[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14370846#comment-14370846
]
Enis Soztutar commented on HBASE-13275:
---
If we can default this to true, I think it is fine for 1.0 and 0.98. If the
user does not set this and was instead using only the coprocessor, doing a
patch update should not suddenly cause a security gap.
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
Assignee: Andrew Purtell
Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.13
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14371284#comment-14371284
]
William Watson commented on HBASE-13275:
Should we make a new ticket for Ambari or will they update their docs when the
hbase docs are updated?
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
Assignee: Andrew Purtell
Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.13
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14372085#comment-14372085
]
Enis Soztutar commented on HBASE-13275:
---
bq. Should we make a new ticket for Ambari or will they update their docs when
the hbase docs are updated?
I think the plan is to fix the code to respect that config rather than remove
documentation.
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
Assignee: Andrew Purtell
Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.13
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14368587#comment-14368587
]
stack commented on HBASE-13275:
---
Backfilling is elegant soln. Yeah, do you have to set it true by default as per
Lars?
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
Assignee: Andrew Purtell
Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.13
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14369289#comment-14369289
]
William Watson commented on HBASE-13275:
I thought the docs said it defaults to false...
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
Assignee: Andrew Purtell
Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.13
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14369290#comment-14369290
]
William Watson commented on HBASE-13275:
or to not being set at all
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
Assignee: Andrew Purtell
Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.13
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14369913#comment-14369913
]
Lars Hofhansl commented on HBASE-13275:
---
bq. I thought the docs said it defaults to false...
Then the doc is currently wrong. :)
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
Assignee: Andrew Purtell
Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.13
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14369938#comment-14369938
]
Andrew Purtell commented on HBASE-13275:
Ok, I think we're set. I will add logic to the authorization coprocessors that
respect this setting and default it to true there if the config is missing.
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
Assignee: Andrew Purtell
Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.13
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14369919#comment-14369919
]
William Watson commented on HBASE-13275:
Carry on. :)
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
Assignee: Andrew Purtell
Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.13
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14368238#comment-14368238
]
Andrew Purtell commented on HBASE-13275:
We'll need a companion change in the VisibilityController too.
The presence or absence of the coprocessors in the system or table coprocessor
list has been serving as the authorization toggle.
I suppose an argument against any fix beyond documentation is there is no
utility of having the coprocessors installed but inactive.
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
Assignee: Andrew Purtell
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14368232#comment-14368232
]
Andrew Purtell commented on HBASE-13275:
How about a quick patch to the AccessController to respect that configuration
setting? I can whip up something in a few minutes.
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14368340#comment-14368340
]
William Watson commented on HBASE-13275:
Thanks a bunch, in advance, for creating the patch. I was going to say that
since Ambari already has this config in the UI, it might be best to actually
make it do something rather than just removing it from the docs.
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
Assignee: Andrew Purtell
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14368474#comment-14368474
]
Misty Stanley-Jones commented on HBASE-13275:
-
So am I removing it or are you adding the functionality,
[~andrew.purt...@gmail.com]?
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
Assignee: Andrew Purtell
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14368504#comment-14368504
]
Andrew Purtell commented on HBASE-13275:
bq. are you adding the functionality
I've left it up for discussion at the moment [~misty] . I'm leaning toward
having the coprocessors recognize when hbase.security.authorization is not
present.
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
Assignee: Andrew Purtell
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14368555#comment-14368555
]
Lars Hofhansl commented on HBASE-13275:
---
Hmm... If we want the minimum disruption we could honor the flag now, but
default it do true. Would that work?
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
Assignee: Andrew Purtell
Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.13
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-13275) Setting hbase.security.authorization to false does not disable authorization when AccessController is in the coprocessor class list
[
https://issues.apache.org/jira/browse/HBASE-13275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14367763#comment-14367763
]
Matteo Bertozzi commented on HBASE-13275:
-
[~misty] looks like we have that hbase.security.authorization in the docs,
but code side doesn't seems to be used anywhere. so for now, I'd say just
remove it from the doc until we implement that.
(src/main/asciidoc/_chapters/security.adoc)
Setting hbase.security.authorization to false does not disable authorization
when AccessController is in the coprocessor class list
---
Key: HBASE-13275
URL: https://issues.apache.org/jira/browse/HBASE-13275
Project: HBase
Issue Type: Bug
Reporter: William Watson
According to the docs provided by Cloudera (we're not running Cloudera, BTW),
this is the list of configs to enable authorization in HBase:
{code}
property
namehbase.security.authorization/name
valuetrue/value
/property
property
namehbase.coprocessor.master.classes/name
valueorg.apache.hadoop.hbase.security.access.AccessController/value
/property
property
namehbase.coprocessor.region.classes/name
valueorg.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController/value
/property
{code}
We wanted to then disable authorization but simply setting
hbase.security.authorization to false did not disable the authorization
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
