HBase
  1. HBase
  2. HBASE-5352 ACL improvements
  3. HBASE-5371

Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) API

    Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.92.1, 0.94.0
    • Fix Version/s: 0.94.0
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245, which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level.

      1. HBASE-5371_v2.patch
        15 kB
        Ted Yu
      2. HBASE-5371_v3.patch
        15 kB
        Ted Yu
      3. HBASE-5371_v3-noprefix.patch
        16 kB
        Enis Soztutar
      4. HBASE-5371-addendum_v1.patch
        1 kB
        Enis Soztutar

        Issue Links

          Activity

          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/3829/
          -----------------------------------------------------------

          Review request for hbase.

          Summary
          -------

          We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245, which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level.

          This addresses bug HBASE-5371.
          https://issues.apache.org/jira/browse/HBASE-5371

          Diffs


          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d
          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb
          security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373

          Diff: https://reviews.apache.org/r/3829/diff

          Testing
          -------

          Thanks,

          enis

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/ ----------------------------------------------------------- Review request for hbase. Summary ------- We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245 , which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level. This addresses bug HBASE-5371 . https://issues.apache.org/jira/browse/HBASE-5371 Diffs security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373 Diff: https://reviews.apache.org/r/3829/diff Testing ------- Thanks, enis
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/3829/#review5003
          -----------------------------------------------------------

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
          <https://reviews.apache.org/r/3829/#comment11004>

          This seems a reasonable approach.

          security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
          <https://reviews.apache.org/r/3829/#comment11005>

          Perhaps add a couple of additional cases to check?

          security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
          <https://reviews.apache.org/r/3829/#comment11006>

          Likewise

          • Andrew

          On 2012-02-09 23:12:00, enis wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/3829/

          -----------------------------------------------------------

          (Updated 2012-02-09 23:12:00)

          Review request for hbase.

          Summary

          -------

          We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245, which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level.

          This addresses bug HBASE-5371.

          https://issues.apache.org/jira/browse/HBASE-5371

          Diffs

          -----

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb

          security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373

          Diff: https://reviews.apache.org/r/3829/diff

          Testing

          -------

          Thanks,

          enis

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/#review5003 ----------------------------------------------------------- security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java < https://reviews.apache.org/r/3829/#comment11004 > This seems a reasonable approach. security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java < https://reviews.apache.org/r/3829/#comment11005 > Perhaps add a couple of additional cases to check? security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java < https://reviews.apache.org/r/3829/#comment11006 > Likewise Andrew On 2012-02-09 23:12:00, enis wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/ ----------------------------------------------------------- (Updated 2012-02-09 23:12:00) Review request for hbase. Summary ------- We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245 , which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level. This addresses bug HBASE-5371 . https://issues.apache.org/jira/browse/HBASE-5371 Diffs ----- security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373 Diff: https://reviews.apache.org/r/3829/diff Testing ------- Thanks, enis
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/3829/
          -----------------------------------------------------------

          (Updated 2012-02-11 02:58:35.137932)

          Review request for hbase.

          Changes
          -------

          Added more tests!

          Summary
          -------

          We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245, which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level.

          This addresses bug HBASE-5371.
          https://issues.apache.org/jira/browse/HBASE-5371

          Diffs (updated)


          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d
          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb
          security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373

          Diff: https://reviews.apache.org/r/3829/diff

          Testing
          -------

          Thanks,

          enis

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/ ----------------------------------------------------------- (Updated 2012-02-11 02:58:35.137932) Review request for hbase. Changes ------- Added more tests! Summary ------- We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245 , which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level. This addresses bug HBASE-5371 . https://issues.apache.org/jira/browse/HBASE-5371 Diffs (updated) security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373 Diff: https://reviews.apache.org/r/3829/diff Testing ------- Thanks, enis
          Hide
          Ted Yu added a comment -

          Thanks for the update, Enis.

          Can you run patch v2 through secure HBase unit tests ?
          Hadoop QA only runs test suite for insecure HBase.

          Show
          Ted Yu added a comment - Thanks for the update, Enis. Can you run patch v2 through secure HBase unit tests ? Hadoop QA only runs test suite for insecure HBase.
          Hide
          Ted Yu added a comment -

          Patch v2 from Enis.

          Show
          Ted Yu added a comment - Patch v2 from Enis.
          Hide
          Ted Yu added a comment -

          Run through Hadoop QA.

          Show
          Ted Yu added a comment - Run through Hadoop QA.
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/3829/#review5026
          -----------------------------------------------------------

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
          <https://reviews.apache.org/r/3829/#comment11026>

          I think we should log the size of permissions here.

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
          <https://reviews.apache.org/r/3829/#comment11024>

          This assignment can be lifted to line 971

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
          <https://reviews.apache.org/r/3829/#comment11025>

          We should include tperm.getTable() in the message

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          <https://reviews.apache.org/r/3829/#comment11023>

          'level' is not needed here.

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          <https://reviews.apache.org/r/3829/#comment11027>

          I think 'one of' is not needed here because every region would incur permission check.

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          <https://reviews.apache.org/r/3829/#comment11028>

          This doesn't seem to match the method signature.

