[
https://issues.apache.org/jira/browse/HBASE-14169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14709628#comment-14709628
]
Francis Liu commented on HBASE-14169:
-------------------------------------
[~eclark] I only took a quick look at configuration, it seems the framework
assumes that the configuration changes are in the *-site.xml as it refreshes a
Configuration object. For ProxyUsers strictly speaking, the configuration
change may not come from a *-site.xml change as ProxyUsers instantiates a
provider class (from the config) and that may have a different way of keeping
track of configurations. It'll be a bit clunky but I could use the same
framework to refresh ProxyUsers and that would save us from adding another
AccessController rpc on the region server. But we should at least have a
different cli api and possibly still have a cp endpoint api on the master as
strictly speaking this shouldn't really fall into Configuration. Thoughts?
> API to refreshSuperUserGroupsConfiguration
> ------------------------------------------
>
> Key: HBASE-14169
> URL: https://issues.apache.org/jira/browse/HBASE-14169
> Project: HBase
> Issue Type: New Feature
> Reporter: Francis Liu
> Assignee: Francis Liu
> Attachments: HBASE-14169.patch, HBASE-14169_2.patch,
> HBASE-14169_3.patch
>
>
> For deployments that use security. User impersonation (AKA doAs()) is needed
> for some services (ie Stargate, thriftserver, Oozie, etc). Impersonation
> definitions are defined in a xml config file and read and cached by the
> ProxyUsers class. Calling this api will refresh cached information,
> eliminating the need to restart the master/regionserver whenever the
> configuration is changed.
> Implementation just adds another method to AccessControlService.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
