Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.6.0
-
None
-
Reviewed
Description
Output from WebHdfs:
curl -X PUT "http://weichiu.vpc.cloudera.com:50070/webhdfs/v1/a?aclspec=group:user:&op=REMOVEACLENTRIES&user.name=weichiu"
Output from HttpFs:
curl -X PUT "http://weichiu.vpc.cloudera.com:14000/webhdfs/v1/a?aclspec=group:user:&op=REMOVEACLENTRIES&user.name=weichiu"
{"RemoteException":{"message":"Invalid <aclSpec> : group:user:","exception":"HadoopIllegalArgumentException","javaClassName":"org.apache.hadoop.HadoopIllegalArgumentException"}}
The exception is thrown because the ACL string "group:user:" is not recognized by HttpFs.
Effectively, what this means is that the behavior of HttpFs is not consistent with that of WebHdfs.
Additionally, command line does accept the ACL string. For example:
hdfs dfds -setfactl -x group:yyy: /a
Bug is reproducible if httpfs and acl are enabled, and reproducible on single-node cluster configuration.
To reproduce, add into core-site.xml:
<property>
<name>dfs.webhdfs.enabled</name>
<value>true</value>
</property>
<property>
<name>dfs.namenode.acls.enabled</name>
<value>true</value>
</property>
<property>
<name>hadoop.proxyuser.#HTTPFSUSER#.hosts</name>
<value>httpfs-host.foo.com</value>
</property>
<property>
<name>hadoop.proxyuser.#HTTPFSUSER#.groups</name>
<value>*</value>
</property>
restart name node, data node and httpfs daemon
Credit to romainr for reporting the issue.