[
https://issues.apache.org/jira/browse/HBASE-16700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15713677#comment-15713677
]
Enis Soztutar commented on HBASE-16700:
---------------------------------------
Thanks Clay for the updated patches. Looks pretty good to commit. Just some
last items:
- We should remove this (assuming that you added that for debugging):
{code}
+ static {
+
Logger.getLogger(CoprocessorWhitelistMasterObserver.class).setLevel(Level.TRACE);
+ Logger.getLogger("org.apache.hbase.server").setLevel(Level.TRACE);
+ }
{code}
- Can you please refactor var names like {{coproc_path}} to camelCase.
- Did you want to enable this test?
{code}
+// @Test
+ @Category(MediumTests.class)
+ public void testCreationClasspathCoprocessor() throws Exception {
{code}
- great doc!
> Allow for coprocessor whitelisting
> ----------------------------------
>
> Key: HBASE-16700
> URL: https://issues.apache.org/jira/browse/HBASE-16700
> Project: HBase
> Issue Type: Improvement
> Components: Coprocessors
> Reporter: Clay B.
> Priority: Minor
> Labels: security
> Attachments: HBASE-16700.000.patch, HBASE-16700.001.patch,
> HBASE-16700.002.patch, HBASE-16700.003.patch, HBASE-16700.004.patch,
> HBASE-16700.005.patch, HBASE-16700.006.patch, HBASE-16700.007.patch
>
>
> Today one can turn off all non-system coprocessors with
> {{hbase.coprocessor.user.enabled}} however, this disables very useful things
> like Apache Phoenix's coprocessors. Some tenants of a multi-user HBase may
> also need to run bespoke coprocessors. But as an operator I would not want
> wanton coprocessor usage. Ideally, one could do one of two things:
> * Allow coprocessors defined in {{hbase-site.xml}} -- this can only be
> administratively changed in most cases
> * Allow coprocessors from table descriptors but only if the coprocessor is
> whitelisted
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
