HDDS-4787. Trash emptier fails to create checkpoints in a secure setup #1888
Conversation
There was a problem hiding this comment.
Thanks @sadanand48 for working on this.
I think secure acceptance test failure is related:
om_1 | 2021-02-03 05:18:00,113 [OM StateMachine ApplyTransaction Thread - 0] ERROR ratis.OzoneManagerStateMachine: Terminating with exit status 1: Request cmdType: RenameKey
om_1 | clientId: "client-6670A68B0F8D"
om_1 | userInfo {
om_1 | }
om_1 | renameKeyRequest {
om_1 | keyArgs {
om_1 | volumeName: "fstest1-src"
om_1 | bucketName: "link1-o3fs-src"
om_1 | keyName: ".Trash/root/Current/"
om_1 | modificationTime: 1612329480031
om_1 | }
om_1 | toKeyName: ".Trash/root/210203051800/"
om_1 | }
om_1 | failed with exception
om_1 | java.lang.NullPointerException
om_1 | at org.apache.hadoop.ozone.security.acl.OzoneNativeAuthorizer.isAdmin(OzoneNativeAuthorizer.java:222)
om_1 | at org.apache.hadoop.ozone.security.acl.OzoneNativeAuthorizer.checkAccess(OzoneNativeAuthorizer.java:92)
om_1 | at org.apache.hadoop.ozone.om.OzoneManager.checkAcls(OzoneManager.java:1797)
om_1 | at org.apache.hadoop.ozone.om.request.OMClientRequest.checkAcls(OMClientRequest.java:176)
om_1 | at org.apache.hadoop.ozone.om.request.OMClientRequest.checkAcls(OMClientRequest.java:154)
om_1 | at org.apache.hadoop.ozone.om.request.key.OMKeyRequest.checkKeyAcls(OMKeyRequest.java:437)
om_1 | at org.apache.hadoop.ozone.om.request.key.OMKeyRenameRequest.validateAndUpdateCache(OMKeyRenameRequest.java:143)
https://github.com/apache/ozone/runs/1819931384#step:7:549
https://github.com/apache/ozone/suites/1956204276/artifacts/38766607
|
|
||
| if (remoteAddress != null) { | ||
| userInfo.setHostName(remoteAddress.getHostName()); | ||
| userInfo.setRemoteAddress(remoteAddress.getHostAddress()).build(); |
There was a problem hiding this comment.
| userInfo.setRemoteAddress(remoteAddress.getHostAddress()).build(); | |
| userInfo.setRemoteAddress(remoteAddress.getHostAddress()); |
| ProtobufRpcEngine.Server.getRemoteUser() != null ? | ||
| ProtobufRpcEngine.Server.getRemoteUser() : |
There was a problem hiding this comment.
Nit: can you please store these in local variables instead of multiple calls?
| resolved = resolveBucketLink(requested, new HashSet<>(), | ||
| null, null, null); | ||
| try { | ||
| if (isAclEnabled) { |
There was a problem hiding this comment.
agree with @adoroszlai can we use a local variable to hold the result of Server.getRemoteIp().
There was a problem hiding this comment.
Thanks @sadanand48 for working on this. Patch LGTM, just some minor comments. Can you add a test to cover this?
|
Thanks @xiaoyuyao for reviewing this . |
|
Thanks @adoroszlai for the review and pointing out the error in the secure acceptance check. It's passing now. |
|
Thanks @sadanand48 for updating the patch. |
adoroszlai
changed the title
apache#1888) (cherry picked from commit fa5a080) Change-Id: I5d9ffe21a9a42f8d957110d2fcc282ec5049a3f5
What changes were proposed in this pull request?
Since in
TrashOzoneFilesystemthe calls are internal and not through RPC, NPE is generated duringcheckacls(), SinceServer.getRemoteIpand other such parameters would be null, the security authorizers too generate an NPE. The fix here is ifServer.getRemoteIp()is null replace it with ip of the node that starts OMWhat is the link to the Apache JIRA
https://issues.apache.org/jira/browse/HDDS-4787#
How was this patch tested?
Existing unit tests. also tried on cluster https://github.com/sadanand48/hadoop-ozone/runs/1825648963?check_suite_focus=true