[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13274418#comment-13274418 ] Devaraj Das commented on HBASE-5732: bq. Recent trunk build failure was caused by an empty file which should have been deleted from source repo My fault. I forgot to 'svn remove' the file before generating the patch. Thanks, Ted for fixing the build. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.11.patch, 5732-rpcengine-merge.12.patch, 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.11.patch, rpcengine-merge.12.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13273665#comment-13273665 ] stack commented on HBASE-5732: -- Committed to trunk. Thanks for the patch DD. Thanks for reviews Ted and Andrew and for helping steer it in. DD, please add the issues for what we need to include from hadoop. This issue also needs a fat release note. You might also checkout the doc we have in the manual, the new security chapter, to see if anything has changed regards security post-commit. Good stuff. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.11.patch, 5732-rpcengine-merge.12.patch, 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.11.patch, rpcengine-merge.12.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13273671#comment-13273671 ] Devaraj Das commented on HBASE-5732: Thanks, Stack, Andrew and Ted.. I'll take care of the follow-ups. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.11.patch, 5732-rpcengine-merge.12.patch, 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.11.patch, rpcengine-merge.12.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13273698#comment-13273698 ] Hudson commented on HBASE-5732: --- Integrated in HBase-TRUNK #2865 (See [https://builds.apache.org/job/HBase-TRUNK/2865/]) HBASE-5732 Remove the SecureRPCEngine and merge the security-related logic in the core engine; I MISSED A FEW DELETES -- REMOVE SECURITY DIR (Revision 1337399) HBASE-5732 Remove the SecureRPCEngine and merge the security-related logic in the core engine; I MISSED A FEW DELETES (Revision 1337398) HBASE-5732 Remove the SecureRPCEngine and merge the security-related logic in the core engine (Revision 1337396) Result = FAILURE stack : Files : * /hbase/trunk/security stack : Files : * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureConnectionHeader.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureRpcEngine.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token stack : Files : * /hbase/trunk/pom.xml * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java * /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java * /hbase/trunk/security/src/test * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java *
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13273844#comment-13273844 ] Hudson commented on HBASE-5732: --- Integrated in HBase-TRUNK #2870 (See [https://builds.apache.org/job/HBase-TRUNK/2870/]) HBASE-5732 Remove empty file: hadoop/hbase/ipc/ConnectionHeader.java which caused rat check to fail (Revision 1337440) Result = FAILURE tedyu : Files : * /hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.11.patch, 5732-rpcengine-merge.12.patch, 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.11.patch, rpcengine-merge.12.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13272885#comment-13272885 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ --- (Updated 2012-05-10 23:19:45.031886) Review request for Ted Yu, Michael Stack and Andrew Purtell. Changes --- Upon testing with with a mapreduce job (PerformanceEvaluation.java), I found a bug to do with delegation tokens. This patch fixes that. Summary --- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732. https://issues.apache.org/jira/browse/HBASE-5732 Diffs (updated) - http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1336441 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13272947#comment-13272947 ] Hadoop QA commented on HBASE-5732: -- -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12526450/rpcengine-merge.12.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 37 new or modified tests. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 27 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1842//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1842//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1842//console This message is automatically generated. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.11.patch, 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.11.patch, rpcengine-merge.12.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13272960#comment-13272960 ] Devaraj Das commented on HBASE-5732: There are actually no unit test failures (when i look at the console). Not sure why hadoopqa gave a -1. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.11.patch, 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.11.patch, rpcengine-merge.12.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13272975#comment-13272975 ] Zhihong Yu commented on HBASE-5732: --- Reattaching patch v12 would allow Hadoop QA to rerun the tests. We can also run test suite ourselves and observe if there is any hanging unit test(s). Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.11.patch, 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.11.patch, rpcengine-merge.12.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13272995#comment-13272995 ] Hadoop QA commented on HBASE-5732: -- -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12526466/5732-rpcengine-merge.12.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 37 new or modified tests. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 27 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed unit tests in . Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1843//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1843//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1843//console This message is automatically generated. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.11.patch, 5732-rpcengine-merge.12.patch, 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.11.patch, rpcengine-merge.12.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13273036#comment-13273036 ] Zhihong Yu commented on HBASE-5732: --- Patch v12 is ready for integration. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.11.patch, 5732-rpcengine-merge.12.patch, 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.11.patch, rpcengine-merge.12.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13271642#comment-13271642 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7738 --- Mostly +1. A couple of minor comments, one question on API annotation. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java https://reviews.apache.org/r/4953/#comment17034 Do we have a testcase for relogin? In our production with the older implementation of secure HBase RPC, we see swarms of GSS initiaition failure due to missing TGT for 5-10 seconds, and we speculate this is a race around relogin. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java https://reviews.apache.org/r/4953/#comment17035 Debug logging should be wrapped in a conditional, no biggie. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java https://reviews.apache.org/r/4953/#comment17033 This is probably just going to add noise. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java https://reviews.apache.org/r/4953/#comment17036 Maybe should be security.hbase.*, what do you think? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java https://reviews.apache.org/r/4953/#comment17037 It might be better to say 'Kerberos principal does not have the expected format' http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java https://reviews.apache.org/r/4953/#comment17038 Should this be Public+Evolving? http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml https://reviews.apache.org/r/4953/#comment17040 Why this change? Unrelated junk from other work? - Andrew On 2012-05-08 21:48:09, Devaraj Das wrote: bq. bq. --- bq. This is an automatically generated e-mail. To reply, visit: bq. https://reviews.apache.org/r/4953/ bq. --- bq. bq. (Updated 2012-05-08 21:48:09) bq. bq. bq. Review request for Ted Yu, Michael Stack and Andrew Purtell. bq. bq. bq. Summary bq. --- bq. bq. Reviewboard request for HBASE-5732 bq. bq. bq. This addresses bug HBASE-5732. bq. https://issues.apache.org/jira/browse/HBASE-5732 bq. bq. bq. Diffs bq. - bq. bq.http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335370 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335370 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335370 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335370 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335370 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335370 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335370 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335370 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335370 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335370 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION bq.
