rich7420 opened a new pull request, #10756:
URL: https://github.com/apache/ozone/pull/10756

   This reverts commit 6f0b5a3b3909239fa672883317fec3bf84c202c8 (#10469).
   
   ## Why
   
   As reported by @ChenSammi on #10469, the change breaks internal OM writes 
that
   rely on a `ugi.doAs()` identity. For example the object TTL service creating 
a
   `.Trash/.../Current` directory fails on the apply path with:
   
   ```
   UNAUTHORIZED ... AuthenticationException: User info is not set. Please check 
client auth credentials
       at OMClientRequest.createUGIForApi(OMClientRequest.java:391)
       at OMKeyRequest.getAclsForDir(OMKeyRequest.java:388)
       at OMKeyRequest.createDirectoryInfoWithACL(...)
       at OMKeyRequest.getAllMissingParentDirInfo(...)
       at OMDirectoryCreateRequestWithFSO.validateAndUpdateCache(...)
   ```
   
   `createUGIForApi()` is also reached from `validateAndUpdateCache` via
   `getAclsForDir` during directory creation, so an internal `doAs()` write 
hits it
   on the apply path. The removed `getUserIfNotExists` used `getCurrentUser()`,
   which inside the service `doAs()` block resolves to the real caller; 
dropping it
   leaves the identity unset and the request fails closed.
   
   Reverting to restore the previous behavior. The original goal (not falling 
back
   to the OM starter user) can be re-attempted separately with a narrower 
approach
   that keeps the fallback but skips only the OM starter user, and with 
coverage for
   the object TTL / doAs path.
   
   ## Tested
   
   `mvn -pl :ozone-manager test` for the affected requests
   (`TestOMClientRequestWithUserInfo`, `TestOMAllocateBlockRequest`,
   `TestOMKeyDeleteRequest`, `TestOMKeyRenameRequest`) pass; module compiles.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to