Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-14425

In Secure Zookeeper cluster superuser will not have sufficient permission if multiple values are configured in "hbase.superuser"

    XMLWordPrintableJSON

    Details

    • Hadoop Flags:
      Reviewed

      Description

      During master intialization we are setting ACLs for the znodes.

      In ZKUtil.createACL(ZooKeeperWatcher zkw, String node, boolean isSecureZooKeeper),

            String superUser = zkw.getConfiguration().get("hbase.superuser");
            ArrayList<ACL> acls = new ArrayList<ACL>();
            // add permission to hbase supper user
            if (superUser != null) {
              acls.add(new ACL(Perms.ALL, new Id("auth", superUser)));
            }
      

      Here we are directly setting "hbase.superuser" value to Znode which will cause an issue when multiple values are configured. In "hbase.superuser" multiple superusers and supergroups can be configured separated by comma. We need to iterate them and set ACL.

        Attachments

        1. HBASE-14425.patch
          7 kB
          Pankaj Kumar
        2. HBASE-14425-V2.patch
          10 kB
          Pankaj Kumar
        3. HBASE-14425-V2.patch
          10 kB
          Pankaj Kumar

          Activity

            People

            • Assignee:
              pankaj2461 Pankaj Kumar
              Reporter:
              pankaj2461 Pankaj Kumar
            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: