[ https://issues.apache.org/jira/browse/HBASE-2418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13153384#comment-13153384 ]
Hadoop QA commented on HBASE-2418: ---------------------------------- -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12504329/HBASE-2418-5.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 7 new or modified tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 60 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.hbase.regionserver.wal.TestLogRolling org.apache.hadoop.hbase.client.TestShell org.apache.hadoop.hbase.client.TestAdmin Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/305//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/305//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/305//console This message is automatically generated. > add support for ZooKeeper authentication > ---------------------------------------- > > Key: HBASE-2418 > URL: https://issues.apache.org/jira/browse/HBASE-2418 > Project: HBase > Issue Type: Improvement > Components: master, regionserver > Reporter: Patrick Hunt > Assignee: Eugene Koontz > Priority: Critical > Labels: security, zookeeper > Fix For: 0.92.0 > > Attachments: HBASE-2418-5.patch, HBASE-2418-5.patch, > HBASE-2418-5.patch > > > Some users may run a ZooKeeper cluster in "multi tenant mode" meaning that > more than one client service would > like to share a single ZooKeeper service instance (cluster). In this case the > client services typically want to protect > their data (ZK znodes) from access by other services (tenants) on the > cluster. Say you are running HBase and Solr > and Neo4j, or multiple HBase instances, etc... having > authentication/authorization on the znodes is important for both > security and helping to ensure that services don't interact negatively (touch > each other's data). > Today HBase does not have support for authentication or authorization. This > should be added to the HBase clients > that are accessing the ZK cluster. In general it means calling addAuthInfo > once after a session is established: > http://hadoop.apache.org/zookeeper/docs/current/api/org/apache/zookeeper/ZooKeeper.html#addAuthInfo(java.lang.String, > byte[]) > with a user specific credential, often times this is a shared secret or > certificate. You may be able to statically configure this > in some cases (config string or file to read from), however in my case in > particular you may need to access it programmatically, > which adds complexity as the end user may need to load code into HBase for > accessing the credential. > Secondly you need to specify a non "world" ACL when interacting with znodes > (create primarily): > http://hadoop.apache.org/zookeeper/docs/current/api/org/apache/zookeeper/data/ACL.html > http://hadoop.apache.org/zookeeper/docs/current/api/org/apache/zookeeper/ZooDefs.html > Feel free to ping the ZooKeeper team if you have questions. It might also be > good to discuss with some > potential end users - in particular regarding how the end user can specify > the credential. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira