UpgradeTool does not upgrade all namespaces/datasets, when authorization is enabled
Description
If authorization is enabled, there is filtering when listing namespaces, datasets, etc.
Because of this, not all namespaces will be upgraded by the UpgradeTool (since the cdap user may not be authorized on all namespaces).
Release Notes
Fixed a bug that prevented Upgrade Tool in being run for namespace with authorization turned on.
Activity
Isn't this Jira duplicate of this https://issues.cask.co/browse/CDAP-6577 ?
It's not. This JIRA is about retrieving the entire list of namespaces (without being filtered).
There's no way to impersonate, if you can't even retrieve the namespaces or their configs.
I see. You need the namespace configs to get the ns user. Sounds good.
CDAP needs to be able to unconditionally list namespace and upgrade user datasets/applications, so disabling authorization for such tools (UpgradeTool and HBaseQueueDebugger): https://github.com/caskdata/cdap/pull/6971
Below is a possible error that could've happened on 3.5.1 or 3.6.0. This can happen when cdap did not have ability to see the cdap namespace, but the hbase namespace and tables were visible.
The reverse hbase namespace mapping did not have an entry for that hbase namespace.
