[HBASE-14686] Ensure authoritative security coprocessors execute in the correct context - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Umbrella
Status: Closed
Priority: Major
Resolution: Implemented
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

In deployments using security coprocessors, those using preXXX hooks expect to make authoritative decisions with all information available to them in the execution context including the request user. Where users can issue requests in a RPC context separate from the context where the work will be performed, we need to carry the request user's credentials through up to the coprocessor upcall once we finally make it.

This has been an occasional issue as various parts of the code are refactored. Revisit again.

Attachments

Sub-Tasks

1.	Split fails due to 'No valid credentials' error when SecureBulkLoadEndpoint#start tries to access hdfs	Closed	Ted Yu
2.	Region merge request should be audited with request user through proper scope of doAs() calls to region observer notifications	Closed	Ted Yu
3.	Narrow the scope of doAs() calls to region observer notifications for compaction	Closed	Ted Yu
4.	IT suite for end-to-end negative and positive testing of the ACL matrix	Closed	Unassigned
5.	Minimize or eliminate source incompatible changes due to HBASE-14605, HBASE-14631, and HBASE-14655	Closed	Unassigned

Activity

People

Assignee:: Unassigned

Reporter:: Andrew Kyle Purtell

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 23/Oct/15 21:30

Updated:: 12/Jun/22 18:44

Resolved:: 12/Jun/22 18:43