[ https://issues.apache.org/jira/browse/HBASE-5498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13291182#comment-13291182 ]
Zhihong Ted Yu commented on HBASE-5498: --------------------------------------- {code} + * @param familyPaths list of family names to store files adding + * or removing from this list will add or remove HFiles to be bulk loaded. {code} Add a period between files and adding. Capitalize 'a' of adding. {code} + for(Pair<byte[], String> el: familyPaths) + families.add(el.getFirst()); {code} Space between for and (, el and colon. families.add() should be put on the same line as for. {code} -class StoreFileScanner implements KeyValueScanner { +public class StoreFileScanner implements KeyValueScanner { {code} I don't see StoreFileScanner accessed in AccessController. So the above change is not needed. {code} + //TODO make this configurable + //two levels so it doesn't get deleted accidentally + //no sticky bit in Hadoop 1.0 + private Path stagingDir = new Path("/tmp/hbase-staging"); {code} I think the path should be configurable. {code} + private User getActiveUser() throws IOException { + User user = RequestContext.getRequestUser(); + if (!RequestContext.isInRequestContext()) { {code} if statement can be lifted above assignment. {code} +public interface SecureBulkLoadProtocol extends CoprocessorProtocol { {code} Add javadoc for the protocol. > Secure Bulk Load > ---------------- > > Key: HBASE-5498 > URL: https://issues.apache.org/jira/browse/HBASE-5498 > Project: HBase > Issue Type: Improvement > Components: mapred, security > Reporter: Francis Liu > Attachments: HBASE-5498_draft.patch > > > Design doc: > https://cwiki.apache.org/confluence/display/HCATALOG/HBase+Secure+Bulk+Load > Short summary: > Security as it stands does not cover the bulkLoadHFiles() feature. Users > calling this method will bypass ACLs. Also loading is made more cumbersome in > a secure setting because of hdfs privileges. bulkLoadHFiles() moves the data > from user's directory to the hbase directory, which would require certain > write access privileges set. > Our solution is to create a coprocessor which makes use of AuthManager to > verify if a user has write access to the table. If so, launches a MR job as > the hbase user to do the importing (ie rewrite from text to hfiles). One > tricky part this job will have to do is impersonate the calling user when > reading the input files. We can do this by expecting the user to pass an hdfs > delegation token as part of the secureBulkLoad() coprocessor call and extend > an inputformat to make use of that token. The output is written to a > temporary directory accessible only by hbase and then bulkloadHFiles() is > called. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira