[
https://issues.apache.org/jira/browse/PHOENIX-5369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17285050#comment-17285050
]
ASF GitHub Bot commented on PHOENIX-5369:
-----------------------------------------
stoty commented on pull request #524:
URL: https://github.com/apache/phoenix/pull/524#issuecomment-779602275
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 2m 21s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files
found. |
| +1 :green_heart: | hbaseanti | 0m 0s | Patch does not have any
anti-patterns. |
| +1 :green_heart: | @author | 0m 1s | The patch does not contain any
@author tags. |
| -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include
any new or modified tests. Please justify why no new tests are needed for this
patch. Also please list what manual steps were performed to verify this patch.
|
||| _ master Compile Tests _ |
| +1 :green_heart: | mvninstall | 19m 33s | master passed |
| +0 | hbaserecompile | 28m 38s | HBase recompiled. |
| +1 :green_heart: | compile | 1m 21s | master passed |
| +1 :green_heart: | checkstyle | 0m 47s | master passed |
| +1 :green_heart: | javadoc | 1m 7s | master passed |
| +0 :ok: | spotbugs | 4m 13s | phoenix-core in master has 959 extant
spotbugs warnings. |
||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 13m 0s | the patch passed |
| +0 | hbaserecompile | 26m 16s | HBase recompiled. |
| +1 :green_heart: | compile | 1m 21s | the patch passed |
| +1 :green_heart: | javac | 1m 21s | the patch passed |
| +1 :green_heart: | checkstyle | 0m 42s | the patch passed |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace
issues. |
| +1 :green_heart: | javadoc | 1m 12s | the patch passed |
| +1 :green_heart: | spotbugs | 4m 8s | the patch passed |
||| _ Other Tests _ |
| -1 :x: | unit | 108m 34s | phoenix-core in the patch failed. |
| +1 :green_heart: | asflicense | 0m 37s | The patch does not generate
ASF License warnings. |
| | | 180m 18s | |
| Reason | Tests |
|-------:|:------|
| Failed junit tests | phoenix.end2end.PermissionNSDisabledIT |
| | phoenix.end2end.PermissionsCacheIT |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base:
https://ci-hadoop.apache.org/job/Phoenix/job/Phoenix-PreCommit-GitHub-PR/job/PR-524/1/artifact/yetus-general-check/output/Dockerfile
|
| GITHUB PR | https://github.com/apache/phoenix/pull/524 |
| JIRA Issue | PHOENIX-5369 |
| Optional Tests | dupname asflicense javac javadoc unit spotbugs
hbaserebuild hbaseanti checkstyle compile |
| uname | Linux 3064b964bb76 4.15.0-126-generic #129-Ubuntu SMP Mon Nov 23
18:53:38 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev/phoenix-personality.sh |
| git revision | master / 6ed3caf |
| Default Java | Private Build-1.8.0_242-8u242-b08-0ubuntu3~16.04-b08 |
| unit |
https://ci-hadoop.apache.org/job/Phoenix/job/Phoenix-PreCommit-GitHub-PR/job/PR-524/1/artifact/yetus-general-check/output/patch-unit-phoenix-core.txt
|
| Test Results |
https://ci-hadoop.apache.org/job/Phoenix/job/Phoenix-PreCommit-GitHub-PR/job/PR-524/1/testReport/
|
| Max. process+thread count | 10767 (vs. ulimit of 30000) |
| modules | C: phoenix-core U: phoenix-core |
| Console output |
https://ci-hadoop.apache.org/job/Phoenix/job/Phoenix-PreCommit-GitHub-PR/job/PR-524/1/console
|
| versions | git=2.7.4 maven=3.3.9 spotbugs=4.1.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> BasePermissionsIT.testReadPermsOnTableIndexAndView test uses an incorrect
> user for permission based operations
> --------------------------------------------------------------------------------------------------------------
>
> Key: PHOENIX-5369
> URL: https://issues.apache.org/jira/browse/PHOENIX-5369
> Project: Phoenix
> Issue Type: Bug
> Affects Versions: 5.0.0
> Environment: {code:java}
> <hbase.version>2.1.1</hbase.version>
> {code}
> Reporter: Mehdi Salarkia
> Assignee: Mehdi Salarkia
> Priority: Minor
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> org.apache.phoenix.end2end.BasePermissionsIT uses a regular user for revoking
> permission on another user while invoking user does not have the permission
> to do that and as the result runs into the following exception.
