-
Type:
Bug
-
Status: Resolved
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 4.2.1, 3.5.5, 4.1.1, 4.0.1
-
Component/s: Security
-
Labels:
-
Release Notes:Fixed a bug that sometimes wrong user is used in explore, which results in the failure of deleting namespace.
-
Rank:1|i0043r:
The issue I observed:
Alice was logged in and had the privilege to delete the namespace but the operation failed with following stacktrace, indicating eve is making query, not sure why this happens and how to reproduce:
2017-06-14 22:58:54,386 WARN co.cask.cdap.internal.app.namespace.DefaultNamespaceAdmin: Error while deleting namespace namespace:test co.cask.cdap.explore.service.ExploreException: Cannot remove a namespace. Reason: Response code: 500, message: 'Internal Server Error', body: 'Failed to get namespace meta for the namespace namespace:test' at co.cask.cdap.explore.client.ExploreHttpClient.deleteNamespace(ExploreHttpClient.java:482) ~[na:na] at co.cask.cdap.explore.client.AbstractExploreClient.deleteNamespace(AbstractExploreClient.java:66) ~[na:na] at co.cask.cdap.explore.client.AbstractExploreClient$20.getHandle(AbstractExploreClient.java:330) ~[na:na] at co.cask.cdap.explore.client.AbstractExploreClient$21.call(AbstractExploreClient.java:342) ~[na:na] at co.cask.cdap.explore.client.AbstractExploreClient$21.call(AbstractExploreClient.java:339) ~[na:na] at java.util.concurrent.FutureTask.run(FutureTask.java:262) ~[na:1.7.0_75] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) ~[na:1.7.0_75] at java.util.concurrent.FutureTask.run(FutureTask.java:262) ~[na:1.7.0_75] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178) ~[na:1.7.0_75] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292) ~[na:1.7.0_75] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) ~[na:1.7.0_75] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) ~[na:1.7.0_75] at java.lang.Thread.run(Thread.java:745) ~[na:1.7.0_75] 2017-06-14 22:58:54,380 WARN org.apache.hadoop.security.UserGroupInformation: PriviledgedActionException as:cdap/authorization24354-1000.dev.continuuity.net@CONTINUUITY.NET (auth:SIMPLE) cause:co.cask.cdap.explore.service.ExploreException: Failed to get namespace meta for the namespace namespace:test 2017-06-14 22:58:54,381 ERROR co.cask.cdap.common.HttpExceptionHandler: Unexpected error: request=DELETE /v3/data/explore/namespaces/test user=eve: co.cask.cdap.explore.service.ExploreException: Failed to get namespace meta for the namespace namespace:test at co.cask.cdap.explore.service.hive.BaseHiveExploreService.deleteNamespace(BaseHiveExploreService.java:813) at co.cask.cdap.explore.executor.ExploreMetadataHttpHandler$6$1.call(ExploreMetadataHttpHandler.java:167) at co.cask.cdap.explore.executor.ExploreMetadataHttpHandler$6$1.call(ExploreMetadataHttpHandler.java:164) at co.cask.cdap.security.impersonation.ImpersonationUtils$1.run(ImpersonationUtils.java:46) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:415) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1920) at co.cask.cdap.security.impersonation.ImpersonationUtils.doAs(ImpersonationUtils.java:43) at co.cask.cdap.security.impersonation.DefaultImpersonator.doAs(DefaultImpersonator.java:70) at co.cask.cdap.security.impersonation.DefaultImpersonator.doAs(DefaultImpersonator.java:59) at co.cask.cdap.explore.executor.ExploreMetadataHttpHandler$6.execute(ExploreMetadataHttpHandler.java:164) at co.cask.cdap.explore.executor.ExploreMetadataHttpHandler$6.execute(ExploreMetadataHttpHandler.java:159) at co.cask.cdap.explore.executor.AbstractExploreMetadataHttpHandler$1.execute(AbstractExploreMetadataHttpHandler.java:53) at co.cask.cdap.explore.executor.AbstractExploreMetadataHttpHandler$1.execute(AbstractExploreMetadataHttpHandler.java:49) at co.cask.cdap.explore.executor.AbstractExploreMetadataHttpHandler.genericEndpointExecution(AbstractExploreMetadataHttpHandler.java:65) at co.cask.cdap.explore.executor.AbstractExploreMetadataHttpHandler.handleResponseEndpointExecution(AbstractExploreMetadataHttpHandler.java:49) at co.cask.cdap.explore.executor.ExploreMetadataHttpHandler.delete(ExploreMetadataHttpHandler.java:159) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606)
- relates to
-
CDAP-12006 Namespace deletion should clean up the hive tables before dropping the hive database.
-
- Open
-
-
CDAP-12021 long term fix for setting the requesting user for REST call
-
- Open
-