[jira] [Commented] (HBASE-25441) add security check for some APIs in RSRpcServices
[ https://issues.apache.org/jira/browse/HBASE-25441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17260777#comment-17260777 ] Hudson commented on HBASE-25441: Results for branch branch-2.2 [build #146 on builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.2/146/]: (x) *{color:red}-1 overall{color}* details (if available): (/) {color:green}+1 general checks{color} -- For more information [see general report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.2/146//General_Nightly_Build_Report/] (x) {color:red}-1 jdk8 hadoop2 checks{color} -- For more information [see jdk8 (hadoop2) report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.2/146//JDK8_Nightly_Build_Report_(Hadoop2)/] (x) {color:red}-1 jdk8 hadoop3 checks{color} -- For more information [see jdk8 (hadoop3) report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.2/146//JDK8_Nightly_Build_Report_(Hadoop3)/] (/) {color:green}+1 source release artifact{color} -- See build output for details. (x) {color:red}-1 client integration test{color} --Failed when running client tests on top of Hadoop 2. [see log for details|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.2/146//artifact/output-integration/hadoop-2.log]. (note that this means we didn't run on Hadoop 3) > add security check for some APIs in RSRpcServices > - > > Key: HBASE-25441 > URL: https://issues.apache.org/jira/browse/HBASE-25441 > Project: HBase > Issue Type: Bug >Reporter: lujie >Assignee: lujie >Priority: Critical > Fix For: 3.0.0-alpha-1, 1.7.0, 2.2.7, 2.3.4, 2.5.0, 2.4.1 > > > > ||API||Severity||symptom|| > |clearRegionBlockCache|Severe|The API will call > LruBlockCache.evictBlocksByHfileName, > who is declared as an expensive operation(see its comments), thus non-amin > may result Dos| > |clearSlowLogsResponses|Normal|clears queue records from ringbuffer| > |updateConfiguration|Normal|non-admin user can make RS reload configutation > from disk by this API. | > |updateRegionFavoredNodesMapping|Normal|Non-admin user can change the > region's best storage location by this api| > |stopServer|low|stopServer on RS is slient, which make client think he/she > success shutdown RS. > Add preRpcCheck ont only make client receive the failed message, > but also prevent the non-admin user stop the RS, > even the hbase.coprocessor.regionserver.classes are not configured.| > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (HBASE-25441) add security check for some APIs in RSRpcServices
[ https://issues.apache.org/jira/browse/HBASE-25441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17258144#comment-17258144 ] Viraj Jasani commented on HBASE-25441: -- [~xiaoheipangzi] can you please take care of updating release notes for other 2 Jiras? Thanks > add security check for some APIs in RSRpcServices > - > > Key: HBASE-25441 > URL: https://issues.apache.org/jira/browse/HBASE-25441 > Project: HBase > Issue Type: Bug >Reporter: lujie >Assignee: lujie >Priority: Critical > Fix For: 3.0.0-alpha-1, 1.7.0, 2.3.4, 2.5.0, 2.4.1 > > > > ||API||Severity||symptom|| > |clearRegionBlockCache|Severe|The API will call > LruBlockCache.evictBlocksByHfileName, > who is declared as an expensive operation(see its comments), thus non-amin > may result Dos| > |clearSlowLogsResponses|Normal|clears queue records from ringbuffer| > |updateConfiguration|Normal|non-admin user can make RS reload configutation > from disk by this API. | > |updateRegionFavoredNodesMapping|Normal|Non-admin user can change the > region's best storage location by this api| > |stopServer|low|stopServer on RS is slient, which make client think he/she > success shutdown RS. > Add preRpcCheck ont only make client receive the failed message, > but also prevent the non-admin user stop the RS, > even the hbase.coprocessor.regionserver.classes are not configured.| > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (HBASE-25441) add security check for some APIs in RSRpcServices
[ https://issues.apache.org/jira/browse/HBASE-25441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17258138#comment-17258138 ] Viraj Jasani commented on HBASE-25441: -- {quote}All need Admin access level right? {quote} That's correct [~anoop.hbase]. > add security check for some APIs in RSRpcServices > - > > Key: HBASE-25441 > URL: https://issues.apache.org/jira/browse/HBASE-25441 > Project: HBase > Issue Type: Bug >Reporter: lujie >Priority: Critical > Fix For: 3.0.0-alpha-1, 1.7.0, 2.3.4, 2.5.0, 2.4.1 > > > > ||API||Severity||symptom|| > |clearRegionBlockCache|Severe|The API will call > LruBlockCache.evictBlocksByHfileName, > who is declared as an expensive operation(see its comments), thus non-amin > may result Dos| > |clearSlowLogsResponses|Normal|clears queue records from ringbuffer| > |updateConfiguration|Normal|non-admin user can make RS reload configutation > from disk by this API. | > |updateRegionFavoredNodesMapping|Normal|Non-admin user can change the > region's best storage location by this api| > |stopServer|low|stopServer on RS is slient, which make client think he/she > success shutdown RS. > Add preRpcCheck ont only make client receive the failed message, > but also prevent the non-admin user stop the RS, > even the hbase.coprocessor.regionserver.classes are not configured.| > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (HBASE-25441) add security check for some APIs in RSRpcServices
[ https://issues.apache.org/jira/browse/HBASE-25441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17258054#comment-17258054 ] Anoop Sam John commented on HBASE-25441: Can add a Release notes? API names and expected rights to do the op. All need Admin access level right? > add security check for some APIs in RSRpcServices > - > > Key: HBASE-25441 > URL: https://issues.apache.org/jira/browse/HBASE-25441 > Project: HBase > Issue Type: Bug >Reporter: lujie >Priority: Critical > Fix For: 3.0.0-alpha-1, 1.7.0, 2.3.4, 2.5.0, 2.4.1 > > > > ||API||Severity||symptom|| > |clearRegionBlockCache|Severe|The API will call > LruBlockCache.evictBlocksByHfileName, > who is declared as an expensive operation(see its comments), thus non-amin > may result Dos| > |clearSlowLogsResponses|Normal|clears queue records from ringbuffer| > |updateConfiguration|Normal|non-admin user can make RS reload configutation > from disk by this API. | > |updateRegionFavoredNodesMapping|Normal|Non-admin user can change the > region's best storage location by this api| > |stopServer|low|stopServer on RS is slient, which make client think he/she > success shutdown RS. > Add preRpcCheck ont only make client receive the failed message, > but also prevent the non-admin user stop the RS, > even the hbase.coprocessor.regionserver.classes are not configured.| > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (HBASE-25441) add security check for some APIs in RSRpcServices
[ https://issues.apache.org/jira/browse/HBASE-25441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17257131#comment-17257131 ] Hudson commented on HBASE-25441: Results for branch branch-2.4 [build #19 on builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.4/19/]: (/) *{color:green}+1 overall{color}* details (if available): (/) {color:green}+1 general checks{color} -- For more information [see general report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.4/19/General_20Nightly_20Build_20Report/] (/) {color:green}+1 jdk8 hadoop2 checks{color} -- For more information [see jdk8 (hadoop2) report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.4/19/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/] (/) {color:green}+1 jdk8 hadoop3 checks{color} -- For more information [see jdk8 (hadoop3) report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.4/19/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 jdk11 hadoop3 checks{color} -- For more information [see jdk11 report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.4/19/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 source release artifact{color} -- See build output for details. (/) {color:green}+1 client integration test{color} > add security check for some APIs in RSRpcServices > - > > Key: HBASE-25441 > URL: https://issues.apache.org/jira/browse/HBASE-25441 > Project: HBase > Issue Type: Bug >Reporter: lujie >Priority: Critical > Fix For: 3.0.0-alpha-1, 1.7.0, 2.3.4, 2.5.0, 2.4.1 > > > > ||API||Severity||symptom|| > |clearRegionBlockCache|Severe|The API will call > LruBlockCache.evictBlocksByHfileName, > who is declared as an expensive operation(see its comments), thus non-amin > may result Dos| > |clearSlowLogsResponses|Normal|clears queue records from ringbuffer| > |updateConfiguration|Normal|non-admin user can make RS reload configutation > from disk by this API. | > |updateRegionFavoredNodesMapping|Normal|Non-admin user can change the > region's best storage location by this api| > |stopServer|low|stopServer on RS is slient, which make client think he/she > success shutdown RS. > Add preRpcCheck ont only make client receive the failed message, > but also prevent the non-admin user stop the RS, > even the hbase.coprocessor.regionserver.classes are not configured.| > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (HBASE-25441) add security check for some APIs in RSRpcServices
[ https://issues.apache.org/jira/browse/HBASE-25441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17257073#comment-17257073 ] Hudson commented on HBASE-25441: Results for branch branch-2 [build #142 on builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/142/]: (/) *{color:green}+1 overall{color}* details (if available): (/) {color:green}+1 general checks{color} -- For more information [see general report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/142/General_20Nightly_20Build_20Report/] (/) {color:green}+1 jdk8 hadoop2 checks{color} -- For more information [see jdk8 (hadoop2) report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/142/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/] (/) {color:green}+1 jdk8 hadoop3 checks{color} -- For more information [see jdk8 (hadoop3) report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/142/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 jdk11 hadoop3 checks{color} -- For more information [see jdk11 report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/142/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 source release artifact{color} -- See build output for details. (/) {color:green}+1 client integration test{color} > add security check for some APIs in RSRpcServices > - > > Key: HBASE-25441 > URL: https://issues.apache.org/jira/browse/HBASE-25441 > Project: HBase > Issue Type: Bug >Reporter: lujie >Priority: Critical > Fix For: 3.0.0-alpha-1, 1.7.0, 2.3.4, 2.5.0, 2.4.1 > > > > ||API||Severity||symptom|| > |clearRegionBlockCache|Severe|The API will call > LruBlockCache.evictBlocksByHfileName, > who is declared as an expensive operation(see its comments), thus non-amin > may result Dos| > |clearSlowLogsResponses|Normal|clears queue records from ringbuffer| > |updateConfiguration|Normal|non-admin user can make RS reload configutation > from disk by this API. | > |updateRegionFavoredNodesMapping|Normal|Non-admin user can change the > region's best storage location by this api| > |stopServer|low|stopServer on RS is slient, which make client think he/she > success shutdown RS. > Add preRpcCheck ont only make client receive the failed message, > but also prevent the non-admin user stop the RS, > even the hbase.coprocessor.regionserver.classes are not configured.| > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (HBASE-25441) add security check for some APIs in RSRpcServices
[ https://issues.apache.org/jira/browse/HBASE-25441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17257063#comment-17257063 ] Hudson commented on HBASE-25441: Results for branch branch-2.3 [build #135 on builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.3/135/]: (/) *{color:green}+1 overall{color}* details (if available): (/) {color:green}+1 general checks{color} -- For more information [see general report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.3/135/General_20Nightly_20Build_20Report/] (/) {color:green}+1 jdk8 hadoop2 checks{color} -- For more information [see jdk8 (hadoop2) report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.3/135/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/] (/) {color:green}+1 jdk8 hadoop3 checks{color} -- For more information [see jdk8 (hadoop3) report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.3/135/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 jdk11 hadoop3 checks{color} -- For more information [see jdk11 report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2.3/135/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 source release artifact{color} -- See build output for details. (/) {color:green}+1 client integration test{color} > add security check for some APIs in RSRpcServices > - > > Key: HBASE-25441 > URL: https://issues.apache.org/jira/browse/HBASE-25441 > Project: HBase > Issue Type: Bug >Reporter: lujie >Priority: Critical > Fix For: 3.0.0-alpha-1, 1.7.0, 2.3.4, 2.5.0, 2.4.1 > > > > ||API||Severity||symptom|| > |clearRegionBlockCache|Severe|The API will call > LruBlockCache.evictBlocksByHfileName, > who is declared as an expensive operation(see its comments), thus non-amin > may result Dos| > |clearSlowLogsResponses|Normal|clears queue records from ringbuffer| > |updateConfiguration|Normal|non-admin user can make RS reload configutation > from disk by this API. | > |updateRegionFavoredNodesMapping|Normal|Non-admin user can change the > region's best storage location by this api| > |stopServer|low|stopServer on RS is slient, which make client think he/she > success shutdown RS. > Add preRpcCheck ont only make client receive the failed message, > but also prevent the non-admin user stop the RS, > even the hbase.coprocessor.regionserver.classes are not configured.| > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (HBASE-25441) add security check for some APIs in RSRpcServices
