[HBASE-22578] HFileCleaner should not delete empty ns/table directories used for user san snapshot feature - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.0.0-alpha-1, 2.3.0
Component/s: None
Labels:
None

Hadoop Flags:

Reviewed
Release Note:

Hide
The HFileCleaner will clean the empty directories under archive, but if enable user scan snaphot feature, the user ACLs are set at there directories, so please config the following cleaner to make the directories with user ACLs not be cleaned:
hbase.master.hfilecleaner.plugins=org.apache.hadoop.hbase.security.access.SnapshotScannerHDFSAclCleaner

Show
The HFileCleaner will clean the empty directories under archive, but if enable user scan snaphot feature, the user ACLs are set at there directories, so please config the following cleaner to make the directories with user ACLs not be cleaned: hbase.master.hfilecleaner.plugins=org.apache.hadoop.hbase.security.access.SnapshotScannerHDFSAclCleaner

Description

~~HBASE-21995~~ add a coprocessor to set HDFS acls for HBase users who own HBase read permission to mask users have the ability to scan snapshot directly.

It creates empty directories for namespace and table under archive directory and set HDFS acls to these directories after namespace or table is created, in this way, users can read files under archive directory.

But the HFileCleaner will delete empty directories and this will break this feature. So if the user scan snapshot feature is enabled, HFileCleaner should not delete empty ns/table directories.

Attachments

Issue Links

links to

GitHub Pull Request #337

Activity

People

Assignee:: Yi Mei

Reporter:: Yi Mei

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 13/Jun/19 12:06

Updated:: 18/Oct/19 17:56

Resolved:: 25/Jul/19 03:18