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13271919#comment-13271919 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- bq. On 2012-05-09 18:02:12, Andrew Purtell wrote: bq. Mostly +1. A couple of minor comments, one question on API annotation. Thanks, Andrew. bq. On 2012-05-09 18:02:12, Andrew Purtell wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java, line 677 bq. https://reviews.apache.org/r/4953/diff/4/?file=107883#file107883line677 bq. bq. Do we have a testcase for relogin? bq. bq. In our production with the older implementation of secure HBase RPC, we see swarms of GSS initiaition failure due to missing TGT for 5-10 seconds, and we speculate this is a race around relogin. It's not straightforward to write a testcase for the security APIs, unfortunately. I'd propose we open a jira for the relogin issue (over in hadoop, iirc, we've fixed some issues to do with relogin races in the recent past; we should put the fixes here)... bq. On 2012-05-09 18:02:12, Andrew Purtell wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1328 bq. https://reviews.apache.org/r/4953/diff/4/?file=107884#file107884line1328 bq. bq. Debug logging should be wrapped in a conditional, no biggie. Done. bq. On 2012-05-09 18:02:12, Andrew Purtell wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1937 bq. https://reviews.apache.org/r/4953/diff/4/?file=107884#file107884line1937 bq. bq. This is probably just going to add noise. Removed. bq. On 2012-05-09 18:02:12, Andrew Purtell wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java, line 35 bq. https://reviews.apache.org/r/4953/diff/4/?file=107889#file107889line35 bq. bq. Maybe should be security.hbase.*, what do you think? This is how it is in the current trunk. But yeah, makes sense to have the key as security.hbase.*. bq. On 2012-05-09 18:02:12, Andrew Purtell wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java, line 94 bq. https://reviews.apache.org/r/4953/diff/4/?file=107890#file107890line94 bq. bq. It might be better to say 'Kerberos principal does not have the expected format' Done. bq. On 2012-05-09 18:02:12, Andrew Purtell wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java, line 53 bq. https://reviews.apache.org/r/4953/diff/4/?file=107892#file107892line53 bq. bq. Should this be Public+Evolving? Done. Although I was wondering whether it makes sense to have it as Private+Evolving. But if it is currently used by apps outside the core of hbase, it makes sense to have it as Public+Evolving.. bq. On 2012-05-09 18:02:12, Andrew Purtell wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml, line 126 bq. https://reviews.apache.org/r/4953/diff/4/?file=107918#file107918line126 bq. bq. Why this change? Unrelated junk from other work? In the hbase-site.xml of security/src/test/resources, this block of configuration was there. Now that there is a single profile, I thought I should not lose this and added this in the src/test/resources/hbase-site.xml.. - Devaraj --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7738 --- On 2012-05-09 23:03:45, Devaraj Das wrote: bq. bq. --- bq. This is an automatically generated e-mail. To reply, visit: bq. https://reviews.apache.org/r/4953/ bq. --- bq. bq. (Updated 2012-05-09 23:03:45) bq. bq. bq. Review request for Ted Yu, Michael Stack and Andrew Purtell. bq. bq. bq. Summary bq. --- bq. bq. Reviewboard request for HBASE-5732 bq. bq. bq. This addresses bug HBASE-5732. bq. https://issues.apache.org/jira/browse/HBASE-5732 bq. bq. bq. Diffs bq. - bq. bq.http://svn.apache.org/repos/asf/hbase/trunk/conf/hbase-policy.xml 1335370 bq.http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335370 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335370 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335370 bq.
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13271957#comment-13271957 ] Zhihong Yu commented on HBASE-5732: --- For this change: {code} -namesecurity.client.protocol.acl/name +namesecurity.hbase.client.protocol.acl/name {code} the same entry (security.client.protocol.acl) is in conf/hbase-policy.xml of 0.94 branch. We should deprecate the this entry in 0.94, right ? The other two entries in hbase-policy.xml start with 'security.' instead of 'security.hbase.' I wonder if the three entries should be treated in the same manner. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13271966#comment-13271966 ] Devaraj Das commented on HBASE-5732: Good points, Ted. Maybe we should punt on these changes to another jira since the patch here is not directly concerned with these names... Thoughts? (I'll then submit a revised patch) Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13271970#comment-13271970 ] Zhihong Yu commented on HBASE-5732: --- @Devaraj: I think punting this particular change to another JIRA should be Okay. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13272030#comment-13272030 ] Hadoop QA commented on HBASE-5732: -- -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12526266/rpcengine-merge.11.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 37 new or modified tests. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 28 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.hbase.replication.TestReplication Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1824//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1824//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1824//console This message is automatically generated. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.11.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13272048#comment-13272048 ] Hadoop QA commented on HBASE-5732: -- -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12526283/5732-rpcengine-merge.11.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 37 new or modified tests. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 28 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.hbase.TestDrainingServer Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1826//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1826//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1826//console This message is automatically generated. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.11.patch, 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.11.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13272050#comment-13272050 ] Zhihong Yu commented on HBASE-5732: --- In most recent PreCommit run: {code} Running org.apache.hadoop.hbase.replication.TestReplication Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 151.199 sec {code} The failed tests themselves have been flaky. @Stack, @Andy: Do you want to take another look ? Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.11.patch, 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.11.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13272051#comment-13272051 ] Zhihong Yu commented on HBASE-5732: --- @Devaraj: I found the following JIRAs related to relogin: HADOOP-6559 The RPC client should try to re-login when it detects that the TGT expired HADOOP-6706 Relogin behavior for RPC clients could be improved HADOOP-7930 Kerberos relogin interval in UserGroupInformation should be configurable Please create JIRAs to port relevant ones over and link them to this JIRA. Thanks Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.11.patch, 5732-rpcengine-merge.7.patch, rpcengine-merge.10.patch, rpcengine-merge.11.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270295#comment-13270295 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- bq. On 2012-05-01 23:02:34, Michael Stack wrote: bq. Here's a quick review of this fat patch. Good stuff. Yeah the patch is fat but most of it is refactoring and moving classes around. bq. On 2012-05-01 23:02:34, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java, line 67 bq. https://reviews.apache.org/r/4953/diff/1/?file=105837#file105837line67 bq. bq. Should this security stuff be moved down here into ipc package? Is it only place where security is referenced? This is not the only class.. there are a bunch of classes present there.. bq. On 2012-05-01 23:02:34, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/pom.xml, line 1677 bq. https://reviews.apache.org/r/4953/diff/1/?file=105835#file105835line1677 bq. bq. Now the underlying hadoop must support all the security apis? bq. bq. If not present, will we compile? Yes, this will necessitate hadoop-1.0++.. bq. On 2012-05-01 23:02:34, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java, line 81 bq. https://reviews.apache.org/r/4953/diff/1/?file=105837#file105837line81 bq. bq. So, if underlying hadoop does not have these classes, we'll fail the build? yes bq. On 2012-05-01 23:02:34, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java, line 283 bq. https://reviews.apache.org/r/4953/diff/1/?file=105837#file105837line283 bq. bq. Should this be a fail? This was what was there in the original code (SecureClient.java). I left it as it was.. bq. On 2012-05-01 23:02:34, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1495 bq. https://reviews.apache.org/r/4953/diff/1/?file=105838#file105838line1495 bq. bq. Can you not give byte array to pb to parse? Use builder and mergeFrom? Not important. Yeah this is not making any additional copy. bq. On 2012-05-01 23:02:34, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java, line 67 bq. https://reviews.apache.org/r/4953/diff/1/?file=105840#file105840line67 bq. bq. Has to be public? No.. I reverted this change. bq. On 2012-05-01 23:02:34, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java, line 252 bq. https://reviews.apache.org/r/4953/diff/1/?file=105840#file105840line252 bq. bq. This is a pity removing the static? Reverted. bq. On 2012-05-01 23:02:34, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java, line 343 bq. https://reviews.apache.org/r/4953/diff/1/?file=105840#file105840line343 bq. bq. Where do these get shut down? These are daemon threads (most of them are the RPC threads that we currently have). They will get shut down with the process. bq. On 2012-05-01 23:02:34, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java, line 138 bq. https://reviews.apache.org/r/4953/diff/1/?file=105854#file105854line138 bq. bq. This stuff is copied over from the /security dir in hbase? Are there corresponding deletes? What about some tests? The patch has the deleted files marked as such. An example is: Index: security/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java (deleted) I haven't added any tests as part of this patch since this is mostly refactoring. Existing tests cover the scenarios. Also, I am manually testing the Kerberos parts. - Devaraj --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7455 --- On 2012-05-01 20:27:30, Devaraj Das wrote: bq. bq. --- bq. This is an automatically generated e-mail. To reply, visit: bq. https://reviews.apache.org/r/4953/ bq. --- bq. bq. (Updated 2012-05-01 20:27:30) bq. bq. bq. Review request for Ted Yu, Michael Stack and Andrew Purtell. bq. bq. bq. Summary bq. --- bq. bq. Reviewboard request for HBASE-5732 bq. bq. bq.