[ https://issues.apache.org/jira/browse/HBASE-25441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17257024#comment-17257024 ] Hudson commented on HBASE-25441: Results for branch branch-1 [build #71 on builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-1/71/]: (x) *{color:red}-1 overall{color}* details (if available): (/) {color:green}+1 general checks{color} -- For more information [see general report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-1/71//General_Nightly_Build_Report/] (x) {color:red}-1 jdk7 checks{color} -- For more information [see jdk7 report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-1/71//JDK7_Nightly_Build_Report/] (x) {color:red}-1 jdk8 hadoop2 checks{color} -- For more information [see jdk8 (hadoop2) report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-1/71//JDK8_Nightly_Build_Report_(Hadoop2)/] (x) {color:red}-1 source release artifact{color} -- See build output for details. > add security check for some APIs in RSRpcServices > - > > Key: HBASE-25441 > URL: https://issues.apache.org/jira/browse/HBASE-25441 > Project: HBase > Issue Type: Bug >Reporter: lujie >Priority: Critical > Fix For: 3.0.0-alpha-1, 1.7.0, 2.3.4, 2.5.0, 2.4.1 > > > > ||API||Severity||symptom|| > |clearRegionBlockCache|Severe|The API will call > LruBlockCache.evictBlocksByHfileName, > who is declared as an expensive operation(see its comments), thus non-amin > may result Dos| > |clearSlowLogsResponses|Normal|clears queue records from ringbuffer| > |updateConfiguration|Normal|non-admin user can make RS reload configutation > from disk by this API. | > |updateRegionFavoredNodesMapping|Normal|Non-admin user can change the > region's best storage location by this api| > |stopServer|low|stopServer on RS is slient, which make client think he/she > success shutdown RS. > Add preRpcCheck ont only make client receive the failed message, > but also prevent the non-admin user stop the RS, > even the hbase.coprocessor.regionserver.classes are not configured.| > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (HBASE-25441) add security check for some APIs in RSRpcServices
[ https://issues.apache.org/jira/browse/HBASE-25441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17256989#comment-17256989 ] Hudson commented on HBASE-25441: Results for branch master [build #169 on builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/master/169/]: (/) *{color:green}+1 overall{color}* details (if available): (/) {color:green}+1 general checks{color} -- For more information [see general report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/master/169/General_20Nightly_20Build_20Report/] (/) {color:green}+1 jdk8 hadoop3 checks{color} -- For more information [see jdk8 (hadoop3) report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/master/169/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 jdk11 hadoop3 checks{color} -- For more information [see jdk11 report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/master/169/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 source release artifact{color} -- See build output for details. (/) {color:green}+1 client integration test{color} > add security check for some APIs in RSRpcServices > - > > Key: HBASE-25441 > URL: https://issues.apache.org/jira/browse/HBASE-25441 > Project: HBase > Issue Type: Bug >Reporter: lujie >Priority: Critical > Fix For: 3.0.0-alpha-1, 1.7.0, 2.3.4, 2.5.0, 2.4.1 > > > > ||API||Severity||symptom|| > |clearRegionBlockCache|Severe|The API will call > LruBlockCache.evictBlocksByHfileName, > who is declared as an expensive operation(see its comments), thus non-amin > may result Dos| > |clearSlowLogsResponses|Normal|clears queue records from ringbuffer| > |updateConfiguration|Normal|non-admin user can make RS reload configutation > from disk by this API. | > |updateRegionFavoredNodesMapping|Normal|Non-admin user can change the > region's best storage location by this api| > |stopServer|low|stopServer on RS is slient, which make client think he/she > success shutdown RS. > Add preRpcCheck ont only make client receive the failed message, > but also prevent the non-admin user stop the RS, > even the hbase.coprocessor.regionserver.classes are not configured.| > -- This message was sent by Atlassian Jira (v8.3.4#803005)