[jira] [Commented] (HBASE-18323) Remove multiple ACLs for the same user in kerberos

Wed, 05 Jul 2017 10:36:18 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-18323?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16075120#comment-16075120
 ] 

Hadoop QA commented on HBASE-18323:
-----------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue}  0m 
13s{color} | {color:blue} Docker mode activated. {color} |
| {color:green}+1{color} | {color:green} hbaseanti {color} | {color:green}  0m  
0s{color} | {color:green} Patch does not have any anti-patterns. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green}  0m  
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
| {color:red}-1{color} | {color:red} test4tests {color} | {color:red}  0m  
0s{color} | {color:red} The patch doesn't appear to include any new or modified 
tests. Please justify why no new tests are needed for this patch. Also please 
list what manual steps were performed to verify this patch. {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green}  3m 
13s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  0m 
17s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green}  0m 
24s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green}  0m 
 9s{color} | {color:green} master passed {color} |
| {color:red}-1{color} | {color:red} findbugs {color} | {color:red}  0m 
46s{color} | {color:red} hbase-client in master has 4 extant Findbugs warnings. 
{color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  0m 
17s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green}  0m 
17s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  0m 
16s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green}  0m 
16s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green}  0m 
23s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green}  0m 
 9s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green}  0m 
 0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} hadoopcheck {color} | {color:green} 
27m 49s{color} | {color:green} Patch does not cause any errors with Hadoop 
2.6.1 2.6.2 2.6.3 2.6.4 2.6.5 2.7.1 2.7.2 2.7.3 or 3.0.0-alpha3. {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green}  0m 
53s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  0m 
16s{color} | {color:green} the patch passed {color} |
| {color:red}-1{color} | {color:red} unit {color} | {color:red}  1m 32s{color} 
| {color:red} hbase-client in the patch failed. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green}  0m 
 8s{color} | {color:green} The patch does not generate ASF License warnings. 
{color} |
| {color:black}{color} | {color:black} {color} | {color:black} 37m 22s{color} | 
{color:black} {color} |
\\
\\
|| Reason || Tests ||
| Failed junit tests | hadoop.hbase.zookeeper.TestZKUtil |
\\
\\
|| Subsystem || Report/Notes ||
| Docker | Client=1.12.3 Server=1.12.3 Image:yetus/hbase:757bf37 |
| JIRA Issue | HBASE-18323 |
| JIRA Patch URL | 
https://issues.apache.org/jira/secure/attachment/12875709/HBASE-18323.patch |
| Optional Tests |  asflicense  javac  javadoc  unit  findbugs  hadoopcheck  
hbaseanti  checkstyle  compile  |
| uname | Linux b8ade5027091 4.4.0-43-generic #63-Ubuntu SMP Wed Oct 12 
13:48:03 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | 
/home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/component/dev-support/hbase-personality.sh
 |
| git revision | master / 05e3f39 |
| Default Java | 1.8.0_131 |
| findbugs | v3.1.0-RC3 |
| findbugs | 
https://builds.apache.org/job/PreCommit-HBASE-Build/7518/artifact/patchprocess/branch-findbugs-hbase-client-warnings.html
 |
| unit | 
https://builds.apache.org/job/PreCommit-HBASE-Build/7518/artifact/patchprocess/patch-unit-hbase-client.txt
 |
|  Test Results | 
https://builds.apache.org/job/PreCommit-HBASE-Build/7518/testReport/ |
| modules | C: hbase-client U: hbase-client |
| Console output | 
https://builds.apache.org/job/PreCommit-HBASE-Build/7518/console |
| Powered by | Apache Yetus 0.4.0   http://yetus.apache.org |


This message was automatically generated.



> Remove multiple ACLs for the same user in kerberos
> --------------------------------------------------
>
>                 Key: HBASE-18323
>                 URL: https://issues.apache.org/jira/browse/HBASE-18323
>             Project: HBase
>          Issue Type: Bug
>    Affects Versions: 1.2.0, 3.0.0
>            Reporter: Shibin Zhang
>            Priority: Minor
>         Attachments: HBASE-18323.patch
>
>
> When deploy hbase in kerberos way ,there will be multiple acls in znode :
> 'world,'anyone
> : r
> 'sasl,'hbase
> : cdrwa
> 'sasl,'hbase
> : cdrwa
> I also see the related issue and apply the patch, like  
> https://issues.apache.org/jira/browse/HBASE-17717 
> but in my environment ,this situation still appear,
> After dig into the code , i found the reason in source code  ZKUtil.createAcl 
>  is
>  if (zkw.isClientReadable(node)) {
>         LOG.error("isSecureZooKeeper user: clientReadable");
>         acls.addAll(Ids.CREATOR_ALL_ACL);
>         acls.addAll(Ids.READ_ACL_UNSAFE);
>       } else {
>         LOG.error("isSecureZooKeeper user: clientReadable no");
>         acls.addAll(Ids.CREATOR_ALL_ACL);
>       } 
>   acls.addAll(Ids.CREATOR_ALL_ACL);   
>   
>   Id AUTH_IDS = new Id("auth", "");
> ArrayList<ACL> CREATOR_ALL_ACL = new ArrayList(Collections.singletonList(new 
> ACL(31, AUTH_IDS)));
> AUTH_IDS   with  "auth " will result  current connection auth user  add to 
> znode acl ,
> so it will appear multiple acls for same users.
> I think this line of code  we can remove  :  
> acls.addAll(Ids.CREATOR_ALL_ACL);   



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to