Details

    • Type: New Feature New Feature
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.6.0
    • Component/s: client, master, tserver
    • Labels:
      None

      Description

      A large cluster is a valuable shared resource. The current permission system and simple table naming structure does not allow for delegation of authority and safe partitioning within this shared resource.

      Use cases:

      1. create a namespace (like "test") and delegate the grant permission to tables created in that namespace to a user that would manage those tables. Presently, grant is never delegated.
      2. create simple "test" and "production" namespaces that are trivial for users to switch between. For example, instead of having tables "test_index" and "test_documents" the client would support "index" and "documents" with an API to support switching trivially between the the different environments.
      3. create a set of tables in a namespace called "latest" This namespace is re-created periodically with a map-reduce job. If code changes inadvertently create a corrupt "latest," users can switch to the set of tables known as "safest" In this way, users can experiment, and provide feedback on incremental improvements, while have a safe fallback.
      4. two applications hosted on the same cluster that can share a table, which has been "aliased" into their namespace. Namespace-local permissions are ignored, but a (most likely read-only) view of the table is available. This would be helpful for reference tables.
      5. quotas/priorities. Implement namespace-specific priorities and resource allocations. It is reasonable to run namespace-specific queries and ingest on production equipment. Large cluster resources are always limited, and often the only place where near-production quality software can be run at full scale.
      1. table-namespaces-README.v2.txt
        4 kB
        Sean Hickey
      2. table-namespaces-README.v1.txt
        4 kB
        Sean Hickey
      3. table-namespaces-README.txt
        6 kB
        Sean Hickey
      4. ACCUMULO-802.v5.patch
        586 kB
        Sean Hickey
      5. ACCUMULO-802.v4.patch
        572 kB
        Sean Hickey
      6. ACCUMULO-802.v3.patch
        593 kB
        Christopher Tubbs
      7. ACCUMULO-802.v2.patch
        595 kB
        Sean Hickey
      8. ACCUMULO-802.v1.patch
        590 kB
        Sean Hickey
      9. ACCUMULO-802.v0.patch
        106 kB
        Sean Hickey
      10. 802-security-change.diff
        5 kB
        John Vines

        Issue Links

          Activity

          Hide
          ASF subversion and git services added a comment -

          Commit 5f90d0b8a1b62d76455c9c695320381fa02e3a19 in branch refs/heads/master from Keith Turner
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=5f90d0b ]

          ACCUMULO-802 random walk test refs non-existant namespace node

          Show
          ASF subversion and git services added a comment - Commit 5f90d0b8a1b62d76455c9c695320381fa02e3a19 in branch refs/heads/master from Keith Turner [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=5f90d0b ] ACCUMULO-802 random walk test refs non-existant namespace node
          Hide
          ASF subversion and git services added a comment -

          Commit 5f90d0b8a1b62d76455c9c695320381fa02e3a19 in branch refs/heads/1.6.0-SNAPSHOT from Keith Turner
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=5f90d0b ]

          ACCUMULO-802 random walk test refs non-existant namespace node

          Show
          ASF subversion and git services added a comment - Commit 5f90d0b8a1b62d76455c9c695320381fa02e3a19 in branch refs/heads/1.6.0-SNAPSHOT from Keith Turner [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=5f90d0b ] ACCUMULO-802 random walk test refs non-existant namespace node
          Hide
          ASF subversion and git services added a comment -

          Commit 859cf2087c2506f60178efff1e08d8ad91af3d2d in branch refs/heads/master from Christopher Tubbs
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=859cf20 ]

          ACCUMULO-802 fix more issues from ReviewBoard

          Show
          ASF subversion and git services added a comment - Commit 859cf2087c2506f60178efff1e08d8ad91af3d2d in branch refs/heads/master from Christopher Tubbs [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=859cf20 ] ACCUMULO-802 fix more issues from ReviewBoard
          Hide
          ASF subversion and git services added a comment -

          Commit 859cf2087c2506f60178efff1e08d8ad91af3d2d in branch refs/heads/1.6.0-SNAPSHOT from Christopher Tubbs
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=859cf20 ]

          ACCUMULO-802 fix more issues from ReviewBoard

          Show
          ASF subversion and git services added a comment - Commit 859cf2087c2506f60178efff1e08d8ad91af3d2d in branch refs/heads/1.6.0-SNAPSHOT from Christopher Tubbs [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=859cf20 ] ACCUMULO-802 fix more issues from ReviewBoard
          Hide
          ASF subversion and git services added a comment -

          Commit ea8ec1939af2d73ab3727e6fa4f16f7bde0d51c6 in branch refs/heads/1.6.0-SNAPSHOT from Christopher Tubbs
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=ea8ec19 ]

          ACCUMULO-802 Renamed "TableNamespace" to "Namespace"

          based on ReviewBoard suggestion

          Show
          ASF subversion and git services added a comment - Commit ea8ec1939af2d73ab3727e6fa4f16f7bde0d51c6 in branch refs/heads/1.6.0-SNAPSHOT from Christopher Tubbs [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=ea8ec19 ] ACCUMULO-802 Renamed "TableNamespace" to "Namespace" based on ReviewBoard suggestion
          Hide
          John Vines added a comment -

          Based on RB entry about Bulk_import-

          Maybe I'm fuzzy on 802 then. I see it as providing all TablePermission's such that you can easily give a user access to all of a set of tables with a single step (including bulk import and such). Such that, namespaces should have every TablePermission (in fact, I think it should actually use table permissions). And then if you have namespace permissions for drop/alter you can edit the namespace itself.

          Show
          John Vines added a comment - Based on RB entry about Bulk_import- Maybe I'm fuzzy on 802 then. I see it as providing all TablePermission's such that you can easily give a user access to all of a set of tables with a single step (including bulk import and such). Such that, namespaces should have every TablePermission (in fact, I think it should actually use table permissions). And then if you have namespace permissions for drop/alter you can edit the namespace itself.
          Hide
          John Vines added a comment -

          Attached is a diff for roughly the changes I'm proposing as https://reviews.apache.org/r/15166/diff/1/?file=376139#file376139line311

          Follow the codepath from #canScan to understand what I'm proposing.

          Show
          John Vines added a comment - Attached is a diff for roughly the changes I'm proposing as https://reviews.apache.org/r/15166/diff/1/?file=376139#file376139line311 Follow the codepath from #canScan to understand what I'm proposing.
          Hide
          Christopher Tubbs added a comment -

          Added link to ReviewBoard

          Show
          Christopher Tubbs added a comment - Added link to ReviewBoard
          Hide
          Christopher Tubbs added a comment -

          Patch in ReviewBoard and in branch refs/heads/ACCUMULO-802

          Show
          Christopher Tubbs added a comment - Patch in ReviewBoard and in branch refs/heads/ ACCUMULO-802
          Hide
          ASF subversion and git services added a comment -

          Commit 2f2ba30b2a54877da73b83f2c4efdbc020c9fa7c in branch refs/heads/ACCUMULO-802 from Christopher Tubbs
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=2f2ba30 ]

          ACCUMULO-802 Fixup formatting

          Show
          ASF subversion and git services added a comment - Commit 2f2ba30b2a54877da73b83f2c4efdbc020c9fa7c in branch refs/heads/ ACCUMULO-802 from Christopher Tubbs [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=2f2ba30 ] ACCUMULO-802 Fixup formatting
          Hide
          ASF subversion and git services added a comment -

          Commit 9ed396b7f6f29ca05854a2165407ae4c2640f128 in branch refs/heads/ACCUMULO-802 from Sean Hickey
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=9ed396b ]

          ACCUMULO-802 fixed problems with some TableOps not locking correctly, fixed null pointer from some tables missing their namespace during randomwalk

          Show
          ASF subversion and git services added a comment - Commit 9ed396b7f6f29ca05854a2165407ae4c2640f128 in branch refs/heads/ ACCUMULO-802 from Sean Hickey [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=9ed396b ] ACCUMULO-802 fixed problems with some TableOps not locking correctly, fixed null pointer from some tables missing their namespace during randomwalk
          Hide
          ASF subversion and git services added a comment -

          Commit 5960282bc802f3ec0bfc297bf0ce09b521ac1f26 in branch refs/heads/ACCUMULO-802 from Sean Hickey
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=5960282 ]

          ACCUMULO-802 changed error type given to thrift for TableNamespaceNotFoundExceptions so they don't cause a RuntimException when caught on the client side

          Show
          ASF subversion and git services added a comment - Commit 5960282bc802f3ec0bfc297bf0ce09b521ac1f26 in branch refs/heads/ ACCUMULO-802 from Sean Hickey [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=5960282 ] ACCUMULO-802 changed error type given to thrift for TableNamespaceNotFoundExceptions so they don't cause a RuntimException when caught on the client side
          Hide
          ASF subversion and git services added a comment -

          Commit d349e91cf96a6b6e278711ed9f0b85e615c932ce in branch refs/heads/ACCUMULO-802 from Sean Hickey
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=d349e91 ]

          ACCUMULO-802 added namespace locking to the rest of the tableOps and put them in a consistent order (namespace then table), switched to using HdfsZooInstance to get the instance for the namespaceId

          Show
          ASF subversion and git services added a comment - Commit d349e91cf96a6b6e278711ed9f0b85e615c932ce in branch refs/heads/ ACCUMULO-802 from Sean Hickey [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=d349e91 ] ACCUMULO-802 added namespace locking to the rest of the tableOps and put them in a consistent order (namespace then table), switched to using HdfsZooInstance to get the instance for the namespaceId
          Hide
          ASF subversion and git services added a comment -

          Commit 356bea24fd9316288e11f13931ba155420c4b475 in branch refs/heads/ACCUMULO-802 from Sean Hickey
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=356bea2 ]

          ACCUMULO-802 fixed deadlock problem with the table namespace locks during fate operations

          Show
          ASF subversion and git services added a comment - Commit 356bea24fd9316288e11f13931ba155420c4b475 in branch refs/heads/ ACCUMULO-802 from Sean Hickey [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=356bea2 ] ACCUMULO-802 fixed deadlock problem with the table namespace locks during fate operations
          Hide
          John Vines added a comment -

          I wasn't sure whether I should change the TableOperations functions to throw TableNamespaceNotFoundExceptions (and possibly break backwards compatibility), so right now they throw IllegalArgumentExceptions constructed from TableNamespaceNotFoundExceptions.

          I think making a TableNamespaceNotFoundException as an extension of TableNotFoundException should be sufficient?

          In copying the format of TableOperations' create() function, I made the TableNamespaceOperations() create function take a TimeType for input, but I don't use it. I wasn't sure if we should apply that TimeType to all tables in the namespace or scrap that functionality for namespaces in general.

          I am under the impression that there is another layer of configuration hierarchy of table configurations with the namespaces. And with that, TimeType is one. So having a alternative default TimeType for a namespace makes sense. However, if there is not a configuration hierarchy, then there should be no TimeType involved.

          I never looked into putting qoutas/priorities on namespaces, although that was one of the original use cases.

          We can defer this to 1.7+ as it's a nice to have, not a bare minimum for namepsace implementation

          I never implemented "aliasing" or having one table show in multiple namespaces.

          Also defer, not a necessity

          I never messed with the Monitor code to organize the tables by namespace (ACCUMULO-1480).

          Defer, !necessity

          I changed the default initial table properties (that are applied when a table is created) to instead be applied to new namespaces (and the default namespace) rather than each table.

          Makes sense

          I wasn't sure if there should be any initial properties on the system namespace, so I left it empty (no default properties).

          Not quite sure what this means

          I didn't add default user permissions for a namespaces (ACCUMULO-617 and ACCUMULO-1479).

          I sorta think this should be there, as it would cause a lot of issues to add down the line.

          While running RandomWalk, one related error that I see every once in a while is that a table will have a reference to a namespace that no longer exists. (There are a few other errors that seem unrelated to table namespaces).

          Probably has to do with ZK cache timings. May have to add some wait time in the test to allow propagation. Propagation time is something that should be expected with this behavior.

          Show
          John Vines added a comment - I wasn't sure whether I should change the TableOperations functions to throw TableNamespaceNotFoundExceptions (and possibly break backwards compatibility), so right now they throw IllegalArgumentExceptions constructed from TableNamespaceNotFoundExceptions. I think making a TableNamespaceNotFoundException as an extension of TableNotFoundException should be sufficient? In copying the format of TableOperations' create() function, I made the TableNamespaceOperations() create function take a TimeType for input, but I don't use it. I wasn't sure if we should apply that TimeType to all tables in the namespace or scrap that functionality for namespaces in general. I am under the impression that there is another layer of configuration hierarchy of table configurations with the namespaces. And with that, TimeType is one. So having a alternative default TimeType for a namespace makes sense. However, if there is not a configuration hierarchy, then there should be no TimeType involved. I never looked into putting qoutas/priorities on namespaces, although that was one of the original use cases. We can defer this to 1.7+ as it's a nice to have, not a bare minimum for namepsace implementation I never implemented "aliasing" or having one table show in multiple namespaces. Also defer, not a necessity I never messed with the Monitor code to organize the tables by namespace ( ACCUMULO-1480 ). Defer, !necessity I changed the default initial table properties (that are applied when a table is created) to instead be applied to new namespaces (and the default namespace) rather than each table. Makes sense I wasn't sure if there should be any initial properties on the system namespace, so I left it empty (no default properties). Not quite sure what this means I didn't add default user permissions for a namespaces ( ACCUMULO-617 and ACCUMULO-1479 ). I sorta think this should be there, as it would cause a lot of issues to add down the line. While running RandomWalk, one related error that I see every once in a while is that a table will have a reference to a namespace that no longer exists. (There are a few other errors that seem unrelated to table namespaces). Probably has to do with ZK cache timings. May have to add some wait time in the test to allow propagation. Propagation time is something that should be expected with this behavior.
          Hide
          Christopher Tubbs added a comment -

          I'm keeping an updated (rebase'd) version of this branch at https://github.com/ctubbsii/accumulo/tree/ACCUMULO-802 until we're ready to merge in these changes, that way it doesn't get out of date.

          Show
          Christopher Tubbs added a comment - I'm keeping an updated (rebase'd) version of this branch at https://github.com/ctubbsii/accumulo/tree/ACCUMULO-802 until we're ready to merge in these changes, that way it doesn't get out of date.
          Hide
          Sean Hickey added a comment -

          Since today is my last day to work on Accumulo full time (I'm going back to school for the fall semester), I figured I should post what I think is left to be done (or at least needs looked at to make sure it works correctly).

          • I wasn't sure whether I should change the TableOperations functions to throw TableNamespaceNotFoundExceptions (and possibly break backwards compatibility), so right now they throw IllegalArgumentExceptions constructed from TableNamespaceNotFoundExceptions.
          • In copying the format of TableOperations' create() function, I made the TableNamespaceOperations() create function take a TimeType for input, but I don't use it. I wasn't sure if we should apply that TimeType to all tables in the namespace or scrap that functionality for namespaces in general.
          • I never looked into putting qoutas/priorities on namespaces, although that was one of the original use cases.
          • I never implemented "aliasing" or having one table show in multiple namespaces.
          • I never messed with the Monitor code to organize the tables by namespace (ACCUMULO-1480).
          • I changed the default initial table properties (that are applied when a table is created) to instead be applied to new namespaces (and the default namespace) rather than each table.
          • I wasn't sure if there should be any initial properties on the system namespace, so I left it empty (no default properties).
          • While running RandomWalk, one related error that I see every once in a while is that a table will have a reference to a namespace that no longer exists. (There are a few other errors that seem unrelated to table namespaces).

          I might be able to work on Accumulo some more if I find time during school. I rebased my git repo to make it easier to apply my changed (I linked to it in my previous comment). I think Christopher Tubbs is planning on finishing up the last little bit of this feature.

          Show
          Sean Hickey added a comment - Since today is my last day to work on Accumulo full time (I'm going back to school for the fall semester), I figured I should post what I think is left to be done (or at least needs looked at to make sure it works correctly). I wasn't sure whether I should change the TableOperations functions to throw TableNamespaceNotFoundExceptions (and possibly break backwards compatibility), so right now they throw IllegalArgumentExceptions constructed from TableNamespaceNotFoundExceptions. In copying the format of TableOperations' create() function, I made the TableNamespaceOperations() create function take a TimeType for input, but I don't use it. I wasn't sure if we should apply that TimeType to all tables in the namespace or scrap that functionality for namespaces in general. I never looked into putting qoutas/priorities on namespaces, although that was one of the original use cases. I never implemented "aliasing" or having one table show in multiple namespaces. I never messed with the Monitor code to organize the tables by namespace ( ACCUMULO-1480 ). I changed the default initial table properties (that are applied when a table is created) to instead be applied to new namespaces (and the default namespace) rather than each table. I wasn't sure if there should be any initial properties on the system namespace, so I left it empty (no default properties). I didn't add default user permissions for a namespaces ( ACCUMULO-617 and ACCUMULO-1479 ). While running RandomWalk, one related error that I see every once in a while is that a table will have a reference to a namespace that no longer exists. (There are a few other errors that seem unrelated to table namespaces). I might be able to work on Accumulo some more if I find time during school. I rebased my git repo to make it easier to apply my changed (I linked to it in my previous comment). I think Christopher Tubbs is planning on finishing up the last little bit of this feature.
          Hide
          Sean Hickey added a comment -

          The patches above are well out of date. I've been working on github for a while, so here's a link to my repo that I'm working on. This ticket is just the ACCUMULO-802 branch on my repo.

