hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francis Liu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-14169) API to refreshSuperUserGroupsConfiguration
Date Wed, 26 Aug 2015 21:59:46 GMT

    [ https://issues.apache.org/jira/browse/HBASE-14169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14715596#comment-14715596
] 

Francis Liu commented on HBASE-14169:
-------------------------------------

I think we're on the same page....just different sentences. :-)

{quote}
Nope that's the public api of ProxyUsers. It's in the name of the method, in the parameters,
and in the static un-extendable code.
{quote}
Agreed. Tho I was talking about the provider that there's no guarantee it'll read from config.
The provider is read from config that is clear.

{quote}
If there's some company specific ImpersonationProvider that does different things then having
ProxyUsers.refreshSuperUserGroupsConfiguration tied to reloading config won't be harmful at
all. 
{quote}
Agreed. My point that it is clunky, even HDFS has a separate cli and client api to refresh
the super user configuration. 

Having said would you still like the patch to be changed as part of a refresh configuration
call? How do you suggest we do this for 1.x? Are we backporting refresh framework? 

[~mbertozzi] [~apurtell] Just confirming this changes are ok with you guys as well?




> API to refreshSuperUserGroupsConfiguration
> ------------------------------------------
>
>                 Key: HBASE-14169
>                 URL: https://issues.apache.org/jira/browse/HBASE-14169
>             Project: HBase
>          Issue Type: New Feature
>            Reporter: Francis Liu
>            Assignee: Francis Liu
>         Attachments: HBASE-14169.patch, HBASE-14169_2.patch, HBASE-14169_3.patch
>
>
> For deployments that use security. User impersonation (AKA doAs()) is needed for some
services (ie Stargate, thriftserver, Oozie, etc). Impersonation definitions are defined in
a xml config file and read and cached by the ProxyUsers class. Calling this api will refresh
cached information, eliminating the need to restart the master/regionserver whenever the configuration
is changed. 
> Implementation just adds another method to AccessControlService.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message