[
https://issues.apache.org/jira/browse/HDDS-3087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siyao Meng resolved HDDS-3087.
------------------------------
Target Version/s: (was: 2.3.0)
Resolution: Cannot Reproduce
This is no longer reproducible on current master.
The read/lookup path was reworked so that ACL enforcement now runs _before_ the
key/file lookup. A denied read surfaces {{OMException(PERMISSION_DENIED)}}
before a {{{}FILE_NOT_FOUND{}}}/{{{}KEY_NOT_FOUND{}}} can ever be produced, so
the result code is no longer masked on its way back to the client.
The behavior is also covered by tests in {{{}TestOmAcls{}}}, which assert
{{PERMISSION_DENIED}} (not a NotFound error) for denied reads:
* {{testGetFileStatusPermissionDenied}} : the exact scenario from this issue
* {{{}testReadKeyPermissionDenied{}}}, plus bucket/volume read variants
ref: HDDS-6964, HDDS-7716, HDDS-13858
> Error propagation from OzoneManager.checkAcls is broken
> -------------------------------------------------------
>
> Key: HDDS-3087
> URL: https://issues.apache.org/jira/browse/HDDS-3087
> Project: Apache Ozone
> Issue Type: Bug
> Components: Ozone Client, Ozone Manager
> Reporter: Supratim Deka
> Priority: Major
>
> When testing HDDS-2940, it was found that error propagation from checkAcls()
> to the Ozone Client is broken.
> when checkAcls throws a OMException with ResultCodes.PERMISSION_DENIED,
> this gets reported as a File/Directory not found error on the client -
> instead of a permission denied error.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]