You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Laxman (JIRA)" <ji...@apache.org> on 2012/05/25 06:32:23 UTC
[jira] [Created] (HBASE-6092) Authorize flush, split operations in
AccessController
Laxman created HBASE-6092:
-----------------------------
Summary: Authorize flush, split operations in AccessController
Key: HBASE-6092
URL: https://issues.apache.org/jira/browse/HBASE-6092
Project: HBase
Issue Type: Sub-task
Components: security
Reporter: Laxman
Assignee: Laxman
Currently, some operations like flush and split are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Lars Hofhansl (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lars Hofhansl closed HBASE-6092.
--------------------------------
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.94.1, 0.96.0
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.94.1, 0.96.0
>
> Attachments: HBASE-6092.1.patch, HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Laxman updated HBASE-6092:
--------------------------
Status: Patch Available (was: Open)
New patch attached for review after fixing review comments and my observation.
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.1.patch, HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Laxman updated HBASE-6092:
--------------------------
Fix Version/s: 0.94.1
0.96.0
Affects Version/s: 0.94.1
0.96.0
0.94.0
Status: Patch Available (was: Open)
Patch as per the above approach.
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13294158#comment-13294158 ]
Laxman commented on HBASE-6092:
-------------------------------
Thanks Andy.
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.1.patch, HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13292441#comment-13292441 ]
Laxman commented on HBASE-6092:
-------------------------------
Following is the approach I'm planning to proceed with.
1) split, compact and flush - authorize in AccessController using existing hooks.
2) pre/postSplit, pre/postCompact, pre/postFlush - signature in RegionObserver interface should be inline with other methods. [add missing throws clause]
3) if this operation is user triggered, authorization should be done with request user. otw, with system principal. [i guess this is implicitly taken care in AccessController.getActiveUser()]
please validate.
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13294067#comment-13294067 ]
Hudson commented on HBASE-6092:
-------------------------------
Integrated in HBase-0.94 #255 (See [https://builds.apache.org/job/HBase-0.94/255/])
HBASE-6092. Authorize flush, split, compact operations in AccessController (Laxman) (Revision 1349597)
Result = SUCCESS
apurtell :
Files :
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
* /hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
* /hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionObserver.java
* /hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionObserver.java
* /hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/regionserver/RegionCoprocessorHost.java
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.1.patch, HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Laxman updated HBASE-6092:
--------------------------
Attachment: HBASE-6092.1.patch
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.1.patch, HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Andrew Purtell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Purtell updated HBASE-6092:
----------------------------------
Resolution: Fixed
Hadoop Flags: Reviewed
Status: Resolved (was: Patch Available)
Committed to trunk and 0.94 branch. TestAccessController passes locally. Thanks for the patch Laxman!
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.1.patch, HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Laxman updated HBASE-6092:
--------------------------
Attachment: HBASE-6092.patch
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Andrew Purtell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13293997#comment-13293997 ]
Andrew Purtell commented on HBASE-6092:
---------------------------------------
+1 on HBASE-6092.1.patch
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.1.patch, HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13293309#comment-13293309 ]
Hadoop QA commented on HBASE-6092:
----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12531662/HBASE-6092.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 hadoop2.0. The patch compiles against the hadoop 2.0 profile.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
-1 findbugs. The patch appears to introduce 5 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.hbase.coprocessor.TestRowProcessorEndpoint
org.apache.hadoop.hbase.regionserver.TestSplitTransactionOnCluster
org.apache.hadoop.hbase.regionserver.TestSplitLogWorker
org.apache.hadoop.hbase.replication.TestReplication
org.apache.hadoop.hbase.master.TestSplitLogManager
Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/2139//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2139//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2139//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/2139//console
This message is automatically generated.
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13294060#comment-13294060 ]
Hudson commented on HBASE-6092:
-------------------------------
Integrated in HBase-TRUNK #3019 (See [https://builds.apache.org/job/HBase-TRUNK/3019/])
HBASE-6092. Authorize flush, split, compact operations in AccessController (Laxman) (Revision 1349596)
Result = SUCCESS
apurtell :
Files :
* /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionObserver.java
* /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionObserver.java
* /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionCoprocessorHost.java
* /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
* /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.1.patch, HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Laxman updated HBASE-6092:
--------------------------
Status: Open (was: Patch Available)
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Andrew Purtell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13293122#comment-13293122 ]
Andrew Purtell commented on HBASE-6092:
---------------------------------------
Let's look at flush as an example. If HRegionServer.flushRegion -> HRegion.flushcache -> coprocessor.preFlush, then AccessController.getActiveUser will find the user making the request in the RPC request context. Otherwise getActiveUser will substitute the system principal. Thus ADMIN permission must be granted to the system principal or flushes will fail. ADMIN permission is granted to the system principal by AccessController code when it initializes. As long as that doesn't change, this is ok.
Please update the comments in the tests you added. TestCompact does not verify that superuser and admin can create tables, etc. Otherwise the patch looks good.
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13293570#comment-13293570 ]
Laxman commented on HBASE-6092:
-------------------------------
bq. -1 findbugs
This patch does not introduce any findbugs.
bq. -1 core tests
Verified these testcases. Passing locally. Failures are not relevant to the patch.
Please review the patch.
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.1.patch, HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13400027#comment-13400027 ]
Hudson commented on HBASE-6092:
-------------------------------
Integrated in HBase-0.94-security #37 (See [https://builds.apache.org/job/HBase-0.94-security/37/])
HBASE-6092. Authorize flush, split, compact operations in AccessController (Laxman) (Revision 1349597)
Result = SUCCESS
apurtell :
Files :
* /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
* /hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
* /hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionObserver.java
* /hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionObserver.java
* /hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/regionserver/RegionCoprocessorHost.java
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.1.patch, HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13294396#comment-13294396 ]
Hudson commented on HBASE-6092:
-------------------------------
Integrated in HBase-TRUNK-on-Hadoop-2.0.0 #52 (See [https://builds.apache.org/job/HBase-TRUNK-on-Hadoop-2.0.0/52/])
HBASE-6092. Authorize flush, split, compact operations in AccessController (Laxman) (Revision 1349596)
Result = FAILURE
apurtell :
Files :
* /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionObserver.java
* /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionObserver.java
* /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionCoprocessorHost.java
* /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
* /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.1.patch, HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13293379#comment-13293379 ]
Laxman commented on HBASE-6092:
-------------------------------
Thanks for review Andy.
bq. Please update the comments in the tests you added
Copy & paste error. My mistake. Sorry.
Also, one more observation. We should throw back IOException from RegionCoprocessorHost from pre/post split/flush/compact methods using:
{code}
org.apache.hadoop.hbase.coprocessor.CoprocessorHost.handleCoprocessorThrowable(CoprocessorEnvironment, Throwable)
{code}
bq. -1 core tests.
Verified these testcases locally. And not relevant to the patch.
bq. -1 findbugs.
Verified the findbugs report. This patch does not introduce any findbugs.
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Laxman updated HBASE-6092:
--------------------------
Description: Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table. (was: Currently, some operations like flush and split are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.)
Summary: Authorize flush, split, compact operations in AccessController (was: Authorize flush, split operations in AccessController)
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6092) Authorize flush, split, compact
operations in AccessController
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HBASE-6092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13293567#comment-13293567 ]
Hadoop QA commented on HBASE-6092:
----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12531776/HBASE-6092.1.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 hadoop2.0. The patch compiles against the hadoop 2.0 profile.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
-1 findbugs. The patch appears to introduce 5 new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed these unit tests:
org.apache.hadoop.hbase.replication.TestReplication
Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/2146//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2146//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/2146//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/2146//console
This message is automatically generated.
> Authorize flush, split, compact operations in AccessController
> --------------------------------------------------------------
>
> Key: HBASE-6092
> URL: https://issues.apache.org/jira/browse/HBASE-6092
> Project: HBase
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.94.0, 0.96.0, 0.94.1
> Reporter: Laxman
> Assignee: Laxman
> Labels: acl, security
> Fix For: 0.96.0, 0.94.1
>
> Attachments: HBASE-6092.1.patch, HBASE-6092.patch
>
>
> Currently, flush, split and compaction are not checked for authorization in AccessController. With the current implementation any unauthorized client can trigger these operations on a table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira