[jira] [Updated] (HDFS-9286) HttpFs does not parse ACL syntax correctly for operation REMOVEACLENTRIES

Thu, 22 Oct 2015 12:55:31 -0700 

     [ 
https://issues.apache.org/jira/browse/HDFS-9286?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Wei-Chiu Chuang updated HDFS-9286:
----------------------------------
    Description: 
Output from WebHdfs:
curl -X PUT  
"http://weichiu.vpc.cloudera.com:50070/webhdfs/v1/a?aclspec=group:user:&op=REMOVEACLENTRIES&user.name=weichiu";


Output from HttpFs:
curl -X PUT  
"http://weichiu.vpc.cloudera.com:14000/webhdfs/v1/a?aclspec=group:user:&op=REMOVEACLENTRIES&user.name=weichiu";

{"RemoteException":{"message":"Invalid <aclSpec> : 
group:user:","exception":"HadoopIllegalArgumentException","javaClassName":"org.apache.hadoop.HadoopIllegalArgumentException"}}

The exception is thrown because the ACL string "group:user:" is not recognized 
by HttpFs.
Effectively, what this means is that the behavior of HttpFs is not consistent 
with that of WebHdfs.


Additionally, command line does accept the ACL string. For example:
hdfs dfds -setfactl -x group:yyy: /a


Bug is reproducible if httpfs and acl are enabled, and reproducible on 
single-node cluster configuration.

To reproduce, add into core-site.xml:
<property>
<name>dfs.webhdfs.enabled</name>
<value>true</value>
</property>
<property>
<name>dfs.namenode.acls.enabled</name>
<value>true</value>
</property>
<property>
    <name>hadoop.proxyuser.#HTTPFSUSER#.hosts</name>
    <value>httpfs-host.foo.com</value>
  </property>
  <property>
    <name>hadoop.proxyuser.#HTTPFSUSER#.groups</name>
    <value>*</value>
  </property>

restart name node, data node and httpfs daemon

Credit to [~romainr] for reporting the issue.

  was:
Output from WebHdfs:
curl -X PUT  
"http://weichiu.vpc.cloudera.com:50070/webhdfs/v1/a?aclspec=group:user:&op=REMOVEACLENTRIES&user.name=weichiu";


Output from HttpFs:
curl -X PUT  
"http://weichiu.vpc.cloudera.com:14000/webhdfs/v1/a?aclspec=group:user:&op=REMOVEACLENTRIES&user.name=weichiu";

{"RemoteException":{"message":"Invalid <aclSpec> : 
group:user:","exception":"HadoopIllegalArgumentException","javaClassName":"org.apache.hadoop.HadoopIllegalArgumentException"}}

The exception is thrown because the ACL string "group:user:" is not recognized 
by HttpFs.
Effectively, what this means is that the behavior of HttpFs is not consistent 
with that of WebHdfs.


Additionally, command line does accept the ACL string. For example:
hdfs dfds -setfactl -x group:user: /a


Bug is reproducible if httpfs and acl are enabled, and reproducible on 
single-node cluster configuration.

To reproduce, add into core-site.xml:
<property>
<name>dfs.webhdfs.enabled</name>
<value>true</value>
</property>
<property>
<name>dfs.namenode.acls.enabled</name>
<value>true</value>
</property>
<property>
    <name>hadoop.proxyuser.#HTTPFSUSER#.hosts</name>
    <value>httpfs-host.foo.com</value>
  </property>
  <property>
    <name>hadoop.proxyuser.#HTTPFSUSER#.groups</name>
    <value>*</value>
  </property>

restart name node, data node and httpfs daemon

Credit to [~romainr] for reporting the issue.


> HttpFs does not parse ACL syntax correctly for operation REMOVEACLENTRIES
> -------------------------------------------------------------------------
>
>                 Key: HDFS-9286
>                 URL: https://issues.apache.org/jira/browse/HDFS-9286
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: HDFS
>    Affects Versions: 2.6.0
>            Reporter: Wei-Chiu Chuang
>            Assignee: Wei-Chiu Chuang
>         Attachments: HDFS-9286.001.patch
>
>
> Output from WebHdfs:
> curl -X PUT  
> "http://weichiu.vpc.cloudera.com:50070/webhdfs/v1/a?aclspec=group:user:&op=REMOVEACLENTRIES&user.name=weichiu";
> Output from HttpFs:
> curl -X PUT  
> "http://weichiu.vpc.cloudera.com:14000/webhdfs/v1/a?aclspec=group:user:&op=REMOVEACLENTRIES&user.name=weichiu";
> {"RemoteException":{"message":"Invalid <aclSpec> : 
> group:user:","exception":"HadoopIllegalArgumentException","javaClassName":"org.apache.hadoop.HadoopIllegalArgumentException"}}
> The exception is thrown because the ACL string "group:user:" is not 
> recognized by HttpFs.
> Effectively, what this means is that the behavior of HttpFs is not consistent 
> with that of WebHdfs.
> Additionally, command line does accept the ACL string. For example:
> hdfs dfds -setfactl -x group:yyy: /a
> Bug is reproducible if httpfs and acl are enabled, and reproducible on 
> single-node cluster configuration.
> To reproduce, add into core-site.xml:
> <property>
> <name>dfs.webhdfs.enabled</name>
> <value>true</value>
> </property>
> <property>
> <name>dfs.namenode.acls.enabled</name>
> <value>true</value>
> </property>
> <property>
>     <name>hadoop.proxyuser.#HTTPFSUSER#.hosts</name>
>     <value>httpfs-host.foo.com</value>
>   </property>
>   <property>
>     <name>hadoop.proxyuser.#HTTPFSUSER#.groups</name>
>     <value>*</value>
>   </property>
> restart name node, data node and httpfs daemon
> Credit to [~romainr] for reporting the issue.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to