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270296#comment-13270296 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ --- (Updated 2012-05-08 07:45:11.526354) Review request for Ted Yu, Michael Stack and Andrew Purtell. Changes --- Updated patch. Tested manually with Kerberos. Summary --- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732. https://issues.apache.org/jira/browse/HBASE-5732 Diffs (updated) - http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1335359
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270306#comment-13270306 ] Devaraj Das commented on HBASE-5732: I think the patch is close now. I haven't tested the delegation token code path manually. If there is some sample (simple) job code that one can make available, that I can use to manually test the delegation-token part it would be great.. But yeah since this patch is big, I don't expect to see no bugs but I think those can be fixed as follow ups (with more thorough testing, etc.). This patch goes out of sync very quickly. So I'd really appreciate if it can be committed soon if the general approach and all that looks good. I also had to change the import of KerberosInfo class in a couple of places (in the new PB interface definitions) to point to HBase's definition of the class (as opposed to Hadoop's which it was originally). Manual testing pointed me to this issue. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270565#comment-13270565 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7684 --- It looks like testing turned up some interesting issues going by the diff between this version and the previous. It works now? Good on you DD. http://svn.apache.org/repos/asf/hbase/trunk/pom.xml https://reviews.apache.org/r/4953/#comment16912 Is this you or just difference between your patch and trunk? i.e. did you pull this in? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java https://reviews.apache.org/r/4953/#comment16914 Should this be null so we fail w/ NPE if we try send a saslResponse w/o having first done a setSaslTokenResponse? rb shows added white space. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java https://reviews.apache.org/r/4953/#comment16915 Is this a bug fix? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java https://reviews.apache.org/r/4953/#comment16916 When do we do this? When would we forego pb encoding? When its done already? Is this fix something that came of your manual testing? If so, I heart testing! http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java https://reviews.apache.org/r/4953/#comment16917 Is this going to be annoying? Happens on each rpc? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java https://reviews.apache.org/r/4953/#comment16918 ditto? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java https://reviews.apache.org/r/4953/#comment16919 Good. Nice. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java https://reviews.apache.org/r/4953/#comment16920 Also good. Nice. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java https://reviews.apache.org/r/4953/#comment16921 Woah. Where'd this come from? What was this doing in here? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java https://reviews.apache.org/r/4953/#comment16922 Ditto on the What!? What was this doing in here (smile). http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java https://reviews.apache.org/r/4953/#comment16913 Ours is different from hadoops? - Michael On 2012-05-08 07:45:11, Devaraj Das wrote: bq. bq. --- bq. This is an automatically generated e-mail. To reply, visit: bq. https://reviews.apache.org/r/4953/ bq. --- bq. bq. (Updated 2012-05-08 07:45:11) bq. bq. bq. Review request for Ted Yu, Michael Stack and Andrew Purtell. bq. bq. bq. Summary bq. --- bq. bq. Reviewboard request for HBASE-5732 bq. bq. bq. This addresses bug HBASE-5732. bq. https://issues.apache.org/jira/browse/HBASE-5732 bq. bq. bq. Diffs bq. - bq. bq.http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION bq.
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270597#comment-13270597 ] Hadoop QA commented on HBASE-5732: -- -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12526003/5732-rpcengine-merge.7.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 29 new or modified tests. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 28 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed unit tests in . Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1796//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1796//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1796//console This message is automatically generated. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.7.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270718#comment-13270718 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- bq. On 2012-05-08 15:51:46, Michael Stack wrote: bq. It looks like testing turned up some interesting issues going by the diff between this version and the previous. It works now? bq. bq. Good on you DD. Yes, my testing (1 master, 1 regionserver, 1 client all authenticating on Kerberos with each other) didn't show up any issues. I exercised some of the shell commands from the client (create, list, put, get). bq. On 2012-05-08 15:51:46, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/pom.xml, line 560 bq. https://reviews.apache.org/r/4953/diff/1-2/?file=105835#file105835line560 bq. bq. Is this you or just difference between your patch and trunk? i.e. did you pull this in? Not sure. Went and looked at the last patch and it seemed to contain exactly what i intend to have in. bq. On 2012-05-08 15:51:46, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1253 bq. https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1253 bq. bq. Is this a bug fix? Yes .. in testing I realized that the whole block of code need to be conditional.. (and this is the case currently in SecureServer.java from where this is taken) bq. On 2012-05-08 15:51:46, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1341 bq. https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1341 bq. bq. When do we do this? When would we forego pb encoding? When its done already? bq. bq. Is this fix something that came of your manual testing? If so, I heart testing! The sasl handshake is not part of the PB messaging. Yes, I discovered that I forgot to take care of this until I tested with security :-) bq. On 2012-05-08 15:51:46, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1376 bq. https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1376 bq. bq. Is this going to be annoying? Happens on each rpc? Will revert (was for my debugging) bq. On 2012-05-08 15:51:46, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1396 bq. https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1396 bq. bq. ditto? Will revert (was for my debugging) bq. On 2012-05-08 15:51:46, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java, line 259 bq. https://reviews.apache.org/r/4953/diff/1-2/?file=105840#file105840line259 bq. bq. Woah. Where'd this come from? What was this doing in here? This was an unused field.. So I removed it.. bq. On 2012-05-08 15:51:46, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java, line 298 bq. https://reviews.apache.org/r/4953/diff/1-2/?file=105840#file105840line298 bq. bq. Ditto on the What!? What was this doing in here (smile). Will revert the What!? (was for my debugging) :-) bq. On 2012-05-08 15:51:46, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java, line 25 bq. https://reviews.apache.org/r/4953/diff/2/?file=107703#file107703line25 bq. bq. Ours is different from hadoops? I don't know what the problem was .. maybe some obscure classpath issue .. but changing it to use hbase's class solved the problem. bq. On 2012-05-08 15:51:46, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1149 bq. https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1149 bq. bq. Should this be null so we fail w/ NPE if we try send a saslResponse w/o having first done a setSaslTokenResponse? bq. bq. rb shows added white space. Will remove the white-spaces that are introduced by this patch. I am not sure I follow your question on the NPE.. But I'll do some cleanup on this anyway... - Devaraj --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7684 --- On 2012-05-08 07:45:11, Devaraj Das wrote: bq. bq.
