Major Description
While performing API operations on entity(process/feed/cluster) for non-ACL owner (different from ACL OWNER and which does not belong to ACL GROUP) , inconsistent behaviour is reported.
- Can list entities
dataqa@ip-192-168-138-200:/usr/lib/falcon/falconPrism/bin$ sudo -u oozie ./falcon entity -type feed -list (FEED) FeedAclTestTry--raaw (FEED) ELExpFutureAndLatestTest--raaw-logs16-ddc91917 (FEED) ProcessInstanceRunningTest--raaw-logs16-93197d85 (FEED) FeedAclTestTry--raaw-logs16-d6375244 (FEED) ProcessInstanceRunningTest--agregated-logs16-3109a564
- Can define entities
dataqa@ip-192-168-138-200:/usr/lib/falcon/falconPrism/bin$ sudo -u oozie ./falcon entity -type feed -name FeedAclTestTry--raaw -definition <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <feed name="FeedAclTestTry--raaw" description="clicks log" xmlns="uri:falcon:feed:0.1"> <partitions> <partition name="country"/> <partition name="colo"/> </partitions> <frequency>minutes(20)</frequency> <timezone>UTC</timezone> <late-arrival cut-off="hours(6)"/> <clusters> <cluster name="FeedAclTestTry--corp-450c9f4a" type="source"> <validity start="2009-02-01T00:00Z" end="2099-05-01T00:00Z"/> <retention limit="months(9000)" action="delete"/> </cluster> </clusters> <locations> <location type="data" path="/tmp/falcon-regression/FeedAclTestTry/input/${YEAR}/${MONTH}/${DAY}/${HOUR}/${MINUTE}"/> <location type="stats" path="/projects/falcon/clicksStats"/> <location type="meta" path="/projects/falcon/clicksMetaData"/> </locations> <ACL owner="pragyamittal" group="dataqa" permission="*"/> <schema location="/schema/clicks" provider="protobuf"/> <properties> <property name="field1" value="value1"/> <property name="field2" value="value2"/> </properties> </feed>
- Can look for dependency
dataqa@ip-192-168-138-200:/usr/lib/falcon/falconPrism/bin$ sudo -u oozie ./falcon entity -type feed -name FeedAclTestTry--raaw -dependency (cluster) FeedAclTestTry--corp-450c9f4a
- Can delete
dataqa@ip-192-168-138-200:/usr/lib/falcon/falconPrism/bin$ sudo -u oozie ./falcon entity -type feed -name FeedAclTestTry--raaw -delete falcon/ua1/FeedAclTestTry--raaw(feed) removed successfully (KILLED in ENGINE) prism/FeedAclTestTry--raaw(feed) removed successfully
- Cant update
dataqa@ip-192-168-138-200:/usr/lib/falcon/falconPrism/bin$ sudo -u oozie ./falcon entity -type process -name ProcessInstanceRunningTest--agregator-coord16-e1fd7fae -file ~/pragya/processNew.xml -update Stacktrace: org.apache.falcon.client.FalconCLIException: Bad Request;ua1/org.apache.hadoop.security.authorize.AuthorizationException: org.apache.hadoop.security.authorize.AuthorizationException: org.apache.hadoop.security.authorize.AuthorizationException: Permission denied: authenticatedUser=oozie not entity owner=pragyamittal, entity=ProcessInstanceRunningTest--agregator-coord16-e1fd7fae, action=submit at org.apache.falcon.client.FalconCLIException.fromReponse(FalconCLIException.java:44) at org.apache.falcon.client.FalconClient.checkIfSuccessful(FalconClient.java:985) at org.apache.falcon.client.FalconClient.update(FalconClient.java:337) at org.apache.falcon.cli.FalconCLI.entityCommand(FalconCLI.java:398) at org.apache.falcon.cli.FalconCLI.run(FalconCLI.java:184) at org.apache.falcon.cli.FalconCLI.main(FalconCLI.java:134)
- Cant suspend
dataqa@ip-192-168-138-200:/usr/lib/falcon/falconPrism/bin$ sudo -u oozie ./falcon entity -type process -name ProcessInstanceRunningTest--agregator-coord16-e1fd7fae -suspend Stacktrace: org.apache.falcon.client.FalconCLIException: Bad Request;ua1/org.apache.falcon.FalconException::org.apache.falcon.FalconException: {"errorCode":403,"errorMessage":"org.apache.hadoop.security.authorize.AuthorizationException: org.apache.hadoop.security.authorize.AuthorizationException: Permission denied: authenticatedUser=oozie not entity owner=pragyamittal, entity=ProcessInstanceRunningTest--agregator-coord16-e1fd7fae, action=suspend","requestId":"931475624@qtp-380412694-4 - d532a446-2edd-46ee-863b-b7da59da6897"} at org.apache.falcon.client.FalconCLIException.fromReponse(FalconCLIException.java:44) at org.apache.falcon.client.FalconClient.checkIfSuccessful(FalconClient.java:985) at org.apache.falcon.client.FalconClient.sendEntityRequest(FalconClient.java:598) at org.apache.falcon.client.FalconClient.suspend(FalconClient.java:294) at org.apache.falcon.cli.FalconCLI.entityCommand(FalconCLI.java:415) at org.apache.falcon.cli.FalconCLI.run(FalconCLI.java:184) at org.apache.falcon.cli.FalconCLI.main(FalconCLI.java:134)
- Cant resume
dataqa@ip-192-168-138-200:/usr/lib/falcon/falconPrism/bin$ sudo -u oozie ./falcon entity -type process -name ProcessInstanceRunningTest--agregator-coord16-e1fd7fae -resume Stacktrace: org.apache.falcon.client.FalconCLIException: Bad Request;ua1/org.apache.falcon.FalconException::org.apache.falcon.FalconException: {"errorCode":403,"errorMessage":"org.apache.hadoop.security.authorize.AuthorizationException: org.apache.hadoop.security.authorize.AuthorizationException: Permission denied: authenticatedUser=oozie not entity owner=pragyamittal, entity=ProcessInstanceRunningTest--agregator-coord16-e1fd7fae, action=resume","requestId":"931475624@qtp-380412694-4 - 4bae6360-c5d1-45db-9eb2-183f1598c383"} at org.apache.falcon.client.FalconCLIException.fromReponse(FalconCLIException.java:44) at org.apache.falcon.client.FalconClient.checkIfSuccessful(FalconClient.java:985) at org.apache.falcon.client.FalconClient.sendEntityRequest(FalconClient.java:598) at org.apache.falcon.client.FalconClient.resume(FalconClient.java:301) at org.apache.falcon.cli.FalconCLI.entityCommand(FalconCLI.java:419) at org.apache.falcon.cli.FalconCLI.run(FalconCLI.java:184) at org.apache.falcon.cli.FalconCLI.main(FalconCLI.java:134)
- Cant perform touch
dataqa@ip-192-168-138-200:/usr/lib/falcon/falconPrism/bin$ sudo -u oozie ./falcon entity -type process -name ProcessInstanceRunningTest--agregator-coord16-e1fd7fae -touch Stacktrace: org.apache.falcon.client.FalconCLIException: Bad Request;ua1/org.apache.falcon.FalconException::org.apache.falcon.FalconException: {"errorCode":403,"errorMessage":"org.apache.hadoop.security.authorize.AuthorizationException: org.apache.hadoop.security.authorize.AuthorizationException: Permission denied: authenticatedUser=oozie not entity owner=pragyamittal, entity=ProcessInstanceRunningTest--agregator-coord16-e1fd7fae, action=touch","requestId":"931475624@qtp-380412694-4 - c68b0f4c-c1c6-432c-b815-140c81ce5e99"} at org.apache.falcon.client.FalconCLIException.fromReponse(FalconCLIException.java:44) at org.apache.falcon.client.FalconClient.checkIfSuccessful(FalconClient.java:985) at org.apache.falcon.client.FalconClient.touch(FalconClient.java:395) at org.apache.falcon.cli.FalconCLI.entityCommand(FalconCLI.java:460) at org.apache.falcon.cli.FalconCLI.run(FalconCLI.java:184) at org.apache.falcon.cli.FalconCLI.main(FalconCLI.java:134)
