitThread asynchronously to the
> splitRegion RPC.
> RSRpcServices.splitRegion() only does a flush from the handler thread and
> then calls regionServer.compactSplitThread.requestSplit() which puts a
> SplitRequest to the split queue. The split request is handled by the split
> executor from CompactSplitThread.
> Since the split is actually executed from the compact split thread, the
> preSplit() for the AccessController is called from the executor thread. In
> this thread, we no longer have the user who initially requested the split, so
> the user in the context (UGI) is "hbase", causing the AC.preSplit() access
> control check to be always be performed against the hbase user, not the user
> who have submitted the request. The audit log also contains "hbase" user
> rather than the actual user.
> Luckily, the split forces a flush to the region in-line (from the handler
> thread), which requires a {{CREATE|ADMIN}} permission. split requires
> {{ADMIN}}, but due to this bug {{CREATE}} is also sufficient (although we
> have not verified it manually). {{CREATE}} permission can do flush and
> compactions, so this is not a security issue (I think).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