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270722#comment-13270722 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- bq. On 2012-05-02 23:02:22, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java, line 1 bq. https://reviews.apache.org/r/4953/diff/1/?file=105842#file105842line1 bq. bq. This exception should be at top level in hbase? Did you address this in your subsequent patch? bq. On 2012-05-02 23:02:22, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java, line 19 bq. https://reviews.apache.org/r/4953/diff/1/?file=105846#file105846line19 bq. bq. This class should go up to the top level of hbase and not be hidden down here in security now it is used by both secure and insecure hbase? Ditto bq. On 2012-05-02 23:02:22, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto, line 50 bq. https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50 bq. bq. So, if no user, its insecure hbase? Good. bq. bq. I don't see you regenerating pb stuff after making these changes in this proto file. What about above? - Michael --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7488 --- On 2012-05-08 07:45:11, Devaraj Das wrote: bq. bq. --- bq. This is an automatically generated e-mail. To reply, visit: bq. https://reviews.apache.org/r/4953/ bq. --- bq. bq. (Updated 2012-05-08 07:45:11) bq. bq. bq. Review request for Ted Yu, Michael Stack and Andrew Purtell. bq. bq. bq. Summary bq. --- bq. bq. Reviewboard request for HBASE-5732 bq. bq. bq. This addresses bug HBASE-5732. bq. https://issues.apache.org/jira/browse/HBASE-5732 bq. bq. bq. Diffs bq. - bq. bq.http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION bq.
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270724#comment-13270724 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- bq. On 2012-05-08 15:51:46, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java, line 1149 bq. https://reviews.apache.org/r/4953/diff/1-2/?file=105838#file105838line1149 bq. bq. Should this be null so we fail w/ NPE if we try send a saslResponse w/o having first done a setSaslTokenResponse? bq. bq. rb shows added white space. bq. bq. Devaraj Das wrote: bq. Will remove the white-spaces that are introduced by this patch. bq. bq. I am not sure I follow your question on the NPE.. But I'll do some cleanup on this anyway... Above you assign saslResponse a null buffer. Later there is a method to set the sasl response buffer. I was suggesting you not assign a null buffer so we fail fast w/ a NPE in those places where we forget to do a set of the sasl response. bq. On 2012-05-08 15:51:46, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java, line 259 bq. https://reviews.apache.org/r/4953/diff/1-2/?file=105840#file105840line259 bq. bq. Woah. Where'd this come from? What was this doing in here? bq. bq. Devaraj Das wrote: bq. This was an unused field.. So I removed it.. Good. Thanks. - Michael --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7684 --- On 2012-05-08 07:45:11, Devaraj Das wrote: bq. bq. --- bq. This is an automatically generated e-mail. To reply, visit: bq. https://reviews.apache.org/r/4953/ bq. --- bq. bq. (Updated 2012-05-08 07:45:11) bq. bq. bq. Review request for Ted Yu, Michael Stack and Andrew Purtell. bq. bq. bq. Summary bq. --- bq. bq. Reviewboard request for HBASE-5732 bq. bq. bq. This addresses bug HBASE-5732. bq. https://issues.apache.org/jira/browse/HBASE-5732 bq. bq. bq. Diffs bq. - bq. bq.http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION bq.
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270791#comment-13270791 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- bq. On 2012-05-02 23:02:22, Michael Stack wrote: bq. I am not sure what step I missed the last time (when I answered your questions) that reviewboard didn't publish the responses.. Trying again. bq. On 2012-05-02 23:02:22, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java, line 1 bq. https://reviews.apache.org/r/4953/diff/1/?file=105842#file105842line1 bq. bq. This exception should be at top level in hbase? bq. bq. Michael Stack wrote: bq. Did you address this in your subsequent patch? I left it where it was originally. I think its fine as is.. bq. On 2012-05-02 23:02:22, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto, line 50 bq. https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50 bq. bq. So, if no user, its insecure hbase? Good. bq. bq. I don't see you regenerating pb stuff after making these changes in this proto file. bq. bq. Michael Stack wrote: bq. What about above? On the first question, its to do with proxy users. Basically, 'proxy-user' allows someone like the Oozie server to access HBase on behalf of some other effective user. The HBase server could still keep track of who is the the real user and who is the effective user. Documented here - http://hadoop.apache.org/common/docs/current/Secure_Impersonation.html ). Again this was already there in the original code. I made the realuser optional since its not always going to be there. There is actually - RPCProtos.java bq. On 2012-05-02 23:02:22, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml, line 129 bq. https://reviews.apache.org/r/4953/diff/1/?file=105872#file105872line129 bq. bq. What is this? Mistake? I merged in the stuff from hbase-site.xml from the security/src/test/resources into the src/test/resources one since the security one would go away (yeah you won't know about it unless you do a manual diff of the two hbase-site.xml files). bq. On 2012-05-02 23:02:22, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java, line 19 bq. https://reviews.apache.org/r/4953/diff/1/?file=105846#file105846line19 bq. bq. This class should go up to the top level of hbase and not be hidden down here in security now it is used by both secure and insecure hbase? bq. bq. Michael Stack wrote: bq. Ditto I'd like to leave it as is since the class aims to shim the security related aspects of 'User' (Other than that it would save lots of lines in the patch if the package name is kept intact). - Devaraj --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7488 --- On 2012-05-08 07:45:11, Devaraj Das wrote: bq. bq. --- bq. This is an automatically generated e-mail. To reply, visit: bq. https://reviews.apache.org/r/4953/ bq. --- bq. bq. (Updated 2012-05-08 07:45:11) bq. bq. bq. Review request for Ted Yu, Michael Stack and Andrew Purtell. bq. bq. bq. Summary bq. --- bq. bq. Reviewboard request for HBASE-5732 bq. bq. bq. This addresses bug HBASE-5732. bq. https://issues.apache.org/jira/browse/HBASE-5732 bq. bq. bq. Diffs bq. - bq. bq.http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 bq.
