[jira] [Updated] (IGNITE-21240) Remove deprecated authorization method from Security Context
[ https://issues.apache.org/jira/browse/IGNITE-21240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mikhail Petrov updated IGNITE-21240: Fix Version/s: 2.17 > Remove deprecated authorization method from Security Context > > > Key: IGNITE-21240 > URL: https://issues.apache.org/jira/browse/IGNITE-21240 > Project: Ignite > Issue Type: Bug >Reporter: Mikhail Petrov >Assignee: Mikhail Petrov >Priority: Major > Fix For: 2.17 > > Time Spent: 10m > Remaining Estimate: 0h > > We need to finally remove what was described ad deprecated in > https://issues.apache.org/jira/browse/IGNITE-19807 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (IGNITE-21240) Remove deprecated authorization method from Security Context
[ https://issues.apache.org/jira/browse/IGNITE-21240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mikhail Petrov updated IGNITE-21240: Issue Type: Task (was: Bug) > Remove deprecated authorization method from Security Context > > > Key: IGNITE-21240 > URL: https://issues.apache.org/jira/browse/IGNITE-21240 > Project: Ignite > Issue Type: Task >Reporter: Mikhail Petrov >Assignee: Mikhail Petrov >Priority: Major > Fix For: 2.17 > > Time Spent: 10m > Remaining Estimate: 0h > > We need to finally remove what was described ad deprecated in > https://issues.apache.org/jira/browse/IGNITE-19807 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (IGNITE-19807) Deprecate legacy authorization approach through Security Context.
[ https://issues.apache.org/jira/browse/IGNITE-19807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mikhail Petrov updated IGNITE-19807: Description: We currently have several ways to check if a user has permission to perform an operation. 1. IgniteSecurity#authorize methods that delegate permission check to security plugin. 2. SecurityContext#*OperationAllowed methods. They currently are used just for one check. This approach assumes that granted permissions set is returned during user authentication and remains immutable. Let's deprecate the second authorization approach and support both authorization approaches for the JOIN_AS_SERVER permission (the only permission that is checked through SecurityContext authorization API). was: We currently have several ways to check if a user has permission to perform an operation. 1. IgniteSecurity#authorize methods that delegate permission check to security plugin. 2. SecurityContext#*OperationAllowed methods. They currently are used just for one check. This approach assumes that granted permissions set is returned during user authentication and remains immutable. Let's deprecate the second authorization approach and migrate completely to the first. > Deprecate legacy authorization approach through Security Context. > - > > Key: IGNITE-19807 > URL: https://issues.apache.org/jira/browse/IGNITE-19807 > Project: Ignite > Issue Type: Task >Reporter: Mikhail Petrov >Assignee: Mikhail Petrov >Priority: Major > Labels: ise > Fix For: 2.16 > > Time Spent: 1h 20m > Remaining Estimate: 0h > > We currently have several ways to check if a user has permission to perform > an operation. > 1. IgniteSecurity#authorize methods that delegate permission check to > security plugin. > 2. SecurityContext#*OperationAllowed methods. They currently are used just > for one check. This approach assumes that granted permissions set is > returned during user authentication and remains immutable. > Let's deprecate the second authorization approach and support both > authorization approaches for the JOIN_AS_SERVER permission (the only > permission that is checked through SecurityContext authorization API). > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (IGNITE-21240) Remove deprecated authorization method from Security Context
[ https://issues.apache.org/jira/browse/IGNITE-21240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mikhail Petrov updated IGNITE-21240: Priority: Minor (was: Major) > Remove deprecated authorization method from Security Context > > > Key: IGNITE-21240 > URL: https://issues.apache.org/jira/browse/IGNITE-21240 > Project: Ignite > Issue Type: Task >Reporter: Mikhail Petrov >Assignee: Mikhail Petrov >Priority: Minor > Fix For: 2.17 > > Time Spent: 10m > Remaining Estimate: 0h > > We need to finally remove what was described ad deprecated in > https://issues.apache.org/jira/browse/IGNITE-19807 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (IGNITE-21254) Avoid new table creation in the zone with ongoing rebalance
