zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2014) Only admin should be allowed to reconfig a cluster
Date Tue, 11 Oct 2016 22:00:23 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15566745#comment-15566745
] 

Hadoop QA commented on ZOOKEEPER-2014:
--------------------------------------

-1 overall.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12832770/ZOOKEEPER-2014.patch
  against trunk revision f78061aafb19b102c37cb6d744ec6258d5f5b66e.

    +1 @author.  The patch does not contain any @author tags.

    +1 tests included.  The patch appears to include 45 new or modified tests.

    +1 javadoc.  The javadoc tool did not generate any warning messages.

    +1 javac.  The applied patch does not increase the total number of javac compiler warnings.

    -1 findbugs.  The patch appears to introduce 2 new Findbugs (version 2.0.3) warnings.

    +1 release audit.  The applied patch does not increase the total number of release audit
warnings.

    +1 core tests.  The patch passed core unit tests.

    +1 contrib tests.  The patch passed contrib unit tests.

Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3481//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3481//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3481//console

This message is automatically generated.

> Only admin should be allowed to reconfig a cluster
> --------------------------------------------------
>
>                 Key: ZOOKEEPER-2014
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2014
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.5.0
>            Reporter: Raul Gutierrez Segales
>            Assignee: Michael Han
>            Priority: Blocker
>             Fix For: 3.5.3
>
>         Attachments: ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch,
ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch,
ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch
>
>
> ZOOKEEPER-107 introduces reconfiguration support via the reconfig() call. We should,
at the very least, ensure that only the Admin can reconfigure a cluster. Perhaps restricting
access to /zookeeper/config as well, though this is debatable. Surely one could ensure Admin
only access via an ACL, but that would leave everyone who doesn't use ACLs unprotected. We
could also force a default ACL to make it a bit more consistent (maybe).
> Finally, making reconfig() only available to Admins means they have to run with zookeeper.DigestAuthenticationProvider.superDigest
(which I am not sure if everyone does, or how would it work with other authentication providers).

> Review board https://reviews.apache.org/r/51546/



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message