Hi,
Looking at our `PolicyProvider` implementation I see this:
/**
* Implementation of secure Hadoop policy provider for mapping
* protocol interfaces to hbase-policy.xml entries.
*/
@InterfaceAudience.Private
public class HBasePolicyProvider extends PolicyProvider {
protected final static Service[] services = {
new Service("security.client.protocol.acl",
ClientService.BlockingInterface.class),
new Service("security.client.protocol.acl",
AdminService.BlockingInterface.class),
new Service("security.admin.protocol.acl",
MasterService.BlockingInterface.class),
new Service("security.masterregion.protocol.acl",
RegionServerStatusService.BlockingInterface.class)
};
How does that all make sense? Both the `ClientService` and
`AdminService` are controlled by the `security.client.protocol.acl`
setting, allowing (or disallowing) access to the two client side APIs.
But then there is the `security.admin.protocol.acl` for the
`MasterService` that controls another half of the administrative
calls?
And then the last of them, which I presume by looking at the provided
methods that it covers the Master-RegionServer communication. It is
controlled by `security.masterregion.protocol.acl`... did we run out
of characters to not name that at least
`security.masterregionserver.protocol.acl`?
Can anyone explain what we are doing here? And why?
Best,
Lars