> {code:java}
> 2019-06-24 14:05:54,108 DEBUG [main]
> org.apache.hadoop.hbase.client.RpcRetryingCallerImpl(131): Call exception,
> tries=10, retries=16, started=38507 ms ago, cancelled=false,
> msg=java.io.IOException:
> org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient
> permissions (user=regularUser1_N000002, scope=hbase:acl,
> family=l:regularUser2_N000003,
> params=[table=hbase:acl,family=l:regularUser2_N000003],action=WRITE)
> at org.apache.hadoop.hbase.security.User.runAsLoginUser(User.java:185)
> at
> org.apache.hadoop.hbase.security.access.AccessController.revoke(AccessController.java:2118)
> at
> org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService$1.revoke(AccessControlProtos.java:10031)
> at
> org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService.callMethod(AccessControlProtos.java:10192)
> at org.apache.hadoop.hbase.regionserver.HRegion.execService(HRegion.java:8203)
> at
> org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion(RSRpcServices.java:2423)
> at
> org.apache.hadoop.hbase.regionserver.RSRpcServices.execService(RSRpcServices.java:2405)
> at
> org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:42010)
> at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:413)
> at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:130)
> at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:324)
> at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:304)
> Caused by: org.apache.hadoop.hbase.security.AccessDeniedException:
> Insufficient permissions (user=regularUser1_N000002, scope=hbase:acl,
> family=l:regularUser2_N000003,
> params=[table=hbase:acl,family=l:regularUser2_N000003],action=WRITE)
> at
> org.apache.hadoop.hbase.security.access.AccessController.preDelete(AccessController.java:1552)
> at
> org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$26.call(RegionCoprocessorHost.java:990)
> at
> org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$26.call(RegionCoprocessorHost.java:987)
> at
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost$ObserverOperationWithoutResult.callObserver(CoprocessorHost.java:540)
> at
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.execOperation(CoprocessorHost.java:614)
> at
> org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preDelete(RegionCoprocessorHost.java:987)
> at
> org.apache.hadoop.hbase.regionserver.HRegion$MutationBatchOperation.callPreMutateCPHook(HRegion.java:3709)
> at
> org.apache.hadoop.hbase.regionserver.HRegion$MutationBatchOperation.access$800(HRegion.java:3470)
> at
> org.apache.hadoop.hbase.regionserver.HRegion$MutationBatchOperation$1.visit(HRegion.java:3539)
> at
> org.apache.hadoop.hbase.regionserver.HRegion$BatchOperation.visitBatchOperations(HRegion.java:3084)
> at
> org.apache.hadoop.hbase.regionserver.HRegion$MutationBatchOperation.checkAndPrepare(HRegion.java:3529)
> at org.apache.hadoop.hbase.regionserver.HRegion.batchMutate(HRegion.java:3968)
> at org.apache.hadoop.hbase.regionserver.HRegion.batchMutate(HRegion.java:3902)
> at org.apache.hadoop.hbase.regionserver.HRegion.batchMutate(HRegion.java:3893)
> at org.apache.hadoop.hbase.regionserver.HRegion.batchMutate(HRegion.java:3907)
> at
> org.apache.hadoop.hbase.regionserver.HRegion.doBatchMutate(HRegion.java:4234)
> at org.apache.hadoop.hbase.regionserver.HRegion.delete(HRegion.java:2923)
> at
> org.apache.hadoop.hbase.regionserver.RSRpcServices.mutate(RSRpcServices.java:2853)
> at
> org.apache.hadoop.hbase.client.ClientServiceCallable.doMutate(ClientServiceCallable.java:55)
> at org.apache.hadoop.hbase.client.HTable$2.rpcCall(HTable.java:498)
> at org.apache.hadoop.hbase.client.HTable$2.rpcCall(HTable.java:493)
> at
> org.apache.hadoop.hbase.client.RegionServerCallable.call(RegionServerCallable.java:127)
> at
> org.apache.hadoop.hbase.client.RpcRetryingCallerImpl.callWithRetries(RpcRetryingCallerImpl.java:107)
> at org.apache.hadoop.hbase.client.HTable.delete(HTable.java:503)
> at
> org.apache.hadoop.hbase.security.access.AccessControlLists.removePermissionRecord(AccessControlLists.java:262)
> at
> org.apache.hadoop.hbase.security.access.AccessControlLists.removeUserPermission(AccessControlLists.java:246)
> at
> org.apache.hadoop.hbase.security.access.AccessController$8.run(AccessController.java:2124)
> at
> org.apache.hadoop.hbase.security.access.AccessController$8.run(AccessController.java:2118)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1962)
> at org.apache.hadoop.security.SecurityUtil.doAsUser(SecurityUtil.java:514)
> at
> org.apache.hadoop.security.SecurityUtil.doAsLoginUser(SecurityUtil.java:495)
> at sun.reflect.GeneratedMethodAccessor112.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.hadoop.hbase.util.Methods.call(Methods.java:40)
> at org.apache.hadoop.hbase.security.User.runAsLoginUser(User.java:183)
> ... 11 more
> , details=row '' on table 'hbase:acl' at
> region=hbase:acl,,1561410247401.d0b5e1997224dadc6c06b2a492b99a08.,
> hostname=localhost,55921,1561410236573, seqNum=2,
> exception=java.io.IOException: java.io.IOException:
> org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient
> permissions (user=regularUser1_N000002, scope=hbase:acl,
> family=l:regularUser2_N000003,
> params=[table=hbase:acl,family=l:regularUser2_N000003],action=WRITE)
> at org.apache.hadoop.hbase.security.User.runAsLoginUser(User.java:185)
> at
> org.apache.hadoop.hbase.security.access.AccessController.revoke(AccessController.java:2118)
> at
> org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService$1.revoke(AccessControlProtos.java:10031)
> at
> org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService.callMethod(AccessControlProtos.java:10192)
> at org.apache.hadoop.hbase.regionserver.HRegion.execService(HRegion.java:8203)
> at
> org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion(RSRpcServices.java:2423)
> at
> org.apache.hadoop.hbase.regionserver.RSRpcServices.execService(RSRpcServices.java:2405)
> at
> org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:42010)
> at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:413)
> at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:130)
> at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:324)
> at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:304)
> {code}
> This seems to be caused by this HBase fix
> https://issues.apache.org/jira/browse/HBASE-21385 which has changed the way
> HBase Delete operation works.
> On Hbase 2.1.0 and below this was working because the user behind the request
> was null (because it was an RPC call, see
> org.apache.hadoop.hbase.security.access.AccessController#getActiveUser) and
> fell back to the system user which always had permission for any operations.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