Kirill Gusakov created IGNITE-21254: --- Summary: Avoid new table creation in the zone with ongoing rebalance Key: IGNITE-21254 URL: https://issues.apache.org/jira/browse/IGNITE-21254 Project: Ignite Issue Type: Improvement Reporter: Kirill Gusakov *Motivation* According to [comment|https://issues.apache.org/jira/browse/IGNITE-18991?focusedCommentId=17806657=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17806657] we need to avoid new tables creation in the zone, if we have ongoing rebalance. This guard is needed to avoid the races on the rebalance finish and to support the valid counter values in IGNITE-21253. *Definition of done* - Avoid table creation, if zones pending key is not empty. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (IGNITE-21240) Remove deprecated authorization method from Security Context
[ https://issues.apache.org/jira/browse/IGNITE-21240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mikhail Petrov updated IGNITE-21240: Description: We need to finally remove what was described ad deprecated in https://issues.apache.org/jira/browse/IGNITE-19807 (was: We need to finally remove what was described ad deprecated in ) > Remove deprecated authorization method from Security Context > > > Key: IGNITE-21240 > URL: https://issues.apache.org/jira/browse/IGNITE-21240 > Project: Ignite > Issue Type: Bug >Reporter: Mikhail Petrov >Assignee: Mikhail Petrov >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > We need to finally remove what was described ad deprecated in > https://issues.apache.org/jira/browse/IGNITE-19807 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (IGNITE-21240) Remove deprecated authorization method from Security Context
[ https://issues.apache.org/jira/browse/IGNITE-21240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mikhail Petrov updated IGNITE-21240: Description: We need to finally remove what was described ad deprecated in > Remove deprecated authorization method from Security Context > > > Key: IGNITE-21240 > URL: https://issues.apache.org/jira/browse/IGNITE-21240 > Project: Ignite > Issue Type: Bug >Reporter: Mikhail Petrov >Assignee: Mikhail Petrov >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > We need to finally remove what was described ad deprecated in -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (IGNITE-21253) Implement a counter for number of rebalancing tables inside the zone
Kirill Gusakov created IGNITE-21253: --- Summary: Implement a counter for number of rebalancing tables inside the zone Key: IGNITE-21253 URL: https://issues.apache.org/jira/browse/IGNITE-21253 Project: Ignite Issue Type: Improvement Reporter: Kirill Gusakov *Motivation* According to [comment|https://issues.apache.org/jira/browse/IGNITE-18991?focusedCommentId=17806657=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17806657] we need to switch zone assignments, only when all zone tables finish their rebalances. To implement this behaviour we need to implement the metastorage counter of tables, which will be decreased on every successfull table rebalance. *Definition of done* - Counter of zone tables created on the rebalance start and decreased with every successfull table rebalance -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (IGNITE-21075) Error handling in Tables module
[ https://issues.apache.org/jira/browse/IGNITE-21075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrey Belyaev reassigned IGNITE-21075: --- Assignee: (was: Andrey Belyaev) > Error handling in Tables module > --- > > Key: IGNITE-21075 > URL: https://issues.apache.org/jira/browse/IGNITE-21075 > Project: Ignite > Issue Type: Improvement >Reporter: Andrey Belyaev >Priority: Major > Labels: iep-84, ignite-3 > Time Spent: 10m > Remaining Estimate: 0h > > *Tables* component as a part of public Ignite API should throw only public > exceptions to end users. > TODO: > # check error groups/codes are used properly, > # add exception conversation from internal to public one, > ** in module get rid of deprecated exception wrappers, > # improve related tests to check exceptions along with error messages, > groups, codes, > ** fix any msg format assertion errors if exist. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (IGNITE-21252) Partition RAFT client must use pending and stable assignments as a list of peers during rebalance
