hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enis Soztutar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-16700) Allow for coprocessor whitelisting
Date Fri, 02 Dec 2016 01:39:58 GMT

    [ https://issues.apache.org/jira/browse/HBASE-16700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15713677#comment-15713677
] 

Enis Soztutar commented on HBASE-16700:
---------------------------------------

Thanks Clay for the updated patches. Looks pretty good to commit. Just some last items: 
 - We should remove this (assuming that you added that for debugging): 
{code}
+  static {
+    Logger.getLogger(CoprocessorWhitelistMasterObserver.class).setLevel(Level.TRACE);
+    Logger.getLogger("org.apache.hbase.server").setLevel(Level.TRACE);
+  }
{code}
 - Can you please refactor var names like {{coproc_path}} to camelCase.
- Did you want to enable this test? 
{code}
+//  @Test
+  @Category(MediumTests.class)
+  public void testCreationClasspathCoprocessor() throws Exception {
{code}
 - great doc! 

> Allow for coprocessor whitelisting
> ----------------------------------
>
>                 Key: HBASE-16700
>                 URL: https://issues.apache.org/jira/browse/HBASE-16700
>             Project: HBase
>          Issue Type: Improvement
>          Components: Coprocessors
>            Reporter: Clay B.
>            Priority: Minor
>              Labels: security
>         Attachments: HBASE-16700.000.patch, HBASE-16700.001.patch, HBASE-16700.002.patch,
HBASE-16700.003.patch, HBASE-16700.004.patch, HBASE-16700.005.patch, HBASE-16700.006.patch,
HBASE-16700.007.patch
>
>
> Today one can turn off all non-system coprocessors with {{hbase.coprocessor.user.enabled}}
however, this disables very useful things like Apache Phoenix's coprocessors. Some tenants
of a multi-user HBase may also need to run bespoke coprocessors. But as an operator I would
not want wanton coprocessor usage. Ideally, one could do one of two things:
> * Allow coprocessors defined in {{hbase-site.xml}} -- this can only be administratively
changed in most cases
> * Allow coprocessors from table descriptors but only if the coprocessor is whitelisted



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message