Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-7396

Scheduled jobs fails to run in impersonated namespace

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.6.0, 3.5.2, 3.5.1, 3.5.0
    • Fix Version/s: 3.5.2
    • Component/s: Security
    • Labels:
      None
    • Release Notes:
      Fixed a bug which prevented scheduled jobs to run on namespace with impersonation.
    • Rank:
      1|hzzms7:

      Description

      Scheduled jobs fails to run in an impersonated namespace on which cdap does not have any privileges. This is because when the jobs gets triggered the security principal is set to cdap which does not have privilege to execute the program.

      co.cask.cdap.security.spi.authorization.UnauthorizedException: Principal 'Principal{name='cdap', type=USER}' is not authorized to perform actions '[EXECUTE]' on entity 'program:mapped.PurchaseHistory.workflow.PurchaseHistoryWorkflow'
          at co.cask.cdap.security.authorization.DefaultAuthorizationEnforcementService.doEnforce(DefaultAuthorizationEnforcementService.java:109) ~[co.cask.cdap.cdap-security-3.5.2-SNAPSHOT.jar:na]
          at co.cask.cdap.security.authorization.DefaultAuthorizationEnforcementService.enforce(DefaultAuthorizationEnforcementService.java:70) ~[co.cask.cdap.cdap-security-3.5.2-SNAPSHOT.jar:na]
          at co.cask.cdap.security.authorization.DefaultAuthorizationEnforcementService.enforce(DefaultAuthorizationEnforcementService.java:61) ~[co.cask.cdap.cdap-security-3.5.2-SNAPSHOT.jar:na]
          at co.cask.cdap.internal.app.services.ProgramLifecycleService.start(ProgramLifecycleService.java:274) ~[cdap-app-fabric-3.5.2-SNAPSHOT.jar:na]
          at co.cask.cdap.internal.app.runtime.schedule.ScheduleTaskRunner.execute(ScheduleTaskRunner.java:118) [cdap-app-fabric-3.5.2-SNAPSHOT.jar:na]
          at co.cask.cdap.internal.app.runtime.schedule.ScheduleTaskRunner.run(ScheduleTaskRunner.java:105) [cdap-app-fabric-3.5.2-SNAPSHOT.jar:na]
          at co.cask.cdap.internal.app.runtime.schedule.DefaultSchedulerService$ScheduledJob.execute(DefaultSchedulerService.java:89) [cdap-app-fabric-3.5.2-SNAPSHOT.jar:na]
          at org.quartz.core.JobRunShell.run(JobRunShell.java:207) [org.quartz-scheduler.quartz-2.2.0.jar:na]
          at java.util.concurrent.ThreadPoolExecutor.runWorker(Thre
      

        Attachments

          Activity

            People

            • Assignee:
              rsinha Rohit Sinha
              Reporter:
              rsinha Rohit Sinha
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: