hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-14700) Support a "permissive" mode for secure clusters to allow "simple" auth clients
Date Thu, 29 Oct 2015 03:55:27 GMT

    [ https://issues.apache.org/jira/browse/HBASE-14700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14979757#comment-14979757
] 

Hadoop QA commented on HBASE-14700:
-----------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12769456/HBASE-14700-v3.patch
  against master branch at commit 273beceae213b4ea7ee60132b874b5a99ad83e4b.
  ATTACHMENT ID: 12769456

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 3 new or modified
tests.

    {color:green}+1 hadoop versions{color}. The patch compiles with all supported hadoop versions
(2.4.0 2.4.1 2.5.0 2.5.1 2.5.2 2.6.0 2.6.1 2.7.0 2.7.1)

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 protoc{color}.  The applied patch does not increase the total number of
protoc compiler warnings.

    {color:green}+1 javadoc{color}.  The javadoc tool did not generate any warning messages.

    {color:green}+1 checkstyle{color}.  The applied patch does not increase the total number
of checkstyle errors

    {color:green}+1 findbugs{color}.  The patch does not introduce any  new Findbugs (version
2.0.3) warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:green}+1 lineLengths{color}.  The patch does not introduce lines longer than 100

  {color:green}+1 site{color}.  The mvn post-site goal succeeds with this patch.

     {color:red}-1 core tests{color}.  The patch failed these unit tests:
                       org.apache.hadoop.hbase.util.TestRegionMover

Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/16273//testReport/
Release Findbugs (version 2.0.3) 	warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/16273//artifact/patchprocess/newFindbugsWarnings.html
Checkstyle Errors: https://builds.apache.org/job/PreCommit-HBASE-Build/16273//artifact/patchprocess/checkstyle-aggregate.html

  Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/16273//console

This message is automatically generated.

> Support a "permissive" mode for secure clusters to allow "simple" auth clients
> ------------------------------------------------------------------------------
>
>                 Key: HBASE-14700
>                 URL: https://issues.apache.org/jira/browse/HBASE-14700
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>            Reporter: Gary Helmling
>            Assignee: Gary Helmling
>             Fix For: 2.0.0
>
>         Attachments: HBASE-14700-v2.patch, HBASE-14700-v3.patch, HBASE-14700.patch
>
>
> When implementing HBase security for an existing cluster, it can be useful to support
mixed secure and insecure clients while all client configurations are migrated over to secure
authentication.  
> We currently have an option to allow secure clients to fallback to simple auth against
insecure clusters.  By providing an analogous setting for servers, we would allow a phased
rollout of security:
> # First, security can be enabled on the cluster servers, with the "permissive" mode enabled
> # Clients can be converting to using secure authentication incrementally
> # The server audit logs allow identification of clients still using simple auth to connect
> # Finally, when sufficient clients have been converted to secure operation, the server-side
"permissive" mode can be removed, allowing completely secure operation.
> Obviously with this enabled, there is no effective access control, but this would still
be a useful tool to enable a smooth operational rollout of security.  Permissive mode would
of course be disabled by default.  Enabling it should provide a big scary warning in the logs
on startup, and possibly be flagged on relevant UIs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message