[jira] [Commented] (HBASE-16141) Unwind use of UserGroupInformation.doAs() to convey requester identity in coprocessor upcalls

Wed, 29 Jun 2016 14:16:21 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-16141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15355790#comment-15355790
 ] 

Gary Helmling commented on HBASE-16141:
---------------------------------------

bq. I think Gary is suggesting we make every hook run in the context of the 
system user (User.runAsLoginUser()), even the RPC upcalls, and pass the request 
user through in context or thread local.

Yes, that's correct.

bq. That's a significant departure from earlier semantics but is very easy to 
reason about. We wouldn't have to sprinkle doAs() blocks through the code as we 
refactor in an attempt to keep effective user consistent as we decouple 
actions, make them asynchronous, or procedures, or ...

Could you guys comment a little more about this?  I don't think we've ever used 
doAs() in the context of the RPC upcalls.  There the user identity is passed 
through using the RpcServer.CurCall thread local.  User.getCurrent() should 
always be returning the system user in those contexts.

So I don't see this as a departure from earlier semantics, but rather as a 
return to them and overall simplification from the doAs() approach.  Am I 
missing something here?

> Unwind use of UserGroupInformation.doAs() to convey requester identity in 
> coprocessor upcalls
> ---------------------------------------------------------------------------------------------
>
>                 Key: HBASE-16141
>                 URL: https://issues.apache.org/jira/browse/HBASE-16141
>             Project: HBase
>          Issue Type: Improvement
>          Components: Coprocessors, security
>            Reporter: Gary Helmling
>            Assignee: Gary Helmling
>             Fix For: 2.0.0, 1.4.0
>
>
> In discussion on HBASE-16115, there is some discussion of whether 
> UserGroupInformation.doAs() is the right mechanism for propagating the 
> original requester's identify in certain system contexts (splits, 
> compactions, some procedure calls).  It has the unfortunately of overriding 
> the current user, which makes for very confusing semantics for coprocessor 
> implementors.  We should instead find an alternate mechanism for conveying 
> the caller identity, which does not override the current user context.
> I think we should instead look at passing this through as part of the 
> ObserverContext passed to every coprocessor hook.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to