Uploaded image for project: 'Falcon'
  1. Falcon
  2. FALCON-497

Able to submit feed even though owner of storage specified (location type=data) is different from the ACL owner

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.6
    • 0.6
    • general
    • None

    • QA

    Description

      <?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="uri:falcon:feed:0.1" name="raaw-logs16-784f11fb-0952-4b0e-ae17-a767f094068a" description="clicks log">
  <partitions>
    <partition name="country"/>
    <partition name="colo"/>
  </partitions>
  <frequency>minutes(20)</frequency>
  <timezone>UTC</timezone>
  <late-arrival cut-off="hours(6)"/>
  <clusters>
    <cluster name="corp-456c8ba1-00d9-46d2-a9c1-f5e0a561f8cc" type="source">
      <validity start="2009-02-01T00:00Z" end="2099-05-01T00:00Z"/>
      <retention limit="months(9000)" action="delete"/>
    </cluster>
  </clusters>
  <locations>
    <location type="data" path="/samarth/input-data/rawLogs/${YEAR}/${MONTH}/${DAY}/${HOUR}/${MINUTE}"/>
    <location type="stats" path="/projects/ivory/clicksStats"/>
    <location type="meta" path="/projects/ivory/clicksMetaData"/>
  </locations>
  <ACL owner="karishma" group="group" permission="0x755"/>
  <schema location="/schema/clicks" provider="protobuf"/>
  <properties>
    <property name="field1" value="value1"/>
    <property name="field2" value="value2"/>
  </properties>
</feed>

      If location path (type=data) exists in hdfs, and the feed is submitted with an ACL owner different from the storage owner, instead of getting an error, I'm succesfully able to submit the feed.

      In falcon, the owner of the entire path 

      <location type="data" path="/samarth/input-data/rawLogs/${YEAR}/${MONTH}/${DAY}/${HOUR}/${MINUTE}"/>

      (including the variables) is being checked for, instead of just that of "/samarth/input-data/rawLogs/".

      The feature successfully works if the location paths (type=meta or type=stats) exist on hdfs, and the owner of these is different from the ACL owner.In that case, I'm not allowed to submit the feed, and get the following error: 

       <?xml version="1.0" encoding="UTF-8"?>
<result>
  <status>FAILED</status>
  <message>ua1/Can't validate storage ACL (URI hdfs://192.168.138.27:8020)Feed ACL owner karishma doesn't match the actual file owner dataqa</message>
  <requestId>ua1/15509f1d-2341-4ada-a119-b2d120a3d3fd</requestId>
</result>

      Attachments

        1. FALCON-497.patch
          8 kB
          Shwetha GS
        2. FALCON-497-v2.patch
          8 kB
          Shwetha GS

        Issue Links

          is broken by

          Bug - A problem which impairs or prevents the functions of the product. FALCON-280 Validate the ACL in Feed entity with the user submitting the entity

          • Major - Major loss of function.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. FALCON-1056 Able to submit feed even though owner/group of storage specified (location type=data) is different from the ACL owner/group

          • Major - Major loss of function.
          • Open

          Activity

            People

              shwethags Shwetha GS
              karishmag9 Karishma Gulati
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: