hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-14425) In Secure Zookeeper cluster superuser will not have sufficient permission if multiple values are configured in "hbase.superuser"
Date Tue, 20 Oct 2015 13:26:27 GMT

    [ https://issues.apache.org/jira/browse/HBASE-14425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14965096#comment-14965096
] 

Hadoop QA commented on HBASE-14425:
-----------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12767579/HBASE-14425-V2.patch
  against master branch at commit 60465964039acd05f43f268cdb4f909a150a0f41.
  ATTACHMENT ID: 12767579

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 9 new or modified
tests.

    {color:green}+1 hadoop versions{color}. The patch compiles with all supported hadoop versions
(2.4.0 2.4.1 2.5.0 2.5.1 2.5.2 2.6.0 2.6.1 2.7.0 2.7.1)

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 protoc{color}.  The applied patch does not increase the total number of
protoc compiler warnings.

    {color:green}+1 javadoc{color}.  The javadoc tool did not generate any warning messages.

    {color:green}+1 checkstyle{color}.  The applied patch does not increase the total number
of checkstyle errors

    {color:green}+1 findbugs{color}.  The patch does not introduce any  new Findbugs (version
2.0.3) warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:green}+1 lineLengths{color}.  The patch does not introduce lines longer than 100

  {color:green}+1 site{color}.  The mvn post-site goal succeeds with this patch.

     {color:red}-1 core tests{color}.  The patch failed these unit tests:
     

Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/16119//testReport/
Release Findbugs (version 2.0.3) 	warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/16119//artifact/patchprocess/newFindbugsWarnings.html
Checkstyle Errors: https://builds.apache.org/job/PreCommit-HBASE-Build/16119//artifact/patchprocess/checkstyle-aggregate.html

  Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/16119//console

This message is automatically generated.

> In Secure Zookeeper cluster superuser will not have sufficient permission if multiple
values are configured in "hbase.superuser"
> --------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HBASE-14425
>                 URL: https://issues.apache.org/jira/browse/HBASE-14425
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Pankaj Kumar
>            Assignee: Pankaj Kumar
>             Fix For: 2.0.0
>
>         Attachments: HBASE-14425-V2.patch, HBASE-14425.patch
>
>
> During master intialization we are setting ACLs for the znodes.
> In ZKUtil.createACL(ZooKeeperWatcher zkw, String node, boolean isSecureZooKeeper),
> {code}
>       String superUser = zkw.getConfiguration().get("hbase.superuser");
>       ArrayList<ACL> acls = new ArrayList<ACL>();
>       // add permission to hbase supper user
>       if (superUser != null) {
>         acls.add(new ACL(Perms.ALL, new Id("auth", superUser)));
>       }
> {code}
> Here we are directly setting "hbase.superuser" value to Znode which will cause an issue
when multiple values are configured. In "hbase.superuser" multiple superusers and supergroups
can be configured separated by comma. We need to iterate them and set ACL.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message