hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-14475) Region split requests are always audited with "hbase" user rather than request user
Date Fri, 25 Sep 2015 21:21:05 GMT

    [ https://issues.apache.org/jira/browse/HBASE-14475?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14908691#comment-14908691
] 

Hadoop QA commented on HBASE-14475:
-----------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12762427/14475-v3.txt
  against master branch at commit 32f49fa7fc2bcad0004e249887cc1973becc98db.
  ATTACHMENT ID: 12762427

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 3 new or modified
tests.

    {color:green}+1 hadoop versions{color}. The patch compiles with all supported hadoop versions
(2.4.0 2.4.1 2.5.0 2.5.1 2.5.2 2.6.0 2.7.0 2.7.1)

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 protoc{color}.  The applied patch does not increase the total number of
protoc compiler warnings.

    {color:green}+1 javadoc{color}.  The javadoc tool did not generate any warning messages.

    {color:green}+1 checkstyle{color}.  The applied patch does not increase the total number
of checkstyle errors

    {color:green}+1 findbugs{color}.  The patch does not introduce any  new Findbugs (version
2.0.3) warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:green}+1 lineLengths{color}.  The patch does not introduce lines longer than 100

  {color:green}+1 site{color}.  The mvn post-site goal succeeds with this patch.

     {color:red}-1 core tests{color}.  The patch failed these unit tests:
                       org.apache.hadoop.hbase.master.TestWarmupRegion
                  org.apache.hadoop.hbase.master.TestMasterFailoverBalancerPersistence
                  org.apache.hadoop.hbase.master.procedure.TestProcedureAdmin
                  org.apache.hadoop.hbase.master.TestMasterMetrics
                  org.apache.hadoop.hbase.master.TestMaster
                  org.apache.hadoop.hbase.master.procedure.TestDeleteNamespaceProcedure
                  org.apache.hadoop.hbase.master.procedure.TestCreateNamespaceProcedure
                  org.apache.hadoop.hbase.master.procedure.TestModifyColumnFamilyProcedure
                  org.apache.hadoop.hbase.master.TestAssignmentManagerOnCluster
                  org.apache.hadoop.hbase.master.snapshot.TestSnapshotFileCache
                  org.apache.hadoop.hbase.master.TestMasterMetricsWrapper
                  org.apache.hadoop.hbase.master.procedure.TestModifyTableProcedure
                  org.apache.hadoop.hbase.master.procedure.TestWALProcedureStoreOnHDFS
                  org.apache.hadoop.hbase.master.procedure.TestModifyNamespaceProcedure
                  org.apache.hadoop.hbase.master.TestMetaShutdownHandler
                  org.apache.hadoop.hbase.master.procedure.TestServerCrashProcedure
                  org.apache.hadoop.hbase.master.cleaner.TestLogsCleaner
                  org.apache.hadoop.hbase.master.TestGetInfoPort
                  org.apache.hadoop.hbase.master.TestMasterRestartAfterDisablingTable
                  org.apache.hadoop.hbase.master.TestGetLastFlushedSequenceId
                  org.apache.hadoop.hbase.master.TestMasterOperationsForRegionReplicas
                  org.apache.hadoop.hbase.master.cleaner.TestHFileCleaner
                  org.apache.hadoop.hbase.master.cleaner.TestSnapshotFromMaster

     {color:red}-1 core zombie tests{color}.  There are 13 zombie test(s): 	at org.apache.hadoop.hbase.mapreduce.TestWALPlayer.testWALPlayer(TestWALPlayer.java:122)
	at org.apache.hadoop.hbase.TestMetaTableAccessor.testTableExists(TestMetaTableAccessor.java:227)
	at org.apache.hadoop.hbase.filter.TestFuzzyRowFilterEndToEnd.testEndToEnd(TestFuzzyRowFilterEndToEnd.java:143)
	at org.apache.hadoop.hbase.mapreduce.MultiTableInputFormatTestBase.testScan(MultiTableInputFormatTestBase.java:255)
	at org.apache.hadoop.hbase.mapreduce.MultiTableInputFormatTestBase.testScanEmptyToAPP(MultiTableInputFormatTestBase.java:202)
	at org.apache.hadoop.hbase.mapreduce.TestTableInputFormatScanBase.testScan(TestTableInputFormatScanBase.java:243)
	at org.apache.hadoop.hbase.mapreduce.TestTableInputFormatScan2.testScanOBBToOPP(TestTableInputFormatScan2.java:45)
	at org.apache.hadoop.hbase.mapreduce.TestImportExport.testImport94Table(TestImportExport.java:241)
	at org.apache.hadoop.hbase.mapreduce.TestTableMapReduceBase.testMultiRegionTable(TestTableMapReduceBase.java:98)

Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/15745//testReport/
Release Findbugs (version 2.0.3) 	warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/15745//artifact/patchprocess/newFindbugsWarnings.html
Checkstyle Errors: https://builds.apache.org/job/PreCommit-HBASE-Build/15745//artifact/patchprocess/checkstyle-aggregate.html

  Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/15745//console

This message is automatically generated.

> Region split requests are always audited with "hbase" user rather than request user
> -----------------------------------------------------------------------------------
>
>                 Key: HBASE-14475
>                 URL: https://issues.apache.org/jira/browse/HBASE-14475
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Enis Soztutar
>            Assignee: Ted Yu
>             Fix For: 2.0.0, 1.2.0, 1.3.0, 0.98.15, 1.0.3, 1.1.3
>
>         Attachments: 14475-branch-1-v2.txt, 14475-v2.txt, 14475-v3.txt
>
>
> [~madhan.neethiraj] from Ranger reported that when a region split request is initiated
from the user, we always audit (and do the permission check) against the hbase user, not the
request user. 
> The issue is that a split request that is coming from the user is only processed at a
later time from the CompactSplitThread asynchronously to the splitRegion RPC.
> RSRpcServices.splitRegion() only does a flush from the handler thread and then calls
regionServer.compactSplitThread.requestSplit() which puts a SplitRequest to the split queue.
The split request is handled by the split executor from CompactSplitThread.
> Since the split is actually executed from the compact split thread, the preSplit() for
the AccessController is called from the executor thread. In this thread, we no longer have
the user who initially requested the split, so the user in the context (UGI) is "hbase", causing
the AC.preSplit() access control check to be always be performed against the hbase user, not
the user who have submitted the request. The audit log also contains "hbase" user rather than
the actual user.
> Luckily, the split forces a flush to the region in-line (from the handler thread), which
requires a {{CREATE|ADMIN}} permission. split requires {{ADMIN}}, but due to this bug {{CREATE}}
is also sufficient (although we have not verified it manually). {{CREATE}} permission can
do flush and compactions, so this is not a security issue (I think). 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message