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270793#comment-13270793 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- bq. On 2012-05-02 23:02:22, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java, line 19 bq. https://reviews.apache.org/r/4953/diff/1/?file=105846#file105846line19 bq. bq. This class should go up to the top level of hbase and not be hidden down here in security now it is used by both secure and insecure hbase? bq. bq. Michael Stack wrote: bq. Ditto bq. bq. Devaraj Das wrote: bq. I'd like to leave it as is since the class aims to shim the security related aspects of 'User' (Other than that it would save lots of lines in the patch if the package name is kept intact). np bq. On 2012-05-02 23:02:22, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto, line 50 bq. https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50 bq. bq. So, if no user, its insecure hbase? Good. bq. bq. I don't see you regenerating pb stuff after making these changes in this proto file. bq. bq. Michael Stack wrote: bq. What about above? bq. bq. Devaraj Das wrote: bq. On the first question, its to do with proxy users. Basically, 'proxy-user' allows someone like the Oozie server to access HBase on behalf of some other effective user. The HBase server could still keep track of who is the the real user and who is the effective user. Documented here - http://hadoop.apache.org/common/docs/current/Secure_Impersonation.html ). Again this was already there in the original code. I made the realuser optional since its not always going to be there. bq. bq. There is actually - RPCProtos.java I see 'RPCProtos.java' but IIRC, there is no corresponding changes in regenerated classes to match the changes in RPCProtos.java? Did I miss something? - Michael --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7488 --- On 2012-05-08 07:45:11, Devaraj Das wrote: bq. bq. --- bq. This is an automatically generated e-mail. To reply, visit: bq. https://reviews.apache.org/r/4953/ bq. --- bq. bq. (Updated 2012-05-08 07:45:11) bq. bq. bq. Review request for Ted Yu, Michael Stack and Andrew Purtell. bq. bq. bq. Summary bq. --- bq. bq. Reviewboard request for HBASE-5732 bq. bq. bq. This addresses bug HBASE-5732. bq. https://issues.apache.org/jira/browse/HBASE-5732 bq. bq. bq. Diffs bq. - bq. bq.http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION bq.
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270796#comment-13270796 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- bq. On 2012-05-02 23:02:22, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto, line 50 bq. https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50 bq. bq. So, if no user, its insecure hbase? Good. bq. bq. I don't see you regenerating pb stuff after making these changes in this proto file. bq. bq. Michael Stack wrote: bq. What about above? bq. bq. Devaraj Das wrote: bq. On the first question, its to do with proxy users. Basically, 'proxy-user' allows someone like the Oozie server to access HBase on behalf of some other effective user. The HBase server could still keep track of who is the the real user and who is the effective user. Documented here - http://hadoop.apache.org/common/docs/current/Secure_Impersonation.html ). Again this was already there in the original code. I made the realuser optional since its not always going to be there. bq. bq. There is actually - RPCProtos.java bq. bq. Michael Stack wrote: bq. I see 'RPCProtos.java' but IIRC, there is no corresponding changes in regenerated classes to match the changes in RPCProtos.java? Did I miss something? The RPCProtos.java is the regenerated class.. The proto definition is in RPC.proto.. Both the files are there in the patch. - Devaraj --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7488 --- On 2012-05-08 07:45:11, Devaraj Das wrote: bq. bq. --- bq. This is an automatically generated e-mail. To reply, visit: bq. https://reviews.apache.org/r/4953/ bq. --- bq. bq. (Updated 2012-05-08 07:45:11) bq. bq. bq. Review request for Ted Yu, Michael Stack and Andrew Purtell. bq. bq. bq. Summary bq. --- bq. bq. Reviewboard request for HBASE-5732 bq. bq. bq. This addresses bug HBASE-5732. bq. https://issues.apache.org/jira/browse/HBASE-5732 bq. bq. bq. Diffs bq. - bq. bq.http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION bq.
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270829#comment-13270829 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- bq. On 2012-05-02 23:02:22, Michael Stack wrote: bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto, line 50 bq. https://reviews.apache.org/r/4953/diff/1/?file=105864#file105864line50 bq. bq. So, if no user, its insecure hbase? Good. bq. bq. I don't see you regenerating pb stuff after making these changes in this proto file. bq. bq. Michael Stack wrote: bq. What about above? bq. bq. Devaraj Das wrote: bq. On the first question, its to do with proxy users. Basically, 'proxy-user' allows someone like the Oozie server to access HBase on behalf of some other effective user. The HBase server could still keep track of who is the the real user and who is the effective user. Documented here - http://hadoop.apache.org/common/docs/current/Secure_Impersonation.html ). Again this was already there in the original code. I made the realuser optional since its not always going to be there. bq. bq. There is actually - RPCProtos.java bq. bq. Michael Stack wrote: bq. I see 'RPCProtos.java' but IIRC, there is no corresponding changes in regenerated classes to match the changes in RPCProtos.java? Did I miss something? bq. bq. Devaraj Das wrote: bq. The RPCProtos.java is the regenerated class.. The proto definition is in RPC.proto.. Both the files are there in the patch. I see. My oversight. Thanks. So, you are going to make a new version of this patch to commit? Good on you DD. - Michael --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7488 --- On 2012-05-08 07:45:11, Devaraj Das wrote: bq. bq. --- bq. This is an automatically generated e-mail. To reply, visit: bq. https://reviews.apache.org/r/4953/ bq. --- bq. bq. (Updated 2012-05-08 07:45:11) bq. bq. bq. Review request for Ted Yu, Michael Stack and Andrew Purtell. bq. bq. bq. Summary bq. --- bq. bq. Reviewboard request for HBASE-5732 bq. bq. bq. This addresses bug HBASE-5732. bq. https://issues.apache.org/jira/browse/HBASE-5732 bq. bq. bq. Diffs bq. - bq. bq.http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335359 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270850#comment-13270850 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ --- (Updated 2012-05-08 21:33:06.528218) Review request for Ted Yu, Michael Stack and Andrew Purtell. Changes --- This is the updated patch with the last few comments incorporated. Summary --- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732. https://issues.apache.org/jira/browse/HBASE-5732 Diffs (updated) - http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270865#comment-13270865 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ --- (Updated 2012-05-08 21:48:09.490984) Review request for Ted Yu, Michael Stack and Andrew Purtell. Changes --- Sigh.. had forgotten to remove the white spaces.. This patch addresses that. Please note that I haven't removed white spaces from the files that got moved around. I only covered the stuff I added in the current files. Summary --- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732. https://issues.apache.org/jira/browse/HBASE-5732 Diffs (updated) - http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/AdminProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/client/ClientProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/RegionServerStatusProtocol.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1335370 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270915#comment-13270915 ] Hadoop QA commented on HBASE-5732: -- -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12526048/rpcengine-merge.9.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 37 new or modified tests. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 26 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.hbase.master.TestMXBean Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1802//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1802//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1802//console This message is automatically generated. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.7.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13270936#comment-13270936 ] Zhihong Yu commented on HBASE-5732: --- I looped TestMXBean 4 times with patch v9 and they (master and regionserver) passed. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: 5732-rpcengine-merge.7.patch, rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.9.