hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-8213) global authorization may lose efficacy
Date Mon, 01 Apr 2013 05:45:33 GMT

    [ https://issues.apache.org/jira/browse/HBASE-8213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13618628#comment-13618628
] 

Hadoop QA commented on HBASE-8213:
----------------------------------

{color:green}+1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12576337/HBASE-8213-trunk.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 3 new or modified
tests.

    {color:green}+1 hadoop2.0{color}.  The patch compiles against the hadoop 2.0 profile.

    {color:green}+1 javadoc{color}.  The javadoc tool did not generate any warning messages.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 findbugs{color}.  The patch does not introduce any new Findbugs (version
1.3.9) warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:green}+1 lineLengths{color}.  The patch does not introduce lines longer than 100

  {color:green}+1 site{color}.  The mvn site goal succeeds with this patch.

    {color:green}+1 core tests{color}.  The patch passed unit tests in .

Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/5078//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop1-compat.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/5078//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/5078//console

This message is automatically generated.
                
> global authorization may lose efficacy 
> ---------------------------------------
>
>                 Key: HBASE-8213
>                 URL: https://issues.apache.org/jira/browse/HBASE-8213
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.95.0, 0.96.0, 0.94.7
>            Reporter: Jieshan Bean
>            Assignee: Jieshan Bean
>            Priority: Critical
>         Attachments: HBASE-8213-94.patch, HBASE-8213-trunk.patch
>
>
> It depends on the order of which region be opened first.  
> Suppose we have one 1 regionserver and only 1 user region REGION-A on this server, _acl_
region was on another regionserver. _acl_ was opened a few seconds before REGION-A.
> The global authorization data read from Zookeeper was overwritten by the data read from
configuration.
> {code}
>   private TableAuthManager(ZooKeeperWatcher watcher, Configuration conf)
>       throws IOException {
>     this.conf = conf;
>     this.zkperms = new ZKPermissionWatcher(watcher, this, conf);
>     try {
> 	  // Read global authorization data from zookeeper. 
>       this.zkperms.start();
>     } catch (KeeperException ke) {
>       LOG.error("ZooKeeper initialization failed", ke);
>     }
>     // It will overwrite globalCache.
>     // initialize global permissions based on configuration
>     globalCache = initGlobal(conf);
>   }
> {code}
> This issue can be easily reproduced by below steps:
> 1. Start a cluster with 3 regionservers.
> 2. Create a new table T1.
> 3. grant a new user USER-A with global authorization.
> 4. Kill 1 regionserver RS3 and switch balance off.
> 5. Start regionserver RS3.
> 6. Assign region T1 to RS3.
> 7. Put data with user USER-A.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message