hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Drob (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HBASE-16141) Unwind use of UserGroupInformation.doAs() to convey requester identity in coprocessor upcalls
Date Thu, 15 Mar 2018 18:16:00 GMT

     [ https://issues.apache.org/jira/browse/HBASE-16141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Mike Drob updated HBASE-16141:
------------------------------
    Fix Version/s:     (was: 2.0.0)
                   2.1.0
                   3.0.0

Moving this and open subtasks to 2.1/3.0, please pull back if work gets done on them

> Unwind use of UserGroupInformation.doAs() to convey requester identity in coprocessor
upcalls
> ---------------------------------------------------------------------------------------------
>
>                 Key: HBASE-16141
>                 URL: https://issues.apache.org/jira/browse/HBASE-16141
>             Project: HBase
>          Issue Type: Improvement
>          Components: Coprocessors, security
>            Reporter: Gary Helmling
>            Assignee: Gary Helmling
>            Priority: Major
>             Fix For: 3.0.0, 2.1.0, 1.5.0
>
>
> In discussion on HBASE-16115, there is some discussion of whether UserGroupInformation.doAs()
is the right mechanism for propagating the original requester's identify in certain system
contexts (splits, compactions, some procedure calls).  It has the unfortunately of overriding
the current user, which makes for very confusing semantics for coprocessor implementors. 
We should instead find an alternate mechanism for conveying the caller identity, which does
not override the current user context.
> I think we should instead look at passing this through as part of the ObserverContext
passed to every coprocessor hook.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message