Mailing-List: contact dev-help@falcon.incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@falcon.incubator.apache.org
Date: Fri, 14 Feb 2014 17:56:19 +0000 (UTC)
From: "Venkatesh Seetharam (JIRA)" <jira@apache.org>
To: dev@falcon.incubator.apache.org
Message-ID: <JIRA.12647281.1368442174863.44696.1392400579807@arcas>
In-Reply-To: <JIRA.12647281.1368442174863@arcas>
References: <JIRA.12647281.1368442174863@arcas>
Subject: [jira] [Commented] (FALCON-11) Add support for security in Falcon
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


    [ https://issues.apache.org/jira/browse/FALCON-11?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13901700#comment-13901700 ] 

Venkatesh Seetharam commented on FALCON-11:
-------------------------------------------

I thought I have already responded to those and also added comments in the code to clarify.

bq. Why is the metaStorePrincipal only in few methods ? Looks like they are the initial set of calls into the ...
{code}
    /**
     * Returns if the table is external or not. Executed in the workflow engine.
     *
     * @param catalogUrl url for the catalog service
     * @param database database the table belongs to
     * @param tableName tableName to check if it exists
     * @return true if external else false
     * @throws FalconException
     */
    public abstract boolean isTableExternal(String catalogUrl, String database,
                                            String tableName) throws FalconException;
{code}

bq. This would set the umask for all files created henceforth through that file system object (which by the way is ...
This is already fixed.
{code}
            if (!fileSystem.exists(storePath)) {
                LOG.info("Creating configuration store directory: " + storePath);
                fileSystem.mkdirs(storePath);
                // set permissions so config store dir is owned by falcon alone
                FsPermission permission = new FsPermission(FsAction.ALL, FsAction.EXECUTE, FsAction.NONE);
                fileSystem.setPermission(storePath, permission);
            }
{code}

bq. Guava ?
I have already responded in the comment saying I needed only 2 methods on one class and did not warrant importing a lib for that. Pls open a jira if you think thats a better approach instead of blocking this jira.

bq. Might be handy to have more java docs in here to explain a new reader on what is the role ...
This is also done.

bq. Sane defaults have been removed. Is it intentional ?
This can be set in startup.properties and is already responded in the RB.

bq. Except for detectChanges() all other functions are invoked in the MR job, which is already running as the workflow user. ...
This is taken care of in the code. Are you looking at the latest patch?


> Add support for security in Falcon
> ----------------------------------
>
>                 Key: FALCON-11
>                 URL: https://issues.apache.org/jira/browse/FALCON-11
>             Project: Falcon
>          Issue Type: Improvement
>    Affects Versions: 0.4, 0.3
>            Reporter: Venkatesh Seetharam
>            Assignee: Venkatesh Seetharam
>              Labels: security
>         Attachments: FALCON-11-v1.patch, FALCON-11.patch
>
>   Original Estimate: 336h
>  Remaining Estimate: 336h
>
> The following is the break up of tasks for Falcon to be secure and work with secure Hadoop.
> 1. Secure Falcon daemon - needs to login with keytabs
> 2. Secure Hadoop client interface - HDFS
> 3. Secure Oozie client interface
> 4. Secure Falcon Web Interface
> 5. Secure Falcon Client Interface
> ..etc.


--
This message was sent by Atlassian JIRA
(v6.1.5#6160)