[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-09 Thread Anoop Sam John (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13963981#comment-13963981
 ] 

Anoop Sam John commented on HBASE-10883:


VisibilityLabelsValidator#isValidLabel(ListString labels)  - This is not used 
anywhere now I guess. Pls remove on commit.
+1

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
Assignee: ramkrishna.s.vasudevan
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch, 
 HBASE-10883_2.patch, HBASE-10883_3.patch, HBASE-10883_4.patch, 
 HBASE-10883_5.patch, HBASE-10883_6.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-09 Thread Hudson (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13964231#comment-13964231
 ] 

Hudson commented on HBASE-10883:


SUCCESS: Integrated in HBase-0.98 #270 (See 
[https://builds.apache.org/job/HBase-0.98/270/])
HBASE-10883-Restrict the universe of labels and authorizations(Ram) 
(ramkrishna: rev 1585947)
* 
/hbase/branches/0.98/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/Authorizations.java
* 
/hbase/branches/0.98/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelsValidator.java
* 
/hbase/branches/0.98/hbase-client/src/test/java/org/apache/hadoop/hbase/client/TestScan.java
* 
/hbase/branches/0.98/hbase-server/src/main/java/org/apache/hadoop/hbase/rest/model/ScannerModel.java
* 
/hbase/branches/0.98/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java


 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
Assignee: ramkrishna.s.vasudevan
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch, 
 HBASE-10883_2.patch, HBASE-10883_3.patch, HBASE-10883_4.patch, 
 HBASE-10883_5.patch, HBASE-10883_6.patch, HBASE-10883_7.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-09 Thread Hudson (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13964254#comment-13964254
 ] 

Hudson commented on HBASE-10883:


SUCCESS: Integrated in HBase-TRUNK #5073 (See 
[https://builds.apache.org/job/HBase-TRUNK/5073/])
HBASE-10883-Restrict the universe of labels and authorizations(Ram) 
(ramkrishna: rev 1585946)
* 
/hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/Authorizations.java
* 
/hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelsValidator.java
* 
/hbase/trunk/hbase-client/src/test/java/org/apache/hadoop/hbase/client/TestScan.java
* 
/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/rest/model/ScannerModel.java
* 
/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java


 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
Assignee: ramkrishna.s.vasudevan
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch, 
 HBASE-10883_2.patch, HBASE-10883_3.patch, HBASE-10883_4.patch, 
 HBASE-10883_5.patch, HBASE-10883_6.patch, HBASE-10883_7.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-09 Thread Hudson (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13964278#comment-13964278
 ] 

Hudson commented on HBASE-10883:


FAILURE: Integrated in HBase-0.98-on-Hadoop-1.1 #254 (See 
[https://builds.apache.org/job/HBase-0.98-on-Hadoop-1.1/254/])
HBASE-10883-Restrict the universe of labels and authorizations(Ram) 
(ramkrishna: rev 1585947)
* 
/hbase/branches/0.98/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/Authorizations.java
* 
/hbase/branches/0.98/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelsValidator.java
* 
/hbase/branches/0.98/hbase-client/src/test/java/org/apache/hadoop/hbase/client/TestScan.java
* 
/hbase/branches/0.98/hbase-server/src/main/java/org/apache/hadoop/hbase/rest/model/ScannerModel.java
* 
/hbase/branches/0.98/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java


 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
Assignee: ramkrishna.s.vasudevan
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch, 
 HBASE-10883_2.patch, HBASE-10883_3.patch, HBASE-10883_4.patch, 
 HBASE-10883_5.patch, HBASE-10883_6.patch, HBASE-10883_7.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-07 Thread Anoop Sam John (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13961757#comment-13961757
 ] 

Anoop Sam John commented on HBASE-10883:


Authorizations(ListString labels)
Validation from here can be for label one after other so that in the Exception 
msg, u can clearly say which Auth label is invalid.   Same applicable to 
VisibilityController#createVisibilityLabelFilter
We can just use VisibilityLabelsValidator#isValidLabel(byte[] label) which is 
already there and used by put ?
{code}
throw new IllegalArgumentException(Authorizations cannot contain '(', ')' ,'' 
,'|', '!'
+  +  and cannot be empty :+label);
{code}
Error message can be bettter I think. This is invalid Auth *label*



