Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 0.98.0
-
Component/s: security
-
Labels:
-
Hadoop Flags:Reviewed
-
Release Note:HBase super user can (any user who is having system visibility label) read back all the cells irrespective of visibility expression applied for cells.
-
Tags:visibility
Description
This issue is in lieu with HBASE-10322. In case of export tool, when the cells with visibility labels are exported using a super user we should be able to export the data. But with the current implementation, the super user would also be able to view cells that has visibility labels associated with the superuser. The idea of HBASE-10322 is to strip out tags based on user and if so this change is necessary for export tool to work with Visibility. ACL already has a concept of global admins.
Issue Links
- is related to
-
HBASE-10322
Strip tags from KV while sending back to client on reads
-
- Closed
-
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12622582/HBASE-10326.patch
against trunk revision .
ATTACHMENT ID: 12622582
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 6 new or modified tests.
+1 hadoop1.0. The patch compiles against the hadoop 1.0 profile.
+1 hadoop1.1. The patch compiles against the hadoop 1.1 profile.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 lineLengths. The patch introduces the following lines longer than 100:
+ // If a super user issues a scan, he should be able to scan the cells irrespective of the Visibility labels
+ // If a super user issues a get, he should be able to scan the cells irrespective of the Visibility labels
+ PrivilegedExceptionAction<VisibilityLabelsResponse> action = new PrivilegedExceptionAction<VisibilityLabelsResponse>() {
-1 site. The patch appears to cause mvn site goal to fail.
+1 core tests. The patch passed unit tests in .
Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/8400//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8400//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/8400//console
This message is automatically generated.
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12622599/HBASE-10326_1.patch
against trunk revision .
ATTACHMENT ID: 12622599
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 6 new or modified tests.
+1 hadoop1.0. The patch compiles against the hadoop 1.0 profile.
+1 hadoop1.1. The patch compiles against the hadoop 1.1 profile.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 lineLengths. The patch does not introduce lines longer than 100
-1 site. The patch appears to cause mvn site goal to fail.
+1 core tests. The patch passed unit tests in .
Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/8401//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8401//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8401//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8401//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8401//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8401//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8401//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8401//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8401//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/8401//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/8401//console
This message is automatically generated.
Patch looks good Ram.
Pls correct the white spaces introduced after checkIfScanOrGetFromSuperUser private method.
+ HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME); + try { + BlockingRpcChannel service = acl.coprocessorService(tableName.getName()); + AccessControlService.BlockingInterface protocol = AccessControlService + .newBlockingStub(service); + ProtobufUtil.grant(protocol, NORMAL_USER2.getShortName(), tableName, null, null, + Permission.Action.READ); + } finally { + acl.close(); + }
Instead can use AccessControlClient#grant ? This code is repeated in tests..
Thanks for the patch.
Instead can use AccessControlClient#grant ? This code is repeated in tests..
Or use the new grant/revoke methods in SecureTestUtils, which are designed for granting or revoking in tests. They do things only possible in miniclusters to insure the AC has propagated the grant to all caches first, to avoid flapping tests.
Are the changes to TestVisibilityLabels needed? The test runs under the superuser implicitly right? There is no functional change though, would be fine to keep them.
What do the new tests in TestVisibilityLabelsWithACL do? Comment, please.
Anoop Sam John, Ram mailed me that he is away this evening. I would be +1 for a commit of this patch without the test changes. What do you think? We can add the test changes later as an addendum or new JIRA.
I will commit patch as it is now.. We can improve the tests later as you suggested.
Committed to Trunk and 0.98. Thanks for the patch Ram. Thanks for the review Andy.
Then I will fix the tests now. HBASE-10331
SUCCESS: Integrated in HBase-0.98 #73 (See https://builds.apache.org/job/HBase-0.98/73/)
HBASE-10326 Super user should be able scan all the cells irrespective of the visibility labels(Ram) (anoopsamjohn: rev 1557791)
- /hbase/branches/0.98/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
- /hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
- /hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
SUCCESS: Integrated in HBase-TRUNK #4810 (See https://builds.apache.org/job/HBase-TRUNK/4810/)
HBASE-10326 Super user should be able scan all the cells irrespective of the visibility labels(Ram) (anoopsamjohn: rev 1557792)
- /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
- /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
- /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
SUCCESS: Integrated in HBase-0.98-on-Hadoop-1.1 #68 (See https://builds.apache.org/job/HBase-0.98-on-Hadoop-1.1/68/)
HBASE-10326 Super user should be able scan all the cells irrespective of the visibility labels(Ram) (anoopsamjohn: rev 1557791)
- /hbase/branches/0.98/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
- /hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
- /hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
SUCCESS: Integrated in HBase-TRUNK-on-Hadoop-1.1 #52 (See https://builds.apache.org/job/HBase-TRUNK-on-Hadoop-1.1/52/)
HBASE-10326 Super user should be able scan all the cells irrespective of the visibility labels(Ram) (anoopsamjohn: rev 1557792)
- /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
- /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
- /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
SUCCESS: Integrated in HBase-TRUNK #5141 (See https://builds.apache.org/job/HBase-TRUNK/5141/)
HBASE-11253 IntegrationTestWithCellVisibilityLoadAndVerify failing since HBASE-10326 (Anoop Sam John) (apurtell: rev 1279ae807c0e2d9b183c145fa553bdc84b6ca1a7)
- hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestLoadAndVerify.java
- hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestWithCellVisibilityLoadAndVerify.java
SUCCESS: Integrated in HBase-0.98 #315 (See https://builds.apache.org/job/HBase-0.98/315/)
HBASE-11253 IntegrationTestWithCellVisibilityLoadAndVerify failing since HBASE-10326 (Anoop Sam John) (apurtell: rev bade38219bce159a4429d3e56f4a00363c810cb0)
- hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestWithCellVisibilityLoadAndVerify.java
- hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestLoadAndVerify.java
SUCCESS: Integrated in HBase-0.98-on-Hadoop-1.1 #296 (See https://builds.apache.org/job/HBase-0.98-on-Hadoop-1.1/296/)
HBASE-11253 IntegrationTestWithCellVisibilityLoadAndVerify failing since HBASE-10326 (Anoop Sam John) (apurtell: rev bade38219bce159a4429d3e56f4a00363c810cb0)
- hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestLoadAndVerify.java
- hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestWithCellVisibilityLoadAndVerify.java
Closing this issue after 0.99.0 release.
Running testcases. Tests involving Visibility controller passes.