hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francis Liu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-14169) API to refreshSuperUserGroupsConfiguration
Date Wed, 26 Aug 2015 21:59:46 GMT

    [ https://issues.apache.org/jira/browse/HBASE-14169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14715596#comment-14715596

Francis Liu commented on HBASE-14169:

I think we're on the same page....just different sentences. :-)

Nope that's the public api of ProxyUsers. It's in the name of the method, in the parameters,
and in the static un-extendable code.
Agreed. Tho I was talking about the provider that there's no guarantee it'll read from config.
The provider is read from config that is clear.

If there's some company specific ImpersonationProvider that does different things then having
ProxyUsers.refreshSuperUserGroupsConfiguration tied to reloading config won't be harmful at
Agreed. My point that it is clunky, even HDFS has a separate cli and client api to refresh
the super user configuration. 

Having said would you still like the patch to be changed as part of a refresh configuration
call? How do you suggest we do this for 1.x? Are we backporting refresh framework? 

[~mbertozzi] [~apurtell] Just confirming this changes are ok with you guys as well?

> API to refreshSuperUserGroupsConfiguration
> ------------------------------------------
>                 Key: HBASE-14169
>                 URL: https://issues.apache.org/jira/browse/HBASE-14169
>             Project: HBase
>          Issue Type: New Feature
>            Reporter: Francis Liu
>            Assignee: Francis Liu
>         Attachments: HBASE-14169.patch, HBASE-14169_2.patch, HBASE-14169_3.patch
> For deployments that use security. User impersonation (AKA doAs()) is needed for some
services (ie Stargate, thriftserver, Oozie, etc). Impersonation definitions are defined in
a xml config file and read and cached by the ProxyUsers class. Calling this api will refresh
cached information, eliminating the need to restart the master/regionserver whenever the configuration
is changed. 
> Implementation just adds another method to AccessControlService.

This message was sent by Atlassian JIRA

View raw message