[ https://issues.apache.org/jira/browse/IGNITE-21252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kirill Gusakov updated IGNITE-21252: Summary: Partition RAFT client must use pending and stable assignments as a list of peers during rebalance (was: Partition RAFT client must use pending and stable assignments as a list of peers during the rebalance) > Partition RAFT client must use pending and stable assignments as a list of > peers during rebalance > - > > Key: IGNITE-21252 > URL: https://issues.apache.org/jira/browse/IGNITE-21252 > Project: Ignite > Issue Type: Improvement >Reporter: Kirill Gusakov >Priority: Major > > *Motivation* > According to > [comment|https://issues.apache.org/jira/browse/IGNITE-18991?focusedCommentId=17806657=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17806657] > during the ongoing rebalance we need to use the sum of pending+stable > assignments as a list of peers for partition raft clients. > This strategy will protect us in the case, when some tables of zone are > already rebalanced and should use new stables, but others are still have > ongoing rebalance. > *Definition of done* > - On the rebalance start all RAFT clients for all table partition from this > zone updates to the clients with pending+stable peers > - When rebalance is done, RAFT clients switched to the stable assignments only -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (IGNITE-21252) Partition RAFT client must use pending and stable assignments as list of peers
Kirill Gusakov created IGNITE-21252: --- Summary: Partition RAFT client must use pending and stable assignments as list of peers Key: IGNITE-21252 URL: https://issues.apache.org/jira/browse/IGNITE-21252 Project: Ignite Issue Type: Improvement Reporter: Kirill Gusakov *Motivation* According to [comment|https://issues.apache.org/jira/browse/IGNITE-18991?focusedCommentId=17806657=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17806657] during the ongoing rebalance we need to use the sum of pending+stable assignments as a list of peers for partition raft clients. This strategy will protect us in the case, when some tables of zone are already rebalanced and should use new stables, but others are still have ongoing rebalance. *Definition of done* - On the rebalance start all RAFT clients for all table partition from this zone updates to the clients with pending+stable peers - When rebalance is done, RAFT clients switched to the stable assignments only -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (IGNITE-21252) Partition RAFT client must use pending and stable assignments as a list of peers during the rebalance
[ https://issues.apache.org/jira/browse/IGNITE-21252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kirill Gusakov updated IGNITE-21252: Summary: Partition RAFT client must use pending and stable assignments as a list of peers during the rebalance (was: Partition RAFT client must use pending and stable assignments as list of peers) > Partition RAFT client must use pending and stable assignments as a list of > peers during the rebalance > - > > Key: IGNITE-21252 > URL: https://issues.apache.org/jira/browse/IGNITE-21252 > Project: Ignite > Issue Type: Improvement >Reporter: Kirill Gusakov >Priority: Major > > *Motivation* > According to > [comment|https://issues.apache.org/jira/browse/IGNITE-18991?focusedCommentId=17806657=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17806657] > during the ongoing rebalance we need to use the sum of pending+stable > assignments as a list of peers for partition raft clients. > This strategy will protect us in the case, when some tables of zone are > already rebalanced and should use new stables, but others are still have > ongoing rebalance. > *Definition of done* > - On the rebalance start all RAFT clients for all table partition from this > zone updates to the clients with pending+stable peers > - When rebalance is done, RAFT clients switched to the stable assignments only -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (IGNITE-18991) Move stable/planned/pending assignments from table to distribution zone root keys
[ https://issues.apache.org/jira/browse/IGNITE-18991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17806657#comment-17806657 ] Kirill Gusakov commented on IGNITE-18991: - Actually, we can (and should) implement this ticket, after implementation of 3 guard tickets: - RAFT client must use the sum of pending and stable assignments as a list of peers. - On the rebalance we must to switch stable partitions only when all tables in the zone successfully finish their rebalance. So, we need to implement a kind of counter of rebalancing tables in the zone. - We must avoid new zone tables creation, if we have ongoing rebalance. > Move stable/planned/pending assignments from table to distribution zone root > keys > - > > Key: IGNITE-18991 > URL: https://issues.apache.org/jira/browse/IGNITE-18991 > Project: Ignite > Issue Type: Task >Reporter: Kirill Gusakov >Assignee: Kirill Gusakov >Priority: Major > Labels: ignite-3 > Time Spent: 50m > Remaining Estimate: 0h > > Under the activities about moving distribution zone based data management we > need to: > * Replace metastore stable/planned/pending assignments per table by the same > per distribution zone with the correspondance keys roots zoneId.* > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (IGNITE-21202) Use node ID instead of node name to identify primary node in client primary replica tracker
