hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-19318) MasterRpcServices#getSecurityCapabilities explicitly checks for the HBase AccessController implementation
Date Tue, 28 Nov 2017 03:24:00 GMT

    [ https://issues.apache.org/jira/browse/HBASE-19318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16268024#comment-16268024

Hudson commented on HBASE-19318:

FAILURE: Integrated in Jenkins build HBase-2.0 #927 (See [https://builds.apache.org/job/HBase-2.0/927/])
HBASE-19318 Use the PB service interface as the judge of whether some (elserj: rev e42d20f8ddd4c27d6138e71ec78d0fbfe59790a4)
* (edit) hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
* (add) hbase-server/src/test/java/org/apache/hadoop/hbase/master/TestMasterCoprocessorServices.java

> MasterRpcServices#getSecurityCapabilities explicitly checks for the HBase AccessController
> ---------------------------------------------------------------------------------------------------------
>                 Key: HBASE-19318
>                 URL: https://issues.apache.org/jira/browse/HBASE-19318
>             Project: HBase
>          Issue Type: Bug
>          Components: master, security
>            Reporter: Sharmadha Sainath
>            Assignee: Josh Elser
>            Priority: Critical
>             Fix For: 2.0.0-beta-1
>         Attachments: HBASE-19318.001.branch-2.patch, HBASE-19318.002.branch-2.patch
> Sharmadha brought a failure to my attention trying to use Ranger with HBase 2.0 where
the {{grant}} command was erroring out unexpectedly. The cluster had the Ranger-specific coprocessors
deployed, per what was previously working on the HBase 1.1 line.
> After some digging, I found that the the Master is actually making a check explicitly
for a Coprocessor that has the name {{org.apache.hadoop.hbase.security.access.AccessController}}
(short name or full name), instead of looking for a deployed coprocessor which can be assigned
to {{AccessController}} (which is what Ranger does). We have the CoprocessorHost methods to
do the latter already implemented; it strikes me that we just accidentally used the wrong
method in MasterRpcServices.

This message was sent by Atlassian JIRA

View raw message