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13268394#comment-13268394 ] Devaraj Das commented on HBASE-5732: Yeah I should have commented back on RB.. Sorry about that. I'll upload a patch once I am done with the manual testing with kerberos (very soon). Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13267270#comment-13267270 ] Devaraj Das commented on HBASE-5732: bq. There is no corresponding remove of the /security directory. Should it be included here? Yeah, it shouldn't be there. However, I generated the patch with --no-diff-deleted and hence these files still show up but if you download the patch you will see a bunch of lines that say Index: security/... (deleted). The person who commits needs to be aware of this I guess and run the appropriate svn commands. bq. I don't see you regenerating pb stuff after making these changes in this proto file There is actually - RPCProtos.java. bq. What is this? Mistake? (comment to do with the conf file change). I merged in the stuff from hbase-site.xml from the security/src/test/resources into the src/test/resources one since the security one would go away (yeah you won't know about it unless you do a manual diff of the two hbase-site.xml files). I am in the process of setting up a secure cluster etc. for some manual testing.. Fingers crossed. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13267933#comment-13267933 ] stack commented on HBASE-5732: -- DD, you can comment over in rb too -- that'd be better actually since our comments will then be interlaced (they'll show up in here then after you 'publish' them on rb). All above sounds good. You going to do another version of this patch to address other review items? bq. I am in the process of setting up a secure cluster etc. for some manual testing.. Fingers crossed. X Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13266994#comment-13266994 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7488 --- http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java https://reviews.apache.org/r/4953/#comment16579 This exception should be at top level in hbase? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java https://reviews.apache.org/r/4953/#comment16578 This class should go up to the top level of hbase and not be hidden down here in security now it is used by both secure and insecure hbase? http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto https://reviews.apache.org/r/4953/#comment16580 I missed this page of edits. There is no corresponding remove of the /security directory. Should it be included here? http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto https://reviews.apache.org/r/4953/#comment16581 So, if no user, its insecure hbase? Good. I don't see you regenerating pb stuff after making these changes in this proto file. http://svn.apache.org/repos/asf/hbase/trunk/src/test/resources/hbase-site.xml https://reviews.apache.org/r/4953/#comment16582 What is this? Mistake? - Michael On 2012-05-01 20:27:30, Devaraj Das wrote: bq. bq. --- bq. This is an automatically generated e-mail. To reply, visit: bq. https://reviews.apache.org/r/4953/ bq. --- bq. bq. (Updated 2012-05-01 20:27:30) bq. bq. bq. Review request for Ted Yu, Michael Stack and Andrew Purtell. bq. bq. bq. Summary bq. --- bq. bq. Reviewboard request for HBASE-5732 bq. bq. bq. This addresses bug HBASE-5732. bq. https://issues.apache.org/jira/browse/HBASE-5732 bq. bq. bq. Diffs bq. - bq. bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1332383 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1332383 bq.http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1332383 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1332383 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/Status.java 1332383 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1332383 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1332383 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1332383 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13266042#comment-13266042 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/ --- Review request for Ted Yu, Michael Stack and Andrew Purtell. Summary --- Reviewboard request for HBASE-5732 This addresses bug HBASE-5732. https://issues.apache.org/jira/browse/HBASE-5732 Diffs - http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/Status.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/User.java 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlFilter.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/Permission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationKey.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationProtocol.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenIdentifier.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSecretManager.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/AuthenticationTokenSelector.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/TokenUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/token/ZKSecretWatcher.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/main/protobuf/RPC.proto 1332383 http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java PRE-CREATION http://svn.apache.org/repos/asf/hbase/trunk/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java PRE-CREATION
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13266222#comment-13266222 ] jirapos...@reviews.apache.org commented on HBASE-5732: -- --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/4953/#review7455 --- Here's a quick review of this fat patch. Good stuff. http://svn.apache.org/repos/asf/hbase/trunk/pom.xml https://reviews.apache.org/r/4953/#comment16446 Now the underlying hadoop must support all the security apis? If not present, will we compile? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java https://reviews.apache.org/r/4953/#comment16448 Should this security stuff be moved down here into ipc package? Is it only place where security is referenced? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java https://reviews.apache.org/r/4953/#comment16452 So, if underlying hadoop does not have these classes, we'll fail the build? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java https://reviews.apache.org/r/4953/#comment16453 Should this be a fail? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java https://reviews.apache.org/r/4953/#comment16457 ditto comment from above http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java https://reviews.apache.org/r/4953/#comment16458 Can you not give byte array to pb to parse? Use builder and mergeFrom? Not important. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java https://reviews.apache.org/r/4953/#comment16459 Has to be public? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java https://reviews.apache.org/r/4953/#comment16460 This is a pity removing the static? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java https://reviews.apache.org/r/4953/#comment16461 Removing this static is good though. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java https://reviews.apache.org/r/4953/#comment16462 Where do these get shut down? http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java https://reviews.apache.org/r/4953/#comment16463 This stuff is copied over from the /security dir in hbase? Are there corresponding deletes? What about some tests? - Michael On 2012-05-01 20:27:30, Devaraj Das wrote: bq. bq. --- bq. This is an automatically generated e-mail. To reply, visit: bq. https://reviews.apache.org/r/4953/ bq. --- bq. bq. (Updated 2012-05-01 20:27:30) bq. bq. bq. Review request for Ted Yu, Michael Stack and Andrew Purtell. bq. bq. bq. Summary bq. --- bq. bq. Reviewboard request for HBASE-5732 bq. bq. bq. This addresses bug HBASE-5732. bq. https://issues.apache.org/jira/browse/HBASE-5732 bq. bq. bq. Diffs bq. - bq. bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java 1332383 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/ConnectionHeader.java 1332383 bq.http://svn.apache.org/repos/asf/hbase/trunk/pom.xml 1332383 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java 1332383 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/Status.java 1332383 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/ipc/WritableRpcEngine.java 1332383 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/protobuf/generated/RPCProtos.java 1332383 bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/AccessDeniedException.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBasePolicyProvider.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java PRE-CREATION bq. http://svn.apache.org/repos/asf/hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java PRE-CREATION bq.
