[
https://issues.apache.org/jira/browse/HBASE-14169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14715596#comment-14715596
]
Francis Liu commented on HBASE-14169:
-------------------------------------
I think we're on the same page....just different sentences. :-)
{quote}
Nope that's the public api of ProxyUsers. It's in the name of the method, in
the parameters, and in the static un-extendable code.
{quote}
Agreed. Tho I was talking about the provider that there's no guarantee it'll
read from config. The provider is read from config that is clear.
{quote}
If there's some company specific ImpersonationProvider that does different
things then having ProxyUsers.refreshSuperUserGroupsConfiguration tied to
reloading config won't be harmful at all.
{quote}
Agreed. My point that it is clunky, even HDFS has a separate cli and client api
to refresh the super user configuration.
Having said would you still like the patch to be changed as part of a refresh
configuration call? How do you suggest we do this for 1.x? Are we backporting
refresh framework?
[~mbertozzi] [~apurtell] Just confirming this changes are ok with you guys as
well?
> API to refreshSuperUserGroupsConfiguration
> ------------------------------------------
>
> Key: HBASE-14169
> URL: https://issues.apache.org/jira/browse/HBASE-14169
> Project: HBase
> Issue Type: New Feature
> Reporter: Francis Liu
> Assignee: Francis Liu
> Attachments: HBASE-14169.patch, HBASE-14169_2.patch,
> HBASE-14169_3.patch
>
>
> For deployments that use security. User impersonation (AKA doAs()) is needed
> for some services (ie Stargate, thriftserver, Oozie, etc). Impersonation
> definitions are defined in a xml config file and read and cached by the
> ProxyUsers class. Calling this api will refresh cached information,
> eliminating the need to restart the master/regionserver whenever the
> configuration is changed.
> Implementation just adds another method to AccessControlService.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