[ https://issues.apache.org/jira/browse/IGNITE-21202?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pavel Tupitsyn reassigned IGNITE-21202: --- Assignee: Pavel Tupitsyn > Use node ID instead of node name to identify primary node in client primary > replica tracker > --- > > Key: IGNITE-21202 > URL: https://issues.apache.org/jira/browse/IGNITE-21202 > Project: Ignite > Issue Type: Improvement >Reporter: Vladislav Pyatkov >Assignee: Pavel Tupitsyn >Priority: Major > Labels: ignite-3 > > h3. Motivation > Recently, we changed the process of granting leases. This process uses the > node ID as a leaseholder identifier. The other components should also follow > this consistently. > h3. Definition of done > # Here we are using the deprecated property, but we should use the > leasholder ID. > {code:java} > updatePrimaryReplica(tablePartitionId, primaryReplicaEvent.startTime(), > primaryReplicaEvent.leaseholder()); {code} > # The lesholder property should be removed from the event parameters. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (IGNITE-21102) Incorrect cluster state output for ACTIVE_READ_ONLY in --baseline
[ https://issues.apache.org/jira/browse/IGNITE-21102?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17806573#comment-17806573 ] Ignite TC Bot commented on IGNITE-21102: {panel:title=Branch: [pull/11138/head] Base: [master] : No blockers found!|borderStyle=dashed|borderColor=#ccc|titleBGColor=#D6F7C1}{panel} {panel:title=Branch: [pull/11138/head] Base: [master] : New Tests (7)|borderStyle=dashed|borderColor=#ccc|titleBGColor=#D6F7C1} {color:#8b}Thin Client: Java{color} [[tests 1|https://ci2.ignite.apache.org/viewLog.html?buildId=7700790]] * {color:#013220}ClientTestSuite: ServiceAwarenessTest.testServiceAwarenessEnabled - PASSED{color} {color:#8b}Control Utility 1{color} [[tests 4|https://ci2.ignite.apache.org/viewLog.html?buildId=7700738]] * {color:#013220}IgniteControlUtilityTestSuite: GridCommandHandlerTest.testClusterStateInBaselineCommand[cmdHnd=jmx] - PASSED{color} * {color:#013220}IgniteControlUtilityTestSuite: GridCommandHandlerTest.testClusterStateInBaselineCommand[cmdHnd=cli] - PASSED{color} * {color:#013220}IgniteControlUtilityTestSuite: GridCommandHandlerWithSslTest.testClusterStateInBaselineCommand[cmdHnd=cli] - PASSED{color} * {color:#013220}IgniteControlUtilityTestSuite: GridCommandHandlerWithSslFactoryTest.testClusterStateInBaselineCommand[cmdHnd=cli] - PASSED{color} {color:#8b}Control Utility (Zookeeper){color} [[tests 2|https://ci2.ignite.apache.org/viewLog.html?buildId=7700739]] * {color:#013220}ZookeeperIgniteControlUtilityTestSuite: GridCommandHandlerTest.testClusterStateInBaselineCommand[cmdHnd=jmx] - PASSED{color} * {color:#013220}ZookeeperIgniteControlUtilityTestSuite: GridCommandHandlerTest.testClusterStateInBaselineCommand[cmdHnd=cli] - PASSED{color} {panel} [TeamCity *-- Run :: All* Results|https://ci2.ignite.apache.org/viewLog.html?buildId=7700805buildTypeId=IgniteTests24Java8_RunAll] > Incorrect cluster state output for ACTIVE_READ_ONLY in --baseline > - > > Key: IGNITE-21102 > URL: https://issues.apache.org/jira/browse/IGNITE-21102 > Project: Ignite > Issue Type: Bug >Reporter: Julia Bakulina >Assignee: Oleg Valuyskiy >Priority: Major > Labels: ise > Time Spent: 1h 40m > Remaining Estimate: 0h > > Incorrect cluster state output for ACTIVE_READ_ONLY in --baseline. > org.apache.ignite.internal.commandline.BaselineCommand#baselinePrint0 > {code:java} > logger.info("Cluster state: " + (res.isActive() ? "active" : > "inactive")); > {code} > org.apache.ignite.cluster.ClusterState#ACTIVE_READ_ONLY > > An example of changing the cluster state: > {code:java} > Command [SET-STATE] started > Arguments: ... --set-state ACTIVE_READ_ONLY > > Cluster state changed to ACTIVE_READ_ONLY > Command [SET-STATE] finished with code: 0 {code} > Cluster state in control.sh --baseline > {code:java} > Command [BASELINE] started > Arguments: ... --baseline > > Cluster state: active > Current topology version: 1 > Baseline auto adjustment disabled:... > Current topology version: 1 (...) > Baseline nodes: > ... > > Number of baseline nodes: 1 > Other nodes not found. > Command [BASELINE] finished with code: 0 {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)