hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Yu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-16700) Allow for coprocessor whitelisting
Date Wed, 09 Nov 2016 22:54:00 GMT

    [ https://issues.apache.org/jira/browse/HBASE-16700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15652294#comment-15652294
] 

Ted Yu commented on HBASE-16700:
--------------------------------

{code}
+ */
+public class CoprocessorWhitelistMasterObserver extends BaseMasterObserver {
{code}
Please add annotation for Audience.
{code}
+      Collection<String> paths =
+          services.getConfiguration().getStringCollection(
+              CP_COPROCESSOR_WHITELIST_PATHS_KEY);
{code}
The above can be lifted outside the for loop.
{code}
+public class TestCoprocessorWhitelistMasterObserver extends SecureTestUtil {
{code}
Add test category.
{code}
+  private static final Log LOG = LogFactory.getLog(TestAccessController.class);
{code}
Change class name to match actual class.


> Allow for coprocessor whitelisting
> ----------------------------------
>
>                 Key: HBASE-16700
>                 URL: https://issues.apache.org/jira/browse/HBASE-16700
>             Project: HBase
>          Issue Type: Improvement
>          Components: Coprocessors
>            Reporter: Clay B.
>            Priority: Minor
>              Labels: security
>         Attachments: HBASE-16700.000.patch
>
>
> Today one can turn off all non-system coprocessors with {{hbase.coprocessor.user.enabled}}
however, this disables very useful things like Apache Phoenix's coprocessors. Some tenants
of a multi-user HBase may also need to run bespoke coprocessors. But as an operator I would
not want wanton coprocessor usage. Ideally, one could do one of two things:
> * Allow coprocessors defined in {{hbase-site.xml}} -- this can only be administratively
changed in most cases
> * Allow coprocessors from table descriptors but only if the coprocessor is whitelisted



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message