[HDFS-16259] Catch and re-throw sub-classes of AccessControlException thrown by any permission provider plugins (eg Ranger) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.4.0, 3.3.2
Component/s: namenode
Labels:
- pull-request-available

Description

When a permission provider plugin is enabled (eg Ranger) there are some scenarios where it can throw a sub-class of an AccessControlException (eg RangerAccessControlException). If this exception is allowed to propagate up the stack, it can give problems in the HDFS Client, when it unwraps the remote exception containing the AccessControlException sub-class.

Ideally, we should make AccessControlException final so it cannot be sub-classed, but that would be a breaking change at this point. Therefore I believe the safest thing to do, is to catch any AccessControlException that comes out of the permission enforcer plugin, and re-throw an AccessControlException instead.

Attachments

Issue Links

links to

GitHub Pull Request #3598

Activity

People

Assignee:: Stephen O'Donnell

Reporter:: Stephen O'Donnell

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 06/Oct/21 09:16

Updated:: 02/Nov/21 21:44

Resolved:: 02/Nov/21 11:45

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: