[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134054#comment-14134054 ] Andrew Purtell commented on HBASE-11136: +1 patch v3, looks good Looks good for 0.98 too Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134074#comment-14134074 ] Ted Yu commented on HBASE-11136: Integrated to branch-1 and master. 0.98 needs separate patch. Thanks for the patch, Jerry. Thanks for the review, Andrew Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134120#comment-14134120 ] Hudson commented on HBASE-11136: FAILURE: Integrated in HBase-1.0 #185 (See [https://builds.apache.org/job/HBase-1.0/185/]) HBASE-11136 Add permission check to roll WAL writer (Jerry He) (tedyu: rev 1f1a2c514ec4fcc45f8f6d9979069b8a1bfbcc9e) * hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134121#comment-14134121 ] Andrew Purtell commented on HBASE-11136: bq. 0.98 needs separate patch. Ok, I will take care of this. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134187#comment-14134187 ] Jerry He commented on HBASE-11136: -- Hi, [~tedyu], [~apurtell] I attached a 0.98-v3 patch. Thanks for the review and commit! Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-0.98-v3.patch, HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134194#comment-14134194 ] Hadoop QA commented on HBASE-11136: --- {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12668802/HBASE-11136-0.98-v3.patch against trunk revision . ATTACHMENT ID: 12668802 {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 3 new or modified tests. {color:red}-1 patch{color}. The patch command could not apply the patch. Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/10892//console This message is automatically generated. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-0.98-v3.patch, HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134233#comment-14134233 ] Hudson commented on HBASE-11136: FAILURE: Integrated in HBase-TRUNK #5506 (See [https://builds.apache.org/job/HBase-TRUNK/5506/]) HBASE-11136 Add permission check to roll WAL writer (Jerry He) (tedyu: rev 57477fe18cb36f62b8c7267ab6c5230c3a0e7e0b) * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java * hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-0.98-v3.patch, HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134404#comment-14134404 ] Hudson commented on HBASE-11136: FAILURE: Integrated in HBase-0.98 #519 (See [https://builds.apache.org/job/HBase-0.98/519/]) HBASE-11136 Add permission check to roll WAL writer (Jerry He) (apurtell: rev 2bf6dc07d678566cd90bbb9fe3875af5ca121bc6) * hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-0.98-v3.patch, HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14134442#comment-14134442 ] Hudson commented on HBASE-11136: FAILURE: Integrated in HBase-0.98-on-Hadoop-1.1 #494 (See [https://builds.apache.org/job/HBase-0.98-on-Hadoop-1.1/494/]) HBASE-11136 Add permission check to roll WAL writer (Jerry He) (apurtell: rev 2bf6dc07d678566cd90bbb9fe3875af5ca121bc6) * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java * hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-0.98-v3.patch, HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133347#comment-14133347 ] Jerry He commented on HBASE-11136: -- Hadoop QA is not triggered. Here is my local 'mvn test' result: {code} [INFO] Reactor Summary: [INFO] [INFO] HBase . SUCCESS [ 1.744 s] [INFO] HBase - Common SUCCESS [ 49.489 s] [INFO] HBase - Protocol .. SUCCESS [ 0.072 s] [INFO] HBase - Client SUCCESS [01:02 min] [INFO] HBase - Hadoop Compatibility .. SUCCESS [ 8.154 s] [INFO] HBase - Hadoop Two Compatibility .. SUCCESS [ 6.011 s] [INFO] HBase - Prefix Tree ... SUCCESS [ 9.036 s] [INFO] HBase - Server SUCCESS [57:31 min] [INFO] HBase - Testing Util .. SUCCESS [ 1.121 s] [INFO] HBase - Thrift SUCCESS [02:10 min] [INFO] HBase - Shell . SUCCESS [ 1.567 s] [INFO] HBase - Integration Tests . SUCCESS [ 0.516 s] [INFO] HBase - Examples .. SUCCESS [ 3.010 s] [INFO] HBase - Assembly .. SUCCESS [ 1.052 s] [INFO] [INFO] BUILD SUCCESS [INFO] [INFO] Total time: 01:02 h [INFO] Finished at: 2014-09-14T11:50:46-08:00 {code} Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133372#comment-14133372 ] Ted Yu commented on HBASE-11136: lgtm Minor: {code} + * @param ctx An instance of RegionServerCoprocessorEnvironment {code} ctx is ObserverContext, not environment. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133385#comment-14133385 ] Jerry He commented on HBASE-11136: -- Hi, [~yuzhih...@gmail.com] Thanks! Corrected with trunk-v3. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133442#comment-14133442 ] Hadoop QA commented on HBASE-11136: --- {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12668636/HBASE-11136-trunk-v2.patch against trunk revision . ATTACHMENT ID: 12668636 {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 3 new or modified tests. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages. {color:red}-1 findbugs{color}. The patch appears to introduce 1 new Findbugs (version 2.0.3) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 lineLengths{color}. The patch does not introduce lines longer than 100 {color:green}+1 site{color}. The mvn site goal succeeds with this patch. {color:red}-1 core tests{color}. The patch failed these unit tests: org.apache.hadoop.hbase.regionserver.TestEndToEndSplitTransaction org.apache.hadoop.hbase.client.TestReplicaWithCluster {color:red}-1 core zombie tests{color}. There are 2 zombie test(s): at org.apache.hadoop.hbase.mapreduce.TestTableInputFormatScanBase.testScan(TestTableInputFormatScanBase.java:238) at org.apache.hadoop.hbase.mapreduce.TestTableInputFormatScan2.testScanYYXToEmpty(TestTableInputFormatScan2.java:84) at org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsWithDefaultVisLabelService.testAddVisibilityLabelsOnRSRestart(TestVisibilityLabelsWithDefaultVisLabelService.java:115) at org.apache.hadoop.hbase.security.visibility.TestVisibilityLabels.testVisibilityLabelsOnKillingOfRSContainingLabelsTable(TestVisibilityLabels.java:359) Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/10879//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-common.