[ 
https://issues.apache.org/jira/browse/HDDS-3087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Siyao Meng resolved HDDS-3087.
------------------------------
    Target Version/s:   (was: 2.3.0)
          Resolution: Cannot Reproduce

This is no longer reproducible on current master.

The read/lookup path was reworked so that ACL enforcement now runs _before_ the 
key/file lookup. A denied read surfaces {{OMException(PERMISSION_DENIED)}} 
before a {{{}FILE_NOT_FOUND{}}}/{{{}KEY_NOT_FOUND{}}} can ever be produced, so 
the result code is no longer masked on its way back to the client.

The behavior is also covered by tests in {{{}TestOmAcls{}}}, which assert 
{{PERMISSION_DENIED}} (not a NotFound error) for denied reads:
 * {{testGetFileStatusPermissionDenied}} : the exact scenario from this issue
 * {{{}testReadKeyPermissionDenied{}}}, plus bucket/volume read variants

ref: HDDS-6964, HDDS-7716, HDDS-13858

> Error propagation from OzoneManager.checkAcls is broken
> -------------------------------------------------------
>
>                 Key: HDDS-3087
>                 URL: https://issues.apache.org/jira/browse/HDDS-3087
>             Project: Apache Ozone
>          Issue Type: Bug
>          Components: Ozone Client, Ozone Manager
>            Reporter: Supratim Deka
>            Priority: Major
>
> When testing HDDS-2940, it was found that error propagation from checkAcls() 
> to the Ozone Client is broken.
> when checkAcls throws a OMException with ResultCodes.PERMISSION_DENIED,
> this gets reported as a File/Directory not found error on the client - 
> instead of a permission denied error.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to