You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Andrew Purtell (JIRA)" <ji...@apache.org> on 2014/08/01 03:07:39 UTC
[jira] [Updated] (HBASE-11384) [Visibility Controller]Check for
users covering authorizations for every mutation
[ https://issues.apache.org/jira/browse/HBASE-11384?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Purtell updated HBASE-11384:
-----------------------------------
Attachment: HBASE-11384_8-0.98.patch
Test failures reported above are due to broken precommit not this patch.
I applied the patch locally to master and got this result:
{noformat}
apurtell@acer:~/src/hbase$ mvn -DskipTests clean install && mvn test -Dtest=org.apache.hadoop.hbase.security.visibility.*
[...]
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running org.apache.hadoop.hbase.security.visibility.TestEnforcingScanLabelGenerator
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 13.158 sec
Running org.apache.hadoop.hbase.security.visibility.TestExpressionParser
Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.59 sec
Running org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsWithACL
Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 16.544 sec
Running org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsWithDistributedLogReplay
Tests run: 19, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 27.703 sec
Running org.apache.hadoop.hbase.security.visibility.TestVisibilityLabels
Tests run: 19, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 23.803 sec
Running org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsOpWithDifferentUsersNoACL
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 12.318 sec
Running org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsWithDeletes
Tests run: 37, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 61.049 sec
Running org.apache.hadoop.hbase.security.visibility.TestVisibilityWithCheckAuths
Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 13.713 sec
Running org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsWithSLGStack
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 12.385 sec
Running org.apache.hadoop.hbase.security.visibility.TestExpressionExpander
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.738 sec
Results :
Tests run: 88, Failures: 0, Errors: 0, Skipped: 0
{noformat}
Backported to 0.98 branch. Attached 0.98 version of v8 patch. All tests pass here as well.
+1
> [Visibility Controller]Check for users covering authorizations for every mutation
> ---------------------------------------------------------------------------------
>
> Key: HBASE-11384
> URL: https://issues.apache.org/jira/browse/HBASE-11384
> Project: HBase
> Issue Type: Sub-task
> Affects Versions: 0.98.3
> Reporter: ramkrishna.s.vasudevan
> Assignee: ramkrishna.s.vasudevan
> Fix For: 0.99.0, 0.98.5
>
> Attachments: HBASE-11384.patch, HBASE-11384_1.patch, HBASE-11384_2.patch, HBASE-11384_3.patch, HBASE-11384_4.patch, HBASE-11384_6.patch, HBASE-11384_7.patch, HBASE-11384_8-0.98.patch, HBASE-11384_8.patch
>
>
> As part of discussions, it is better that every mutation either Put/Delete with Visibility expressions should validate if the expression has labels for which the user has authorization. If not fail the mutation.
> Suppose User A is assoicated with A,B and C. The put has a visibility expression A&D. Then fail the mutation as D is not associated with User A.
--
This message was sent by Atlassian JIRA
(v6.2#6252)