phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <>
Subject [jira] [Commented] (PHOENIX-3756) Users lacking ADMIN on 'SYSTEM' HBase namespace can't connect to Phoenix
Date Fri, 31 Mar 2017 22:07:41 GMT


Hadoop QA commented on PHOENIX-3756:

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment
  against master branch at commit 2c53fc9856ba3770e742c0729cdef9b2c0181873.
  ATTACHMENT ID: 12861513

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:red}-1 tests included{color}.  The patch doesn't appear to include any new or modified
                        Please justify why no new tests are needed for this patch.
                        Also please list what manual steps were performed to verify this patch.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:red}-1 javadoc{color}.  The javadoc tool appears to have generated 47 warning messages.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:red}-1 lineLengths{color}.  The patch introduces the following lines longer than
    +    private static final Set<String> PHOENIX_SYSTEM_TABLES = new HashSet<>(Arrays.asList("SYSTEM.CATALOG",
+    private static final Set<String> PHOENIX_NAMESPACE_MAPPED_SYSTEM_TABLES = new HashSet<>(Arrays.asList("SYSTEM:CATALOG",
+    private static final String TABLE_NAME = SystemTablePermissionsIT.class.getSimpleName().toUpperCase();
+        conf.set("hbase.coprocessor.master.classes", "");
+        conf.set("hbase.coprocessor.region.classes", "");
+        conf.set("hbase.coprocessor.regionserver.classes", "");
+        final UserGroupInformation superUser = UserGroupInformation.createUserForTesting(SUPERUSER,
new String[0]);
+        final UserGroupInformation regularUser = UserGroupInformation.createUserForTesting("user",
new String[0]);
+        assertTrue("HBase tables do not include expected Phoenix tables: " + tables, tables.containsAll(PHOENIX_SYSTEM_TABLES));
+                    grantPermissions(regularUser.getShortUserName(), PHOENIX_SYSTEM_TABLES,
Action.EXEC, Action.READ);

     {color:red}-1 core tests{color}.  The patch failed these unit tests:

Test results:
Javadoc warnings:
Console output:

This message is automatically generated.

> Users lacking ADMIN on 'SYSTEM' HBase namespace can't connect to Phoenix
> ------------------------------------------------------------------------
>                 Key: PHOENIX-3756
>                 URL:
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 4.11.0
>         Attachments: PHOENIX-3756.001.patch, PHOENIX-3756.002.patch, PHOENIX-3756.003.patch
> Follow-on from PHOENIX-3652:
> The fix provided in PHOENIX-3652 addressed the default situation where users would need
ADMIN on the default HBase namespace. However, when {{phoenix.schema.isNamespaceMappingEnabled=true}}
and Phoenix creates its system tables in the {{SYSTEM}} HBase namespace, unprivileged users
(those lacking ADMIN on {{SYSTEM}}) still cannot connect to Phoenix.
> The root-cause is essentially the same: the code tries to fetch the {{NamespaceDescriptor}}
for the {{SYSTEM}} namespace which requires the ADMIN permission.

This message was sent by Atlassian JIRA

View raw message