[jira] [Commented] (HBASE-16700) Allow for coprocessor whitelisting

[Enis Soztutar (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HBASE-16700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15654877#comment-15654877
 ] 

Enis Soztutar commented on HBASE-16700:
---------------------------------------

Thanks Clay for working on this. A couple of comments: 
 - You want to also inject into preCreateTable() as well since a table can be 
created with the coprocessors already defined. 
 - We should rename {{hbase.coprocessor.regionserver.whitelist.paths}} to  
{{hbase.coprocessor.region.whitelist.paths}} because the coprocessors whose 
paths are whitelisted are "region observers", not regionserver observers.
 - From the issue title, I was assuming this is whitelisting the coprocessor 
classes. It seems that we are whitelisting the paths instead. Do we want to do 
both, or just paths is fine for your use case. Lets change the title to reflect 
that. 
 - With this approach, existing table descriptors are not checked, but it maybe 
fine for now. 
 - This is not used, we should remove it: 
{code}
+  public static final long VERSION = 0L;
{code}
 - In case of Phoenix, the coprocessors are never loaded from HDFS at all. 
Everything is already under the deploy directory of hbase lib dir in local file 
system. Is there are way we can disable all coprocessor loading from HDFS and 
allow only those from existing classpath? 
 - [~apurtell] do you want to take a look at this? 


> Allow for coprocessor whitelisting
> ----------------------------------
>
>                 Key: HBASE-16700
>                 URL: https://issues.apache.org/jira/browse/HBASE-16700
>             Project: HBase
>          Issue Type: Improvement
>          Components: Coprocessors
>            Reporter: Clay B.
>            Priority: Minor
>              Labels: security
>         Attachments: HBASE-16700.000.patch, HBASE-16700.001.patch
>
>
> Today one can turn off all non-system coprocessors with 
> {{hbase.coprocessor.user.enabled}} however, this disables very useful things 
> like Apache Phoenix's coprocessors. Some tenants of a multi-user HBase may 
> also need to run bespoke coprocessors. But as an operator I would not want 
> wanton coprocessor usage. Ideally, one could do one of two things:
> * Allow coprocessors defined in {{hbase-site.xml}} -- this can only be 
> administratively changed in most cases
> * Allow coprocessors from table descriptors but only if the coprocessor is 
> whitelisted



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)