[
https://issues.apache.org/jira/browse/HBASE-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13876186#comment-13876186
]
Anoop Sam John commented on HBASE-10322:
----------------------------------------
bq.I.e. if I can see a certain KV, should I be able to see its visibility tags?
The answer to this is No. Ram explain the reason.
bq.Maybe we can even have a tag that controls the visibility of the tags?
Who can see the tags also along with KVs, we thought let it be decided by the
user. Only HBase super user will be able to get tags also along with KVs.
So this is the overall idea. Yes tags control what a client can see.. But we
would like to control normal clients from seeing the tags.
The impl of this becomes very tricky as we use same Codec to write from client
to server and back. We were giving options for user to add tags in Mutation
KVs. As of now we are thinking of removing this APIs. Over RPC tags will not
go (ie. client -> server or reverse)
To write to WAL we use WALCellCodec and that will be able to write and read
tags.
Then the last problem came out was replication for which we propose 2 possible
solutions. [~stack] with out big changes like ReplicationServer can we do? I
think those we can try addressing in another issue..
bq.Of your 1., and 2., 1. is preferable. Pity it has to be a config. in the
hbase-*xml. Can it be a replication config (I suppose this is what your 2. does
in part)?
This config ("hbase.client.rpc.codec") is used by the RpcClient. RpcClient used
by the ReplicationSource. Yes already it refers to the config. As long as user
dont deal with tags (existing migrated to 98) no changes required at all.. When
they have tags usage have to change this config at HRSs side to some codec with
tags.. We will ship some new codecs which can handle tags also along with this
issue. Yes option 2 adds a new config and as shown in the patch it just write
the value of this new config as old config's value. (Decorating the conf object
used by ReplicationSource)
If you feel option 1 is fine, no extra code will be needed in Replication side.
> Strip tags from KV while sending back to client on reads
> --------------------------------------------------------
>
> Key: HBASE-10322
> URL: https://issues.apache.org/jira/browse/HBASE-10322
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.98.0
> Reporter: Anoop Sam John
> Assignee: Anoop Sam John
> Priority: Blocker
> Fix For: 0.98.0, 0.99.0
>
> Attachments: HBASE-10322.patch, HBASE-10322_V2.patch,
> HBASE-10322_codec.patch
>
>
> Right now we have some inconsistency wrt sending back tags on read. We do
> this in scan when using Java client(Codec based cell block encoding). But
> during a Get operation or when a pure PB based Scan comes we are not sending
> back the tags. So any of the below fix we have to do
> 1. Send back tags in missing cases also. But sending back visibility
> expression/ cell ACL is not correct.
> 2. Don't send back tags in any case. This will a problem when a tool like
> ExportTool use the scan to export the table data. We will miss exporting the
> cell visibility/ACL.
> 3. Send back tags based on some condition. It has to be per scan basis.
> Simplest way is pass some kind of attribute in Scan which says whether to
> send back tags or not. But believing some thing what scan specifies might not
> be correct IMO. Then comes the way of checking the user who is doing the
> scan. When a HBase super user doing the scan then only send back tags. So
> when a case comes like Export Tool's the execution should happen from a super
> user.
> So IMO we should go with #3.
> Patch coming soon.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
