You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Andrew Purtell (JIRA)" <ji...@apache.org> on 2015/05/25 19:16:18 UTC

[jira] [Created] (HBASE-13771) Replication clients should not access zookeeper directly

Andrew Purtell created HBASE-13771:
--------------------------------------

             Summary: Replication clients should not access zookeeper directly
                 Key: HBASE-13771
                 URL: https://issues.apache.org/jira/browse/HBASE-13771
             Project: HBase
          Issue Type: Improvement
    Affects Versions: 0.98.12, 1.1.0, 1.0.1, 2.0.0, 1.2.0
            Reporter: Andrew Purtell
            Priority: Critical


Replication client actions set and modify znodes directly. This is legacy from an era before we had the AccessController available and missing coverage of admin action in our security model. 

All replication client actions should all be mediated by the master, and hooked up to the coprocessor framework for use by the AccessController. After adding this functionality we should should restrict access to replication znodes to only the HBase service principal, but provide a configuration option to relax those permissions for as long as older admin clients are in use (with a stern suggestion to upgrade ASAP). This type of functional change, with optional backwards compatibility, should be fine for all branches.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)