[ https://issues.apache.org/jira/browse/HBASE-19400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16353278#comment-16353278 ]
Appy commented on HBASE-19400: ------------------------------ TODO: Yet to make test changes. Will proceed with them if people think this is the right direction to go. I expect TestAccessController to be failing as of now. Main changes: - Added ADMIN permission check for following rpc calls: normalize, setNormalizerRunning, runCatalogScan, enableCatalogJanitor, runCleanerChore, setCleanerChoreRunning, execMasterService, execProcedure, execProcedureWithRet - Moved authorizationEnabled check to start of AccessChecker's functions. Currently, and IDK why, we call authManager.authorize() first and then discard its result if authorizationEnabled is false!!?? There's example of clearDeadServers() and abortProcedure() showing how current access control checks will move from AccessController to *RpcServices class. This way, we vet requests at the point of entry (like immigration), and before we start any work on them. If we do so, a bunch of hooks will become useless since they 1) reflect internal state of hbase, and/or 2) won't be needed anymore just due to access-check reason. We will be able to prune down some more CP hooks. For eg. pre/postAbortProcedure, pre/postListSnapshot, pre/postSetUserQuota, etc. (we can discussed which to keep/remove later, but some can definitely go away) Since we can't change api now, it's not possible to remove old hooks but if we do the work, we can at least mark them deprecated as I have done with MasterObserver#pre/postAbortProcedure(). Let me know if people think this is good way or otherwise. > Add missing security hooks for MasterService RPCs > ------------------------------------------------- > > Key: HBASE-19400 > URL: https://issues.apache.org/jira/browse/HBASE-19400 > Project: HBase > Issue Type: Sub-task > Affects Versions: 2.0.0-beta-1 > Reporter: Balazs Meszaros > Assignee: Balazs Meszaros > Priority: Major > Attachments: HBASE-19400.master.001.patch, > HBASE-19400.master.002.patch, HBASE-19400.master.003.patch > > > The following RPC methods do not call the observers, therefore they are not > guarded by AccessController: > - normalize > - setNormalizerRunning > - runCatalogScan > - enableCatalogJanitor > - runCleanerChore > - setCleanerChoreRunning > - execMasterService > - execProcedure > - execProcedureWithRet -- This message was sent by Atlassian JIRA (v7.6.3#76005)