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          <https://reviews.apache.org/r/3829/#comment11029>

          Should read 'permissions to check for'

          • Ted

          On 2012-02-11 02:58:35, enis wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/3829/

          -----------------------------------------------------------

          (Updated 2012-02-11 02:58:35)

          Review request for hbase.

          Summary

          -------

          We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245, which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level.

          This addresses bug HBASE-5371.

          https://issues.apache.org/jira/browse/HBASE-5371

          Diffs

          -----

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb

          security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373

          Diff: https://reviews.apache.org/r/3829/diff

          Testing

          -------

          Thanks,

          enis

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/#review5026 ----------------------------------------------------------- security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java < https://reviews.apache.org/r/3829/#comment11026 > I think we should log the size of permissions here. security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java < https://reviews.apache.org/r/3829/#comment11024 > This assignment can be lifted to line 971 security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java < https://reviews.apache.org/r/3829/#comment11025 > We should include tperm.getTable() in the message security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java < https://reviews.apache.org/r/3829/#comment11023 > 'level' is not needed here. security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java < https://reviews.apache.org/r/3829/#comment11027 > I think 'one of' is not needed here because every region would incur permission check. security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java < https://reviews.apache.org/r/3829/#comment11028 > This doesn't seem to match the method signature. security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java < https://reviews.apache.org/r/3829/#comment11029 > Should read 'permissions to check for' Ted On 2012-02-11 02:58:35, enis wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/ ----------------------------------------------------------- (Updated 2012-02-11 02:58:35) Review request for hbase. Summary ------- We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245 , which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level. This addresses bug HBASE-5371 . https://issues.apache.org/jira/browse/HBASE-5371 Diffs ----- security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373 Diff: https://reviews.apache.org/r/3829/diff Testing ------- Thanks, enis
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12514227/HBASE-5371_v2.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 6 new or modified tests.

          -1 patch. The patch command could not apply the patch.

          Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/947//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12514227/HBASE-5371_v2.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 6 new or modified tests. -1 patch. The patch command could not apply the patch. Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/947//console This message is automatically generated.
          Hide
          jiraposter@reviews.apache.org added a comment -

          On 2012-02-11 19:48:26, Ted Yu wrote:

          > security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java, line 972

          > <https://reviews.apache.org/r/3829/diff/2/?file=74388#file74388line972>

          >

          > I think we should log the size of permissions here.

          What are you thinking here Ted?

          • Andrew

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/3829/#review5026
          -----------------------------------------------------------

          On 2012-02-11 02:58:35, enis wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/3829/

          -----------------------------------------------------------

          (Updated 2012-02-11 02:58:35)

          Review request for hbase.

          Summary

          -------

          We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245, which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level.

          This addresses bug HBASE-5371.

          https://issues.apache.org/jira/browse/HBASE-5371

          Diffs

          -----

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb

          security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373

          Diff: https://reviews.apache.org/r/3829/diff

          Testing

          -------

          Thanks,

          enis

          Show
          jiraposter@reviews.apache.org added a comment - On 2012-02-11 19:48:26, Ted Yu wrote: > security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java, line 972 > < https://reviews.apache.org/r/3829/diff/2/?file=74388#file74388line972 > > > I think we should log the size of permissions here. What are you thinking here Ted? Andrew ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/#review5026 ----------------------------------------------------------- On 2012-02-11 02:58:35, enis wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/ ----------------------------------------------------------- (Updated 2012-02-11 02:58:35) Review request for hbase. Summary ------- We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245 , which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level. This addresses bug HBASE-5371 . https://issues.apache.org/jira/browse/HBASE-5371 Diffs ----- security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373 Diff: https://reviews.apache.org/r/3829/diff Testing ------- Thanks, enis
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/3829/#review5043
          -----------------------------------------------------------

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
          <https://reviews.apache.org/r/3829/#comment11073>

          Optimization was mentioned for the following check.
          I was looking for justification of further optimization.
          If there're not many permissions passed, maybe optimization isn't needed.

          If you know what to optimize, please share.

          • Ted

          On 2012-02-11 02:58:35, enis wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/3829/

          -----------------------------------------------------------

          (Updated 2012-02-11 02:58:35)

          Review request for hbase.

          Summary

          -------

          We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245, which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level.

          This addresses bug HBASE-5371.

          https://issues.apache.org/jira/browse/HBASE-5371

          Diffs

          -----

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb

          security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373

          Diff: https://reviews.apache.org/r/3829/diff

          Testing

          -------

          Thanks,

          enis

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/#review5043 ----------------------------------------------------------- security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java < https://reviews.apache.org/r/3829/#comment11073 > Optimization was mentioned for the following check. I was looking for justification of further optimization. If there're not many permissions passed, maybe optimization isn't needed. If you know what to optimize, please share. Ted On 2012-02-11 02:58:35, enis wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/ ----------------------------------------------------------- (Updated 2012-02-11 02:58:35) Review request for hbase. Summary ------- We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245 , which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level. This addresses bug HBASE-5371 . https://issues.apache.org/jira/browse/HBASE-5371 Diffs ----- security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373 Diff: https://reviews.apache.org/r/3829/diff Testing ------- Thanks, enis
          Hide
          jiraposter@reviews.apache.org added a comment -

          On 2012-02-13 03:38:13, Ted Yu wrote:

          > security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java, line 972

          > <https://reviews.apache.org/r/3829/diff/2/?file=74388#file74388line972>

          >

          > Optimization was mentioned for the following check.

          > I was looking for justification of further optimization.

          > If there're not many permissions passed, maybe optimization isn't needed.

          >

          > If you know what to optimize, please share.

          The possible optimization is to group permissions that have the same table/cf/cq and action, so that requirePermission is called less times. But it is not clear that we would gain anything from this. So, I left that as a comment. I can clarify more, or just remove the comment.

          • enis

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/3829/#review5043
          -----------------------------------------------------------

          On 2012-02-11 02:58:35, enis wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/3829/

          -----------------------------------------------------------

          (Updated 2012-02-11 02:58:35)

          Review request for hbase.

          Summary

          -------

          We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245, which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level.

          This addresses bug HBASE-5371.

          https://issues.apache.org/jira/browse/HBASE-5371

          Diffs

          -----

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb

          security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373

          Diff: https://reviews.apache.org/r/3829/diff

          Testing

          -------

          Thanks,

          enis

          Show
          jiraposter@reviews.apache.org added a comment - On 2012-02-13 03:38:13, Ted Yu wrote: > security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java, line 972 > < https://reviews.apache.org/r/3829/diff/2/?file=74388#file74388line972 > > > Optimization was mentioned for the following check. > I was looking for justification of further optimization. > If there're not many permissions passed, maybe optimization isn't needed. > > If you know what to optimize, please share. The possible optimization is to group permissions that have the same table/cf/cq and action, so that requirePermission is called less times. But it is not clear that we would gain anything from this. So, I left that as a comment. I can clarify more, or just remove the comment. enis ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/#review5043 ----------------------------------------------------------- On 2012-02-11 02:58:35, enis wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/ ----------------------------------------------------------- (Updated 2012-02-11 02:58:35) Review request for hbase. Summary ------- We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245 , which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level. This addresses bug HBASE-5371 . https://issues.apache.org/jira/browse/HBASE-5371 Diffs ----- security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373 Diff: https://reviews.apache.org/r/3829/diff Testing ------- Thanks, enis
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/3829/#review5053
          -----------------------------------------------------------

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
          <https://reviews.apache.org/r/3829/#comment11090>

          Please clarify the comment in code.

          • Ted

          On 2012-02-11 02:58:35, enis wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/3829/

          -----------------------------------------------------------

          (Updated 2012-02-11 02:58:35)

          Review request for hbase.

          Summary

          -------

          We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245, which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level.

          This addresses bug HBASE-5371.

          https://issues.apache.org/jira/browse/HBASE-5371

          Diffs

          -----

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb

          security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373

          Diff: https://reviews.apache.org/r/3829/diff

          Testing

          -------

          Thanks,

          enis

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/#review5053 ----------------------------------------------------------- security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java < https://reviews.apache.org/r/3829/#comment11090 > Please clarify the comment in code. Ted On 2012-02-11 02:58:35, enis wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/ ----------------------------------------------------------- (Updated 2012-02-11 02:58:35) Review request for hbase. Summary ------- We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245 , which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level. This addresses bug HBASE-5371 . https://issues.apache.org/jira/browse/HBASE-5371 Diffs ----- security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373 Diff: https://reviews.apache.org/r/3829/diff Testing ------- Thanks, enis
          Hide
          jiraposter@reviews.apache.org added a comment -

          On 2012-02-11 19:48:26, Ted Yu wrote:

          > security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java, line 80

          > <https://reviews.apache.org/r/3829/diff/2/?file=74389#file74389line80>

          >

          > This doesn't seem to match the method signature.

          AccessdeniedException is an IOException.

          On 2012-02-11 19:48:26, Ted Yu wrote:

          > security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java, line 78

          > <https://reviews.apache.org/r/3829/diff/2/?file=74389#file74389line78>

          >

          > I think 'one of' is not needed here because every region would incur permission check.

          "however TablePermissions can only be checked by one of the table's regions", means you can check permissions from any one of the table's regions, which is essentially the same thing if you remove "one of". I removed that just in case.

          • enis

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/3829/#review5026
          -----------------------------------------------------------

          On 2012-02-11 02:58:35, enis wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/3829/

          -----------------------------------------------------------

          (Updated 2012-02-11 02:58:35)

          Review request for hbase.

          Summary

          -------

          We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245, which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level.

          This addresses bug HBASE-5371.

          https://issues.apache.org/jira/browse/HBASE-5371

          Diffs

          -----

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb

          security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373

          Diff: https://reviews.apache.org/r/3829/diff

          Testing

          -------

          Thanks,

          enis

          Show
          jiraposter@reviews.apache.org added a comment - On 2012-02-11 19:48:26, Ted Yu wrote: > security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java, line 80 > < https://reviews.apache.org/r/3829/diff/2/?file=74389#file74389line80 > > > This doesn't seem to match the method signature. AccessdeniedException is an IOException. On 2012-02-11 19:48:26, Ted Yu wrote: > security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java, line 78 > < https://reviews.apache.org/r/3829/diff/2/?file=74389#file74389line78 > > > I think 'one of' is not needed here because every region would incur permission check. "however TablePermissions can only be checked by one of the table's regions", means you can check permissions from any one of the table's regions, which is essentially the same thing if you remove "one of". I removed that just in case. enis ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/#review5026 ----------------------------------------------------------- On 2012-02-11 02:58:35, enis wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/ ----------------------------------------------------------- (Updated 2012-02-11 02:58:35) Review request for hbase. Summary ------- We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245 , which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level. This addresses bug HBASE-5371 . https://issues.apache.org/jira/browse/HBASE-5371 Diffs ----- security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373 Diff: https://reviews.apache.org/r/3829/diff Testing ------- Thanks, enis
          Hide
          jiraposter@reviews.apache.org added a comment -

          On 2012-02-13 19:10:02, Ted Yu wrote:

          > security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java, line 972

          > <https://reviews.apache.org/r/3829/diff/2/?file=74388#file74388line972>

          >

          > Please clarify the comment in code.

          On second thought, I think it's the clients responsibility to optimize the permissions[] array to not contain duplicates, and to group the permissions having the same table/cf/cq. The server side should not try to optimize what is passed for this. I'll just remove the comment instead.

          • enis

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/3829/#review5053
          -----------------------------------------------------------

          On 2012-02-11 02:58:35, enis wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/3829/

          -----------------------------------------------------------

          (Updated 2012-02-11 02:58:35)

          Review request for hbase.

          Summary

          -------

          We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245, which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level.

          This addresses bug HBASE-5371.

          https://issues.apache.org/jira/browse/HBASE-5371

          Diffs

          -----

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb

          security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373

          Diff: https://reviews.apache.org/r/3829/diff

          Testing

          -------

          Thanks,

          enis

          Show
          jiraposter@reviews.apache.org added a comment - On 2012-02-13 19:10:02, Ted Yu wrote: > security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java, line 972 > < https://reviews.apache.org/r/3829/diff/2/?file=74388#file74388line972 > > > Please clarify the comment in code. On second thought, I think it's the clients responsibility to optimize the permissions[] array to not contain duplicates, and to group the permissions having the same table/cf/cq. The server side should not try to optimize what is passed for this. I'll just remove the comment instead. enis ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/#review5053 ----------------------------------------------------------- On 2012-02-11 02:58:35, enis wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/ ----------------------------------------------------------- (Updated 2012-02-11 02:58:35) Review request for hbase. Summary ------- We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245 , which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level. This addresses bug HBASE-5371 . https://issues.apache.org/jira/browse/HBASE-5371 Diffs ----- security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373 Diff: https://reviews.apache.org/r/3829/diff Testing ------- Thanks, enis
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/3829/
          -----------------------------------------------------------

          (Updated 2012-02-13 19:54:36.265360)

          Review request for hbase.

          Changes
          -------

          Incorporated review sugggestions by Ted.

          Summary
          -------

          We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245, which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level.

          This addresses bug HBASE-5371.
          https://issues.apache.org/jira/browse/HBASE-5371

          Diffs (updated)


          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d
          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb
          security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373

          Diff: https://reviews.apache.org/r/3829/diff

          Testing
          -------

          Thanks,

          enis

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/ ----------------------------------------------------------- (Updated 2012-02-13 19:54:36.265360) Review request for hbase. Changes ------- Incorporated review sugggestions by Ted. Summary ------- We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245 , which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level. This addresses bug HBASE-5371 . https://issues.apache.org/jira/browse/HBASE-5371 Diffs (updated) security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373 Diff: https://reviews.apache.org/r/3829/diff Testing ------- Thanks, enis
          Hide
          Ted Yu added a comment -

          @Enis:
          Can you run latest patch through secure HBase test suite ?
          Hadoop QA currently doesn't cover them.

          Thanks

          Show
          Ted Yu added a comment - @Enis: Can you run latest patch through secure HBase test suite ? Hadoop QA currently doesn't cover them. Thanks
          Hide
          Enis Soztutar added a comment -

          Sure, will do that and attach the results here.

          Show
          Enis Soztutar added a comment - Sure, will do that and attach the results here.
          Hide
          jiraposter@reviews.apache.org added a comment -

          On 2012-02-13 19:10:02, Ted Yu wrote:

          > security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java, line 972

          > <https://reviews.apache.org/r/3829/diff/2/?file=74388#file74388line972>

          >

          > Please clarify the comment in code.

          enis wrote:

          On second thought, I think it's the clients responsibility to optimize the permissions[] array to not contain duplicates, and to group the permissions having the same table/cf/cq. The server side should not try to optimize what is passed for this. I'll just remove the comment instead.

          Sounds good.

          • Andrew

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/3829/#review5053
          -----------------------------------------------------------

          On 2012-02-13 19:54:36, enis wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/3829/

          -----------------------------------------------------------

          (Updated 2012-02-13 19:54:36)

          Review request for hbase.

          Summary

          -------

          We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245, which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level.

          This addresses bug HBASE-5371.

          https://issues.apache.org/jira/browse/HBASE-5371

          Diffs

          -----

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d

          security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb

          security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373

          Diff: https://reviews.apache.org/r/3829/diff

          Testing

          -------

          Thanks,

          enis

          Show
          jiraposter@reviews.apache.org added a comment - On 2012-02-13 19:10:02, Ted Yu wrote: > security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java, line 972 > < https://reviews.apache.org/r/3829/diff/2/?file=74388#file74388line972 > > > Please clarify the comment in code. enis wrote: On second thought, I think it's the clients responsibility to optimize the permissions[] array to not contain duplicates, and to group the permissions having the same table/cf/cq. The server side should not try to optimize what is passed for this. I'll just remove the comment instead. Sounds good. Andrew ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/#review5053 ----------------------------------------------------------- On 2012-02-13 19:54:36, enis wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3829/ ----------------------------------------------------------- (Updated 2012-02-13 19:54:36) Review request for hbase. Summary ------- We need to introduce something like AccessControllerProtocol.checkPermissions(Permission[] permissions) API, so that clients can check access rights before carrying out the operations. We need this kind of operation for HCATALOG-245 , which introduces authorization providers for hbase over hcat. We cannot use getUserPermissions() since it requires ADMIN permissions on the global/table level. This addresses bug HBASE-5371 . https://issues.apache.org/jira/browse/HBASE-5371 Diffs ----- security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java 5091b7d security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java 5fa2edb security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java f864373 Diff: https://reviews.apache.org/r/3829/diff Testing ------- Thanks, enis
          Hide
          Ted Yu added a comment -

          @Andy:
          Does latest patch look Okay to you ?

          Show
          Ted Yu added a comment - @Andy: Does latest patch look Okay to you ?
          Hide
          Andrew Purtell added a comment -

          @Ted, Looks good.

          Show
          Andrew Purtell added a comment - @Ted, Looks good.
          Hide
          Ted Yu added a comment -

          @Andy:
          Do you think this should go into 0.92.1 ?

          Show
          Ted Yu added a comment - @Andy: Do you think this should go into 0.92.1 ?
          Hide
          Ted Yu added a comment -

          Patch v3 from Enis.

          Show
          Ted Yu added a comment - Patch v3 from Enis.
          Hide
          Ted Yu added a comment -

          I ran TestAccessController with latest patch:

          Running org.apache.hadoop.hbase.security.access.TestAccessController
          Tests run: 21, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 32.802 sec
          
          Results :
          
          Tests run: 21, Failures: 0, Errors: 0, Skipped: 0
          
          Show
          Ted Yu added a comment - I ran TestAccessController with latest patch: Running org.apache.hadoop.hbase.security.access.TestAccessController Tests run: 21, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 32.802 sec Results : Tests run: 21, Failures: 0, Errors: 0, Skipped: 0
          Hide
          Enis Soztutar added a comment -

          I ran the full test suite yesterday with 2 failures which seem unrelated. However the security/src/test/ classes were not picked up, since they did not define @Category's. Shall we open another ticket to annotate them as large tests? Currently, I am running the tests with:

           mvn test -P security,localTests 

          but i think it will take some time to finish.

          Show
          Enis Soztutar added a comment - I ran the full test suite yesterday with 2 failures which seem unrelated. However the security/src/test/ classes were not picked up, since they did not define @Category's. Shall we open another ticket to annotate them as large tests? Currently, I am running the tests with: mvn test -P security,localTests but i think it will take some time to finish.
          Hide
          Ted Yu added a comment -

          We should open a JIRA for annotating tests under security/src/test

          Show
          Ted Yu added a comment - We should open a JIRA for annotating tests under security/src/test
          Hide
          Enis Soztutar added a comment -

          test results:

          ...
          Running org.apache.hadoop.hbase.security.access.TestAccessControlFilter
          2012-02-14 14:14:34.390 java[67005:1903] Unable to load realm info from SCDynamicStore
          Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 32.002 sec
          Running org.apache.hadoop.hbase.security.access.TestAccessController
          2012-02-14 14:15:06.963 java[67014:1903] Unable to load realm info from SCDynamicStore
          Tests run: 21, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 50.355 sec
          Running org.apache.hadoop.hbase.security.access.TestTablePermissions
          2012-02-14 14:15:58.028 java[67023:1903] Unable to load realm info from SCDynamicStore
          Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 36.739 sec
          Running org.apache.hadoop.hbase.security.access.TestZKPermissionsWatcher
          2012-02-14 14:16:35.517 java[67032:1903] Unable to load realm info from SCDynamicStore
          Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 24.579 sec
          Running org.apache.hadoop.hbase.security.TestUser
          2012-02-14 14:17:00.817 java[67041:1903] Unable to load realm info from SCDynamicStore
          Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.445 sec
          Running org.apache.hadoop.hbase.security.token.TestTokenAuthentication
          2012-02-14 14:17:01.835 java[67043:1903] Unable to load realm info from SCDynamicStore
          Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 25.099 sec
          Running org.apache.hadoop.hbase.security.token.TestZKSecretWatcher
          Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 15.46 sec
          
          ...
          
