falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Venkatesh Seetharam (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-11) Add support for security in Falcon
Date Fri, 14 Feb 2014 17:56:19 GMT

    [ https://issues.apache.org/jira/browse/FALCON-11?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13901700#comment-13901700
] 

Venkatesh Seetharam commented on FALCON-11:
-------------------------------------------

I thought I have already responded to those and also added comments in the code to clarify.

bq. Why is the metaStorePrincipal only in few methods ? Looks like they are the initial set
of calls into the ...
{code}
    /**
     * Returns if the table is external or not. Executed in the workflow engine.
     *
     * @param catalogUrl url for the catalog service
     * @param database database the table belongs to
     * @param tableName tableName to check if it exists
     * @return true if external else false
     * @throws FalconException
     */
    public abstract boolean isTableExternal(String catalogUrl, String database,
                                            String tableName) throws FalconException;
{code}

bq. This would set the umask for all files created henceforth through that file system object
(which by the way is ...
This is already fixed.
{code}
            if (!fileSystem.exists(storePath)) {
                LOG.info("Creating configuration store directory: " + storePath);
                fileSystem.mkdirs(storePath);
                // set permissions so config store dir is owned by falcon alone
                FsPermission permission = new FsPermission(FsAction.ALL, FsAction.EXECUTE,
FsAction.NONE);
                fileSystem.setPermission(storePath, permission);
            }
{code}

bq. Guava ?
I have already responded in the comment saying I needed only 2 methods on one class and did
not warrant importing a lib for that. Pls open a jira if you think thats a better approach
instead of blocking this jira.

bq. Might be handy to have more java docs in here to explain a new reader on what is the role
...
This is also done.

bq. Sane defaults have been removed. Is it intentional ?
This can be set in startup.properties and is already responded in the RB.

bq. Except for detectChanges() all other functions are invoked in the MR job, which is already
running as the workflow user. ...
This is taken care of in the code. Are you looking at the latest patch?


> Add support for security in Falcon
> ----------------------------------
>
>                 Key: FALCON-11
>                 URL: https://issues.apache.org/jira/browse/FALCON-11
>             Project: Falcon
>          Issue Type: Improvement
>    Affects Versions: 0.4, 0.3
>            Reporter: Venkatesh Seetharam
>            Assignee: Venkatesh Seetharam
>              Labels: security
>         Attachments: FALCON-11-v1.patch, FALCON-11.patch
>
>   Original Estimate: 336h
>  Remaining Estimate: 336h
>
> The following is the break up of tasks for Falcon to be secure and work with secure Hadoop.
> 1. Secure Falcon daemon - needs to login with keytabs
> 2. Secure Hadoop client interface - HDFS
> 3. Secure Oozie client interface
> 4. Secure Falcon Web Interface
> 5. Secure Falcon Client Interface
> ..etc.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message