          Show
          Sean Hickey added a comment - The patches above are well out of date. I've been working on github for a while, so here's a link to my repo that I'm working on. This ticket is just the ACCUMULO-802 branch on my repo.
          Hide
          Sean Hickey added a comment -

          Accidentally left out 2 files, forgot to svn add them. New patch to fix that.

          Show
          Sean Hickey added a comment - Accidentally left out 2 files, forgot to svn add them. New patch to fix that.
          Hide
          Sean Hickey added a comment - - edited

          New patch to implement those suggestions. I didn't add any new tests yet, but I fixed up the code as Christopher described and changed the behavior of creating and deleting namespaces as Keith suggested.

          Show
          Sean Hickey added a comment - - edited New patch to implement those suggestions. I didn't add any new tests yet, but I fixed up the code as Christopher described and changed the behavior of creating and deleting namespaces as Keith suggested.
          Hide
          Christopher Tubbs added a comment -

          A few additions to the v2 patch:

          1. Don't keep both a
            {ZKROOT}/namespaces/{namespaceId}/tables

            and a

            {ZKROOT}/tables/{tableId}/namespace

            It makes things more complex when we have to maintain two structures for the same information, and will result in an inability to determine which is the authoritative source consistently if they diverge (we had this problem with tables in ZK and in the metadata table awhile back). I prefer the latter, because I think the table's own configuration should be the authoritative source of who has additional configuration for it.

          2. Make sure the bytes written to ZooKeeper from strings (table namespace IDs, namespace names), are written as UTF8 bytes, and read back as UTF8 bytes. (For example, in Tables.getNamespace(Instance, String); Since we don't have JDK7's UTF_8 constant, use our own: Constants.UTF8.
          3. (Optional) In the master.thrift file, please ensure that params in new methods have sequential param IDs (1,2,3...). It's easier to read, and that makes it easier to add new params to thrift RPC methods that is backwards-compatible. Don't change old methods, though.
          4. Avoid adding javadocs that don't add value (example: '@throws Exception' param without a comment)
          5. If you add a TODO, please include the Accumulo JIRA number in the comment so it can be tracked (example: '// TODO security check (ACCUMULO-1479)')
          6. Update the WIRE_VERSION to 3, and put the upgrade code in the if block. The data version was already incremented to account for the root table separation, so any upgrade checks based on the data version should work seamlessly.

          I'm adding ACCUMULO-802.v3.patch with some of my recommendations.

          Show
          Christopher Tubbs added a comment - A few additions to the v2 patch: Don't keep both a {ZKROOT}/namespaces/{namespaceId}/tables and a {ZKROOT}/tables/{tableId}/namespace It makes things more complex when we have to maintain two structures for the same information, and will result in an inability to determine which is the authoritative source consistently if they diverge (we had this problem with tables in ZK and in the metadata table awhile back). I prefer the latter, because I think the table's own configuration should be the authoritative source of who has additional configuration for it. Make sure the bytes written to ZooKeeper from strings (table namespace IDs, namespace names), are written as UTF8 bytes, and read back as UTF8 bytes. (For example, in Tables.getNamespace(Instance, String) ; Since we don't have JDK7's UTF_8 constant, use our own: Constants.UTF8. (Optional) In the master.thrift file, please ensure that params in new methods have sequential param IDs (1,2,3...). It's easier to read, and that makes it easier to add new params to thrift RPC methods that is backwards-compatible. Don't change old methods, though. Avoid adding javadocs that don't add value (example: '@throws Exception' param without a comment) If you add a TODO, please include the Accumulo JIRA number in the comment so it can be tracked (example: '// TODO security check ( ACCUMULO-1479 )') Update the WIRE_VERSION to 3, and put the upgrade code in the if block. The data version was already incremented to account for the root table separation, so any upgrade checks based on the data version should work seamlessly. I'm adding ACCUMULO-802.v3.patch with some of my recommendations.
          Hide
          Keith Turner added a comment -

          Took a quick look at v2 patch. Had the following comments.