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-client.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-server.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-protocol.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-thrift.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-examples.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10879//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/10879//console This message is automatically generated. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133477#comment-14133477 ] Hadoop QA commented on HBASE-11136: --- {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12668674/HBASE-11136-trunk-v3.patch against trunk revision . ATTACHMENT ID: 12668674 {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 3 new or modified tests. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages. {color:red}-1 findbugs{color}. The patch appears to introduce 1 new Findbugs (version 2.0.3) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 lineLengths{color}. The patch does not introduce lines longer than 100 {color:green}+1 site{color}. The mvn site goal succeeds with this patch. {color:red}-1 core tests{color}. The patch failed these unit tests: org.apache.hadoop.hbase.replication.regionserver.TestReplicationThrottler Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/10880//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-client.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-examples.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-protocol.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-common.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-server.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-thrift.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/10880//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/10880//console This message is automatically generated. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133539#comment-14133539 ] Ted Yu commented on HBASE-11136: [~apurtell]: Do you have other comments based on patch v3 ? Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133579#comment-14133579 ] Jerry He commented on HBASE-11136: -- The test failures don't see to be related to the patch. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch, HBASE-11136-trunk-v3.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133080#comment-14133080 ] Jerry He commented on HBASE-11136: -- Attached v2-patch that rebased with the latest and addressed comments from [~enis] and [~apurtell]. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch, HBASE-11136-trunk-v2.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14127911#comment-14127911 ] Andrew Purtell commented on HBASE-11136: Don't add this logging (there's a mis-spelling there anyway). The other change looks like a whitespace only change so the whole hunk can be removed: {code} --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java @@ -787,13 +787,19 @@ public class AccessController extends BaseRegionObserver if (env instanceof MasterCoprocessorEnvironment) { // if running on HMaster MasterCoprocessorEnvironment mEnv = (MasterCoprocessorEnvironment) env; + LOG.info(AccessController runing on master: + + mEnv.getMasterServices().getServerName().getServerName()); zk = mEnv.getMasterServices().getZooKeeper(); -} else if (env instanceof RegionServerCoprocessorEnvironment) { +} else if (env instanceof RegionServerCoprocessorEnvironment) { RegionServerCoprocessorEnvironment rsEnv = (RegionServerCoprocessorEnvironment) env; + LOG.info(AccessController runing on region server: + + rsEnv.getRegionServerServices().getServerName().getServerName()); zk = rsEnv.getRegionServerServices().getZooKeeper(); } else if (env instanceof RegionCoprocessorEnvironment) { // if running at region regionEnv = (RegionCoprocessorEnvironment) env; + LOG.info(AccessControler runing at region: + + regionEnv.getRegion().getRegionNameAsString()); conf.addStringMap(regionEnv.getRegion().getTableDesc().getConfiguration()); zk = regionEnv.getRegionServerServices().getZooKeeper(); compatibleEarlyTermination = conf.getBoolean(AccessControlConstants.CF_ATTRIBUTE_EARLY_OUT, {code} Otherwise it looks ok. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14127912#comment-14127912 ] Andrew Purtell commented on HBASE-11136: ADMIN privilege makes more sense to me (as opposed to CREATE) Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14127934#comment-14127934 ] Andrew Purtell commented on HBASE-11136: Also, please avoid copy-paste in the new methods in RegionServerCoprocessorHost.java. You must be using an old version of trunk somehow. The new way we write hooks looks like: {code} public boolean preMergeCommit(final HRegion regionA, final HRegion regionB, final @MetaMutationAnnotation ListMutation metaEntries) throws IOExcept\ ion { return execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperati\ on() { @Override public void call(RegionServerObserver oserver, ObserverContextRegionServerCoprocessorEnvironment ctx) throws IOExc\ eption { oserver.preMergeCommit(ctx, regionA, regionB, metaEntries); } }); } public void postMergeCommit(final HRegion regionA, final HRegion regionB, final HRegion mergedRegion) throws IOException { execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { @Override public void call(RegionServerObserver oserver, ObserverContextRegionServerCoprocessorEnvironment ctx) throws IOExc\ eption { oserver.postMergeCommit(ctx, regionA, regionB, mergedRegion); } }); } {code} after HBASE-11931 Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14127979#comment-14127979 ] Jerry He commented on HBASE-11136: -- Hi, [~apurtell] The patch is old. I will rebase and update it. