[jira] [Commented] (HBASE-19400) Add missing security hooks for MasterService RPCs

Mon, 05 Feb 2018 19:08:29 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-19400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16353278#comment-16353278
 ] 

Appy commented on HBASE-19400:
------------------------------

TODO: Yet to make test changes. Will proceed with them if people think this is 
the right direction to go.
I expect TestAccessController to be failing as of now.

Main changes:
- Added ADMIN permission check for following rpc calls:
normalize, setNormalizerRunning, runCatalogScan, enableCatalogJanitor, 
runCleanerChore, setCleanerChoreRunning, execMasterService, execProcedure, 
execProcedureWithRet
- Moved authorizationEnabled check to start of AccessChecker's functions. 
Currently, and IDK why, we call authManager.authorize() first and then discard 
its result if authorizationEnabled is false!!??

There's example of clearDeadServers() and abortProcedure() showing how current 
access control checks will move from AccessController to *RpcServices class.
This way, we vet requests at the point of entry (like immigration), and before 
we start any work on them.
If we do so, a bunch of hooks will become useless since they 1) reflect 
internal state of hbase, and/or 2) won't be needed anymore just due to 
access-check reason.

We will be able to prune down some more CP hooks.
For eg.  pre/postAbortProcedure, pre/postListSnapshot, pre/postSetUserQuota, 
etc. (we can discussed which to keep/remove later, but some can definitely go 
away)

Since we can't change api now, it's not possible to remove old hooks but if we 
do the work, we can at least mark them deprecated as I have done with 
MasterObserver#pre/postAbortProcedure().
Let me know if people think this is good way or otherwise.

> Add missing security hooks for MasterService RPCs
> -------------------------------------------------
>
>                 Key: HBASE-19400
>                 URL: https://issues.apache.org/jira/browse/HBASE-19400
>             Project: HBase
>          Issue Type: Sub-task
>    Affects Versions: 2.0.0-beta-1
>            Reporter: Balazs Meszaros
>            Assignee: Balazs Meszaros
>            Priority: Major
>         Attachments: HBASE-19400.master.001.patch, 
> HBASE-19400.master.002.patch, HBASE-19400.master.003.patch
>
>
> The following RPC methods do not call the observers, therefore they are not 
> guarded by AccessController:
> - normalize
> - setNormalizerRunning
> - runCatalogScan
> - enableCatalogJanitor
> - runCleanerChore
> - setCleanerChoreRunning
> - execMasterService
> - execProcedure
> - execProcedureWithRet



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to