falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Samarth Gupta (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-497) Able to submit feed even though owner of storage specified (location type=data) is different from the ACL owner
Date Tue, 08 Jul 2014 10:46:05 GMT

    [ https://issues.apache.org/jira/browse/FALCON-497?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14054815#comment-14054815

Samarth Gupta commented on FALCON-497:

as discussed in FALCON-280 , if feed input path is of format : 

and currently dir on hdfs is till "/samarth/input-data/rawLogs/"  then we should verify owner
of the dir is same as that mentioned in ACL of feed. 

for example if "/samarth/input-data/rawLogs/" is owned by samarth and ACL owner is "testUser"
then submission should not be allowed. Currently that can be done. 

> Able to submit feed even though owner of storage specified (location type=data) is different
from the ACL owner
> ---------------------------------------------------------------------------------------------------------------
>                 Key: FALCON-497
>                 URL: https://issues.apache.org/jira/browse/FALCON-497
>             Project: Falcon
>          Issue Type: Bug
>          Components: general
>    Affects Versions: 0.6
>         Environment: QA
>            Reporter: Karishma Gulati
>            Assignee: Shwetha G S
>             Fix For: 0.6
>         Attachments: FALCON-497.patch
> {code:xml}
> <?xml version="1.0" encoding="UTF-8"?>
> <feed xmlns="uri:falcon:feed:0.1" name="raaw-logs16-784f11fb-0952-4b0e-ae17-a767f094068a"
description="clicks log">
>   <partitions>
>     <partition name="country"/>
>     <partition name="colo"/>
>   </partitions>
>   <frequency>minutes(20)</frequency>
>   <timezone>UTC</timezone>
>   <late-arrival cut-off="hours(6)"/>
>   <clusters>
>     <cluster name="corp-456c8ba1-00d9-46d2-a9c1-f5e0a561f8cc" type="source">
>       <validity start="2009-02-01T00:00Z" end="2099-05-01T00:00Z"/>
>       <retention limit="months(9000)" action="delete"/>
>     </cluster>
>   </clusters>
>   <locations>
>     <location type="data" path="/samarth/input-data/rawLogs/${YEAR}/${MONTH}/${DAY}/${HOUR}/${MINUTE}"/>
>     <location type="stats" path="/projects/ivory/clicksStats"/>
>     <location type="meta" path="/projects/ivory/clicksMetaData"/>
>   </locations>
>   <ACL owner="karishma" group="group" permission="0x755"/>
>   <schema location="/schema/clicks" provider="protobuf"/>
>   <properties>
>     <property name="field1" value="value1"/>
>     <property name="field2" value="value2"/>
>   </properties>
> </feed>
> {code}
> If location path (type=data) exists in hdfs, and the feed is submitted with an ACL owner
different from the storage owner, instead of getting an error, I'm succesfully able to submit
the feed. 
> In falcon, the owner of the entire path 
> {code:xml}
> <location type="data" path="/samarth/input-data/rawLogs/${YEAR}/${MONTH}/${DAY}/${HOUR}/${MINUTE}"/>
> {code}
> (including the variables) is being checked for, instead of just that of "/samarth/input-data/rawLogs/".
> The feature successfully works if the location paths (type=meta or type=stats) exist
on hdfs, and the owner of these is different from the ACL owner.In that case, I'm not allowed
to submit the feed, and get the following error: 
> {code:xml}
>  <?xml version="1.0" encoding="UTF-8"?>
> <result>
>   <status>FAILED</status>
>   <message>ua1/Can't validate storage ACL (URI hdfs://
ACL owner karishma doesn't match the actual file owner dataqa</message>
>   <requestId>ua1/15509f1d-2341-4ada-a119-b2d120a3d3fd</requestId>
> </result>
> {code}

This message was sent by Atlassian JIRA

View raw message