Uploaded image for project: 'Falcon'
  1. Falcon
  2. FALCON-845

superuser falcon is not able to delete/update entity

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Invalid
    • 0.6
    • 0.6
    • None
    • None

    Description

      Sample response is:

      2014-10-29 15:20:28,517 INFO  - [pool-45-thread-1:othersEditScheduledProcess] ~ Request Url: http://ip-172-31-47-32.ec2.internal:15000/api/entities/delete/process/agregator-coord16-22ceac97?user.name=falcon (BaseRequest:163)
2014-10-29 15:20:28,517 INFO  - [pool-45-thread-1:othersEditScheduledProcess] ~ Request Method: DELETE (BaseRequest:164)
2014-10-29 15:20:28,517 INFO  - [pool-45-thread-1:othersEditScheduledProcess] ~ Request Header: Name=Content-Type Value=text/xml (BaseRequest:167)
2014-10-29 15:20:28,518 INFO  - [pool-45-thread-1:othersEditScheduledProcess] ~ Request Header: Name=Cookie Value=hadoop.auth=u=falcon&p=falcon&t=simple&e=1414632028513&s=1nC83wrEf/iOQvualO/fPAH4qE4= (BaseRequest:167)
2014-10-29 15:20:28,672 INFO  - [pool-45-thread-1:othersEditScheduledProcess] ~ Response Status: HTTP/1.1 400 Bad Request (BaseRequest:193)
2014-10-29 15:20:28,672 INFO  - [pool-45-thread-1:othersEditScheduledProcess] ~ Response Header: Name=Content-Type Value=text/xml (BaseRequest:195)
2014-10-29 15:20:28,672 INFO  - [pool-45-thread-1:othersEditScheduledProcess] ~ Response Header: Name=requestId Value=114790f0-0b80-43c0-9899-042705741916 (BaseRequest:195)
2014-10-29 15:20:28,672 INFO  - [pool-45-thread-1:othersEditScheduledProcess] ~ Response Header: Name=Content-Length Value=263 (BaseRequest:195)
2014-10-29 15:20:28,672 INFO  - [pool-45-thread-1:othersEditScheduledProcess] ~ Response Header: Name=Server Value=Jetty(6.1.26.hwx) (BaseRequest:195)
Warning:  org.apache.xerces.parsers.SAXParser: Property 'http://javax.xml.XMLConstants/property/accessExternalDTD' is not recognized.
Warning:  org.apache.xerces.parsers.SAXParser: Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized.
2014-10-29 15:20:28,675 INFO  - [pool-45-thread-1:othersEditScheduledProcess] ~ The web service response is:
<?xml version="1.0" encoding="UTF-8"?><result>
  <status>FAILED</status>
  <message>org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: falcon is not allowed to impersonate falcon</message>
</result>
 (ServiceResponse:86)

      Relevant log from falcon.application.log:

      2014-10-29 15:20:28,526 INFO  - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Logging in falcon (CurrentUser:69)
2014-10-29 15:20:28,526 INFO  - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Request from user: falcon, URL=/api/entities/delete/process/agregator-coord16-22ceac97?user.name=falcon (FalconAuthenticationFilter:181)
2014-10-29 15:20:28,526 INFO  - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Authorizing user=falcon against request=RequestParts{resource='entities', action='delete', entityName='agregator-coord16-22ceac97', entityType='process'} (FalconAuthorizationFilter:70)
2014-10-29 15:20:28,527 INFO  - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Authorizing authenticatedUser=falcon, against resource=entities, action=delete, entity name=agregator-coord16-22ceac97, entity type=process (DefaultAuthorizationProvider:125)
2014-10-29 15:20:28,528 DEBUG - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Invoking method delete on service org.apache.falcon.resource.ConfigSyncService (IPCChannel:45)
2014-10-29 15:20:28,669 ERROR - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Unable to reach workflow engine for deletion or deletion failed (AbstractEntityManager:228)
org.apache.falcon.FalconException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: falcon is not allowed to impersonate falcon
	at org.apache.falcon.entity.EntityUtil.getAllStagingPaths(EntityUtil.java:600)
	at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:269)
	at org.apache.falcon.workflow.engine.OozieWorkflowEngine.doBundleAction(OozieWorkflowEngine.java:367)
	at org.apache.falcon.workflow.engine.OozieWorkflowEngine.doBundleAction(OozieWorkflowEngine.java:361)
	at org.apache.falcon.workflow.engine.OozieWorkflowEngine.delete(OozieWorkflowEngine.java:345)
	at org.apache.falcon.resource.AbstractEntityManager.delete(AbstractEntityManager.java:215)
	at org.apache.falcon.resource.ConfigSyncService.delete(ConfigSyncService.java:56)
	at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.apache.falcon.resource.channel.IPCChannel.invoke(IPCChannel.java:49)
	at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$2.doExecute(SchedulableEntityManagerProxy.java:182)
	at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$EntityProxy.execute(SchedulableEntityManagerProxy.java:447)
	at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$2.execute(SchedulableEntityManagerProxy.java:172)
	at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy.delete_aroundBody2(SchedulableEntityManagerProxy.java:184)
	at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$AjcClosure3.run(SchedulableEntityManagerProxy.java:1)
	at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
	at org.apache.falcon.aspect.AbstractFalconAspect.logAroundMonitored(AbstractFalconAspect.java:51)
	at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy.delete(SchedulableEntityManagerProxy.java:159)
	at sun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
	at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
	at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
	at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288)
	at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
	at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
	at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
	at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
	at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1469)
	at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1400)
	at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1349)
	at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1339)
	at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
	at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537)
	at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:699)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
	at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1221)
	at org.apache.falcon.security.FalconAuthorizationFilter.doFilter(FalconAuthorizationFilter.java:80)
	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
	at org.apache.falcon.security.FalconAuthenticationFilter$2.doFilter(FalconAuthenticationFilter.java:184)
	at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:572)
	at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:542)
	at org.apache.falcon.security.FalconAuthenticationFilter.doFilter(FalconAuthenticationFilter.java:193)
	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
	at org.apache.falcon.security.FalconAuditFilter.doFilter(FalconAuditFilter.java:65)
	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
	at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
	at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
	at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
	at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
	at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
	at org.mortbay.jetty.Server.handle(Server.java:326)
	at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
	at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
	at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
	at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
	at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
	at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
	at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: falcon is not allowed to impersonate falcon
	at org.apache.hadoop.ipc.Client.call(Client.java:1468)
	at org.apache.hadoop.ipc.Client.call(Client.java:1399)
	at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:232)
	at com.sun.proxy.$Proxy27.getListing(Unknown Source)
	at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getListing(ClientNamenodeProtocolTranslatorPB.java:554)
	at sun.reflect.GeneratedMethodAccessor34.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:187)
	at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:102)
	at com.sun.proxy.$Proxy28.getListing(Unknown Source)
	at org.apache.hadoop.hdfs.DFSClient.listPaths(DFSClient.java:1947)
	at org.apache.hadoop.hdfs.DFSClient.listPaths(DFSClient.java:1930)
	at org.apache.hadoop.hdfs.DistributedFileSystem.listStatusInternal(DistributedFileSystem.java:693)
	at org.apache.hadoop.hdfs.DistributedFileSystem.access$600(DistributedFileSystem.java:105)
	at org.apache.hadoop.hdfs.DistributedFileSystem$15.doCall(DistributedFileSystem.java:755)
	at org.apache.hadoop.hdfs.DistributedFileSystem$15.doCall(DistributedFileSystem.java:751)
	at org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
	at org.apache.hadoop.hdfs.DistributedFileSystem.listStatus(DistributedFileSystem.java:751)
	at org.apache.hadoop.fs.FileSystem.listStatus(FileSystem.java:1485)
	at org.apache.hadoop.fs.FileSystem.listStatus(FileSystem.java:1525)
	at org.apache.falcon.entity.EntityUtil.getAllStagingPaths(EntityUtil.java:589)
	... 62 more
2014-10-29 15:20:28,670 ERROR - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Action failed: Bad Request
Error: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: falcon is not allowed to impersonate falcon (FalconWebException:68)
2014-10-29 15:20:28,670 INFO  - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ {Action:delete, Dimensions:{entityType=process, colo=NULL, entityName=agregator-coord16-22ceac97}, Status: FAILED, Time-taken:142594851 ns} (METRIC:38)
2014-10-29 15:20:28,671 DEBUG - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916] ~ Audit: falcon/172.31.47.32 performed request

      Attachments

        1. entities.txt
          5 kB
          Raghav Kumar Gautam
        2. core-site.xml
          10 kB
          Raghav Kumar Gautam

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. FALCON-851 Super user authorization is broken

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved

          Activity

            People

              bvellanki Balu Vellanki
              raghavgautam Raghav Kumar Gautam
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: