hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars George <lars.geo...@gmail.com>
Subject Re: HBase Service Level Authorization
Date Tue, 24 Jan 2017 08:17:32 GMT
I can see how this all started:

public class HBasePolicyProvider extends PolicyProvider {
  protected static Service[] services = {
      new Service("security.client.protocol.acl", HRegionInterface.class),
      new Service("security.admin.protocol.acl", HMasterInterface.class),
      new Service("security.masterregion.protocol.acl",
HMasterRegionInterface.class)
  };

There naming made sense. But over time this got changed 3-4 times and
added the newer interface or, at last, the protobuf services. But the
current ACL name to service name is a mystery to me. Maybe we can
start the discussion there?

Lars

On Tue, Jan 24, 2017 at 8:36 AM, Lars George <lars.george@gmail.com> wrote:
> Hi,
>
> Looking at our `PolicyProvider` implementation I see this:
>
> /**
>  * Implementation of secure Hadoop policy provider for mapping
>  * protocol interfaces to hbase-policy.xml entries.
>  */
> @InterfaceAudience.Private
> public class HBasePolicyProvider extends PolicyProvider {
>   protected final static Service[] services = {
>       new Service("security.client.protocol.acl",
> ClientService.BlockingInterface.class),
>       new Service("security.client.protocol.acl",
> AdminService.BlockingInterface.class),
>       new Service("security.admin.protocol.acl",
> MasterService.BlockingInterface.class),
>       new Service("security.masterregion.protocol.acl",
> RegionServerStatusService.BlockingInterface.class)
>   };
>
> How does that all make sense? Both the `ClientService` and
> `AdminService` are controlled by the `security.client.protocol.acl`
> setting, allowing (or disallowing) access to the two client side APIs.
> But then there is the `security.admin.protocol.acl` for the
> `MasterService` that controls another half of the administrative
> calls?
>
> And then the last of them, which I presume by looking at the provided
> methods that it covers the Master-RegionServer communication. It is
> controlled by `security.masterregion.protocol.acl`... did we run out
> of characters to not name that at least
> `security.masterregionserver.protocol.acl`?
>
> Can anyone explain what we are doing here? And why?
>
> Best,
> Lars

Mime
View raw message