          • maybe only delete namespaces if empty... could make attempt to delete non-empty namespace throw an error (could have a force option)
          • verify namespace props on server side.. for example configure iterator on namespace then try scanning/compacting... test this w/ and w/o table overriding prop...
          • test that namespace props survive across namespace rename (a good random walk test would do this)
          • need to test import and export table w/ namespaces
          • uncertain about automatic creation of namespaces at table creation time... this may hide errors in user code
          • maybe support cloning namespaces, a shortcut to clone all tables in a namespace + copy namespace props
          • it would be nice if the unit test covered all operations that can now take a namespace, for example get scanner, batchscanner, etc using namepsace+table
          Show
          Keith Turner added a comment - Took a quick look at v2 patch. Had the following comments. maybe only delete namespaces if empty... could make attempt to delete non-empty namespace throw an error (could have a force option) verify namespace props on server side.. for example configure iterator on namespace then try scanning/compacting... test this w/ and w/o table overriding prop... test that namespace props survive across namespace rename (a good random walk test would do this) need to test import and export table w/ namespaces uncertain about automatic creation of namespaces at table creation time... this may hide errors in user code maybe support cloning namespaces, a shortcut to clone all tables in a namespace + copy namespace props it would be nice if the unit test covered all operations that can now take a namespace, for example get scanner, batchscanner, etc using namepsace+table
          Hide
          Sean Hickey added a comment -

          New patch to fix issues with the MetadataTable class moving as well as a bug where I forgot to prevent the default and system namespaces from being able to be deleted. Added some simple shell completion for 'renamenamespace' and 'deletenamespace' as well.

          Show
          Sean Hickey added a comment - New patch to fix issues with the MetadataTable class moving as well as a bug where I forgot to prevent the default and system namespaces from being able to be deleted. Added some simple shell completion for 'renamenamespace' and 'deletenamespace' as well.
          Hide
          Sean Hickey added a comment -

          Patch for the real version of table namespaces (as opposed to testing like the previous version). Changes are documented in the README for v1. This should satisfy sub-tasks #3 and #4.

          The biggest user-facing change from the previous implementation is that there are functions specific to table namespaces rather than using the table operation functions with an extra ".*" tagged on the end, although some of the shell commands use that to specify a namespace as opposed to a table (specifically 'du', 'online', and 'offline').

          Show
          Sean Hickey added a comment - Patch for the real version of table namespaces (as opposed to testing like the previous version). Changes are documented in the README for v1. This should satisfy sub-tasks #3 and #4. The biggest user-facing change from the previous implementation is that there are functions specific to table namespaces rather than using the table operation functions with an extra ".*" tagged on the end, although some of the shell commands use that to specify a namespace as opposed to a table (specifically 'du', 'online', and 'offline').
          Hide
          Sean Hickey added a comment -

          Patch for an initial implementation of table namespaces. It's probably not ready for commit, but I wanted everyone to be able to test it out first. In the README, I documented how it works and how some of the features will work once implemented. I also went through the TableOperations interface and described the changes in behavior to the functions if they are given an namespace (denoted with a ".*") as opposed to a table. I also noted functions that might have a possibility of being implemented in a namespace-wide manner, but I would like input on how they should work.

          Here's a quick example of how they work.
          A table's namespace is denoted as part of it's name (unless it's in the default namespace), so two tables called "thing.one" and "thing.two" would both be in the "thing" namespace. To perform a namespace-wide operation, use ".*". For example, you could delete all tables in a namespace (and the namespace itself) by deleting a table called "thing.*", which from before would delete "thing.one", "thing.two", and it would delete the "thing" namespace.

          Show
          Sean Hickey added a comment - Patch for an initial implementation of table namespaces. It's probably not ready for commit, but I wanted everyone to be able to test it out first. In the README, I documented how it works and how some of the features will work once implemented. I also went through the TableOperations interface and described the changes in behavior to the functions if they are given an namespace (denoted with a ".*") as opposed to a table. I also noted functions that might have a possibility of being implemented in a namespace-wide manner, but I would like input on how they should work. Here's a quick example of how they work. A table's namespace is denoted as part of it's name (unless it's in the default namespace), so two tables called "thing.one" and "thing.two" would both be in the "thing" namespace. To perform a namespace-wide operation, use ".*". For example, you could delete all tables in a namespace (and the namespace itself) by deleting a table called "thing.*", which from before would delete "thing.one", "thing.two", and it would delete the "thing" namespace.
          Hide
          Christopher Tubbs added a comment -

          Default table permissions could be satisfied with namespace-level access permissions.

          Show
          Christopher Tubbs added a comment - Default table permissions could be satisfied with namespace-level access permissions.

            People

            • Assignee:
              Sean Hickey
              Reporter:
              Eric Newton
            • Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development