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13266228#comment-13266228 ] Zhihong Yu commented on HBASE-5732: --- Latest patch runs security unit tests in default profile. This requires zookeeper 3.4.x Is that Okay for 0.96 ? Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13266247#comment-13266247 ] Devaraj Das commented on HBASE-5732: bq. Latest patch runs security unit tests in default profile. This requires zookeeper 3.4.x @Ted, the file pom.xml already has a dependency on zookeeper-3.4.3... bq. Now the underlying hadoop must support all the security apis? If not present, will we compile? @Stack, yes, this will necessitate hadoop-1.0++.. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13266256#comment-13266256 ] stack commented on HBASE-5732: -- @Deveraj We ship with 3.4.x but do not require that you run a 3.4.x ensemble. Its only required if you enable security. We would like to keep it so that if you are not running secure hbase, then you do not need a 3.4 ensemble. Does your patch change this story? Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13266260#comment-13266260 ] Devaraj Das commented on HBASE-5732: No this patch doesn't change anything to do with ZK dependencies.. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13266326#comment-13266326 ] Hadoop QA commented on HBASE-5732: -- -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12525191/rpcengine-merge.4.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 37 new or modified tests. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 38 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.hbase.replication.TestReplication Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1717//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1717//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1717//console This message is automatically generated. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.4.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13261325#comment-13261325 ] Andrew Purtell commented on HBASE-5732: --- Only the secure RPC basics have been merged. Please reread my above comments about TokenProvider and AccessController. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13261738#comment-13261738 ] Zhihong Yu commented on HBASE-5732: --- Since AccessController and TokenProvider coprocessors remain after this merge, my point was that we need to keep security profile for running the unit tests related to these coprocessors. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13261853#comment-13261853 ] Devaraj Das commented on HBASE-5732: In the last patch, I missed adding the AuthenticationTokenSecretManager instantiation in the default RPC engine (and a security unit test failed). I've taken that into consideration now.. Andrew, how about instantiating the AuthenticationTokenSecretManager (that has dependency on ZK) only if isSecurityEnabled() returns true.. The problem with this is that the unit tests also won't instantiate the manager.. for unit tests, maybe we can have a minimal RpcEngine implementation that returns a Server object that internally instantiates the AuthenticationTokenSecretManager unconditionally.. Would that work? Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13260280#comment-13260280 ] stack commented on HBASE-5732: -- @Devaraj If this patch only works against 1.0.x hadoop, what do we do when we want to run hbase 0.96 on hadoop 2.0.x? Here is some more feedback on posted patch: Its big! Its mostly deletes and generated code though thankfully. So, you are going to move to UGI over User? Are you going to get rid of the security dir that is at top level in hbase? Is there anything left in it after this patch? What kind of hadoop will be required? One that supports security: i.e. apache hadoop 1.0.x, 2.0.x? And then for the others? The will need to have an answer for the security methods? Just remove rather than do this commenting out: {code} -builder.setError(error != null); +//builder.setStatus( {code} This is going to make a copy of the response? {code} + token = connection.saslServer.wrap(buf.array(), + buf.arrayOffset(), buf.remaining()); {code} Do we have to? Can't we feed it out on the output stream, first the wrapping, then the response? Any tests? Good stuff. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13260488#comment-13260488 ] Andrew Purtell commented on HBASE-5732: --- The only thing in security/ after the RPC engine merge should be the AccessController and TokenProvider coprocessors. TokenProvider will be needed for authenticating MR jobs when secure HBase RPC is enabled. AccessController is optional and provides per CF ACLs. Unfortunately one must .wrap(), the SASL layer requires it. In the event the user negotiates auth-conf and probably also auth-int then failure to wrap the payload will send junk. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13260780#comment-13260780 ] Devaraj Das commented on HBASE-5732: bq. HBase Cyclic Replication Issue: some data are missing in the replication for intensive write Yes, the last patch has only these. bq. What kind of hadoop will be required? One that supports security: i.e. apache hadoop 1.0.x, 2.0.x? Yes. For others like 3.0.x, if the API compatibility is not broken (shim'ed in User.java), things will continue to work. In case the API changes, User.java needs to take those into consideration in the shim. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13260782#comment-13260782 ] Devaraj Das commented on HBASE-5732: Sorry my copy-paste buffer was stale (it could have been worse!). I meant to say Yes, the last patch has only these to Andrew's last comment The only thing in security/ after the RPC engine merge should be the AccessController and TokenProvider coprocessors. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13261312#comment-13261312 ] Andrew Purtell commented on HBASE-5732: --- TokenProvider is an interesting issue. On the one hand it pulls in new runtime dependencies on ZooKeeper (it will abort the RS if shared private keys for creating MR job tokens cannot be synced or rolled); on the other, authentication for HBase clients in MR jobs when HBase RPC security is enabled must happen via a token based mechanism such as TokenProvider provides. In production we've found that sharing state in ZK as TokenProvider does introduces new cases of RS aborts when the network has issues. Whether the RS would have gone down anyway is a good possibility. We could leave it aside as a CP that people must use if they want to run MR jobs with secure RPC, or consider folding it in as well as a follow on JIRA, along with possible design changes. However I think the design is pretty good, and it's proven in production, and ZK disconnects are an issue elsewhere as well. But increasing the cases where ZK disconnects can be a problem should be considered. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13261318#comment-13261318 ] Zhihong Yu commented on HBASE-5732: --- Now that security profile is gone in patch v2, the build would be intrinsically secure HBase ? Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.3.patch, rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13258819#comment-13258819 ] Andrew Purtell commented on HBASE-5732: --- bq. I'll revert User.java and have it only support hadoop-1.0++. Sounds reasonable? Sounds good, thanks Devaraj. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13258626#comment-13258626 ] Devaraj Das commented on HBASE-5732: bq. On review board, it is obvious where white spaces are introduced Zhihong, could you please put a link to the reviewboard for this jira please (I don't seem to be able to locate it easily).. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13258628#comment-13258628 ] Devaraj Das commented on HBASE-5732: I forgot to mention that I'll keep the User shim as it is (please let me know if this doesn't seem right). So most of the changes will be in HBaseServer/HBaseClient files. Will upload a patch tonight or over the weekend (sorry for the delay). Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13258632#comment-13258632 ] Zhihong Yu commented on HBASE-5732: --- Start with https://reviews.apache.org/r/new/: select hbase for Repository and '/' for Base Directory Use Browse to locate your patch. Press 'Create New Request' button. On the next screen, enter hbase for Group. Once required fields are filled, you should be able to publish your latest patch. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13258634#comment-13258634 ] Devaraj Das commented on HBASE-5732: Ah I thought you had uploaded the patch on reviewboard and I could use that .. Never mind. I'll take care.. