[
https://issues.apache.org/jira/browse/HDDS-7193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Neil Joshi updated HDDS-7193:
-----------------------------
Status: Patch Available (was: In Progress)
https://github.com/apache/ozone/pull/3749
> S3gateway Grpc Ranger Authorizer NPE Unhandled Exception
> ---------------------------------------------------------
>
> Key: HDDS-7193
> URL: https://issues.apache.org/jira/browse/HDDS-7193
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Neil Joshi
> Assignee: Neil Joshi
> Priority: Major
> Labels: pull-request-available
>
> Currently the S3 gateway configured with Grpc using the Ranger Authorizer
> will generate an unhandled exception for listKeys requests causing the
> requests to fail with an ambiguous failure.
> For s3 list-objects requests with the Ranger Authorizer, the ranger plugin
> RangerOzoneAuthorizer.java throws an NPE when accessing the ip address of the
> client for the ranger request. This NPE is unhandled by the OzoneManager and
> results in the s3gateway and logs providing ambiguous failures.
>
> *Note:* The following stack trace was generated after instrumenting the code
> to capture the hidden underlying cause of the error:
> {code:java}
> 2022-08-25 08:48:57,836 [grpc-default-executor-0] ERROR
> org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer:
> java.lang.NullPointerException
> at
> org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer.checkAccess(RangerOzoneAuthorizer.java:131)
> at
> org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer.checkAccess(RangerOzoneAuthorizer.java:91)
> at
> org.apache.hadoop.ozone.om.OzoneManager.checkAcls(OzoneManager.java:2544)
> at
> org.apache.hadoop.ozone.om.OzoneManager.checkAcls(OzoneManager.java:2530)
> at
> org.apache.hadoop.ozone.om.OzoneManager.resolveBucketLink(OzoneManager.java:4208)
> at
> org.apache.hadoop.ozone.om.OzoneManager.resolveBucketLink(OzoneManager.java:4161)
> at
> org.apache.hadoop.ozone.om.OzoneManager.listKeys(OzoneManager.java:2838)
> at
> org.apache.hadoop.ozone.protocolPB.OzoneManagerRequestHandler.listKeys(OzoneManagerRequestHandler.java:584)
> at
> org.apache.hadoop.ozone.protocolPB.OzoneManagerRequestHandler.handleReadRequest(OzoneManagerRequestHandler.java:193)
> at
> org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB.submitReadRequestToOM(OzoneManagerProtocolServerSideTranslatorPB.java:226)
> at
> org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB.processRequest(OzoneManagerProtocolServerSideTranslatorPB.java:175)
> at
> org.apache.hadoop.hdds.server.OzoneProtocolMessageDispatcher.processRequest(OzoneProtocolMessageDispatcher.java:87)
> at
> org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB.submitRequest(OzoneManagerProtocolServerSideTranslatorPB.java:147)
> at
> org.apache.hadoop.ozone.om.OzoneManagerServiceGrpc.submitRequest(OzoneManagerServiceGrpc.java:87)
> at
> org.apache.hadoop.ozone.protocol.proto.OzoneManagerServiceGrpc$MethodHandlers.invoke(OzoneManagerServiceGrpc.java:237)
> at
> io.grpc.stub.ServerCalls$UnaryServerCallHandler$UnaryServerCallListener.onHalfClose(ServerCalls.java:182)
> {code}
>
> There appears to be still a dependency on legacy hadoop RPC thread context
> information from the Server.Call class for each request processed for S3
> gateway requests. Within this Server thread context it is assumed to carry
> the ip address of the client. For the S3Gateway configured with Grpc this
> Server thread context on the OM is mainly unused and should be decoupled from
> handling the requests with the ozone manager.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
