[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134054#comment-14134054 ] Andrew Purtell commented on HBASE-11136: +1 patch v3, looks good Looks good for 0.98 too Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134074#comment-14134074 ] Ted Yu commented on HBASE-11136: Integrated to branch-1 and master. 0.98 needs separate patch. Thanks for the patch, Jerry. Thanks for the review, Andrew Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134120#comment-14134120 ] Hudson commented on HBASE-11136: FAILURE: Integrated in HBase-1.0 #185 (See [https://builds.apache.org/job/HBase-1.0/185/]) HBASE-11136 Add permission check to roll WAL writer (Jerry He) (tedyu: rev 1f1a2c514ec4fcc45f8f6d9979069b8a1bfbcc9e) * hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134121#comment-14134121 ] Andrew Purtell commented on HBASE-11136: bq. 0.98 needs separate patch. Ok, I will take care of this. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134187#comment-14134187 ] Jerry He commented on HBASE-11136: -- Hi, [~tedyu], [~apurtell] I attached a 0.98-v3 patch. Thanks for the review and commit! Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-0.98-v3.patch, HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[
https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134194#comment-14134194
]
Hadoop QA commented on HBASE-11136:
---
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12668802/HBASE-11136-0.98-v3.patch
against trunk revision .
ATTACHMENT ID: 12668802
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 3 new
or modified tests.
{color:red}-1 patch{color}. The patch command could not apply the patch.
Console output:
https://builds.apache.org/job/PreCommit-HBASE-Build/10892//console
This message is automatically generated.
Add permission check to roll WAL writer
Key: HBASE-11136
URL: https://issues.apache.org/jira/browse/HBASE-11136
Project: HBase
Issue Type: Improvement
Components: regionserver, security
Affects Versions: 0.96.2, 0.98.2
Reporter: Jerry He
Assignee: Jerry He
Priority: Minor
Fix For: 2.0.0, 0.98.7, 0.99.1
Attachments: HBASE-11136-0.98-v3.patch, HBASE-11136-trunk-v1.patch,
HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch
Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to
roll WAL on a region server. But no permission check is done on this
operation in a secure cluster.
We need to add permission check to prevent un-authorized user from running
this operation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134233#comment-14134233 ] Hudson commented on HBASE-11136: FAILURE: Integrated in HBase-TRUNK #5506 (See [https://builds.apache.org/job/HBase-TRUNK/5506/]) HBASE-11136 Add permission check to roll WAL writer (Jerry He) (tedyu: rev 57477fe18cb36f62b8c7267ab6c5230c3a0e7e0b) * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java * hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-0.98-v3.patch, HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134404#comment-14134404 ] Hudson commented on HBASE-11136: FAILURE: Integrated in HBase-0.98 #519 (See [https://builds.apache.org/job/HBase-0.98/519/]) HBASE-11136 Add permission check to roll WAL writer (Jerry He) (apurtell: rev 2bf6dc07d678566cd90bbb9fe3875af5ca121bc6) * hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-0.98-v3.patch, HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134442#comment-14134442 ] Hudson commented on HBASE-11136: FAILURE: Integrated in HBase-0.98-on-Hadoop-1.1 #494 (See [https://builds.apache.org/job/HBase-0.98-on-Hadoop-1.1/494/]) HBASE-11136 Add permission check to roll WAL writer (Jerry He) (apurtell: rev 2bf6dc07d678566cd90bbb9fe3875af5ca121bc6) * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java * hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-0.98-v3.patch, HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[
https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133347#comment-14133347
]
Jerry He commented on HBASE-11136:
--
Hadoop QA is not triggered.