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13258637#comment-13258637 ] Zhihong Yu commented on HBASE-5732: --- Only the review requester can update the patch for the review. So the person composing the patch should be creating review request. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Assignee: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13257053#comment-13257053 ] Zhihong Yu commented on HBASE-5732: --- We haven't put zookeeper 3.4.x as requirement for 0.96 yet. In testing this work, please make sure zookeeper 3.3.x ensemble can be used for the insecure RPC. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13255345#comment-13255345 ] Andrew Purtell commented on HBASE-5732: --- The reason the User abstraction exists is because the UserGroupInformation API is inconsistent between Hadoop versions. Has this patch been tested on all of 1.0, 0.23/2.0, 0.22 etc.? Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13255360#comment-13255360 ] Devaraj Das commented on HBASE-5732: Thanks, Zhihong for the detailed comments. I'll address your comments, and answer your questions, in the next iteration. Andrew, this patch hasn't been tested yet. But if it is made to run with hadoop-1.0, I am pretty sure that it will run on all the versions post 1.0. The UGI class of Hadoop hasn't changed incompatibly since 1.0. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13255398#comment-13255398 ] Andrew Purtell commented on HBASE-5732: --- bq. Andrew, this patch hasn't been tested yet. But if it is made to run with hadoop-1.0, I am pretty sure that it will run on all the versions post 1.0. The UGI class of Hadoop hasn't changed incompatibly since 1.0. I'm all for removing shims and hacks wherever possible, but if we end up here again then this just churns our API along with Hadoop core. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13255765#comment-13255765 ] Devaraj Das commented on HBASE-5732: bq. I'm all for removing shims and hacks wherever possible, but if we end up here again then this just churns our API along with Hadoop core. Andrew, over in Hadoop, there is a discussion around making some of the APIs in UGI public (and bound to contracts :-) ) but maybe you are right - things could change even then. I'll revert User.java and have it only support hadoop-1.0++. Sounds reasonable? Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13255767#comment-13255767 ] Devaraj Das commented on HBASE-5732: bq. over in Hadoop, there is a discussion around making some of the APIs in UGI public The Hadoop jira is HADOOP-8152 Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13255267#comment-13255267 ] Zhihong Yu commented on HBASE-5732: --- I got some compilation errors: {code} [ERROR] /Users/zhihyu/trunk-hbase/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java:[66,45] package org.apache.hadoop.hbase.security.token does not exist [ERROR] [ERROR] /Users/zhihyu/trunk-hbase/src/main/java/org/apache/hadoop/hbase/mapreduce/TableMapReduceUtil.java:[227,8] cannot find symbol [ERROR] symbol : variable TokenUtil [ERROR] location: class org.apache.hadoop.hbase.mapreduce.TableMapReduceUtil [ERROR] [ERROR] /Users/zhihyu/trunk-hbase/src/main/java/org/apache/hadoop/hbase/mapred/TableMapReduceUtil.java:[175,8] cannot find symbol [ERROR] symbol : variable TokenUtil [ERROR] location: class org.apache.hadoop.hbase.mapred.TableMapReduceUtil [ERROR] [ERROR] /Users/zhihyu/trunk-hbase/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java:[240,51] package AuthenticationTokenIdentifier does not exist [ERROR] [ERROR] /Users/zhihyu/trunk-hbase/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java:[241,12] cannot find symbol [ERROR] symbol : class AuthenticationTokenSelector [ERROR] location: class org.apache.hadoop.hbase.ipc.HBaseClient {code} Still going through the big patch. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13255281#comment-13255281 ] Zhihong Yu commented on HBASE-5732: --- I put the patch on review board, below are comments for the first page. For disposeSasl(): {code} +} catch (IOException ioe) { + LOG.info(Error disposing of SASL client, ioe); +} {code} The above log should be at error level. {code} +private synchronized boolean setupSaslConnection(final InputStream in2, +final OutputStream out2) +throws IOException { {code} The 'throws' should be on the same line as parameter 'out2'. For handleSaslConnectionFailure(): {code} + if (ex instanceof RemoteException) +throw (RemoteException)ex; + throw new IOException(ex); {code} I think the if statement should check for IOException so that we don't create IOException wrapping ex, another IOException. {code} +private void writeHeader() throws IOException { + // Write out the ConnectionHeader + out.writeInt(header.getSerializedSize()); + header.writeTo(out); +} {code} Do we need to call out.flush() at the end of the above method ? {code} + if (closeException == null) { +if (!calls.isEmpty()) { + LOG.warn( + A connection is closed for no cause and calls are not empty); + + // clean up calls anyway + closeException = new IOException(Unexpected closed connection); {code} Should we record the size of calls in the above warning and IOE ? Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13255282#comment-13255282 ] Devaraj Das commented on HBASE-5732: Thanks, Zhihong for the review. I forgot to mention that the build should be done with the security profile turned on. I'll fix that shortly.. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13255285#comment-13255285 ] Zhihong Yu commented on HBASE-5732: --- Thanks for the hint about compilation, Devaraj. Would it make sense to change security profile to the default profile (insecure build doesn't compile) ? For HBaseServer.setResponse(): {code} +long hint = ohint.getWritableSize() + Bytes.SIZEOF_INT + Bytes.SIZEOF_INT; {code} The two Bytes.SIZEOF_INT can be written as Bytes.SIZEOF_INT*2. {code} -builder.setError(error != null); +//builder.setStatus( {code} The above comment can be removed. {code} - ByteBuffer bb = buf.getByteBuffer(); - bb.position(0); - this.response = bb; + this.response = buf.getByteBuffer(); {code} Why was the position(0) call removed ? Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13255320#comment-13255320 ] Zhihong Yu commented on HBASE-5732: --- On review board, it is obvious where white spaces are introduced. {code} +private void wrapWithSasl(ByteBufferOutputStream response) +throws IOException { + if (connection.useSasl) { {code} I suggest checking !connection.useSasl so that we can return early - this is minor. {code} +private void saslReadAndProcess(byte[] saslToken) throws IOException, +InterruptedException { + if (!saslContextEstablished) { {code} The else branch starting at line 1313 is much shorter than the if branch. Consider handling the saslContextEstablished case first and return. This would save indentation for the !saslContextEstablished case. {code} +private void disposeSasl() { + if (saslServer != null) { +try { + saslServer.dispose(); {code} Please assign null to saslServer after the dispose() call. In readAndProcess(): {code} + if (dataLength 0) { +LOG.warn(Unexpected data length + dataLength + !! from + +getHostAddress()); + } data = ByteBuffer.allocate(dataLength); {code} When dataLength is negative, the allocate() call would throw IllegalArgumentException. It would be nice to change the above LOG.warn() into IllegalArgumentException. {code} +TokenUtil.obtainTokenForJob(job,UserGroupInformation.getCurrentUser()); {code} Please add a space after comma. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Attachments: rpcengine-merge.patch Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13247681#comment-13247681 ] stack commented on HBASE-5732: -- Sounds good. You on this DD? Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-5732) Remove the SecureRPCEngine and merge the security-related logic in the core engine
[ https://issues.apache.org/jira/browse/HBASE-5732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13247700#comment-13247700 ] Devaraj Das commented on HBASE-5732: I will take a stab at this. Remove the SecureRPCEngine and merge the security-related logic in the core engine -- Key: HBASE-5732 URL: https://issues.apache.org/jira/browse/HBASE-5732 Project: HBase Issue Type: Improvement Reporter: Devaraj Das Remove the SecureRPCEngine and merge the security-related logic in the core engine. Follow up to HBASE-5727. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira