Add permission checks before reading from HDFS stream #26716
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rjernst
approved these changes
Sep 20, 2017
|
@rjernst Your comment does make me realize that there's a new test case in #26714 that should probably be forward ported as well though. As for the changes in this PR, they are more for observing best practices around guarding privileged blocks from scripting exploits. Not sure if there's an easy way to test that. |
MiniHDFS will now start with an existing repository with a single snapshot contained within. Readonly Repository is created in tests and attempts to list the snapshots within this repo. Correcting typos...
|
LGTM, thanks for porting the test. |
|
Failing test looks unrelated to this PR. Dug through the logs and it seems that the tests affected by this change are ok. I'll move ahead with merging it. |
jbaiera
added a commit
that referenced
this pull request
Sep 21, 2017
Add checks for special permissions before reading hdfs stream data. Also adds test from readonly repository fix. MiniHDFS will now start with an existing repository with a single snapshot contained within. Readonly Repository is created in tests and attempts to list the snapshots within this repo.
jbaiera
added a commit
that referenced
this pull request
Sep 21, 2017
Add checks for special permissions before reading hdfs stream data. Also adds test from readonly repository fix. MiniHDFS will now start with an existing repository with a single snapshot contained within. Readonly Repository is created in tests and attempts to list the snapshots within this repo.
jasontedor
added a commit
to jasontedor/elasticsearch
that referenced
this pull request
Sep 21, 2017
* master: Add permission checks before reading from HDFS stream (elastic#26716) muted test [Docs] Fixed typo of *configuration* (elastic#25058) Add azure storage endpoint suffix elastic#26432 (elastic#26568)
clintongormley
added
:Distributed Coordination/Snapshot/Restore
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding permission checks before and limiting the allowed permissions for privileged code blocks that read stream data from HDFS. This is a forward port of some enhancements from #26714, as not all of that PR is relevant for the master branch.