[SPARK-24948][SHS][BACKPORT-2.2] Delegate check access permissions to the file system #22022
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mgaido91
force-pushed
the
SPARK-24948_2.2
branch
from
b472030 to
65753ed
Compare
In `SparkHadoopUtil. checkAccessPermission`, we consider only basic permissions in order to check wether a user can access a file or not. This is not a complete check, as it ignores ACLs and other policies a file system may apply in its internal. So this can result in returning wrongly that a user cannot access a file (despite he actually can). The PR proposes to delegate to the filesystem the check whether a file is accessible or not, in order to return the right result. A caching layer is added for performance reasons. modified UTs Author: Marco Gaido <[email protected]> Closes apache#21895 from mgaido91/SPARK-24948.
mgaido91
force-pushed
the
SPARK-24948_2.2
branch
from
65753ed to
16b7b40
Compare
|
Test build #94360 has finished for PR 22022 at commit
|
mgaido91
changed the title
|
Test build #94361 has finished for PR 22022 at commit
|
|
retest this please |
|
Test build #94369 has finished for PR 22022 at commit
|
|
Test build #94374 has finished for PR 22022 at commit
|
jerryshao
approved these changes
Aug 8, 2018
|
Sorry, let me test again to see everything is ok. Will merge it when test is passed. |
|
Jenkins, retest this please. |
|
Test build #94401 has finished for PR 22022 at commit
|
asfgit
pushed a commit
that referenced
this pull request
Aug 8, 2018
… the file system ## What changes were proposed in this pull request? In `SparkHadoopUtil. checkAccessPermission`, we consider only basic permissions in order to check whether a user can access a file or not. This is not a complete check, as it ignores ACLs and other policies a file system may apply in its internal. So this can result in returning wrongly that a user cannot access a file (despite he actually can). The PR proposes to delegate to the filesystem the check whether a file is accessible or not, in order to return the right result. A caching layer is added for performance reasons. ## How was this patch tested? added UT Author: Marco Gaido <[email protected]> Closes #22022 from mgaido91/SPARK-24948_2.2.
|
Merged to branch 2.2, please close this PR @mgaido91 |
|
Thanks @jerryshao , closing. |
Willymontaz
pushed a commit
to criteo-forks/spark
that referenced
this pull request
Sep 26, 2019
… the file system ## What changes were proposed in this pull request? In `SparkHadoopUtil. checkAccessPermission`, we consider only basic permissions in order to check whether a user can access a file or not. This is not a complete check, as it ignores ACLs and other policies a file system may apply in its internal. So this can result in returning wrongly that a user cannot access a file (despite he actually can). The PR proposes to delegate to the filesystem the check whether a file is accessible or not, in order to return the right result. A caching layer is added for performance reasons. ## How was this patch tested? added UT Author: Marco Gaido <[email protected]> Closes apache#22022 from mgaido91/SPARK-24948_2.2.
Willymontaz
pushed a commit
to criteo-forks/spark
that referenced
this pull request
Sep 27, 2019
… the file system ## What changes were proposed in this pull request? In `SparkHadoopUtil. checkAccessPermission`, we consider only basic permissions in order to check whether a user can access a file or not. This is not a complete check, as it ignores ACLs and other policies a file system may apply in its internal. So this can result in returning wrongly that a user cannot access a file (despite he actually can). The PR proposes to delegate to the filesystem the check whether a file is accessible or not, in order to return the right result. A caching layer is added for performance reasons. ## How was this patch tested? added UT Author: Marco Gaido <[email protected]> Closes apache#22022 from mgaido91/SPARK-24948_2.2.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
In
SparkHadoopUtil. checkAccessPermission, we consider only basic permissions in order to check whether a user can access a file or not. This is not a complete check, as it ignores ACLs and other policies a file system may apply in its internal. So this can result in returning wrongly that a user cannot access a file (despite he actually can).The PR proposes to delegate to the filesystem the check whether a file is accessible or not, in order to return the right result. A caching layer is added for performance reasons.
How was this patch tested?
added UT