Here is my local 'mvn test' result:
{code}
[INFO] Reactor Summary:
[INFO]
[INFO] HBase . SUCCESS [ 1.744 s]
[INFO] HBase - Common SUCCESS [ 49.489 s]
[INFO] HBase - Protocol .. SUCCESS [ 0.072 s]
[INFO] HBase - Client SUCCESS [01:02 min]
[INFO] HBase - Hadoop Compatibility .. SUCCESS [ 8.154 s]
[INFO] HBase - Hadoop Two Compatibility .. SUCCESS [ 6.011 s]
[INFO] HBase - Prefix Tree ... SUCCESS [ 9.036 s]
[INFO] HBase - Server SUCCESS [57:31 min]
[INFO] HBase - Testing Util .. SUCCESS [ 1.121 s]
[INFO] HBase - Thrift SUCCESS [02:10 min]
[INFO] HBase - Shell . SUCCESS [ 1.567 s]
[INFO] HBase - Integration Tests . SUCCESS [ 0.516 s]
[INFO] HBase - Examples .. SUCCESS [ 3.010 s]
[INFO] HBase - Assembly .. SUCCESS [ 1.052 s]
[INFO]
[INFO] BUILD SUCCESS
[INFO]
[INFO] Total time: 01:02 h
[INFO] Finished at: 2014-09-14T11:50:46-08:00
{code}
Add permission check to roll WAL writer
Key: HBASE-11136
URL: https://issues.apache.org/jira/browse/HBASE-11136
Project: HBase
Issue Type: Improvement
Components: regionserver, security
Affects Versions: 0.96.2, 0.98.2
Reporter: Jerry He
Assignee: Jerry He
Priority: Minor
Fix For: 2.0.0, 0.98.7, 0.99.1
Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch
Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to
roll WAL on a region server. But no permission check is done on this
operation in a secure cluster.
We need to add permission check to prevent un-authorized user from running
this operation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[
https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133372#comment-14133372
]
Ted Yu commented on HBASE-11136:
lgtm
Minor:
{code}
+ * @param ctx An instance of RegionServerCoprocessorEnvironment
{code}
ctx is ObserverContext, not environment.
Add permission check to roll WAL writer
Key: HBASE-11136
URL: https://issues.apache.org/jira/browse/HBASE-11136
Project: HBase
Issue Type: Improvement
Components: regionserver, security
Affects Versions: 0.96.2, 0.98.2
Reporter: Jerry He
Assignee: Jerry He
Priority: Minor
Fix For: 2.0.0, 0.98.7, 0.99.1
Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch
Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to
roll WAL on a region server. But no permission check is done on this
operation in a secure cluster.
We need to add permission check to prevent un-authorized user from running
this operation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133385#comment-14133385 ] Jerry He commented on HBASE-11136: -- Hi, [~yuzhih...@gmail.com] Thanks! Corrected with trunk-v3. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[
https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133442#comment-14133442
]
Hadoop QA commented on HBASE-11136:
---
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12668636/HBASE-11136-trunk-v2.patch
against trunk revision .
ATTACHMENT ID: 12668636
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 3 new
or modified tests.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:red}-1 findbugs{color}. The patch appears to introduce 1 new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 lineLengths{color}. The patch does not introduce lines
longer than 100
{color:green}+1 site{color}. The mvn site goal succeeds with this patch.
{color:red}-1 core tests{color}. The patch failed these unit tests:
org.apache.hadoop.hbase.regionserver.TestEndToEndSplitTransaction
org.apache.hadoop.hbase.client.TestReplicaWithCluster
{color:red}-1 core zombie tests{color}. There are 2 zombie test(s):
at
org.apache.hadoop.hbase.mapreduce.TestTableInputFormatScanBase.testScan(TestTableInputFormatScanBase.java:238)
at
org.apache.hadoop.hbase.mapreduce.TestTableInputFormatScan2.testScanYYXToEmpty(TestTableInputFormatScan2.java:84)
at
org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsWithDefaultVisLabelService.testAddVisibilityLabelsOnRSRestart(TestVisibilityLabelsWithDefaultVisLabelService.java:115)
at
org.apache.hadoop.hbase.security.visibility.TestVisibilityLabels.testVisibilityLabelsOnKillingOfRSContainingLabelsTable(TestVisibilityLabels.java:359)
Test results:
https://builds.apache.org/job/PreCommit-HBASE-Build/10879//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Console output:
https://builds.apache.org/job/PreCommit-HBASE-Build/10879//console
This message is automatically generated.
Add permission check to roll WAL writer
Key: HBASE-11136
URL: https://issues.apache.org/jira/browse/HBASE-11136
Project: HBase
Issue Type: Improvement
Components: regionserver, security
Affects Versions: 0.96.2, 0.98.2
Reporter: Jerry He
Assignee: Jerry He
Priority: Minor
Fix For: 2.0.0, 0.98.7, 0.99.1
Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch,
HBASE-11136-trunk-v3.patch
Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to
roll WAL on a region server. But no permission check is done on this
operation in a secure cluster.
We need to add permission check to prevent un-authorized user from running
this operation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[
https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133477#comment-14133477
]
Hadoop QA commented on HBASE-11136:
---
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12668674/HBASE-11136-trunk-v3.patch
against trunk revision .
ATTACHMENT ID: 12668674
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 3 new
or modified tests.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:red}-1 findbugs{color}. The patch appears to introduce 1 new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 lineLengths{color}. The patch does not introduce lines
longer than 100
{color:green}+1 site{color}. The mvn site goal succeeds with this patch.
{color:red}-1 core tests{color}. The patch failed these unit tests:
org.apache.hadoop.hbase.replication.regionserver.TestReplicationThrottler
Test results:
https://builds.apache.org/job/PreCommit-HBASE-Build/10880//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Console output:
https://builds.apache.org/job/PreCommit-HBASE-Build/10880//console
This message is automatically generated.
Add permission check to roll WAL writer
Key: HBASE-11136
URL: https://issues.apache.org/jira/browse/HBASE-11136
Project: HBase
Issue Type: Improvement
Components: regionserver, security
Affects Versions: 0.96.2, 0.98.2
Reporter: Jerry He
Assignee: Jerry He
Priority: Minor
Fix For: 2.0.0, 0.98.7, 0.99.1
Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch,
HBASE-11136-trunk-v3.patch
Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to
roll WAL on a region server. But no permission check is done on this
operation in a secure cluster.
We need to add permission check to prevent un-authorized user from running
this operation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133539#comment-14133539 ] Ted Yu commented on HBASE-11136: [~apurtell]: Do you have other comments based on patch v3 ? Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133579#comment-14133579 ] Jerry He commented on HBASE-11136: -- The test failures don't see to be related to the patch. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133080#comment-14133080 ] Jerry He commented on HBASE-11136: -- Attached v2-patch that rebased with the latest and addressed comments from [~enis] and [~apurtell]. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[
https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14127911#comment-14127911
]
Andrew Purtell commented on HBASE-11136:
Don't add this logging (there's a mis-spelling there anyway). The other change
looks like a whitespace only change so the whole hunk can be removed:
{code}
---
a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
+++
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
@@ -787,13 +787,19 @@ public class AccessController extends BaseRegionObserver
if (env instanceof MasterCoprocessorEnvironment) {
// if running on HMaster
MasterCoprocessorEnvironment mEnv = (MasterCoprocessorEnvironment) env;
+ LOG.info(AccessController runing on master:
+ + mEnv.getMasterServices().getServerName().getServerName());
zk = mEnv.getMasterServices().getZooKeeper();
-} else if (env instanceof RegionServerCoprocessorEnvironment) {
+} else if (env instanceof RegionServerCoprocessorEnvironment) {
RegionServerCoprocessorEnvironment rsEnv =
(RegionServerCoprocessorEnvironment) env;
+ LOG.info(AccessController runing on region server:
+ + rsEnv.getRegionServerServices().getServerName().getServerName());
zk = rsEnv.getRegionServerServices().getZooKeeper();
} else if (env instanceof RegionCoprocessorEnvironment) {
// if running at region
regionEnv = (RegionCoprocessorEnvironment) env;
+ LOG.info(AccessControler runing at region:
+ + regionEnv.getRegion().getRegionNameAsString());
conf.addStringMap(regionEnv.getRegion().getTableDesc().getConfiguration());
zk = regionEnv.getRegionServerServices().getZooKeeper();
compatibleEarlyTermination =
conf.getBoolean(AccessControlConstants.CF_ATTRIBUTE_EARLY_OUT,
{code}
Otherwise it looks ok.
