[jira] [Commented] (HDDS-540) Unblock certain SCM client APIs from SCM#checkAdminAccess

Wed, 10 Oct 2018 15:00:38 -0700 


    [ 
https://issues.apache.org/jira/browse/HDDS-540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16645597#comment-16645597
 ] 

Xiaoyu Yao commented on HDDS-540:
---------------------------------

The original issue is now temporarily unblocked with HDDS-614, we will revisit 
this when the admin check is done on HDDS-4 branch. 

> Unblock certain SCM client APIs from SCM#checkAdminAccess
> ---------------------------------------------------------
>
>                 Key: HDDS-540
>                 URL: https://issues.apache.org/jira/browse/HDDS-540
>             Project: Hadoop Distributed Data Store
>          Issue Type: Sub-task
>            Reporter: Xiaoyu Yao
>            Assignee: Xiaoyu Yao
>            Priority: Major
>
> Currently most of SCM Client APIs has been guarded with checkAdminAccess. 
> This ticket is opened to unblock non-admin client from accessing SCM 
> container/pipeline during block allocation. 
>  
> {code}
> scm_1           | 2018-09-22 02:52:32 INFO  Server:2726 - IPC Server handler 
> 5 on 9860, call Call#4 Retry#0 
> org.apache.hadoop.ozone.protocol.StorageContainerLocationProtocol.getContainerWithPipeline
>  from 192.168.0.2:34101
> scm_1           | java.io.IOException: Access denied for user 
> testuser/datan...@example.com. Superuser privilege is required.
> scm_1           | at 
> org.apache.hadoop.hdds.scm.server.StorageContainerManager.checkAdminAccess(StorageContainerManager.java:867)
> scm_1           | at 
> org.apache.hadoop.hdds.scm.server.SCMClientProtocolServer.getContainerWithPipeline(SCMClientProtocolServer.java:190)
> scm_1           | at 
> org.apache.hadoop.ozone.protocolPB.StorageContainerLocationProtocolServerSideTranslatorPB.getContainerWithPipeline(StorageContainerLocationProtocolServerSideTranslatorPB.java:120)
> scm_1           | at 
> org.apache.hadoop.hdds.protocol.proto.StorageContainerLocationProtocolProtos$StorageContainerLocationProtocolService$2.callBlockingMethod(StorageContainerLocationProtocolProtos.java:10790)
> scm_1           | at 
> org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:524)
> scm_1           | at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1025)
> scm_1           | at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:876)
> scm_1           | at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:822)
> scm_1           | at java.security.AccessController.doPrivileged(Native 
> Method)
> scm_1           | at javax.security.auth.Subject.doAs(Subject.java:422)
> scm_1           | at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1730)
> scm_1           | at 
> org.apache.hadoop.ipc.Server$Handler.run(Server.java:2682)
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to