Return-Path: X-Original-To: apmail-hbase-dev-archive@www.apache.org Delivered-To: apmail-hbase-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1382A77F3 for ; Tue, 1 Nov 2011 19:10:07 +0000 (UTC) Received: (qmail 34700 invoked by uid 500); 1 Nov 2011 19:10:06 -0000 Delivered-To: apmail-hbase-dev-archive@hbase.apache.org Received: (qmail 34661 invoked by uid 500); 1 Nov 2011 19:10:06 -0000 Mailing-List: contact dev-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hbase.apache.org Delivered-To: mailing list dev@hbase.apache.org Received: (qmail 34653 invoked by uid 99); 1 Nov 2011 19:10:06 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 Nov 2011 19:10:06 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of yuzhihong@gmail.com designates 74.125.82.169 as permitted sender) Received: from [74.125.82.169] (HELO mail-wy0-f169.google.com) (74.125.82.169) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 Nov 2011 19:09:59 +0000 Received: by wyg24 with SMTP id 24so2852362wyg.14 for ; Tue, 01 Nov 2011 12:09:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=iD6rsrpY5MY34gG+7vq16jVQjRbcI04NRAhFe5IDpco=; b=YzdoKBfocW+xUuK0J5r7VrvJt1mXDggpjrG1owS17Z3zwTkbq8EaV7N1S61YFC1yeW 1MN+imVqBGgtnNpf6QhSOskCf4ZGoQ6YRdFbezIbMY8NGNM96695H8KBP7QEwEsPByJF FMJ721d56YIP+J6AML1DYPFcd14BdCPEYzVyY= MIME-Version: 1.0 Received: by 10.216.14.78 with SMTP id c56mr288235wec.6.1320174579139; Tue, 01 Nov 2011 12:09:39 -0700 (PDT) Received: by 10.216.45.78 with HTTP; Tue, 1 Nov 2011 12:09:38 -0700 (PDT) Date: Tue, 1 Nov 2011 12:09:38 -0700 Message-ID: Subject: HBase with security build Was: An 0.92.0 Release Candidate this week? From: Ted Yu To: dev@hbase.apache.org Content-Type: multipart/alternative; boundary=001485f1a0d6d4c37304b0b118b6 X-Virus-Checked: Checked by ClamAV on apache.org --001485f1a0d6d4c37304b0b118b6 Content-Type: text/plain; charset=ISO-8859-1 I like the notion of HBase with security wouldn't impact HBase core. But to make HBase with security available to wider audience, we really should create a Jenkins build which enables security profile. Also, it would be nice if developers outside TrendMicro can participate in the discussion / development of security feature - as Gary pointed out toward the end of his email. Cheers On Tue, Nov 1, 2011 at 12:00 PM, Gary Helmling wrote: > I'd like to lobby for the security patches (HBASE-2742 and HBASE-3025) > going in to 0.92. This may sound like a big change at this stage, but > in reality the impact on current HBase core is pretty contained: > > * HBASE-2742 adds a "security" profile to the build, which only > includes the security sources (security/src/...) if enabled. The > changes to core code in this patch mostly just enable subclassing of > HBaseClient and HBaseServer for implementation of the SecureRpcEngine. > > * HBASE-3025 adds classes to the "security" source tree to implement > authorization checking. These break down into: > - an AccessController coprocessor implementation for authorization > checking. If not enabled, this code has no impact on core. > - additional shell commands for ACL manipulation: grant, revoke, > user_permission. These implementations check for existence of the > security classes on the classpath and will fail gracefully with an > error message that security is not available. > > The use of a maven profile means that security components will only be > included in the build when activated (mvn ... -P security), so we can > continue to do builds and releases without the security components, if > needed. To start with, we may want to do separate release packages > for the base HBase version vs. HBase with security (0.92.0 and > 0.92.0-security), so that only those interested in using the security > features need be impacted by them. > > At Trend, we've been running a release with HBase security for the > past 6 months in production, so it's been proven to work for us. I > know that there are other groups interested in working with HBase > security on 0.92, so I would really like to find a way meet that need. > At the same time, all of the security components have been built to > be optionally enabled, so I think there is very little risk to core by > including it. > > --gh > > On Mon, Oct 31, 2011 at 11:16 AM, Stack wrote: > > There's just a few issues left. Check it out: > > https://issues.apache.org/jira/browse/HBASE/fixforversion/12314223 > > > > I'm hoping we can kill these last few and post an RC this week. If > > there is anything you crew could do to help along the RC, I would > > appreciate the hand (Or, if there is something you think has to make > > it into 0.92.0, please speak up). > > > > Thanks all, > > St.Ack > > > --001485f1a0d6d4c37304b0b118b6--