[
https://issues.apache.org/jira/browse/KNOX-144?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Work on KNOX-144 started by Kevin Minder.
> Ensure cluster topology details are rewritten for HBase/Stargate REST APIs
> --------------------------------------------------------------------------
>
> Key: KNOX-144
> URL: https://issues.apache.org/jira/browse/KNOX-144
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.3.0
> Reporter: Kevin Minder
> Assignee: Kevin Minder
> Priority: Blocker
> Fix For: 0.3.0
>
>
> From: Vladimir
> There are 2 requests where HBase returns internal cluster structure, Region
> Server address in particular (marked in red). Didn't noticed this earlier.
> Since it's not http address of Region Server should we actually hide it? If
> 'yes' then how it should be rewritten in Knox not to break existing
> HBase/Stargate clients?
> GET http://localhost:8080/status/cluster
> { "requests":36125,
> "LiveNodes":[
> {
> "name":"dev01.hortonworks.com:60020",
> "requests":0,
> "startCode":1379004777978,
> "Region":[
> {
>
> "name":"YW1iYXJpc21va2V0ZXN0LCwxMzc5MDA1MDIyNjc4LjkzN2M3YTcxODBlNTQ3Y2NiMDQ1ODdlNzA3Y2U1MTIyLg==",
> "readRequestsCount":0,
> "writeRequestsCount":1,
> "stores":1,
> "storefiles":1,
> "storefileSizeMB":0,
> "memstoreSizeMB":0,
> "storefileIndexSizeMB":0,
> "rootIndexSizeKB":0,
> "totalStaticIndexSizeKB":0,
> "totalStaticBloomSizeKB":0,
> "totalCompactingKVs":0,
> "currentCompactedKVs":0
> },
> ...
> ],
> "heapSizeMB":60,
> "maxHeapSizeMB":1004
> }
> ],
> "DeadNodes":[
> ],
> "regions":5,
> "averageLoad":5.0
> }
> GET http://localhost:8080/test_table/regions
> {
> "name":"test_table",
> "Region":[
> {
> "endKey":"",
> "id":1379330509662,
> "location":"dev01.hortonworks.com:60020",
> "name":"test_table,,1379330509662.0381e0912d8802b53b3946987736748e.",
> "startKey":""
> }
> ]
> }
> From: Kevin
> I can think of four things we can do.
> Remove the value: "name":""
> Hash the value: "name":"asdkljhasdfjkhasdkjlhsd"
> This would make sense only if we never needed to get the original
> value back.
> Encrypt the value.
> The value of this beyond hashing would be that we could decrypt on
> input if required.
> Number 5 below would make this easier though.
> Replace with a URL that has the address encoded/encrypted as part of its
> query string.
>
> region://knox-host:8334/gateway/cluster/hbase?_=asdlkjasdlajsdklasdflkjsda
> This would make it easier to detect in incoming URLs and rewrite back
> to host:port.
> This is similar to how datanode addresses are handled
> Note that we can do different things for "name" and "location" if required.
> From Vinay:
> I think option 4 should be the default. IMO, it shields the cluster topology
> from leaking out and with Knox being able to encode/decode (or is it
> encrypt/decrypt) the internal cluster nodes aren't directly addressable.
> This seems like the right behavior to me.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
