hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Yu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-19318) MasterRpcServices#getSecurityCapabilities explicitly checks for the HBase AccessController implementation
Date Wed, 22 Nov 2017 21:51:00 GMT

    [ https://issues.apache.org/jira/browse/HBASE-19318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16263408#comment-16263408
] 

Ted Yu commented on HBASE-19318:
--------------------------------

Please add javadoc and test category to TestMasterRpcServices.
I think the test class should have better name - it tests coprocessor specific aspects.

> MasterRpcServices#getSecurityCapabilities explicitly checks for the HBase AccessController
implementation
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: HBASE-19318
>                 URL: https://issues.apache.org/jira/browse/HBASE-19318
>             Project: HBase
>          Issue Type: Bug
>          Components: master, security
>            Reporter: Sharmadha Sainath
>            Assignee: Josh Elser
>            Priority: Critical
>             Fix For: 1.4.0, 1.3.2, 1.2.7, 2.0.0-beta-1
>
>         Attachments: HBASE-19318.001.branch-2.patch
>
>
> Sharmadha brought a failure to my attention trying to use Ranger with HBase 2.0 where
the {{grant}} command was erroring out unexpectedly. The cluster had the Ranger-specific coprocessors
deployed, per what was previously working on the HBase 1.1 line.
> After some digging, I found that the the Master is actually making a check explicitly
for a Coprocessor that has the name {{org.apache.hadoop.hbase.security.access.AccessController}}
(short name or full name), instead of looking for a deployed coprocessor which can be assigned
to {{AccessController}} (which is what Ranger does). We have the CoprocessorHost methods to
do the latter already implemented; it strikes me that we just accidentally used the wrong
method in MasterRpcServices.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message