hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "stack (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-11013) Clone Snapshots on Secure Cluster Should provide option to apply Retained User Permissions
Date Fri, 12 May 2017 03:43:04 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16007591#comment-16007591

stack commented on HBASE-11013:

bq.  Is there any reason that we do not shade them in hbase-protocol-shaded module?

[~Apache9] Reasoning is that AccessControl is implemented as coprocessor endpoints. These
protos are 'public', not internal only.  We want endpoints to keep working ever after we internally
move to protobuf 3.1. Endpoints keep on with protobuf 2.5.

bq. ....so I have to move SnapshotDescription PB into Snapshot.proto to avoid recursive import.

Can we be careful and make sure we do not break an hbase-2.0.0 being able to read old hbase-1.x

I like the [~zghaobac] suggestion of extending the existing proto. Would it be less trouble
if the additions to snapshot descriptor were NOT the AccessControl protos and code does the
conveyance between the endpoint 2.5 pb field and the internal Access/Username?

> Clone Snapshots on Secure Cluster Should provide option to apply Retained User Permissions
> ------------------------------------------------------------------------------------------
>                 Key: HBASE-11013
>                 URL: https://issues.apache.org/jira/browse/HBASE-11013
>             Project: HBase
>          Issue Type: Improvement
>          Components: snapshots
>            Reporter: Ted Yu
>            Assignee: Zheng Hu
>             Fix For: 2.0.0
>         Attachments: HBASE-11013.master.addendum.patch, HBASE-11013.v1.patch, HBASE-11013.v2.patch
> Currently,
> {code}
> sudo su - test_user
> create 't1', 'f1'
> sudo su - hbase
> snapshot 't1', 'snap_one'
> clone_snapshot 'snap_one', 't2'
> {code}
> In this scenario the user - test_user would not have permissions for the clone table
> We need to add improvement feature such that the permissions of the original table are
recorded in snapshot metadata and an option is provided for applying them to the new table
as part of the clone process.

This message was sent by Atlassian JIRA

View raw message