[jira] [Commented] (HDFS-6826) Plugin interface to enable delegation of HDFS authorization assertions

Thu, 19 Mar 2015 21:25:05 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-6826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14370689#comment-14370689
 ] 

Hadoop QA commented on HDFS-6826:
---------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  http://issues.apache.org/jira/secure/attachment/12705775/HDFS-6826.12.patch
  against trunk revision e37ca22.

    {color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

    {color:green}+1 tests included{color}.  The patch appears to include 2 new 
or modified test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the 
total number of javac compiler warnings.

    {color:red}-1 javadoc{color}.  The javadoc tool appears to have generated 3 
warning messages.
        See 
https://builds.apache.org/job/PreCommit-HDFS-Build/9990//artifact/patchprocess/diffJavadocWarnings.txt
 for details.

    {color:green}+1 eclipse:eclipse{color}.  The patch built with 
eclipse:eclipse.

    {color:green}+1 findbugs{color}.  The patch does not introduce any new 
Findbugs (version 2.0.3) warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase 
the total number of release audit warnings.

    {color:red}-1 core tests{color}.  The patch failed these unit tests in 
hadoop-hdfs-project/hadoop-hdfs:

                  org.apache.hadoop.hdfs.shortcircuit.TestShortCircuitLocalRead
                  org.apache.hadoop.security.TestPermission
                  org.apache.hadoop.hdfs.TestDFSShell
                  org.apache.hadoop.hdfs.web.TestWebHDFSXAttr
                  org.apache.hadoop.hdfs.TestDistributedFileSystem
                  org.apache.hadoop.hdfs.web.TestWebHDFS
                  
org.apache.hadoop.hdfs.server.namenode.snapshot.TestAclWithSnapshot
                  org.apache.hadoop.security.TestPermissionSymlinks
                  org.apache.hadoop.hdfs.server.namenode.ha.TestRetryCacheWithHA
                  org.apache.hadoop.hdfs.web.TestFSMainOperationsWebHdfs
                  org.apache.hadoop.hdfs.server.namenode.TestFileContextAcl
                  org.apache.hadoop.hdfs.TestDFSPermission
                  org.apache.hadoop.hdfs.server.namenode.TestAuditLogger
                  
org.apache.hadoop.hdfs.server.namenode.snapshot.TestSnapshottableDirListing
                  org.apache.hadoop.fs.TestGlobPaths
                  org.apache.hadoop.hdfs.server.namenode.TestFileContextXAttr
                  org.apache.hadoop.hdfs.server.namenode.TestFileTruncate
                  org.apache.hadoop.hdfs.TestFileAppend2
                  org.apache.hadoop.hdfs.server.namenode.TestNameNodeXAttr
                  org.apache.hadoop.hdfs.web.TestWebHdfsFileSystemContract
                  org.apache.hadoop.hdfs.TestEncryptionZones
                  org.apache.hadoop.hdfs.server.namenode.TestNameNodeAcl
                  org.apache.hadoop.hdfs.TestFsShellPermission
                  org.apache.hadoop.tracing.TestTracing
                  org.apache.hadoop.hdfs.server.balancer.TestBalancer
                  org.apache.hadoop.hdfs.TestEncryptionZonesWithKMS
                  org.apache.hadoop.hdfs.TestSafeMode
                  org.apache.hadoop.hdfs.server.namenode.TestFsck
                  
org.apache.hadoop.hdfs.security.TestDelegationTokenForProxyUser
                  org.apache.hadoop.hdfs.server.namenode.TestAuditLogs
                  org.apache.hadoop.hdfs.server.namenode.TestFSPermissionChecker
                  org.apache.hadoop.hdfs.web.TestWebHDFSAcl
                  org.apache.hadoop.fs.permission.TestStickyBit

Test results: 
https://builds.apache.org/job/PreCommit-HDFS-Build/9990//testReport/
Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/9990//console

This message is automatically generated.

> Plugin interface to enable delegation of HDFS authorization assertions
> ----------------------------------------------------------------------
>
>                 Key: HDFS-6826
>                 URL: https://issues.apache.org/jira/browse/HDFS-6826
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 2.4.1
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: HDFS-6826-idea.patch, HDFS-6826-idea2.patch, 
> HDFS-6826-permchecker.patch, HDFS-6826.10.patch, HDFS-6826.11.patch, 
> HDFS-6826.12.patch, HDFS-6826.13.patch, HDFS-6826v3.patch, HDFS-6826v4.patch, 
> HDFS-6826v5.patch, HDFS-6826v6.patch, HDFS-6826v7.1.patch, 
> HDFS-6826v7.2.patch, HDFS-6826v7.3.patch, HDFS-6826v7.4.patch, 
> HDFS-6826v7.5.patch, HDFS-6826v7.6.patch, HDFS-6826v7.patch, 
> HDFS-6826v8.patch, HDFS-6826v9.patch, 
> HDFSPluggableAuthorizationProposal-v2.pdf, 
> HDFSPluggableAuthorizationProposal.pdf
>
>
> When Hbase data, HiveMetaStore data or Search data is accessed via services 
> (Hbase region servers, HiveServer2, Impala, Solr) the services can enforce 
> permissions on corresponding entities (databases, tables, views, columns, 
> search collections, documents). It is desirable, when the data is accessed 
> directly by users accessing the underlying data files (i.e. from a MapReduce 
> job), that the permission of the data files map to the permissions of the 
> corresponding data entity (i.e. table, column family or search collection).
> To enable this we need to have the necessary hooks in place in the NameNode 
> to delegate authorization to an external system that can map HDFS 
> files/directories to data entities and resolve their permissions based on the 
> data entities permissions.
> I’ll be posting a design proposal in the next few days.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to