 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
Assignee: ramkrishna.s.vasudevan
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch, 
 HBASE-10883_2.patch, HBASE-10883_3.patch, HBASE-10883_4.patch, 
 HBASE-10883_5.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-07 Thread Hadoop QA (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13961831#comment-13961831
 ] 

Hadoop QA commented on HBASE-10883:
---

{color:green}+1 overall{color}.  Here are the results of testing the latest 
attachment 
  http://issues.apache.org/jira/secure/attachment/12638965/HBASE-10883_6.patch
  against trunk revision .
  ATTACHMENT ID: 12638965

{color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

{color:green}+1 tests included{color}.  The patch appears to include 3 new 
or modified tests.

{color:green}+1 javadoc{color}.  The javadoc tool did not generate any 
warning messages.

{color:green}+1 javac{color}.  The applied patch does not increase the 
total number of javac compiler warnings.

{color:green}+1 findbugs{color}.  The patch does not introduce any new 
Findbugs (version 1.3.9) warnings.

{color:green}+1 release audit{color}.  The applied patch does not increase 
the total number of release audit warnings.

{color:green}+1 lineLengths{color}.  The patch does not introduce lines 
longer than 100

  {color:green}+1 site{color}.  The mvn site goal succeeds with this patch.

{color:green}+1 core tests{color}.  The patch passed unit tests in .

Test results: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9213//testReport/
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9213//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9213//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9213//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9213//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9213//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9213//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9213//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9213//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9213//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Console output: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9213//console

This message is automatically generated.

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
Assignee: ramkrishna.s.vasudevan
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch, 
 HBASE-10883_2.patch, HBASE-10883_3.patch, HBASE-10883_4.patch, 
 HBASE-10883_5.patch, HBASE-10883_6.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-04 Thread ramkrishna.s.vasudevan (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13959911#comment-13959911
 ] 

ramkrishna.s.vasudevan commented on HBASE-10883:


Ping to commit?

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
Assignee: ramkrishna.s.vasudevan
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch, 
 HBASE-10883_2.patch, HBASE-10883_3.patch, HBASE-10883_4.patch, 
 HBASE-10883_5.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-03 Thread Hadoop QA (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13958803#comment-13958803
 ] 

Hadoop QA commented on HBASE-10883:
---

{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  http://issues.apache.org/jira/secure/attachment/12638458/HBASE-10883_3.patch
  against trunk revision .
  ATTACHMENT ID: 12638458

{color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

{color:green}+1 tests included{color}.  The patch appears to include 3 new 
or modified tests.

{color:green}+1 javadoc{color}.  The javadoc tool did not generate any 
warning messages.

{color:green}+1 javac{color}.  The applied patch does not increase the 
total number of javac compiler warnings.

{color:green}+1 findbugs{color}.  The patch does not introduce any new 
Findbugs (version 1.3.9) warnings.

{color:green}+1 release audit{color}.  The applied patch does not increase 
the total number of release audit warnings.

{color:green}+1 lineLengths{color}.  The patch does not introduce lines 
longer than 100

  {color:green}+1 site{color}.  The mvn site goal succeeds with this patch.

 {color:red}-1 core tests{color}.  The patch failed these unit tests:
   
org.apache.hadoop.hbase.security.visibility.TestVisibilityLabels
  org.apache.hadoop.hbase.rest.TestScannersWithLabels
  
org.apache.hadoop.hbase.mapreduce.TestImportTSVWithVisibilityLabels
  
org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsWithACL
  
org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsOpWithDifferentUsersNoACL
  
org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsWithDistributedLogReplay

Test results: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9191//testReport/
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9191//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9191//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9191//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9191//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9191//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9191//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9191//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9191//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9191//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Console output: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9191//console

This message is automatically generated.

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch, 
 HBASE-10883_2.patch, HBASE-10883_3.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-03 Thread Hadoop QA (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13959045#comment-13959045
 ] 

Hadoop QA commented on HBASE-10883:
---

{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  http://issues.apache.org/jira/secure/attachment/12638525/HBASE-10883_4.patch
  against trunk revision .
  ATTACHMENT ID: 12638525

{color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

{color:green}+1 tests included{color}.  The patch appears to include 3 new 
or modified tests.

