[jira] [Commented] (HBASE-20605) Exclude new Azure Storage FileSystem from SecureBulkLoadEndpoint permission check

Wed, 23 May 2018 12:36:18 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-20605?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16487910#comment-16487910
 ] 

Josh Elser commented on HBASE-20605:
------------------------------------

{quote}The above is the minimal set of file systems without permission support.
 When reading from config, should the custom config value be added to this set ?
{quote}
I don't think we want to have an unmodifiable list of 
permission-check-exclusions. My goal is that we default to some "sane" value, 
but let users who know what they're doing change that (e.g. if we find out this 
list is wrong, users don't need a new hbase version to work around that).
{quote}I do like your improvement on my comment though, of how viewfs over 
other than hdfs will mess us up too.... with its masking.
{quote}
[~stack] do you think it's a good idea to just add viewfs to this list? I see 
that {{ViewFs}} does have some methods for inspecting the mount points, but I 
feel like we'd just be putting lipstick on a pig (we can try to fail more 
gracefully, but filesystems that don't provide security shouldn't be a primary 
focus of ours)

> Exclude new Azure Storage FileSystem from SecureBulkLoadEndpoint permission 
> check
> ---------------------------------------------------------------------------------
>
>                 Key: HBASE-20605
>                 URL: https://issues.apache.org/jira/browse/HBASE-20605
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Major
>             Fix For: 1.5.0, 1.3.3, 1.4.5
>
>         Attachments: HBASE-20605.001.branch-1.patch
>
>
> Some folks in Hadoop are working on landing a new FileSystem from the Azure 
> team: HADOOP-15407
> At present, this FileSystem doesn't support permissions which causes the 
> SecureBulkLoadEndpoint to balk because it the staging directory doesn't have 
> the proper 711 permissions.
> We have a static list of FileSystem schemes which we ignore this check on. I 
> have a patch on an HBase 1.1ish which:
>  # Adds the new FileSystem scheme
>  # Makes this list configurable for the future



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to