[jira] [Updated] (HBASE-20185) Fix ACL check for MasterRpcServices#execProcedure
[ https://issues.apache.org/jira/browse/HBASE-20185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Appy updated HBASE-20185: - Resolution: Fixed Status: Resolved (was: Patch Available) > Fix ACL check for MasterRpcServices#execProcedure > - > > Key: HBASE-20185 > URL: https://issues.apache.org/jira/browse/HBASE-20185 > Project: HBase > Issue Type: Bug >Reporter: Appy >Assignee: Appy >Priority: Major > Fix For: 2.0.0 > > Attachments: HBASE-20185.master.001.patch > > > Mailing thread ref: > [http://mail-archives.apache.org/mod_mbox/hbase-dev/201803.mbox/%3CCAAjhxrriGy_UXpC4iHCSyBB18iAbjU3Y2%2BnjQ-66i9kPPCrPRQ%40mail.gmail.com%3E] > TLDR; HBASE-19400 messed up perms required for flushing a table. > > Looks like flush and snapshot procedures are already doing permissions check > as part of preTableFlush/preSnapshot hooks. However, > LogRollMasterProcedureManager is missing access checks ([~elserj], can > someone look at it?) > > With that, it makes no sense to put an ADMIN perm requirement which was added > by me in HBASE-19400. Removing it. > However, to make things better for future, i have made few design changes > which will ensure 1) perm checks don't slip by mistake, 2) a suitable > placeholder for checks for flush & snapshot when we remove AccessController > for good. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HBASE-20185) Fix ACL check for MasterRpcServices#execProcedure
[ https://issues.apache.org/jira/browse/HBASE-20185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Appy updated HBASE-20185: - Status: Patch Available (was: Open) > Fix ACL check for MasterRpcServices#execProcedure > - > > Key: HBASE-20185 > URL: https://issues.apache.org/jira/browse/HBASE-20185 > Project: HBase > Issue Type: Bug >Reporter: Appy >Assignee: Appy >Priority: Major > Fix For: 2.0.0 > > Attachments: HBASE-20185.master.001.patch > > > Mailing thread ref: > [http://mail-archives.apache.org/mod_mbox/hbase-dev/201803.mbox/%3CCAAjhxrriGy_UXpC4iHCSyBB18iAbjU3Y2%2BnjQ-66i9kPPCrPRQ%40mail.gmail.com%3E] > TLDR; HBASE-19400 messed up perms required for flushing a table. > > Looks like flush and snapshot procedures are already doing permissions check > as part of preTableFlush/preSnapshot hooks. However, > LogRollMasterProcedureManager is missing access checks ([~elserj], can > someone look at it?) > > With that, it makes no sense to put an ADMIN perm requirement which was added > by me in HBASE-19400. Removing it. > However, to make things better for future, i have made few design changes > which will ensure 1) perm checks don't slip by mistake, 2) a suitable > placeholder for checks for flush & snapshot when we remove AccessController > for good. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HBASE-20185) Fix ACL check for MasterRpcServices#execProcedure
[ https://issues.apache.org/jira/browse/HBASE-20185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Appy updated HBASE-20185: - Attachment: HBASE-20185.master.001.patch > Fix ACL check for MasterRpcServices#execProcedure > - > > Key: HBASE-20185 > URL: https://issues.apache.org/jira/browse/HBASE-20185 > Project: HBase > Issue Type: Bug >Reporter: Appy >Assignee: Appy >Priority: Major > Fix For: 2.0.0 > > Attachments: HBASE-20185.master.001.patch > > > Mailing thread ref: > [http://mail-archives.apache.org/mod_mbox/hbase-dev/201803.mbox/%3CCAAjhxrriGy_UXpC4iHCSyBB18iAbjU3Y2%2BnjQ-66i9kPPCrPRQ%40mail.gmail.com%3E] > TLDR; HBASE-19400 messed up perms required for flushing a table. > > Looks like flush and snapshot procedures are already doing permissions check > as part of preTableFlush/preSnapshot hooks. However, > LogRollMasterProcedureManager is missing access checks ([~elserj], can > someone look at it?) > > With that, it makes no sense to put an ADMIN perm requirement which was added > by me in HBASE-19400. Removing it. > However, to make things better for future, i have made few design changes > which will ensure 1) perm checks don't slip by mistake, 2) a suitable > placeholder for checks for flush & snapshot when we remove AccessController > for good. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (HBASE-20185) Fix ACL check for MasterRpcServices#execProcedure
[ https://issues.apache.org/jira/browse/HBASE-20185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Appy updated HBASE-20185: - Fix Version/s: 2.0.0 > Fix ACL check for MasterRpcServices#execProcedure > - > > Key: HBASE-20185 > URL: https://issues.apache.org/jira/browse/HBASE-20185 > Project: HBase > Issue Type: Bug >Reporter: Appy >Assignee: Appy >Priority: Major > Fix For: 2.0.0 > > > Mailing thread ref: > [http://mail-archives.apache.org/mod_mbox/hbase-dev/201803.mbox/%3CCAAjhxrriGy_UXpC4iHCSyBB18iAbjU3Y2%2BnjQ-66i9kPPCrPRQ%40mail.gmail.com%3E] > TLDR; HBASE-19400 messed up perms required for flushing a table. > > Looks like flush and snapshot procedures are already doing permissions check > as part of preTableFlush/preSnapshot hooks. However, > LogRollMasterProcedureManager is missing access checks ([~elserj], can > someone look at it?) > > With that, it makes no sense to put an ADMIN perm requirement which was added > by me in HBASE-19400. Removing it. > However, to make things better for future, i have made few design changes > which will ensure 1) perm checks don't slip by mistake, 2) a suitable > placeholder for checks for flush & snapshot when we remove AccessController > for good. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