- Cant perform status
dataqa@ip-192-168-138-200:/usr/lib/falcon/falconPrism/bin$ sudo -u oozie ./falcon entity -type feed -name FeedAclTestTry--raaw-logs16-d6375244 -status Stacktrace: org.apache.falcon.client.FalconCLIException: Bad Request;ua1/org.apache.falcon.FalconException::org.apache.falcon.FalconException: {"errorCode":403,"errorMessage":"org.apache.hadoop.security.authorize.AuthorizationException: org.apache.hadoop.security.authorize.AuthorizationException: Permission denied: authenticatedUser=oozie not entity owner=pragyamittal, entity=FeedAclTestTry--raaw-logs16-d6375244, action=status","requestId":"931475624@qtp-380412694-4 - 5573e2f5-076d-45d2-ba7e-bc63525fcd92"} at org.apache.falcon.client.FalconCLIException.fromReponse(FalconCLIException.java:44) at org.apache.falcon.client.FalconClient.checkIfSuccessful(FalconClient.java:985) at org.apache.falcon.client.FalconClient.sendEntityRequest(FalconClient.java:598) at org.apache.falcon.client.FalconClient.getStatus(FalconClient.java:352) at org.apache.falcon.cli.FalconCLI.entityCommand(FalconCLI.java:427) at org.apache.falcon.cli.FalconCLI.run(FalconCLI.java:184) at org.apache.falcon.cli.FalconCLI.main(FalconCLI.java:134)
Can someone please explain the expected behaviour of entities especially with respect to delete(write operation) and status(read operation).
Although non-ACL owner cannot perform any operation (read/write) on instances. Below is the error it throws :
sudo -u oozie ./falcon instance -type process -name ProcessInstanceRunningTest--agregator-coord16-e1fd7fae -start 2010-01-02T01:00Z -end 2010-01-02T01:11Z -status
Stacktrace:
org.apache.falcon.client.FalconCLIException: Bad Request;ua1/org.apache.falcon.FalconException::org.apache.falcon.FalconException: {"errorCode":403,"errorMessage":"org.apache.hadoop.security.authorize.AuthorizationException: org.apache.hadoop.security.authorize.AuthorizationException: Permission denied: authenticatedUser=oozie not entity owner=pragyamittal, entity=ProcessInstanceRunningTest--agregator-coord16-e1fd7fae, action=status","requestId":"931475624@qtp-380412694-4 - 6eb3e0c7-2877-4cb0-8a36-bef0b285ccc5"}
Same error is thrown by below commands saying org.apache.hadoop.security.authorize.AuthorizationException
sudo -u oozie ./falcon instance -type process -name ProcessInstanceRunningTest--agregator-coord16-e1fd7fae -start 2010-01-02T01:00Z -end 2010-01-02T01:11Z -kill sudo -u oozie ./falcon instance -type process -name ProcessInstanceRunningTest--agregator-coord16-e1fd7fae -start 2010-01-02T01:00Z -end 2010-01-02T01:11Z -params sudo -u oozie ./falcon instance -type process -name ProcessInstanceRunningTest--agregator-coord16-e1fd7fae -start 2010-01-02T01:00Z -end 2010-01-02T01:11Z -logs sudo -u oozie ./falcon instance -type process -name ProcessInstanceRunningTest--agregator-coord16-e1fd7fae -start 2010-01-02T01:00Z -end 2010-01-02T01:11Z -running sudo -u oozie ./falcon instance -type process -name ProcessInstanceRunningTest--agregator-coord16-e1fd7fae -start 2010-01-02T01:00Z -end 2010-01-02T01:11Z -resume sudo -u oozie ./falcon instance -type process -name ProcessInstanceRunningTest--agregator-coord16-e1fd7fae -start 2010-01-02T01:00Z -end 2010-01-02T01:11Z -suspend