[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294845#comment-14294845 ] Hudson commented on HBASE-12916: SUCCESS: Integrated in HBase-0.98-on-Hadoop-1.1 #782 (See [https://builds.apache.org/job/HBase-0.98-on-Hadoop-1.1/782/]) HBASE-12916 No access control for replicating WAL entries (Liu Shaohui) (enis: rev aff1384a5ea171e1e3f5365d4e21bbcadfa2bfef) * hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java * hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java > No access control for replicating WAL entries > - > > Key: HBASE-12916 > URL: https://issues.apache.org/jira/browse/HBASE-12916 > Project: HBase > Issue Type: Bug > Components: Replication >Affects Versions: 2.0.0, 0.94.26, 0.98.12 >Reporter: Liu Shaohui >Assignee: Liu Shaohui > Fix For: 1.0.0, 2.0.0, 0.98.10, 1.1.0 > > Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, > HBASE-12916-v3.diff, hbase-12916-0.98.patch > > > Currently, there is no access control for replicating WAL entries in secure > HBase cluster. Any authenticated user can write any data they want to any > table of a secure cluster by using the replication api. > Simple solution is to add permission check before replicating WAL entries. > And only user with global write permission can replicate WAL entries to this > cluster. > Another option is adding "Replication" action in hbase and only user with > "Replication" permission can replicate WAL entries to this cluster? > [~apurtell] > What's your suggestion? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294746#comment-14294746 ] Hudson commented on HBASE-12916: SUCCESS: Integrated in HBase-0.98 #822 (See [https://builds.apache.org/job/HBase-0.98/822/]) HBASE-12916 No access control for replicating WAL entries (Liu Shaohui) (enis: rev aff1384a5ea171e1e3f5365d4e21bbcadfa2bfef) * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java * hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java > No access control for replicating WAL entries > - > > Key: HBASE-12916 > URL: https://issues.apache.org/jira/browse/HBASE-12916 > Project: HBase > Issue Type: Bug > Components: Replication >Affects Versions: 2.0.0, 0.94.26, 0.98.12 >Reporter: Liu Shaohui >Assignee: Liu Shaohui > Fix For: 1.0.0, 2.0.0, 0.98.10, 1.1.0 > > Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, > HBASE-12916-v3.diff, hbase-12916-0.98.patch > > > Currently, there is no access control for replicating WAL entries in secure > HBase cluster. Any authenticated user can write any data they want to any > table of a secure cluster by using the replication api. > Simple solution is to add permission check before replicating WAL entries. > And only user with global write permission can replicate WAL entries to this > cluster. > Another option is adding "Replication" action in hbase and only user with > "Replication" permission can replicate WAL entries to this cluster? > [~apurtell] > What's your suggestion? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294612#comment-14294612 ] Andrew Purtell commented on HBASE-12916: Thanks Enis for the commit and Liu for the patch. > No access control for replicating WAL entries > - > > Key: HBASE-12916 > URL: https://issues.apache.org/jira/browse/HBASE-12916 > Project: HBase > Issue Type: Bug > Components: Replication >Affects Versions: 2.0.0, 0.94.26, 0.98.12 >Reporter: Liu Shaohui >Assignee: Liu Shaohui > Fix For: 1.0.0, 2.0.0, 0.98.10, 1.1.0 > > Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, > HBASE-12916-v3.diff, hbase-12916-0.98.patch > > > Currently, there is no access control for replicating WAL entries in secure > HBase cluster. Any authenticated user can write any data they want to any > table of a secure cluster by using the replication api. > Simple solution is to add permission check before replicating WAL entries. > And only user with global write permission can replicate WAL entries to this > cluster. > Another option is adding "Replication" action in hbase and only user with > "Replication" permission can replicate WAL entries to this cluster? > [~apurtell] > What's your suggestion? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294605#comment-14294605 ] Enis Soztutar commented on HBASE-12916: --- Yes, I was trying to do the 0.98 version when I got interrupted. Will commit shortly. > No access control for replicating WAL entries > - > > Key: HBASE-12916 > URL: https://issues.apache.org/jira/browse/HBASE-12916 > Project: HBase > Issue Type: Bug > Components: Replication >Affects Versions: 2.0.0, 0.94.26, 0.98.12 >Reporter: Liu Shaohui >Assignee: Liu Shaohui > Fix For: 1.0.0, 2.0.0, 1.1.0, 0.98.11 > > Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, > HBASE-12916-v3.diff > > > Currently, there is no access control for replicating WAL entries in secure > HBase cluster. Any authenticated user can write any data they want to any > table of a secure cluster by using the replication api. > Simple solution is to add permission check before replicating WAL entries. > And only user with global write permission can replicate WAL entries to this > cluster. > Another option is adding "Replication" action in hbase and only user with > "Replication" permission can replicate WAL entries to this cluster? > [~apurtell] > What's your suggestion? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294598#comment-14294598 ] Andrew Purtell commented on HBASE-12916: [~enis], are you working on the 0.98 version of this? If not I can do it. > No access control for replicating WAL entries > - > > Key: HBASE-12916 > URL: https://issues.apache.org/jira/browse/HBASE-12916 > Project: HBase > Issue Type: Bug > Components: Replication >Affects Versions: 2.0.0, 0.94.26, 0.98.12 >Reporter: Liu Shaohui >Assignee: Liu Shaohui > Fix For: 1.0.0, 2.0.0, 1.1.0, 0.98.11 > > Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, > HBASE-12916-v3.diff > > > Currently, there is no access control for replicating WAL entries in secure > HBase cluster. Any authenticated user can write any data they want to any > table of a secure cluster by using the replication api. > Simple solution is to add permission check before replicating WAL entries. > And only user with global write permission can replicate WAL entries to this > cluster. > Another option is adding "Replication" action in hbase and only user with > "Replication" permission can replicate WAL entries to this cluster? > [~apurtell] > What's your suggestion? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294590#comment-14294590 ] Hudson commented on HBASE-12916: FAILURE: Integrated in HBase-1.1 #119 (See [https://builds.apache.org/job/HBase-1.1/119/]) HBASE-12916 No access control for replicating WAL entries (Liu Shaohui) (enis: rev e38d83eeb06045e28966eee31ae164ef0574cba5) * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java * hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java > No access control for replicating WAL entries > - > > Key: HBASE-12916 > URL: https://issues.apache.org/jira/browse/HBASE-12916 > Project: HBase > Issue Type: Bug > Components: Replication >Affects Versions: 2.0.0, 0.94.26, 0.98.12 >Reporter: Liu Shaohui >Assignee: Liu Shaohui > Fix For: 1.0.0, 2.0.0, 1.1.0, 0.98.11 > > Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, > HBASE-12916-v3.diff > > > Currently, there is no access control for replicating WAL entries in secure > HBase cluster. Any authenticated user can write any data they want to any > table of a secure cluster by using the replication api. > Simple solution is to add permission check before replicating WAL entries. > And only user with global write permission can replicate WAL entries to this > cluster. > Another option is adding "Replication" action in hbase and only user with > "Replication" permission can replicate WAL entries to this cluster? > [~apurtell] > What's your suggestion? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294587#comment-14294587 ] Hudson commented on HBASE-12916: SUCCESS: Integrated in HBase-1.0 #694 (See [https://builds.apache.org/job/HBase-1.0/694/]) HBASE-12916 No access control for replicating WAL entries (Liu Shaohui) (enis: rev e8578c6d98ff2bd7b212378cc9dd0a78a31ae723) * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java * hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java > No access control for replicating WAL entries > - > > Key: HBASE-12916 > URL: https://issues.apache.org/jira/browse/HBASE-12916 > Project: HBase > Issue Type: Bug > Components: Replication >Affects Versions: 2.0.0, 0.94.26, 0.98.12 >Reporter: Liu Shaohui >Assignee: Liu Shaohui > Fix For: 1.0.0, 2.0.0, 1.1.0, 0.98.11 > > Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, > HBASE-12916-v3.diff > > > Currently, there is no access control for replicating WAL entries in secure > HBase cluster. Any authenticated user can write any data they want to any > table of a secure cluster by using the replication api. > Simple solution is to add permission check before replicating WAL entries. > And only user with global write permission can replicate WAL entries to this > cluster. > Another option is adding "Replication" action in hbase and only user with > "Replication" permission can replicate WAL entries to this cluster? > [~apurtell] > What's your suggestion? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294551#comment-14294551 ] Hudson commented on HBASE-12916: FAILURE: Integrated in HBase-TRUNK #6063 (See [https://builds.apache.org/job/HBase-TRUNK/6063/]) HBASE-12916 No access control for replicating WAL entries (Liu Shaohui) (enis: rev 0f6faaf5fc60b7fb3ffe1a77cdd21430efddcc11) * hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java * hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java * hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java > No access control for replicating WAL entries > - > > Key: HBASE-12916 > URL: https://issues.apache.org/jira/browse/HBASE-12916 > Project: HBase > Issue Type: Bug > Components: Replication >Affects Versions: 2.0.0, 0.94.26, 0.98.12 >Reporter: Liu Shaohui >Assignee: Liu Shaohui > Fix For: 1.0.0, 2.0.0, 1.1.0, 0.98.11 > > Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, > HBASE-12916-v3.diff > > > Currently, there is no access control for replicating WAL entries in secure > HBase cluster. Any authenticated user can write any data they want to any > table of a secure cluster by using the replication api. > Simple solution is to add permission check before replicating WAL entries. > And only user with global write permission can replicate WAL entries to this > cluster. > Another option is adding "Replication" action in hbase and only user with > "Replication" permission can replicate WAL entries to this cluster? > [~apurtell] > What's your suggestion? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294429#comment-14294429 ] Andrew Purtell commented on HBASE-12916: +1, yes please > No access control for replicating WAL entries > - > > Key: HBASE-12916 > URL: https://issues.apache.org/jira/browse/HBASE-12916 > Project: HBase > Issue Type: Bug > Components: Replication >Affects Versions: 2.0.0, 0.94.26, 0.98.12 >Reporter: Liu Shaohui >Assignee: Liu Shaohui > Fix For: 1.0.0, 2.0.0, 1.1.0, 0.98.11 > > Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, > HBASE-12916-v3.diff > > > Currently, there is no access control for replicating WAL entries in secure > HBase cluster. Any authenticated user can write any data they want to any > table of a secure cluster by using the replication api. > Simple solution is to add permission check before replicating WAL entries. > And only user with global write permission can replicate WAL entries to this > cluster. > Another option is adding "Replication" action in hbase and only user with > "Replication" permission can replicate WAL entries to this cluster? > [~apurtell] > What's your suggestion? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294422#comment-14294422 ] Enis Soztutar commented on HBASE-12916: --- I've pushed this to master,branch-1 and branch-1.0. [~apurtell] you want this in 0.98.10? > No access control for replicating WAL entries > - > > Key: HBASE-12916 > URL: https://issues.apache.org/jira/browse/HBASE-12916 > Project: HBase > Issue Type: Bug > Components: Replication >Affects Versions: 2.0.0, 0.94.26, 0.98.12 >Reporter: Liu Shaohui >Assignee: Liu Shaohui > Fix For: 1.0.0, 2.0.0, 1.1.0, 0.98.11 > > Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, > HBASE-12916-v3.diff > > > Currently, there is no access control for replicating WAL entries in secure > HBase cluster. Any authenticated user can write any data they want to any > table of a secure cluster by using the replication api. > Simple solution is to add permission check before replicating WAL entries. > And only user with global write permission can replicate WAL entries to this > cluster. > Another option is adding "Replication" action in hbase and only user with > "Replication" permission can replicate WAL entries to this cluster? > [~apurtell] > What's your suggestion? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14293997#comment-14293997 ] Enis Soztutar commented on HBASE-12916: --- This looks important for 1.0.0. +1. Let's get this in the next RC. > No access control for replicating WAL entries > - > > Key: HBASE-12916 > URL: https://issues.apache.org/jira/browse/HBASE-12916 > Project: HBase > Issue Type: Bug > Components: Replication >Affects Versions: 2.0.0, 0.94.26, 0.98.12 >Reporter: Liu Shaohui >Assignee: Liu Shaohui > Fix For: 1.0.0, 2.0.0, 1.1.0, 0.98.11 > > Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, > HBASE-12916-v3.diff > > > Currently, there is no access control for replicating WAL entries in secure > HBase cluster. Any authenticated user can write any data they want to any > table of a secure cluster by using the replication api. > Simple solution is to add permission check before replicating WAL entries. > And only user with global write permission can replicate WAL entries to this > cluster. > Another option is adding "Replication" action in hbase and only user with > "Replication" permission can replicate WAL entries to this cluster? > [~apurtell] > What's your suggestion? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14293797#comment-14293797 ] Andrew Purtell commented on HBASE-12916: Wait... +1, you can commit it [~liushaohui] :-) > No access control for replicating WAL entries > - > > Key: HBASE-12916 > URL: https://issues.apache.org/jira/browse/HBASE-12916 > Project: HBase > Issue Type: Bug > Components: Replication >Affects Versions: 2.0.0, 0.94.26, 0.98.12 >Reporter: Liu Shaohui >Assignee: Liu Shaohui > Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, > HBASE-12916-v3.diff > > > Currently, there is no access control for replicating WAL entries in secure > HBase cluster. Any authenticated user can write any data they want to any > table of a secure cluster by using the replication api. > Simple solution is to add permission check before replicating WAL entries. > And only user with global write permission can replicate WAL entries to this > cluster. > Another option is adding "Replication" action in hbase and only user with > "Replication" permission can replicate WAL entries to this cluster? > [~apurtell] > What's your suggestion? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14293793#comment-14293793 ] Andrew Purtell commented on HBASE-12916: I went through the javadoc output and the warnings do not look related to this patch. Let me apply it. Committing shortly unless objection. > No access control for replicating WAL entries > - > > Key: HBASE-12916 > URL: https://issues.apache.org/jira/browse/HBASE-12916 > Project: HBase > Issue Type: Bug > Components: Replication >Affects Versions: 2.0.0, 0.94.26, 0.98.12 >Reporter: Liu Shaohui >Assignee: Liu Shaohui > Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, > HBASE-12916-v3.diff > > > Currently, there is no access control for replicating WAL entries in secure > HBase cluster. Any authenticated user can write any data they want to any > table of a secure cluster by using the replication api. > Simple solution is to add permission check before replicating WAL entries. > And only user with global write permission can replicate WAL entries to this > cluster. > Another option is adding "Replication" action in hbase and only user with > "Replication" permission can replicate WAL entries to this cluster? > [~apurtell] > What's your suggestion? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[
https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14293084#comment-14293084
]
Hadoop QA commented on HBASE-12916:
---
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12694708/HBASE-12916-v3.diff
against master branch at commit cfb0cf72d4b12a22af7a8267de8baaeef6dfc570.
ATTACHMENT ID: 12694708
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 3 new
or modified tests.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:red}-1 javadoc{color}. The javadoc tool appears to have generated 2
warning messages.
{color:green}+1 checkstyle{color}. The applied patch does not increase the
total number of checkstyle errors
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 lineLengths{color}. The patch does not introduce lines
longer than 100
{color:green}+1 site{color}. The mvn site goal succeeds with this patch.
{color:green}+1 core tests{color}. The patch passed unit tests in .
Test results:
https://builds.apache.org/job/PreCommit-HBASE-Build/12597//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12597//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12597//artifact/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12597//artifact/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12597//artifact/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12597//artifact/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12597//artifact/patchprocess/newPatchFindbugsWarningshbase-rest.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12597//artifact/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12597//artifact/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12597//artifact/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12597//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12597//artifact/patchprocess/newPatchFindbugsWarningshbase-annotations.html
Checkstyle Errors:
https://builds.apache.org/job/PreCommit-HBASE-Build/12597//artifact/patchprocess/checkstyle-aggregate.html
Javadoc warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12597//artifact/patchprocess/patchJavadocWarnings.txt
Console output:
https://builds.apache.org/job/PreCommit-HBASE-Build/12597//console
This message is automatically generated.
> No access control for replicating WAL entries
> -
>
> Key: HBASE-12916
> URL: https://issues.apache.org/jira/browse/HBASE-12916
> Project: HBase
> Issue Type: Bug
> Components: Replication
>Affects Versions: 2.0.0, 0.94.26, 0.98.12
>Reporter: Liu Shaohui
>Assignee: Liu Shaohui
> Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff,
> HBASE-12916-v3.diff
>
>
> Currently, there is no access control for replicating WAL entries in secure
> HBase cluster. Any authenticated user can write any data they want to any
> table of a secure cluster by using the replication api.
> Simple solution is to add permission check before replicating WAL entries.
> And only user with global write permission can replicate WAL entries to this
> cluster.
> Another option is adding "Replication" action in hbase and only user with
> "Replication" permission can replicate WAL entries to this cluster?
> [~apurtell]
> What's your suggestion? Thanks
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[
https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14292951#comment-14292951
]
Hadoop QA commented on HBASE-12916:
---
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12694687/HBASE-12916-v2.diff
against master branch at commit 1b9367d465dc99559b4ac36b30be5e2e98ff67a7.
ATTACHMENT ID: 12694687
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 3 new
or modified tests.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:red}-1 checkstyle{color}. The applied patch generated
1940 checkstyle errors (more than the master's current 1938 errors).
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 lineLengths{color}. The patch introduces the following lines
longer than 100:
+ public void preReplicateLogEntries(final List entries, final
CellScanner cells) throws IOException {
+ public void postReplicateLogEntries(final List entries, final
CellScanner cells) throws IOException {
{color:green}+1 site{color}. The mvn site goal succeeds with this patch.
{color:red}-1 core tests{color}. The patch failed these unit tests:
org.apache.hadoop.hbase.mapreduce.TestLoadIncrementalHFiles
Test results:
https://builds.apache.org/job/PreCommit-HBASE-Build/12596//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12596//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12596//artifact/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12596//artifact/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12596//artifact/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12596//artifact/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12596//artifact/patchprocess/newPatchFindbugsWarningshbase-rest.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12596//artifact/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12596//artifact/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12596//artifact/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12596//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12596//artifact/patchprocess/newPatchFindbugsWarningshbase-annotations.html
Checkstyle Errors:
https://builds.apache.org/job/PreCommit-HBASE-Build/12596//artifact/patchprocess/checkstyle-aggregate.html
Console output:
https://builds.apache.org/job/PreCommit-HBASE-Build/12596//console
This message is automatically generated.
> No access control for replicating WAL entries
> -
>
> Key: HBASE-12916
> URL: https://issues.apache.org/jira/browse/HBASE-12916
> Project: HBase
> Issue Type: Bug
> Components: Replication
>Affects Versions: 2.0.0, 0.94.26, 0.98.12
>Reporter: Liu Shaohui
>Assignee: Liu Shaohui
> Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff
>
>
> Currently, there is no access control for replicating WAL entries in secure
> HBase cluster. Any authenticated user can write any data they want to any
> table of a secure cluster by using the replication api.
> Simple solution is to add permission check before replicating WAL entries.
> And only user with global write permission can replicate WAL entries to this
> cluster.
> Another option is adding "Replication" action in hbase and only user with
> "Replication" permission can replicate WAL entries to this cluster?
> [~apurtell]
> What's your suggestion? Thanks
--
This m
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14292917#comment-14292917 ] Srikanth Srungarapu commented on HBASE-12916: - Overlooked the extends and implements clauses. Sorry for the noise. > No access control for replicating WAL entries > - > > Key: HBASE-12916 > URL: https://issues.apache.org/jira/browse/HBASE-12916 > Project: HBase > Issue Type: Bug > Components: Replication >Affects Versions: 2.0.0, 0.94.26, 0.98.12 >Reporter: Liu Shaohui >Assignee: Liu Shaohui > Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff > > > Currently, there is no access control for replicating WAL entries in secure > HBase cluster. Any authenticated user can write any data they want to any > table of a secure cluster by using the replication api. > Simple solution is to add permission check before replicating WAL entries. > And only user with global write permission can replicate WAL entries to this > cluster. > Another option is adding "Replication" action in hbase and only user with > "Replication" permission can replicate WAL entries to this cluster? > [~apurtell] > What's your suggestion? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14292900#comment-14292900 ] Liu Shaohui commented on HBASE-12916: - [~srikanth235] AccessController extends BaseMasterAndRegionObserver and has to implement the interface of RegionServerObserver, so we need empty function of postReplicateLogEntries at least. > No access control for replicating WAL entries > - > > Key: HBASE-12916 > URL: https://issues.apache.org/jira/browse/HBASE-12916 > Project: HBase > Issue Type: Bug > Components: Replication >Affects Versions: 2.0.0, 0.94.26, 0.98.12 >Reporter: Liu Shaohui >Assignee: Liu Shaohui > Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff > > > Currently, there is no access control for replicating WAL entries in secure > HBase cluster. Any authenticated user can write any data they want to any > table of a secure cluster by using the replication api. > Simple solution is to add permission check before replicating WAL entries. > And only user with global write permission can replicate WAL entries to this > cluster. > Another option is adding "Replication" action in hbase and only user with > "Replication" permission can replicate WAL entries to this cluster? > [~apurtell] > What's your suggestion? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[
https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14292889#comment-14292889
]
Srikanth Srungarapu commented on HBASE-12916:
-
nit: In AccessController, is the following code block necessary?
{code}
+ @Override
+ public void
postReplicateLogEntries(ObserverContext ctx,
+ List entries, CellScanner cells) throws IOException {
+ }
{code}
Also, is the post hook call in testReplicateLogEntries() really needed?
> No access control for replicating WAL entries
> -
>
> Key: HBASE-12916
> URL: https://issues.apache.org/jira/browse/HBASE-12916
> Project: HBase
> Issue Type: Bug
> Components: Replication
>Affects Versions: 2.0.0, 0.94.26, 0.98.12
>Reporter: Liu Shaohui
>Assignee: Liu Shaohui
> Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff
>
>
> Currently, there is no access control for replicating WAL entries in secure
> HBase cluster. Any authenticated user can write any data they want to any
> table of a secure cluster by using the replication api.
> Simple solution is to add permission check before replicating WAL entries.
> And only user with global write permission can replicate WAL entries to this
> cluster.
> Another option is adding "Replication" action in hbase and only user with
> "Replication" permission can replicate WAL entries to this cluster?
> [~apurtell]
> What's your suggestion? Thanks
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[
https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14292206#comment-14292206
]
Andrew Purtell commented on HBASE-12916:
RSO seems like a good place to hang a new hook.
The style of pre- CP hooks is to give the observer access to available
information to make an informed authoritative decision. So
RegionServerObserver#preReplicateLogEntries should accept the same arguments as
ReplicationSinkService#replicateLogEntries, like:
{code}
+ void preReplicateLogEntries(final
ObserverContext ctx,
+ List entries, CellScanner cells) throws IOException;
{code}
> No access control for replicating WAL entries
> -
>
> Key: HBASE-12916
> URL: https://issues.apache.org/jira/browse/HBASE-12916
> Project: HBase
> Issue Type: Bug
> Components: Replication
>Affects Versions: 2.0.0, 0.94.26, 0.98.12
>Reporter: Liu Shaohui
>Assignee: Liu Shaohui
> Attachments: HBASE-12916-v1.diff
>
>
> Currently, there is no access control for replicating WAL entries in secure
> HBase cluster. Any authenticated user can write any data they want to any
> table of a secure cluster by using the replication api.
> Simple solution is to add permission check before replicating WAL entries.
> And only user with global write permission can replicate WAL entries to this
> cluster.
> Another option is adding "Replication" action in hbase and only user with
> "Replication" permission can replicate WAL entries to this cluster?
> [~apurtell]
> What's your suggestion? Thanks
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
[
https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14291626#comment-14291626
]
Hadoop QA commented on HBASE-12916:
---
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12694497/HBASE-12916-v1.diff
against master branch at commit 1c1a306b2e4bdd5a4ff877634c5064097637e2f2.
ATTACHMENT ID: 12694497
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 3 new
or modified tests.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:green}+1 checkstyle{color}. The applied patch does not increase the
total number of checkstyle errors
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 lineLengths{color}. The patch does not introduce lines
longer than 100
{color:green}+1 site{color}. The mvn site goal succeeds with this patch.
{color:red}-1 core tests{color}. The patch failed these unit tests:
Test results:
https://builds.apache.org/job/PreCommit-HBASE-Build/12583//testReport/
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12583//artifact/patchprocess/newPatchFindbugsWarningshbase-rest.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12583//artifact/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12583//artifact/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12583//artifact/patchprocess/newPatchFindbugsWarningshbase-annotations.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12583//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12583//artifact/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12583//artifact/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12583//artifact/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12583//artifact/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12583//artifact/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/12583//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Checkstyle Errors:
https://builds.apache.org/job/PreCommit-HBASE-Build/12583//artifact/patchprocess/checkstyle-aggregate.html
Console output:
https://builds.apache.org/job/PreCommit-HBASE-Build/12583//console
This message is automatically generated.
> No access control for replicating WAL entries
> -
>
> Key: HBASE-12916
> URL: https://issues.apache.org/jira/browse/HBASE-12916
> Project: HBase
> Issue Type: Bug
> Components: Replication
>Affects Versions: 2.0.0, 0.94.26, 0.98.12
>Reporter: Liu Shaohui
>Assignee: Liu Shaohui
> Attachments: HBASE-12916-v1.diff
>
>
> Currently, there is no access control for replicating WAL entries in secure
> HBase cluster. Any authenticated user can write any data they want to any
> table of a secure cluster by using the replication api.
> Simple solution is to add permission check before replicating WAL entries.
> And only user with global write permission can replicate WAL entries to this
> cluster.
> Another option is adding "Replication" action in hbase and only user with
> "Replication" permission can replicate WAL entries to this cluster?
> [~apurtell]
> What's your suggestion? Thanks
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
