ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bolke de Bruin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-802) HBase plugin: Implement the new methods added to MasterObservers Interface and mimic their implementation in Hbase AccessController
Date Fri, 19 Feb 2016 13:53:18 GMT

    [ https://issues.apache.org/jira/browse/RANGER-802?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15154230#comment-15154230

Bolke de Bruin commented on RANGER-802:

I'm not sure what is going on. The patch I created in RANGER-827 and updated in RANGER-847
include the old interface of reading /etc/passwd en the new interface of using "getent". Both
interfaces are tested and do rely on having a functional system, ie. /etc/passwd exists and
contains well known users and "getent" works. All tests fail now including the ones that are
using the old code path. 

The error happens here (last line is line 211, UnixUserGroupBuilder)
				if (len < 2) {

				String userName = tokens[0];
				String userId = tokens[2];
				String groupId = tokens[3];

This is old code. Obviously, I can update the code (and I should) to check for len < 3
and that will fix the error most likely. However, I am suspicious of why it happens. It basically
means that /etc/passwd is of incorrect format but also the output of "getent". This might
be due to the fact the files are now being read as "UTF-8", however it doesn't explain why
it passed local tests earlier and rangerqa.

I will create that patch that checks for len<3 and log to WARN the line if it encounters
any lines that do not match. Hopefully that will shed a bit more light on this.

> HBase plugin: Implement the new methods added to MasterObservers Interface and mimic
their implementation in Hbase AccessController
> -----------------------------------------------------------------------------------------------------------------------------------
>                 Key: RANGER-802
>                 URL: https://issues.apache.org/jira/browse/RANGER-802
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 0.5.0
>            Reporter: Alok Lal
>            Assignee: Alok Lal
>             Fix For: 0.6.0
>         Attachments: 802.0.patch, 802.1.patch
> Following Hbase commits to their master have added new functionality around authorizing
the listing and aborting of procedures.
> {code}
> * ed4c734 HBASE-14432 Procedure V2 - enforce ACL on procedure admin tasks (Stephen Yuan
> * f6be2f9 HBASE-14488 Procedure V2 - shell command to abort a procedure (Stephen Yuan
> * 2350645 HBASE-14487 Procedure V2 - shell command to list all procedures (Stephen Yuan
> * 5b7894f HBASE-14107 Administrative Task: Provide an API to List all procedures (Stephen
Yuan Jiang)
> * 3341f13 HBASE-14108 Procedure V2 Administrative Task: provide an API to abort a procedure
(Stephen Yuan Jiang)
> {code}
> Currently we build against hbase 1.1.0.  As and when these get ported from master to
1.1.0 or if we move to newer versions of hbase then these new interface methods would show
up not only as compile time issues but also as deviation between Ranger's Authorizer and HBase
standard {{AccessController}}.  This we should implement these methods in Ranger.

This message was sent by Atlassian JIRA

View raw message