tephra-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TEPHRA-219) Setup proper security context in co-processor for compaction and flushes
Date Mon, 13 Feb 2017 00:30:42 GMT

    [ https://issues.apache.org/jira/browse/TEPHRA-219?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15863074#comment-15863074
] 

ASF GitHub Bot commented on TEPHRA-219:
---------------------------------------

Github user poornachandra commented on a diff in the pull request:

    https://github.com/apache/incubator-tephra/pull/35#discussion_r100709949
  
    --- Diff: tephra-hbase-compat-1.1-base/src/main/java/org/apache/tephra/hbase/txprune/PruneUpperBoundWriter.java
---
    @@ -81,14 +84,23 @@ private void startFlushThread() {
         flushThread = new Thread("tephra-prune-upper-bound-writer") {
           @Override
           public void run() {
    -        while ((!isInterrupted()) && isRunning()) {
    +        Service.State serviceState = state();
    +        while ((!isInterrupted()) &&
    +          (serviceState.equals(Service.State.NEW) || serviceState.equals(Service.State.STARTING)
||
    +            serviceState.equals(Service.State.RUNNING))) {
               long now = System.currentTimeMillis();
               if (now > (lastChecked + pruneFlushInterval)) {
                 // should flush data
                 try {
                   while (pruneEntries.firstEntry() != null) {
    -                Map.Entry<byte[], Long> firstEntry = pruneEntries.firstEntry();
    -                dataJanitorState.savePruneUpperBoundForRegion(firstEntry.getKey(), firstEntry.getValue());
    +                final Map.Entry<byte[], Long> firstEntry = pruneEntries.firstEntry();
    +                User.runAsLoginUser(new PrivilegedExceptionAction<Void>() {
    --- End diff --
    
    Adding `User.runAsLoginUser` here brings in unnecessary security code into `PruneUpperBoundWriter`
class. Also if we modify `TransactionProcessor` later to add other table operations, we may
miss to wrap those calls. I think it would be better to do the wrapping in `TransactionProcessor`
class itself. What do you say?


> Setup proper security context in co-processor for compaction and flushes
> ------------------------------------------------------------------------
>
>                 Key: TEPHRA-219
>                 URL: https://issues.apache.org/jira/browse/TEPHRA-219
>             Project: Tephra
>          Issue Type: Sub-task
>            Reporter: Poorna Chandra
>            Assignee: Gokul Gunasekaran
>             Fix For: 0.11.0-incubating
>
>
> From PHOENIX-3037, HBASE-16115 and HBASE-16141 - HBase runs compaction/flush co-processor
hooks as the user (current user) who started the compaction/flush. This becomes an issue when
a co-processor makes cross region server calls in hooks. If the calls are made as the current
user, then the call may fail since the current user may not have sufficient privileges to
perform the call.
> Tephra TransactionProcessor will need to run all calls in compaction/flush hooks as the
login user instead of the current user.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message