[ 
https://issues.apache.org/jira/browse/METRON-1488?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395788#comment-16395788
 ] 

ASF GitHub Bot commented on METRON-1488:
----------------------------------------

GitHub user cestella opened a pull request:

    https://github.com/apache/metron/pull/962

    METRON-1488: user_settings hbase table does not have acls set up for 
kerberos

    ## Contributor Comments
    Currently some REST calls will fail because we do not set ACL's on the new 
user_settings table, which is new.
    
    To exercise this, kerberize full-dev (or whatever cluster you please) and 
go to swagger and try to do a search via `api/v1/search/search` with the 
following arg:
    ```
    {
         "indices": [],
         "facetFields":[],
         "query": "*",
         "from": 0,
         "size": 20
    }
    ```
    This should succeed now.  Before we got the following exception:
    ```
    {
      "responseCode": 500,
      "message": "org.apache.hadoop.hbase.security.AccessDeniedException: 
Insufficient permissions for user 'metron' (table=user_settings, 
action=READ)\n\tat 
org.apache.hadoop.hbase.security.access.AccessController.internalPreRead(AccessController.java:1616)\n\tat
 
org.apache.hadoop.hbase.security.access.AccessController.preGetOp(AccessController.java:1624)\n\tat
 
org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$26.call(RegionCoprocessorHost.java:816)\n\tat
 
org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$RegionOperation.call(RegionCoprocessorHost.java:1660)\n\tat
 
org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.execOperation(RegionCoprocessorHost.java:1734)\n\tat
 
org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.execOperation(RegionCoprocessorHost.java:1692)\n\tat
 
org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preGet(RegionCoprocessorHost.java:812)\n\tat
 org.apache.hadoop.hbase.regionserver.HRegion.get(HRegion.java:6917)\n\tat 
org.apache.hadoop.hbase.regionserver.HRegion.get(HRegion.java:6905)\n\tat 
org.apache.hadoop.hbase.regionserver.RSRpcServices.get(RSRpcServices.java:2026)\n\tat
 
org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:32381)\n\tat
 org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2150)\n\tat 
org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:112)\n\tat 
org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:187)\n\tat 
org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:167)\n",
      "fullMessage": "RemoteWithExtrasException: 
org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient 
permissions for user 'metron' (table=user_settings, action=READ)\n\tat 
org.apache.hadoop.hbase.security.access.AccessController.internalPreRead(AccessController.java:1616)\n\tat
 
org.apache.hadoop.hbase.security.access.AccessController.preGetOp(AccessController.java:1624)\n\tat
 
org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$26.call(RegionCoprocessorHost.java:816)\n\tat
 
org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$RegionOperation.call(RegionCoprocessorHost.java:1660)\n\tat
 
org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.execOperation(RegionCoprocessorHost.java:1734)\n\tat
 
org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.execOperation(RegionCoprocessorHost.java:1692)\n\tat
 
org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preGet(RegionCoprocessorHost.java:812)\n\tat
 org.apache.hadoop.hbase.regionserver.HRegion.get(HRegion.java:6917)\n\tat 
org.apache.hadoop.hbase.regionserver.HRegion.get(HRegion.java:6905)\n\tat 
org.apache.hadoop.hbase.regionserver.RSRpcServices.get(RSRpcServices.java:2026)\n\tat
 
org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:32381)\n\tat
 org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2150)\n\tat 
org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:112)\n\tat 
org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:187)\n\tat 
org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:167)\n"
    }
    ```
    
    
    ## Pull Request Checklist
    
    Thank you for submitting a contribution to Apache Metron.  
    Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
    Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  
    
    
    In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:
    
    ### For all changes:
    - [x] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
    - [x] Does your PR title start with METRON-XXXX where XXXX is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
    - [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?
    
    
    ### For code changes:
    - [x] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
    - [x] Have you included steps or a guide to how the change may be verified 
and tested manually?
    - [x] Have you ensured that the full suite of tests and checks have been 
executed in the root metron folder via:
      ```
      mvn -q clean integration-test install && 
dev-utilities/build-utils/verify_licenses.sh 
      ```
    
    - [x] Have you written or updated unit tests and or integration tests to 
verify your changes?
    - [x] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)?
    - [x] Have you verified the basic functionality of the build by building 
and running locally with Vagrant full-dev environment or the equivalent?
    
    #### Note:
    Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
    It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/cestella/incubator-metron 
rest_hbase_table_auth

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/metron/pull/962.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #962
    
----
commit e620ac6cbd82560e26179f327dfb4bc900b32862
Author: cstella <cestella@...>
Date:   2018-03-12T17:34:56Z

    Updating REST to set acls on hbase table.

----


> user_settings hbase table does not have acls set up for kerberos
> ----------------------------------------------------------------
>
>                 Key: METRON-1488
>                 URL: https://issues.apache.org/jira/browse/METRON-1488
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Casey Stella
>            Priority: Major
>
> Currently some REST calls will fail because we do not set ACL's on the new 
> user_settings table, which is new.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to