{color:red}-1 patch{color}.  The patch command could not apply the patch.

Console output: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9193//console

This message is automatically generated.

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch, 
 HBASE-10883_2.patch, HBASE-10883_3.patch, HBASE-10883_4.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-03 Thread Hadoop QA (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13959143#comment-13959143
 ] 

Hadoop QA commented on HBASE-10883:
---

{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  http://issues.apache.org/jira/secure/attachment/12638532/HBASE-10883_5.patch
  against trunk revision .
  ATTACHMENT ID: 12638532

{color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

{color:green}+1 tests included{color}.  The patch appears to include 3 new 
or modified tests.

{color:green}+1 javadoc{color}.  The javadoc tool did not generate any 
warning messages.

{color:green}+1 javac{color}.  The applied patch does not increase the 
total number of javac compiler warnings.

{color:green}+1 findbugs{color}.  The patch does not introduce any new 
Findbugs (version 1.3.9) warnings.

{color:green}+1 release audit{color}.  The applied patch does not increase 
the total number of release audit warnings.

{color:green}+1 lineLengths{color}.  The patch does not introduce lines 
longer than 100

  {color:green}+1 site{color}.  The mvn site goal succeeds with this patch.

 {color:red}-1 core tests{color}.  The patch failed these unit tests:
   org.apache.hadoop.hbase.procedure.TestZKProcedure

Test results: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9194//testReport/
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9194//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9194//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9194//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9194//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9194//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9194//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9194//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9194//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9194//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Console output: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9194//console

This message is automatically generated.

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
Assignee: ramkrishna.s.vasudevan
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch, 
 HBASE-10883_2.patch, HBASE-10883_3.patch, HBASE-10883_4.patch, 
 HBASE-10883_5.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-02 Thread Ted Yu (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13958288#comment-13958288
 ] 

Ted Yu commented on HBASE-10883:


{code}
+  public static final boolean isValidLabel(ListString labels) {
{code}
The method can be package-private, right ?
{code}
   public Authorizations(ListString labels) {
+if (!VisibilityLabelsValidator.isValidLabel(labels)) {
{code}
Better include the label which is invalid in exception message.

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch, 
 HBASE-10883_2.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations to [A-Za-z0-9\_][A-Za-z0-9\_\-]*

2014-04-01 Thread Andrew Purtell (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13956184#comment-13956184
 ] 

Andrew Purtell commented on HBASE-10883:


I think we should use the common pattern for identifiers in various programming 
languages, [A-Za-z\_][A-Za-z0-9\_\-]*

 Restrict the universe of labels and authorizations to 
 [A-Za-z0-9\_][A-Za-z0-9\_\-]*
 ---

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
 Fix For: 0.99.0, 0.98.2


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-01 Thread Anoop Sam John (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13956365#comment-13956365
 ] 

Anoop Sam John commented on HBASE-10883:


Referring VisibilityLabelsValidator we allow some special characters to be part 
of labels. So this check should contain those also.

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-01 Thread Andrew Purtell (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13956382#comment-13956382
 ] 

Andrew Purtell commented on HBASE-10883:


{code}
+  private final String regex = [A-Za-z_0-9]*;
{code}

I think this should be

{code}
+  private final String regex = [A-Za-z\\_][A-Za-z0-9\\_\\-]*;
{code}

but this is a minor thing, if you want the other then no problem.

The regex should be precompiled since it may be applied often.

Like Anoop says, we need to validate authorizations and labels the same way now.

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-01 Thread Andrew Purtell (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13956383#comment-13956383
 ] 

Andrew Purtell commented on HBASE-10883:


Well, you do have to change the current regexp somehow because it will match 
the empty string and that's not valid.

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-01 Thread Ashish Singhi (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13956436#comment-13956436
 ] 

Ashish Singhi commented on HBASE-10883:
---

Minor nit.
{code}
 } catch (IllegalArgumentException e) {
+  fail(Should have failed for -B);
+}
{code}
Message should be something like should not fail.

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-01 Thread Hadoop QA (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13956450#comment-13956450
 ] 

Hadoop QA commented on HBASE-10883:
---

{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  http://issues.apache.org/jira/secure/attachment/12638028/HBASE-10883.patch
  against trunk revision .
  ATTACHMENT ID: 12638028

{color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

{color:green}+1 tests included{color}.  The patch appears to include 3 new 
or modified tests.

{color:green}+1 javadoc{color}.  The javadoc tool did not generate any 
warning messages.

{color:green}+1 javac{color}.  The applied patch does not increase the 
total number of javac compiler warnings.

{color:red}-1 findbugs{color}.  The patch appears to introduce 1 new 
Findbugs (version 1.3.9) warnings.

{color:green}+1 release audit{color}.  The applied patch does not increase 
the total number of release audit warnings.

{color:green}+1 lineLengths{color}.  The patch does not introduce lines 
longer than 100

  {color:green}+1 site{color}.  The mvn site goal succeeds with this patch.

{color:green}+1 core tests{color}.  The patch passed unit tests in .

Test results: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9155//testReport/
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9155//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9155//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9155//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9155//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9155//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9155//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9155//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9155//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9155//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Console output: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9155//console

This message is automatically generated.

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-01 Thread Hadoop QA (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13956525#comment-13956525
 ] 

Hadoop QA commented on HBASE-10883:
---

{color:green}+1 overall{color}.  Here are the results of testing the latest 
attachment 
  http://issues.apache.org/jira/secure/attachment/12638051/HBASE-10883_1.patch
  against trunk revision .
  ATTACHMENT ID: 12638051

{color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

{color:green}+1 tests included{color}.  The patch appears to include 3 new 
or modified tests.

{color:green}+1 javadoc{color}.  The javadoc tool did not generate any 
warning messages.

{color:green}+1 javac{color}.  The applied patch does not increase the 
total number of javac compiler warnings.

{color:green}+1 findbugs{color}.  The patch does not introduce any new 
Findbugs (version 1.3.9) warnings.

{color:green}+1 release audit{color}.  The applied patch does not increase 
the total number of release audit warnings.

{color:green}+1 lineLengths{color}.  The patch does not introduce lines 
longer than 100

  {color:green}+1 site{color}.  The mvn site goal succeeds with this patch.

{color:green}+1 core tests{color}.  The patch passed unit tests in .

Test results: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9157//testReport/
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9157//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9157//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9157//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9157//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9157//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9157//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9157//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9157//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9157//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Console output: 
https://builds.apache.org/job/PreCommit-HBASE-Build/9157//console

This message is automatically generated.

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-01 Thread Anoop Sam John (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13956541#comment-13956541
 ] 

Anoop Sam John commented on HBASE-10883:


Why to add pattern and regex to HConstants?  
We better keep the validation at server side?  
And move it to VisibilityLabelsValidator?  
VisibilityLabelsValidator#isValidLabel(String)

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-01 Thread Andrew Purtell (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13956654#comment-13956654
 ] 

Andrew Purtell commented on HBASE-10883:


Why not re-use the code for validating labels? Checking on the client is fine 
but the check has to happen on the server side as well since we can't guarantee 
a validating client (REST? Thrift?)

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HBASE-10883) Restrict the universe of labels and authorizations

2014-04-01 Thread ramkrishna.s.vasudevan (JIRA) 

[ 
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13956787#comment-13956787
 ] 

ramkrishna.s.vasudevan commented on HBASE-10883:


bq.We better keep the validation at server side? 
I thought HConstants would help in client side validation. I thought of 
unifying but decided not to as I thought better to be client side, just on 
creation of Authorization object.

 Restrict the universe of labels and authorizations
 --

 Key: HBASE-10883
 URL: https://issues.apache.org/jira/browse/HBASE-10883
 Project: HBase
  Issue Type: Improvement
Affects Versions: 0.98.1
Reporter: Andrew Purtell
 Fix For: 0.99.0, 0.98.2

 Attachments: HBASE-10883.patch, HBASE-10883_1.patch


 Currently we allow any string as visibility label or request authorization. 
 However as seen on HBASE-10878, we accept for authorizations strings that 
 would not work if provided as labels in visibility expressions. We should 
 throw an exception at least in cases where someone tries to define or use a 
 label or authorization including visibility expression operators '', '|', 
 '!', '(', ')'.



--
This message was sent by Atlassian JIRA
(v6.2#6252)