[
https://issues.apache.org/jira/browse/NIFI-1124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14998775#comment-14998775
]
Bryan Bende commented on NIFI-1124:
-----------------------------------
Sorry Oleg, my JIRA page was probably stale and I thought this was unassigned.
If you have a pull request ready to go, feel free to submit. I was going to
post a patch that adds tests to PutHDFSTest using the HDFS MiniCluster.
Reproduced the AccessControlException by creating a FileSystem for the current
user, and then getting a UGI for another user and setting the processor to use
that. I also added a few other tests for the Replacement Strategies since we
really don't have many tests for the HDFS processors. Maybe we can merge our
work after seeing what you came up with?
> PutHDFS will rollback session if perms are bad - should route to failure
> ------------------------------------------------------------------------
>
> Key: NIFI-1124
> URL: https://issues.apache.org/jira/browse/NIFI-1124
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Joseph Witt
> Assignee: Bryan Bende
> Fix For: 0.4.0
>
>
> While sending to HDFS but not having valid perms the FLowFile sits in the
> input queue and just causes continual failures. It should properly route to
> 'failure'. We appear to not be catching the exception or catching it properly.
> 14:34:34 ESTERROR541280e6-5db4-478b-8dbe-5f7989b02871
> PutHDFS[id=541280e6-5db4-478b-8dbe-5f7989b02871] Failed to write to HDFS due
> to org.apache.nifi.processor.exception.ProcessException: IOException thrown
> from PutHDFS[id=541280e6-5db4-478b-8dbe-5f7989b02871]:
> org.apache.hadoop.security.AccessControlException: Permission denied:
> user=jwitt, access=WRITE, inode="/.381352187424072":hdfs:hdfs:drwxr-xr-x
> at
> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:319)
> at
> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:292)
> at
> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:213)
> at
> org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer$RangerAccessControlEnforcer.checkPermission(RangerHdfsAuthorizer.java:300)
> at
> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:190)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirectory.checkPermission(FSDirectory.java:1771)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirectory.checkPermission(FSDirectory.java:1755)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirectory.checkAncestorAccess(FSDirectory.java:1738)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startFileInternal(FSNamesystem.java:2509)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startFileInt(FSNamesystem.java:2444)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startFile(FSNamesystem.java:2328)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.create(NameNodeRpcServer.java:624)
> at
> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.create(ClientNamenodeProtocolServerSideTranslatorPB.java:397)
> at
> org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
> at
> org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:616)
> at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:969)
> at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2137)
> at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2133)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:415)
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
> at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2131)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
