Return-Path: X-Original-To: apmail-hbase-issues-archive@www.apache.org Delivered-To: apmail-hbase-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 21CA9D672 for ; Mon, 1 Oct 2012 17:07:08 +0000 (UTC) Received: (qmail 86509 invoked by uid 500); 1 Oct 2012 17:07:07 -0000 Delivered-To: apmail-hbase-issues-archive@hbase.apache.org Received: (qmail 86455 invoked by uid 500); 1 Oct 2012 17:07:07 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 86279 invoked by uid 99); 1 Oct 2012 17:07:07 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Oct 2012 17:07:07 +0000 Date: Tue, 2 Oct 2012 04:07:07 +1100 (NCT) From: "Ted Yu (JIRA)" To: issues@hbase.apache.org Message-ID: <694244211.148575.1349111227743.JavaMail.jiratomcat@arcas> In-Reply-To: <47674994.5503.1330561318651.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (HBASE-5498) Secure Bulk Load MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HBASE-5498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13466947#comment-13466947 ] Ted Yu commented on HBASE-5498: ------------------------------- bq. Is coprocessorService an 0.96 enhancement Yes. According to recent discussion on mailing list, support for the existing endpoint would be dropped in 0.96 If this patch adds another endpoint in the old way, 0.96 would be blocked further. @Stack, @Gary: What do you think ? > Secure Bulk Load > ---------------- > > Key: HBASE-5498 > URL: https://issues.apache.org/jira/browse/HBASE-5498 > Project: HBase > Issue Type: Improvement > Components: security > Reporter: Francis Liu > Assignee: Francis Liu > Fix For: 0.94.3, 0.96.0 > > Attachments: HBASE-5498_94.patch, HBASE-5498_94.patch, HBASE-5498_draft_94.patch, HBASE-5498_draft.patch, HBASE-5498_trunk.patch > > > Design doc: https://cwiki.apache.org/confluence/display/HCATALOG/HBase+Secure+Bulk+Load > Short summary: > Security as it stands does not cover the bulkLoadHFiles() feature. Users calling this method will bypass ACLs. Also loading is made more cumbersome in a secure setting because of hdfs privileges. bulkLoadHFiles() moves the data from user's directory to the hbase directory, which would require certain write access privileges set. > Our solution is to create a coprocessor which makes use of AuthManager to verify if a user has write access to the table. If so, launches a MR job as the hbase user to do the importing (ie rewrite from text to hfiles). One tricky part this job will have to do is impersonate the calling user when reading the input files. We can do this by expecting the user to pass an hdfs delegation token as part of the secureBulkLoad() coprocessor call and extend an inputformat to make use of that token. The output is written to a temporary directory accessible only by hbase and then bulkloadHFiles() is called. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira