Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.20.4
    • Component/s: None
    • Labels:
      None

      Description

      Support an optional operating mode with simple user isolation.

      1. HBASE-2257.patch
        99 kB
        Andrew Purtell

        Activity

        Hide
        Andrew Purtell added a comment -

        Attached patch provides an alternate operating mode, which can be optionally enabled, that provides some simple user isolation. When enabled, access tokens must be added as the first element to the path.

        An access token is a 32 character hexadecimal string. They can be generated using any method but typically one would use MD5 to hash the username with salt.

        For example, where before a value may be accessed as:

        /someTable/someRow/someColumn:qualifier

        with multiuser mode enabled, it would be:

        /d41d8cd98f00b204e9800998ecf8427e/someTable/someRow/someColumn:qualifier

        Access tokens map to user accounts. This mapping is done by pluggable authenticators. Three authenticators are provided which support defining user accounts via 1) hbase-site.xml, 2) entries in a HBase table, or 3) entries in any data source with a JDBC driver, respectively. User accounts can have administrative privilege. They can also be temporarily disabled.

        If a user account has administrative privilege, table names given in the path are not modified.

        If a user account does not have administrative privilege, the typical case, then table names given in the path or in submitted data is transparently rewritten from <table> to <user-name> + "." + <table>, and vice versa. In this way each user has the illusion of a private namespace and one user cannot access the tables of another.

        Show
        Andrew Purtell added a comment - Attached patch provides an alternate operating mode, which can be optionally enabled, that provides some simple user isolation. When enabled, access tokens must be added as the first element to the path. An access token is a 32 character hexadecimal string. They can be generated using any method but typically one would use MD5 to hash the username with salt. For example, where before a value may be accessed as: /someTable/someRow/someColumn:qualifier with multiuser mode enabled, it would be: /d41d8cd98f00b204e9800998ecf8427e/someTable/someRow/someColumn:qualifier Access tokens map to user accounts. This mapping is done by pluggable authenticators . Three authenticators are provided which support defining user accounts via 1) hbase-site.xml, 2) entries in a HBase table, or 3) entries in any data source with a JDBC driver, respectively. User accounts can have administrative privilege. They can also be temporarily disabled. If a user account has administrative privilege, table names given in the path are not modified. If a user account does not have administrative privilege, the typical case, then table names given in the path or in submitted data is transparently rewritten from <table> to <user-name> + "." + <table> , and vice versa. In this way each user has the illusion of a private namespace and one user cannot access the tables of another.
        Hide
        Andrew Purtell added a comment -

        Of course if multiuser mode is not enabled, then Stargate functions as it has before.

        Show
        Andrew Purtell added a comment - Of course if multiuser mode is not enabled, then Stargate functions as it has before.
        Hide
        Andrew Purtell added a comment -

        Committed patch on this issue to 0.20 branch and trunk.

        Show
        Andrew Purtell added a comment - Committed patch on this issue to 0.20 branch and trunk.
        Hide
        Lars Francke added a comment -

        As far as I can tell this does not compile.
        Some things seem to be missing imports, some missing fields, etc.

        I had a quick look at the patch: That does seem to be correct but not all changes seem to have made it into trunk. Could you check this?

        Show
        Lars Francke added a comment - As far as I can tell this does not compile. Some things seem to be missing imports, some missing fields, etc. I had a quick look at the patch: That does seem to be correct but not all changes seem to have made it into trunk. Could you check this?
        Hide
        Andrew Purtell added a comment -

        Sorry, the move to Maven has broken how I work with trunk in Eclipse. Applying a patch from 0.20 with modified paths and svn add worked well enough, thought there was no issue. I will back out the changes on trunk if I can't fix them shortly.

        Show
        Andrew Purtell added a comment - Sorry, the move to Maven has broken how I work with trunk in Eclipse. Applying a patch from 0.20 with modified paths and svn add worked well enough, thought there was no issue. I will back out the changes on trunk if I can't fix them shortly.
        Hide
        Andrew Purtell added a comment -

        Fixed in r916110.
        All set now with the Mavenized build. Sorry about the breakage.

        Show
        Andrew Purtell added a comment - Fixed in r916110. All set now with the Mavenized build. Sorry about the breakage.
        Hide
        Andrew Purtell added a comment -

        Forgot to close this out.

        Show
        Andrew Purtell added a comment - Forgot to close this out.

          People

          • Assignee:
            Andrew Purtell
            Reporter:
            Andrew Purtell
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development