[
https://issues.apache.org/jira/browse/HBASE-14950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ashish Singhi updated HBASE-14950:
----------------------------------
Description:
Scenario:
1. Set hbase.quota.enabled to true
2. As per the [ACL matrix |
http://hbase.apache.org/book.html#appendix_acl_matrix] for create table, grant
'@group1', 'C', '@ns1'
3. From a user of group1, create 't1', 'd' -- *Failed*
{noformat}
ERROR: java.io.IOException: Namespace Descriptor found null for default This is
unexpected.
at
org.apache.hadoop.hbase.namespace.NamespaceStateManager.checkAndUpdateNamespaceTableCount(NamespaceStateManager.java:170)
at
org.apache.hadoop.hbase.namespace.NamespaceAuditor.checkQuotaToCreateTable(NamespaceAuditor.java:76)
at
org.apache.hadoop.hbase.quotas.MasterQuotaManager.checkNamespaceTableAndRegionQuota(MasterQuotaManager.java:312)
at org.apache.hadoop.hbase.master.HMaster.createTable(HMaster.java:1445)
at
org.apache.hadoop.hbase.master.MasterRpcServices.createTable(MasterRpcServices.java:428)
at
org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:49404)
at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2136)
at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:107)
at
org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:133)
at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:108)
at java.lang.Thread.run(Thread.java:745)
{noformat}
When quota is enabled, then as part of createTable we internally also call
getNamespaceDescriptor which needs 'A' privilege.
So when quota is enabled we need both C and A permission to create a table. ACL
Matrix needs to be updated.
was:
Scenario:
1. Set hbase.quota.enabled to true
2. As per the [ACL matrix |
http://hbase.apache.org/book.html#appendix_acl_matrix] for create table, grant
'@group1', 'C', '@ns1'
3. create 't1', 'd' -- *Failed*
{noformat}
ERROR: java.io.IOException: Namespace Descriptor found null for default This is
unexpected.
at
org.apache.hadoop.hbase.namespace.NamespaceStateManager.checkAndUpdateNamespaceTableCount(NamespaceStateManager.java:170)
at
org.apache.hadoop.hbase.namespace.NamespaceAuditor.checkQuotaToCreateTable(NamespaceAuditor.java:76)
at
org.apache.hadoop.hbase.quotas.MasterQuotaManager.checkNamespaceTableAndRegionQuota(MasterQuotaManager.java:312)
at org.apache.hadoop.hbase.master.HMaster.createTable(HMaster.java:1445)
at
org.apache.hadoop.hbase.master.MasterRpcServices.createTable(MasterRpcServices.java:428)
at
org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:49404)
at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2136)
at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:107)
at
org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:133)
at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:108)
at java.lang.Thread.run(Thread.java:745)
{noformat}
When quota is enabled, then as part of createTable we internally also call
getNamespaceDescriptor which needs 'A' privilege.
So when quota is enabled we need both C and A permission to create a table. ACL
Matrix needs to be updated.
> Create table with AC fails when quota is enabled
> ------------------------------------------------
>
> Key: HBASE-14950
> URL: https://issues.apache.org/jira/browse/HBASE-14950
> Project: HBase
> Issue Type: Bug
> Affects Versions: 2.0.0, 1.2.0, 1.1.2, 1.3.0, 0.98.16
> Reporter: Ashish Singhi
> Priority: Minor
>
> Scenario:
> 1. Set hbase.quota.enabled to true
> 2. As per the [ACL matrix |
> http://hbase.apache.org/book.html#appendix_acl_matrix] for create table,
> grant '@group1', 'C', '@ns1'
> 3. From a user of group1, create 't1', 'd' -- *Failed*
> {noformat}
> ERROR: java.io.IOException: Namespace Descriptor found null for default This
> is unexpected.
> at
> org.apache.hadoop.hbase.namespace.NamespaceStateManager.checkAndUpdateNamespaceTableCount(NamespaceStateManager.java:170)
> at
> org.apache.hadoop.hbase.namespace.NamespaceAuditor.checkQuotaToCreateTable(NamespaceAuditor.java:76)
> at
> org.apache.hadoop.hbase.quotas.MasterQuotaManager.checkNamespaceTableAndRegionQuota(MasterQuotaManager.java:312)
> at org.apache.hadoop.hbase.master.HMaster.createTable(HMaster.java:1445)
> at
> org.apache.hadoop.hbase.master.MasterRpcServices.createTable(MasterRpcServices.java:428)
> at
> org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:49404)
> at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2136)
> at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:107)
> at
> org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:133)
> at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:108)
> at java.lang.Thread.run(Thread.java:745)
> {noformat}
> When quota is enabled, then as part of createTable we internally also call
> getNamespaceDescriptor which needs 'A' privilege.
> So when quota is enabled we need both C and A permission to create a table.
> ACL Matrix needs to be updated.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
