apache / accumulo-proxy

Apache Accumulo Proxy
https://accumulo.apache.org
Apache License 2.0
9 stars 19 forks source link

2.0.1 Update causes Security Exceptions #31

Open milleruntime opened 2 years ago

milleruntime commented 2 years ago

The update for the fix in Accumulo https://github.com/apache/accumulo/pull/1828 caused the ITs to throw ThriftSecurityException. This one is from org.apache.accumulo.proxy.its.TJsonProtocolProxyIT:

2022-06-01 14:39:01,565 [thrift.ProcessFunction] ERROR: Internal error processing tableIdMap
org.apache.thrift.TException: org.apache.accumulo.core.client.AccumuloSecurityException: Error BAD_CREDENTIALS for user user - Username or Password is Invalid
    at org.apache.accumulo.proxy.ProxyServer.tableIdMap(ProxyServer.java:733)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.apache.accumulo.core.trace.TraceUtil.lambda$wrapService$8(TraceUtil.java:232)
    at com.sun.proxy.$Proxy20.tableIdMap(Unknown Source)
    at org.apache.accumulo.proxy.thrift.AccumuloProxy$Processor$tableIdMap.getResult(AccumuloProxy.java:8553)
    at org.apache.accumulo.proxy.thrift.AccumuloProxy$Processor$tableIdMap.getResult(AccumuloProxy.java:8533)
    at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:38)
    at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
    at org.apache.accumulo.server.rpc.TimedProcessor.process(TimedProcessor.java:61)
    at org.apache.thrift.server.AbstractNonblockingServer$FrameBuffer.invoke(AbstractNonblockingServer.java:518)
    at org.apache.accumulo.server.rpc.CustomNonBlockingServer$CustomFrameBuffer.invoke(CustomNonBlockingServer.java:112)
    at org.apache.thrift.server.Invocation.run(Invocation.java:18)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at org.apache.accumulo.fate.util.LoggingRunnable.run(LoggingRunnable.java:35)
    at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.apache.accumulo.core.client.AccumuloSecurityException: Error BAD_CREDENTIALS for user user - Username or Password is Invalid
    at org.apache.accumulo.core.clientImpl.ServerClient.executeVoid(ServerClient.java:73)
    at org.apache.accumulo.core.clientImpl.ConnectorImpl.(ConnectorImpl.java:66)
    at org.apache.accumulo.core.client.ZooKeeperInstance.getConnector(ZooKeeperInstance.java:228)
    at org.apache.accumulo.proxy.ProxyServer.getConnector(ProxyServer.java:228)
    at org.apache.accumulo.proxy.ProxyServer.tableIdMap(ProxyServer.java:731)
    ... 18 more
Caused by: ThriftSecurityException(user:user, code:BAD_CREDENTIALS)
    at org.apache.accumulo.core.clientImpl.thrift.ClientService$authenticate_result$authenticate_resultStandardScheme.read(ClientService.java:16388)
    at org.apache.accumulo.core.clientImpl.thrift.ClientService$authenticate_result$authenticate_resultStandardScheme.read(ClientService.java:16366)
    at org.apache.accumulo.core.clientImpl.thrift.ClientService$authenticate_result.read(ClientService.java:16310)
    at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:88)
    at org.apache.accumulo.core.clientImpl.thrift.ClientService$Client.recv_authenticate(ClientService.java:475)
    at org.apache.accumulo.core.clientImpl.thrift.ClientService$Client.authenticate(ClientService.java:461)
    at org.apache.accumulo.core.clientImpl.ConnectorImpl.lambda$new$0(ConnectorImpl.java:67)
    at org.apache.accumulo.core.clientImpl.ServerClient.executeRawVoid(ServerClient.java:117)
    at org.apache.accumulo.core.clientImpl.ServerClient.executeVoid(ServerClient.java:71)
    ... 22 more
DomGarguilo commented 1 year ago

Closed wrong ticket by accident.

Manno15 commented 1 year ago

@DomGarguilo Do you think this is still valid (not counting the specific version mentioned)? I went through the tests and they all passed in my IDE but they generally failed in my terminal with:

2023-02-12T10:50:34,266 [thrift.ProcessFunction] ERROR: Internal error processing clearLocatorCache
org.apache.thrift.TException: org.apache.accumulo.core.client.AccumuloSecurityException: Error PERMISSION_DENIED for user Incorrect shared secret provided - User does not have permission to perform this action

Does the same thing happen on your end?

DomGarguilo commented 1 year ago

@DomGarguilo Do you think this is still valid (not counting the specific version mentioned)? I went through the tests and they all passed in my IDE but they generally failed in my terminal with:

2023-02-12T10:50:34,266 [thrift.ProcessFunction] ERROR: Internal error processing clearLocatorCache
org.apache.thrift.TException: org.apache.accumulo.core.client.AccumuloSecurityException: Error PERMISSION_DENIED for user Incorrect shared secret provided - User does not have permission to perform this action

Does the same thing happen on your end?

I have not seen any tests fail, have you, if so which ones? A lot of the tests expect and assert that an exception is thrown and I think that's where these error messages are coming from.