          Results :
          
          Failed tests:   testCyclicReplication(org.apache.hadoop.hbase.replication.TestMasterReplication): Waited too much time for put replication
            testSimplePutDelete(org.apache.hadoop.hbase.replication.TestMasterReplication): Waited too much time for put replication
            testMultiSlaveReplication(org.apache.hadoop.hbase.replication.TestMultiSlaveReplication): Waited too much time for put replication
            testClientSessionExpired(org.apache.hadoop.hbase.TestZooKeeper)
            testLeaderSelection(org.apache.hadoop.hbase.zookeeper.TestZKLeaderManager): New leader should exist
          
          Tests in error: 
            testTralingGarbageCorruptionFileSkipErrorsPasses(org.apache.hadoop.hbase.regionserver.wal.TestHLogSplit): All datanodes 127.0.0.1:58462 are bad. Aborting...
          
          Tests run: 1429, Failures: 5, Errors: 1, Skipped: 10
          

          All the failing tests seem to be not related to this patch. It seems they are timing out due to running slow.

          Show
          Enis Soztutar added a comment - test results: ... Running org.apache.hadoop.hbase.security.access.TestAccessControlFilter 2012-02-14 14:14:34.390 java[67005:1903] Unable to load realm info from SCDynamicStore Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 32.002 sec Running org.apache.hadoop.hbase.security.access.TestAccessController 2012-02-14 14:15:06.963 java[67014:1903] Unable to load realm info from SCDynamicStore Tests run: 21, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 50.355 sec Running org.apache.hadoop.hbase.security.access.TestTablePermissions 2012-02-14 14:15:58.028 java[67023:1903] Unable to load realm info from SCDynamicStore Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 36.739 sec Running org.apache.hadoop.hbase.security.access.TestZKPermissionsWatcher 2012-02-14 14:16:35.517 java[67032:1903] Unable to load realm info from SCDynamicStore Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 24.579 sec Running org.apache.hadoop.hbase.security.TestUser 2012-02-14 14:17:00.817 java[67041:1903] Unable to load realm info from SCDynamicStore Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.445 sec Running org.apache.hadoop.hbase.security.token.TestTokenAuthentication 2012-02-14 14:17:01.835 java[67043:1903] Unable to load realm info from SCDynamicStore Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 25.099 sec Running org.apache.hadoop.hbase.security.token.TestZKSecretWatcher Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 15.46 sec ... Results : Failed tests: testCyclicReplication(org.apache.hadoop.hbase.replication.TestMasterReplication): Waited too much time for put replication testSimplePutDelete(org.apache.hadoop.hbase.replication.TestMasterReplication): Waited too much time for put replication testMultiSlaveReplication(org.apache.hadoop.hbase.replication.TestMultiSlaveReplication): Waited too much time for put replication testClientSessionExpired(org.apache.hadoop.hbase.TestZooKeeper) testLeaderSelection(org.apache.hadoop.hbase.zookeeper.TestZKLeaderManager): New leader should exist Tests in error: testTralingGarbageCorruptionFileSkipErrorsPasses(org.apache.hadoop.hbase.regionserver.wal.TestHLogSplit): All datanodes 127.0.0.1:58462 are bad. Aborting... Tests run: 1429, Failures: 5, Errors: 1, Skipped: 10 All the failing tests seem to be not related to this patch. It seems they are timing out due to running slow.
          Hide
          Enis Soztutar added a comment -

          Attaching --no-prefix v3 patch candidate for inclusion.

          Show
          Enis Soztutar added a comment - Attaching --no-prefix v3 patch candidate for inclusion.
          Hide
          Ted Yu added a comment -

          Will integrate patch v3 tomorrow.

          Show
          Ted Yu added a comment - Will integrate patch v3 tomorrow.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12514568/HBASE-5371_v3-noprefix.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 6 new or modified tests.

          -1 javadoc. The javadoc tool appears to have generated -136 warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          -1 findbugs. The patch appears to introduce 157 new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          -1 core tests. The patch failed these unit tests:
          org.apache.hadoop.hbase.coprocessor.TestClassLoading
          org.apache.hadoop.hbase.master.TestSplitLogManager
          org.apache.hadoop.hbase.coprocessor.TestMasterObserver

          Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/964//testReport/
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/964//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
          Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/964//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12514568/HBASE-5371_v3-noprefix.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 6 new or modified tests. -1 javadoc. The javadoc tool appears to have generated -136 warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 157 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.hbase.coprocessor.TestClassLoading org.apache.hadoop.hbase.master.TestSplitLogManager org.apache.hadoop.hbase.coprocessor.TestMasterObserver Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/964//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/964//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/964//console This message is automatically generated.
          Hide
          Andrew Purtell added a comment -

          @Andy:
          Do you think this should go into 0.92.1 ?

          It can't because it changes the protocol version of AccessControllerProtocol.

          Show
          Andrew Purtell added a comment - @Andy: Do you think this should go into 0.92.1 ? It can't because it changes the protocol version of AccessControllerProtocol.
          Hide
          Ted Yu added a comment -

          The failed tests were unrelated to the patch.
          I ran the 3 failed tests and they passed on MacBook.

          Show
          Ted Yu added a comment - The failed tests were unrelated to the patch. I ran the 3 failed tests and they passed on MacBook.
          Hide
          Ted Yu added a comment -

          Integrated to TRUNK.

          Thanks for the patch, Enis.