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 2.0.0, 0.98.7, 0.99.1 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14126541#comment-14126541 ] Enis Soztutar commented on HBASE-11136: --- This looks important to fix. postRollWALWriter() is not called from the RS. Also the name pre/postRollWALWriter() implies that they are called from RS normally (for all WAL rolling), but these are just for log roll requests. we should name them postRollWALWriterRequest() I think. Other than that, the patch looks good. [~apurtell] it would be good if you took a look. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13995934#comment-13995934 ] Ted Yu commented on HBASE-11136: Would adding Permission.Action.CREATE give less surprise to users ? Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13995572#comment-13995572 ] Hadoop QA commented on HBASE-11136: --- {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12644436/HBASE-11136-trunk-v1.patch against trunk revision . ATTACHMENT ID: 12644436 {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 3 new or modified tests. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 lineLengths{color}. The patch does not introduce lines longer than 100 {color:green}+1 site{color}. The mvn site goal succeeds with this patch. {color:red}-1 core tests{color}. The patch failed these unit tests: org.apache.hadoop.hbase.client.TestMultiParallel Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/9501//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9501//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/9501//console This message is automatically generated. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13992503#comment-13992503 ] Jerry He commented on HBASE-11136: -- Probably global ADMIN privilege should be required? Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Priority: Minor Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13996579#comment-13996579 ] Ted Yu commented on HBASE-11136: [~apurtell]: Can you take a look ? Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13996091#comment-13996091 ] Jerry He commented on HBASE-11136: -- Hi, Ted I don't have strong preference either way. An example that requires global create privilege is 'create table'. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13995486#comment-13995486 ] Ted Yu commented on HBASE-11136: {code} +requirePermission(preRollLogWriter, Permission.Action.ADMIN); {code} Should we consider Permission.Action.CREATE as well ? Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13995280#comment-13995280 ] Jerry He commented on HBASE-11136: -- Attached a patch. The patch also includes a missing documentation on 'hbase.coprocessor.regionserver.classes'. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13995314#comment-13995314 ] Ted Yu commented on HBASE-11136: What's the purpose of adding postRollWALWriter() hook ? Can you post the result for unit test suite ? QA bot is down. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13995578#comment-13995578 ] Jerry He commented on HBASE-11136: -- Hi, Ted Good question. I am not very clear regarding Permission.Action.CREATE with a global permission scope Some examples of only Permission.Action.ADMIN is balance, snapshot, stop rs. Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11136) Add permission check to roll WAL writer
[ https://issues.apache.org/jira/browse/HBASE-11136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13995333#comment-13995333 ] Jerry He commented on HBASE-11136: -- There is no use for postRollWALWriter() now. Is it customary to have both pre and post in there? {code} [INFO] [INFO] Reactor Summary: [INFO] [INFO] HBase . SUCCESS [ 1.712 s] [INFO] HBase - Common SUCCESS [ 25.713 s] [INFO] HBase - Protocol .. SUCCESS [ 0.265 s] [INFO] HBase - Client SUCCESS [ 36.078 s] [INFO] HBase - Hadoop Compatibility .. SUCCESS [ 6.542 s] [INFO] HBase - Hadoop Two Compatibility .. SUCCESS [ 1.359 s] [INFO] HBase - Prefix Tree ... SUCCESS [ 3.470 s] [INFO] HBase - Server SUCCESS [43:07 min] [INFO] HBase - Testing Util .. SUCCESS [ 1.276 s] [INFO] HBase - Thrift SUCCESS [01:45 min] [INFO] HBase - Shell . SUCCESS [ 1.054 s] [INFO] HBase - Integration Tests . SUCCESS [ 1.267 s] [INFO] HBase - Examples .. SUCCESS [ 1.064 s] [INFO] HBase - Assembly .. SUCCESS [ 0.916 s] [INFO] [INFO] BUILD SUCCESS {code} Add permission check to roll WAL writer Key: HBASE-11136 URL: https://issues.apache.org/jira/browse/HBASE-11136 Project: HBase Issue Type: Improvement Components: regionserver, security Affects Versions: 0.96.2, 0.98.2 Reporter: Jerry He Assignee: Jerry He Priority: Minor Fix For: 0.99.0 Attachments: HBASE-11136-trunk-v1.patch Currently HBase provides HBaseAdmin.rollHLogWriter() and shell command to roll WAL on a region server. But no permission check is done on this operation in a secure cluster. We need to add permission check to prevent un-authorized user from running this operation. -- This message was sent by Atlassian JIRA (v6.2#6252)