Description
Scenario:
- Server and client-side namespace-mapping is enabled.
- "hbase.security.exec.permission.checks" is true on the server. Thus, EXEC permission checking will be performed during coprocessor endpoint invocations.
- Client does not have EXEC permissions on SYSTEM:CATALOG
- Client calls DriverManager.getConnection(..) and this fails with the following exception:
java.sql.SQLException: ERROR 2006 (INT08): Incompatible jars detected between client and server. Ensure that phoenix-[version]-server.jar is put on the classpath of HBase in every region server: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=unprivilegedUser_N000007, scope=SYSTEM:CATALOG, params=[table=SYSTEM:CATALOG],action=EXEC) at org.apache.hadoop.hbase.security.access.AccessChecker.requirePermission(AccessChecker.java:281) at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:446) at org.apache.hadoop.hbase.security.access.AccessController.preEndpointInvocation(AccessController.java:2015) at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$64.call(RegionCoprocessorHost.java:1707) at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$64.call(RegionCoprocessorHost.java:1704) at org.apache.hadoop.hbase.coprocessor.CoprocessorHost$ObserverOperationWithResult.callObserver(CoprocessorHost.java:578) at org.apache.hadoop.hbase.coprocessor.CoprocessorHost.execOperation(CoprocessorHost.java:614) at org.apache.hadoop.hbase.coprocessor.CoprocessorHost.execOperationWithResult(CoprocessorHost.java:592) at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preEndpointInvocation(RegionCoprocessorHost.java:1703) at org.apache.hadoop.hbase.regionserver.HRegion.execService(HRegion.java:8011) at org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion(RSRpcServices.java:2409) at org.apache.hadoop.hbase.regionserver.RSRpcServices.execService(RSRpcServices.java:2391) at org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:42010) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:409) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:324) at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:304)
The above is encountered as a result of a call to getVersion from ConnectionQueryServicesImpl#checkClientServerCompatibility, but can occur from any place that we check client-server compatibility.
The exception bubbles up as an INCOMPATIBLE_CLIENT_SERVER_JAR exception, which is wrong and also leads to misleading logs for clients.
Attachments
Attachments
Issue Links
- links to