Add permission check to roll WAL writer
Key: HBASE-11136
URL: https://issues.apache.org/jira/browse/HBASE-11136
Project: HBase
Issue Type: Improvement
Components: regionserver, security
Affects Versions: 0.96.2, 0.98.2
Reporter: Jerry He
Assignee: Jerry He
Priority: Minor
Fix For: 2.0.0, 0.98.7, 0.99.1
Attachments: HBASE-11136-trunk-v1.patch
Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to
roll WAL on a region server. But no permission check is done on this
operation in a secure cluster.
We need to add permission check to prevent un-authorized user from running
this operation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14127912#comment-14127912 ] Andrew Purtell commented on HBASE-11136: ADMIN privilege makes more sense to me (as opposed to CREATE) Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[
https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14127934#comment-14127934
]
Andrew Purtell commented on HBASE-11136:
Also, please avoid copy-paste in the new methods in
RegionServerCoprocessorHost.java. You must be using an old version of trunk
somehow. The new way we write hooks looks like:
{code}
public boolean preMergeCommit(final HRegion regionA, final HRegion regionB,
final @MetaMutationAnnotation ListMutation metaEntries) throws IOExcept\
ion {
return execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperati\
on() {
@Override
public void call(RegionServerObserver oserver,
ObserverContextRegionServerCoprocessorEnvironment ctx) throws IOExc\
eption {
oserver.preMergeCommit(ctx, regionA, regionB, metaEntries);
}
});
}
public void postMergeCommit(final HRegion regionA, final HRegion regionB,
final HRegion mergedRegion) throws IOException {
execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() {
@Override
public void call(RegionServerObserver oserver,
ObserverContextRegionServerCoprocessorEnvironment ctx) throws IOExc\
eption {
oserver.postMergeCommit(ctx, regionA, regionB, mergedRegion);
}
});
}
{code}
after HBASE-11931
Add permission check to roll WAL writer
Key: HBASE-11136
URL: https://issues.apache.org/jira/browse/HBASE-11136
Project: HBase
Issue Type: Improvement
Components: regionserver, security
Affects Versions: 0.96.2, 0.98.2
Reporter: Jerry He
Assignee: Jerry He
Priority: Minor
Fix For: 2.0.0, 0.98.7, 0.99.1
Attachments: HBASE-11136-trunk-v1.patch
Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to
roll WAL on a region server. But no permission check is done on this
operation in a secure cluster.
We need to add permission check to prevent un-authorized user from running
this operation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14127979#comment-14127979 ] Jerry He commented on HBASE-11136: -- Hi, [~apurtell] The patch is old. I will rebase and update it. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14126541#comment-14126541 ] Enis Soztutar commented on HBASE-11136: --- This looks important to fix. postRollWALWriter() is not called from the RS. Also the name pre/postRollWALWriter() implies that they are called from RS normally (for all WAL rolling), but these are just for log roll requests. we should name them postRollWALWriterRequest() I think. Other than that, the patch looks good. [~apurtell] it would be good if you took a look. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13995934#comment-13995934 ] Ted Yu commented on HBASE-11136: Would adding Permission.Action.CREATE give less surprise to users ? Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[
https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13995572#comment-13995572
]
Hadoop QA commented on HBASE-11136:
---
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12644436/HBASE-11136-trunk-v1.patch
against trunk revision .
ATTACHMENT ID: 12644436
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 3 new
or modified tests.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 lineLengths{color}. The patch does not introduce lines
longer than 100
{color:green}+1 site{color}. The mvn site goal succeeds with this patch.
{color:red}-1 core tests{color}. The patch failed these unit tests:
org.apache.hadoop.hbase.client.TestMultiParallel
Test results:
https://builds.apache.org/job/PreCommit-HBASE-Build/9501//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Console output:
https://builds.apache.org/job/PreCommit-HBASE-Build/9501//console
This message is automatically generated.
Add permission check to roll WAL writer
Key: HBASE-11136
URL: https://issues.apache.org/jira/browse/HBASE-11136
Project: HBase
Issue Type: Improvement
Components: regionserver, security
Affects Versions: 0.96.2, 0.98.2
Reporter: Jerry He
Assignee: Jerry He
Priority: Minor
Fix For: 0.99.0
Attachments: HBASE-11136-trunk-v1.patch
Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to
roll WAL on a region server. But no permission check is done on this
operation in a secure cluster.
