[jira] [Work logged] (HDFS-16259) Catch and re-throw sub-classes of AccessControlException thrown by any permission provider plugins (eg Ranger)

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/HDFS-16259?focusedWorklogId=672393&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-672393
 ]

ASF GitHub Bot logged work on HDFS-16259:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 30/Oct/21 19:27
            Start Date: 30/Oct/21 19:27
    Worklog Time Spent: 10m 
      Work Description: sodonnel commented on pull request #3598:
URL: https://github.com/apache/hadoop/pull/3598#issuecomment-955580805


   The two failing unit tests pass locally:
   
   ```
   org.apache.hadoop.hdfs.TestRollingUpgrade.testDFSAdminRollingUpgradeCommands
   org.apache.hadoop.hdfs.TestRollingUpgrade.testRollback
   ```
   
   The javac warnings are because I added a try block around an already 
deprecated method, so I don't think I can avoid them.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 672393)
    Time Spent: 0.5h  (was: 20m)

> Catch and re-throw sub-classes of AccessControlException thrown by any 
> permission provider plugins (eg Ranger)
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-16259
>                 URL: https://issues.apache.org/jira/browse/HDFS-16259
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>            Reporter: Stephen O'Donnell
>            Assignee: Stephen O'Donnell
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> When a permission provider plugin is enabled (eg Ranger) there are some 
> scenarios where it can throw a sub-class of an AccessControlException (eg 
> RangerAccessControlException). If this exception is allowed to propagate up 
> the stack, it can give problems in the HDFS Client, when it unwraps the 
> remote exception containing the AccessControlException sub-class.
> Ideally, we should make AccessControlException final so it cannot be 
> sub-classed, but that would be a breaking change at this point. Therefore I 
> believe the safest thing to do, is to catch any AccessControlException that 
> comes out of the permission enforcer plugin, and re-throw an 
> AccessControlException instead.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org