Sebastian Bernauer created HDFS-17378:
-----------------------------------------
Summary: Missing operationType for some operations in authorizer
Key: HDFS-17378
URL: https://issues.apache.org/jira/browse/HDFS-17378
Project: Hadoop HDFS
Issue Type: Bug
Components: hdfs
Affects Versions: 3.3.6
Reporter: Sebastian Bernauer
In HDFS-14743 the operationType was implemented as a thread-local, which
requires the caller to set the thread-local before calling the
{{AccessControlEnforcer}} interface.
Most operations will set the operationType to a String, but some operations set
it to `null`.
This causes the FSPermissionChecker to always the old (deprecated)
{{AccessControlEnforcer.checkPermission}} API (see
[https://github.com/apache/hadoop/blob/50d256ef3c2531563bc6ba96dec6b78e154b4697/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java#L431])
Instead of setting the operationType to `null` (e.g.
[here|https://github.com/apache/hadoop/blob/50d256ef3c2531563bc6ba96dec6b78e154b4697/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java#L2767])
we should set the correct value.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