We need to add permission check to prevent un-authorized user from running
this operation.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13992503#comment-13992503 ] Jerry He commented on HBASE-11136: -- Probably global ADMIN privilege should be required? Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Priority: Minor Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13996579#comment-13996579 ] Ted Yu commented on HBASE-11136: [~apurtell]: Can you take a look ? Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13996091#comment-13996091 ] Jerry He commented on HBASE-11136: -- Hi, Ted I don't have strong preference either way. An example that requires global create privilege is 'create table'. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[
https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13995486#comment-13995486
]
Ted Yu commented on HBASE-11136:
{code}
+requirePermission(preRollLogWriter, Permission.Action.ADMIN);
{code}
Should we consider Permission.Action.CREATE as well ?
Add permission check to roll WAL writer
Key: HBASE-11136
URL: https://issues.apache.org/jira/browse/HBASE-11136
Project: HBase
Issue Type: Improvement
Components: regionserver, security
Affects Versions: 0.96.2, 0.98.2
Reporter: Jerry He
Assignee: Jerry He
Priority: Minor
Fix For: 0.99.0
Attachments: HBASE-11136-trunk-v1.patch
Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to
roll WAL on a region server. But no permission check is done on this
operation in a secure cluster.
We need to add permission check to prevent un-authorized user from running
this operation.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13995280#comment-13995280 ] Jerry He commented on HBASE-11136: -- Attached a patch. The patch also includes a missing documentation on 'hbase.coprocessor.regionserver.classes'. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13995314#comment-13995314 ] Ted Yu commented on HBASE-11136: What's the purpose of adding postRollWALWriter() hook ? Can you post the result for unit test suite ? QA bot is down. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13995578#comment-13995578 ] Jerry He commented on HBASE-11136: -- Hi, Ted Good question. I am not very clear regarding Permission.Action.CREATE with a global permission scope Some examples of only Permission.Action.ADMIN is balance, snapshot, stop rs. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[
https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13995333#comment-13995333
]
Jerry He commented on HBASE-11136:
--
There is no use for postRollWALWriter() now.
Is it customary to have both pre and post in there?
{code}
[INFO]
[INFO] Reactor Summary:
[INFO]
[INFO] HBase . SUCCESS [ 1.712 s]
[INFO] HBase - Common SUCCESS [ 25.713 s]
[INFO] HBase - Protocol .. SUCCESS [ 0.265 s]
[INFO] HBase - Client SUCCESS [ 36.078 s]
[INFO] HBase - Hadoop Compatibility .. SUCCESS [ 6.542 s]
[INFO] HBase - Hadoop Two Compatibility .. SUCCESS [ 1.359 s]
[INFO] HBase - Prefix Tree ... SUCCESS [ 3.470 s]
[INFO] HBase - Server SUCCESS [43:07 min]
[INFO] HBase - Testing Util .. SUCCESS [ 1.276 s]
[INFO] HBase - Thrift SUCCESS [01:45 min]
[INFO] HBase - Shell . SUCCESS [ 1.054 s]
[INFO] HBase - Integration Tests . SUCCESS [ 1.267 s]
[INFO] HBase - Examples .. SUCCESS [ 1.064 s]
[INFO] HBase - Assembly .. SUCCESS [ 0.916 s]
[INFO]
[INFO] BUILD SUCCESS
{code}
Add permission check to roll WAL writer
Key: HBASE-11136
URL: https://issues.apache.org/jira/browse/HBASE-11136
Project: HBase
Issue Type: Improvement
Components: regionserver, security
Affects Versions: 0.96.2, 0.98.2
Reporter: Jerry He
Assignee: Jerry He
Priority: Minor
Fix For: 0.99.0
Attachments: HBASE-11136-trunk-v1.patch
Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to
roll WAL on a region server. But no permission check is done on this
operation in a secure cluster.
We need to add permission check to prevent un-authorized user from running
this operation.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
