[jira] [Updated] (HBASE-16217) Identify calling user in ObserverContext
[ https://issues.apache.org/jira/browse/HBASE-16217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Helmling updated HBASE-16217: -- Resolution: Fixed Fix Version/s: (was: 1.4.0) Status: Resolved (was: Patch Available) This was committed to master quite a while ago and the patch against branch-1 has gone way stale while waiting on a hibernating HadoopQA. I'll close this out and open a separate JIRA for a backport. > Identify calling user in ObserverContext > > > Key: HBASE-16217 > URL: https://issues.apache.org/jira/browse/HBASE-16217 > Project: HBase > Issue Type: Sub-task > Components: Coprocessors, security >Reporter: Gary Helmling >Assignee: Gary Helmling > Fix For: 2.0.0 > > Attachments: HBASE-16217.branch-1.001.patch, > HBASE-16217.master.001.patch, HBASE-16217.master.002.patch, > HBASE-16217.master.003.patch > > > We already either explicitly pass down the relevant User instance initiating > an action through the call path, or it is available through > RpcServer.getRequestUser(). We should carry this through in the > ObserverContext for coprocessor upcalls and make use of it for permissions > checking. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (HBASE-16217) Identify calling user in ObserverContext
[ https://issues.apache.org/jira/browse/HBASE-16217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Helmling updated HBASE-16217: -- Status: Patch Available (was: Open) Rekicking HadoopQA for branch-1 build > Identify calling user in ObserverContext > > > Key: HBASE-16217 > URL: https://issues.apache.org/jira/browse/HBASE-16217 > Project: HBase > Issue Type: Sub-task > Components: Coprocessors, security >Reporter: Gary Helmling >Assignee: Gary Helmling > Fix For: 2.0.0, 1.4.0 > > Attachments: HBASE-16217.branch-1.001.patch, > HBASE-16217.master.001.patch, HBASE-16217.master.002.patch, > HBASE-16217.master.003.patch > > > We already either explicitly pass down the relevant User instance initiating > an action through the call path, or it is available through > RpcServer.getRequestUser(). We should carry this through in the > ObserverContext for coprocessor upcalls and make use of it for permissions > checking. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HBASE-16217) Identify calling user in ObserverContext
[ https://issues.apache.org/jira/browse/HBASE-16217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Helmling updated HBASE-16217: -- Status: Open (was: Patch Available) > Identify calling user in ObserverContext > > > Key: HBASE-16217 > URL: https://issues.apache.org/jira/browse/HBASE-16217 > Project: HBase > Issue Type: Sub-task > Components: Coprocessors, security >Reporter: Gary Helmling >Assignee: Gary Helmling > Fix For: 2.0.0, 1.4.0 > > Attachments: HBASE-16217.branch-1.001.patch, > HBASE-16217.master.001.patch, HBASE-16217.master.002.patch, > HBASE-16217.master.003.patch > > > We already either explicitly pass down the relevant User instance initiating > an action through the call path, or it is available through > RpcServer.getRequestUser(). We should carry this through in the > ObserverContext for coprocessor upcalls and make use of it for permissions > checking. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HBASE-16217) Identify calling user in ObserverContext
[ https://issues.apache.org/jira/browse/HBASE-16217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Helmling updated HBASE-16217: -- Attachment: HBASE-16217.branch-1.001.patch Finally finished a backport to branch-1. Attaching a patch here for a test run. > Identify calling user in ObserverContext > > > Key: HBASE-16217 > URL: https://issues.apache.org/jira/browse/HBASE-16217 > Project: HBase > Issue Type: Sub-task > Components: Coprocessors, security >Reporter: Gary Helmling >Assignee: Gary Helmling > Fix For: 2.0.0, 1.4.0 > > Attachments: HBASE-16217.branch-1.001.patch, > HBASE-16217.master.001.patch, HBASE-16217.master.002.patch, > HBASE-16217.master.003.patch > > > We already either explicitly pass down the relevant User instance initiating > an action through the call path, or it is available through > RpcServer.getRequestUser(). We should carry this through in the > ObserverContext for coprocessor upcalls and make use of it for permissions > checking. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HBASE-16217) Identify calling user in ObserverContext
[ https://issues.apache.org/jira/browse/HBASE-16217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Helmling updated HBASE-16217: -- Attachment: HBASE-16217.master.003.patch Rebase on master again for another set of changes. > Identify calling user in ObserverContext > > > Key: HBASE-16217 > URL: https://issues.apache.org/jira/browse/HBASE-16217 > Project: HBase > Issue Type: Sub-task > Components: Coprocessors, security >Reporter: Gary Helmling >Assignee: Gary Helmling > Fix For: 2.0.0, 1.4.0 > > Attachments: HBASE-16217.master.001.patch, > HBASE-16217.master.002.patch, HBASE-16217.master.003.patch > > > We already either explicitly pass down the relevant User instance initiating > an action through the call path, or it is available through > RpcServer.getRequestUser(). We should carry this through in the > ObserverContext for coprocessor upcalls and make use of it for permissions > checking. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HBASE-16217) Identify calling user in ObserverContext
[ https://issues.apache.org/jira/browse/HBASE-16217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Helmling updated HBASE-16217: -- Attachment: HBASE-16217.master.002.patch Rebased patch against master. TestFlushSnapshotFromClient and TestMasterCoprocessorExceptionWithRemove both pass for me locally. > Identify calling user in ObserverContext > > > Key: HBASE-16217 > URL: https://issues.apache.org/jira/browse/HBASE-16217 > Project: HBase > Issue Type: Sub-task > Components: Coprocessors, security >Reporter: Gary Helmling >Assignee: Gary Helmling > Fix For: 2.0.0, 1.4.0 > > Attachments: HBASE-16217.master.001.patch, > HBASE-16217.master.002.patch > > > We already either explicitly pass down the relevant User instance initiating > an action through the call path, or it is available through > RpcServer.getRequestUser(). We should carry this through in the > ObserverContext for coprocessor upcalls and make use of it for permissions > checking. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HBASE-16217) Identify calling user in ObserverContext
[ https://issues.apache.org/jira/browse/HBASE-16217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Helmling updated HBASE-16217: -- Status: Patch Available (was: Open) The attached patch is a first step in eliminating use of UserGroupInformation.doAs() for permissions checking: * adds a User instance to ObserverContext identifying the calling user for the coprocessor context * updates AccessController to make use of this for permissions checks * eliminates use of UserGroupInformation.doAs() for permissions checks in procedure paths, compactions, splits, region merges > Identify calling user in ObserverContext > > > Key: HBASE-16217 > URL: https://issues.apache.org/jira/browse/HBASE-16217 > Project: HBase > Issue Type: Sub-task > Components: Coprocessors, security >Reporter: Gary Helmling >Assignee: Gary Helmling > Fix For: 2.0.0, 1.4.0 > > Attachments: HBASE-16217.master.001.patch > > > We already either explicitly pass down the relevant User instance initiating > an action through the call path, or it is available through > RpcServer.getRequestUser(). We should carry this through in the > ObserverContext for coprocessor upcalls and make use of it for permissions > checking. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HBASE-16217) Identify calling user in ObserverContext
[ https://issues.apache.org/jira/browse/HBASE-16217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Helmling updated HBASE-16217: -- Attachment: HBASE-16217.master.001.patch > Identify calling user in ObserverContext > > > Key: HBASE-16217 > URL: https://issues.apache.org/jira/browse/HBASE-16217 > Project: HBase > Issue Type: Sub-task > Components: Coprocessors, security >Reporter: Gary Helmling >Assignee: Gary Helmling > Fix For: 2.0.0, 1.4.0 > > Attachments: HBASE-16217.master.001.patch > > > We already either explicitly pass down the relevant User instance initiating > an action through the call path, or it is available through > RpcServer.getRequestUser(). We should carry this through in the > ObserverContext for coprocessor upcalls and make use of it for permissions > checking. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
