hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Busbey (JIRA)" <j...@apache.org>
Subject [jira] [Reopened] (HBASE-12745) Visibility Labels: support visibility labels for user groups.
Date Fri, 23 Jan 2015 22:47:35 GMT

     [ https://issues.apache.org/jira/browse/HBASE-12745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Sean Busbey reopened HBASE-12745:

I think this may have broken compat promises going from 0.98 -> 1.0.

These methods are in classes marked IA.Public:

* VisibilityLabelService.getAuth(byte[], boolean)
* VisibilityLabelService.havingSystemAuth(byte[])

They've been in 0.98 releases (since 0.98.6) and will be marked deprecated as of the 0.98.10
release. In branch-1.0 / branch-1.1 they're removed.

Since they're IA.Public, shouldn't they be deprecated for a full major version before removal?
That would mean they need to stick around for all of 1.x.

In particular, as-is this would require users with custom VisibilityLabelService implementations
to deal with a source compatibility issue prior to doing a rolling upgrade from 0.98.6+ ->
1.0. If we don't maintain compatibility across 1.x, we should call this out in the release

> Visibility Labels:  support visibility labels for user groups.
> --------------------------------------------------------------
>                 Key: HBASE-12745
>                 URL: https://issues.apache.org/jira/browse/HBASE-12745
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.0.0, 0.98.9, 0.99.2
>            Reporter: Jerry He
>            Assignee: Jerry He
>             Fix For: 1.0.0, 2.0.0, 0.98.10, 1.1.0
>         Attachments: HBASE-12745-master-v1.patch, HBASE-12745-master-v2.patch, HBASE-12745-master-v3.patch,
HBASE-12745-master-v4.patch, HBASE-12745-master-v5.patch, HBASE-12745-master-v6.patch, HBASE-12745-master-v7.patch,
HBASE-12745-v7-0.98-with-update.patch, HBASE-12745-v7-0.98.patch, HBASE-12745-v7-branch1.patch
> The thinking is that we should support visibility labels to be associated with user groups.
> We will then be able grant visibility labels to a group in addition to individual users,
which provides convenience and usability.
> We will use '@group' to denote a group name, as similarly done in AcccessController.
> For example, 
> {code}
> set_auths '@group1', ['SECRET','PRIVATE']
> {code}
> {code}
> get_auth '@group1'
> {code}
> A user belonging to 'group1' will have all the visibility labels granted to 'group1'
> We'll also support super user groups as specified in hbase-site.xml.
> The code update will mainly be on the server side VisibilityLabelService implementation.

This message was sent by Atlassian JIRA

View raw message