[
https://issues.apache.org/jira/browse/HBASE-8213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13618628#comment-13618628
]
Hadoop QA commented on HBASE-8213:
----------------------------------
{color:green}+1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12576337/HBASE-8213-trunk.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 3 new
or modified tests.
{color:green}+1 hadoop2.0{color}. The patch compiles against the hadoop
2.0 profile.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 lineLengths{color}. The patch does not introduce lines
longer than 100
{color:green}+1 site{color}. The mvn site goal succeeds with this patch.
{color:green}+1 core tests{color}. The patch passed unit tests in .
Test results:
https://builds.apache.org/job/PreCommit-HBASE-Build/5078//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop1-compat.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Console output:
https://builds.apache.org/job/PreCommit-HBASE-Build/5078//console
This message is automatically generated.
> global authorization may lose efficacy
> ---------------------------------------
>
> Key: HBASE-8213
> URL: https://issues.apache.org/jira/browse/HBASE-8213
> Project: HBase
> Issue Type: Bug
> Components: security
> Affects Versions: 0.95.0, 0.96.0, 0.94.7
> Reporter: Jieshan Bean
> Assignee: Jieshan Bean
> Priority: Critical
> Attachments: HBASE-8213-94.patch, HBASE-8213-trunk.patch
>
>
> It depends on the order of which region be opened first.
> Suppose we have one 1 regionserver and only 1 user region REGION-A on this
> server, _acl_ region was on another regionserver. _acl_ was opened a few
> seconds before REGION-A.
> The global authorization data read from Zookeeper was overwritten by the data
> read from configuration.
> {code}
> private TableAuthManager(ZooKeeperWatcher watcher, Configuration conf)
> throws IOException {
> this.conf = conf;
> this.zkperms = new ZKPermissionWatcher(watcher, this, conf);
> try {
> // Read global authorization data from zookeeper.
> this.zkperms.start();
> } catch (KeeperException ke) {
> LOG.error("ZooKeeper initialization failed", ke);
> }
> // It will overwrite globalCache.
> // initialize global permissions based on configuration
> globalCache = initGlobal(conf);
> }
> {code}
> This issue can be easily reproduced by below steps:
> 1. Start a cluster with 3 regionservers.
> 2. Create a new table T1.
> 3. grant a new user USER-A with global authorization.
> 4. Kill 1 regionserver RS3 and switch balance off.
> 5. Start regionserver RS3.
> 6. Assign region T1 to RS3.
> 7. Put data with user USER-A.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