          Thanks for the review, Andy.

          Show
          Ted Yu added a comment - Integrated to TRUNK. Thanks for the patch, Enis. Thanks for the review, Andy.
          Hide
          Hudson added a comment -

          Integrated in HBase-TRUNK-security #112 (See https://builds.apache.org/job/HBase-TRUNK-security/112/)
          HBASE-5371 Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) API (Enis Soztutar) (Revision 1244623)

          Result = SUCCESS
          tedyu :
          Files :

          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          • /hbase/trunk/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
          Show
          Hudson added a comment - Integrated in HBase-TRUNK-security #112 (See https://builds.apache.org/job/HBase-TRUNK-security/112/ ) HBASE-5371 Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) API (Enis Soztutar) (Revision 1244623) Result = SUCCESS tedyu : Files : /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java /hbase/trunk/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
          Hide
          Enis Soztutar added a comment -

          It can't because it changes the protocol version of AccessControllerProtocol.

          Right, since we bumped the protocol version, it will be incompatible. But without this, we cannot continue with the patch in HCATALOG-245, which will hopefully ported to Hive as well. What about re-changing the version to 1, since we just added a new method, but not changed anything on the wire, it should be compatible. The only catch is that if you invoke the new API from a new client, but the server is using the old version, you would get a NoSuchMethod or smt. Is that asking for too much, wdyt?

          Show
          Enis Soztutar added a comment - It can't because it changes the protocol version of AccessControllerProtocol. Right, since we bumped the protocol version, it will be incompatible. But without this, we cannot continue with the patch in HCATALOG-245 , which will hopefully ported to Hive as well. What about re-changing the version to 1, since we just added a new method, but not changed anything on the wire, it should be compatible. The only catch is that if you invoke the new API from a new client, but the server is using the old version, you would get a NoSuchMethod or smt. Is that asking for too much, wdyt?
          Hide
          Hudson added a comment -

          Integrated in HBase-TRUNK #2663 (See https://builds.apache.org/job/HBase-TRUNK/2663/)
          HBASE-5371 Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) API (Enis Soztutar) (Revision 1244623)

          Result = FAILURE
          tedyu :
          Files :

          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          • /hbase/trunk/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
          Show
          Hudson added a comment - Integrated in HBase-TRUNK #2663 (See https://builds.apache.org/job/HBase-TRUNK/2663/ ) HBASE-5371 Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) API (Enis Soztutar) (Revision 1244623) Result = FAILURE tedyu : Files : /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java /hbase/trunk/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
          Hide
          stack added a comment -

          What about re-changing the version to 1, since we just added a new method, but not changed anything on the wire, it should be compatible. The only catch is that if you invoke the new API from a new client, but the server is using the old version, you would get a NoSuchMethod or smt. Is that asking for too much, wdyt?

          I think it a good idea. Test an old client talking to a new w/o changing the version. See what happens. If it works, lets get it into 0.92.

          Show
          stack added a comment - What about re-changing the version to 1, since we just added a new method, but not changed anything on the wire, it should be compatible. The only catch is that if you invoke the new API from a new client, but the server is using the old version, you would get a NoSuchMethod or smt. Is that asking for too much, wdyt? I think it a good idea. Test an old client talking to a new w/o changing the version. See what happens. If it works, lets get it into 0.92.
          Hide
          stack added a comment -

          @Enis If you change version back to 1, do it for trunk too. Can you try it to see what you get if you try and invoke the non-existent method?

          Show
          stack added a comment - @Enis If you change version back to 1, do it for trunk too. Can you try it to see what you get if you try and invoke the non-existent method?
          Hide
          stack added a comment -

          @Enis It has to work w/ 0.92? You can't wait on 0.94? Which should be soonish... Month or two?

          Show
          stack added a comment - @Enis It has to work w/ 0.92? You can't wait on 0.94? Which should be soonish... Month or two?
          Hide
          Andrew Purtell added a comment -

          It can't because it changes the protocol version of AccessControllerProtocol.

          Right, since we bumped the protocol version, it will be incompatible. [...] What about re-changing the version to 1, since we just added a new method, but not changed anything on the wire, it should be compatible. The only catch is that if you invoke the new API from a new client, but the server is using the old version, you would get a NoSuchMethod or smt.

          I've seen this approach used in HDFS. (At least in CDH.) The client can catch the NoSuchMethodException, set a boolean or similar to note that it is talking with an older version, and try an alternate strategy.

          I think this is a reasonable approach until we have a more general solution for cross-version (and backwards) RPC compatibility.

          Show
          Andrew Purtell added a comment - It can't because it changes the protocol version of AccessControllerProtocol. Right, since we bumped the protocol version, it will be incompatible. [...] What about re-changing the version to 1, since we just added a new method, but not changed anything on the wire, it should be compatible. The only catch is that if you invoke the new API from a new client, but the server is using the old version, you would get a NoSuchMethod or smt. I've seen this approach used in HDFS. (At least in CDH.) The client can catch the NoSuchMethodException, set a boolean or similar to note that it is talking with an older version, and try an alternate strategy. I think this is a reasonable approach until we have a more general solution for cross-version (and backwards) RPC compatibility.
          Hide
          Andrew Purtell added a comment -

          This was probably committed early.

          Show
          Andrew Purtell added a comment - This was probably committed early.
          Hide
          Andrew Purtell added a comment -

          @Enis Make sure you add the new methods at the bottom of the interface definition.

          Show
          Andrew Purtell added a comment - @Enis Make sure you add the new methods at the bottom of the interface definition.
          Hide
          Enis Soztutar added a comment -

          From my testing and understanding from the code, the version defined by the coprocossor is not checked in the invocation code path. So the version defined in AccessControllerProtocol is not relevant anyway. We can file a new jira for version checking, but since we are going to work on wire compatibility for coprocessors. let's wait on that for now.

          I am attaching a patch which decreases the version back to 1. I have tested adding a new method to the client, and invoking the old server, and the method invocation throws NoSuchMethodException wrapped around RetriesExhaustedException. Applying this patch to trunk, and pushing both of these to 0.92.1 seems fine to me. wdyt?

          org.apache.hadoop.hbase.client.RetriesExhaustedException: Failed after attempts=10, exceptions:
          Tue Feb 21 18:04:37 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
          Tue Feb 21 18:04:38 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
          Tue Feb 21 18:04:39 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
          Tue Feb 21 18:04:40 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
          Tue Feb 21 18:04:42 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
          Tue Feb 21 18:04:44 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
          Tue Feb 21 18:04:48 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
          Tue Feb 21 18:04:52 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
          Tue Feb 21 18:05:00 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
          Tue Feb 21 18:05:16 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod()
          
          	at org.apache.hadoop.hbase.client.ServerCallable.withRetries(ServerCallable.java:183)
          	at org.apache.hadoop.hbase.ipc.ExecRPCInvoker.invoke(ExecRPCInvoker.java:79)
          	at $Proxy2.shinyNewMethod(Unknown Source)
          	at org.apache.hadoop.hbase.NewMethodTest.main(NewMethodTest.java:36)
          

          @Andrew an alternate strategy would be for the client to actually perform an operation and see whether if it fails or not. But to do that, the client has to create a dummy table, or put a dummy value, etc, which seems very dangerous. Throwing NoSuchMethod seems more appropriate to me, if the server does not suppport the call.

          Show
          Enis Soztutar added a comment - From my testing and understanding from the code, the version defined by the coprocossor is not checked in the invocation code path. So the version defined in AccessControllerProtocol is not relevant anyway. We can file a new jira for version checking, but since we are going to work on wire compatibility for coprocessors. let's wait on that for now. I am attaching a patch which decreases the version back to 1. I have tested adding a new method to the client, and invoking the old server, and the method invocation throws NoSuchMethodException wrapped around RetriesExhaustedException. Applying this patch to trunk, and pushing both of these to 0.92.1 seems fine to me. wdyt? org.apache.hadoop.hbase.client.RetriesExhaustedException: Failed after attempts=10, exceptions: Tue Feb 21 18:04:37 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod() Tue Feb 21 18:04:38 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod() Tue Feb 21 18:04:39 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod() Tue Feb 21 18:04:40 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod() Tue Feb 21 18:04:42 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod() Tue Feb 21 18:04:44 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod() Tue Feb 21 18:04:48 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod() Tue Feb 21 18:04:52 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod() Tue Feb 21 18:05:00 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod() Tue Feb 21 18:05:16 PST 2012, org.apache.hadoop.hbase.ipc.ExecRPCInvoker$1@630f41e9, java.io.IOException: java.io.IOException: java.lang.NoSuchMethodException: org.apache.hadoop.hbase.security.access.AccessControllerProtocol.shinyNewMethod() at org.apache.hadoop.hbase.client.ServerCallable.withRetries(ServerCallable.java:183) at org.apache.hadoop.hbase.ipc.ExecRPCInvoker.invoke(ExecRPCInvoker.java:79) at $Proxy2.shinyNewMethod(Unknown Source) at org.apache.hadoop.hbase.NewMethodTest.main(NewMethodTest.java:36) @Andrew an alternate strategy would be for the client to actually perform an operation and see whether if it fails or not. But to do that, the client has to create a dummy table, or put a dummy value, etc, which seems very dangerous. Throwing NoSuchMethod seems more appropriate to me, if the server does not suppport the call.
          Hide
          Ted Yu added a comment -

          If Andy gives green light to addendum, I will apply the addendum to TRUNK and HBASE-5371_v3-noprefix.patch + addendum to 0.92 branch.

          Show
          Ted Yu added a comment - If Andy gives green light to addendum, I will apply the addendum to TRUNK and HBASE-5371 _v3-noprefix.patch + addendum to 0.92 branch.
          Hide
          Enis Soztutar added a comment -

          Thanks Ted for taking a look. If you push this to 92, we have to also push HBASE-5358, since it is a blocker for this.

          Show
          Enis Soztutar added a comment - Thanks Ted for taking a look. If you push this to 92, we have to also push HBASE-5358 , since it is a blocker for this.
          Hide
          Enis Soztutar added a comment -

          @Andrew, did you have a chance to look into this? Would appreciate your input.

          Show
          Enis Soztutar added a comment - @Andrew, did you have a chance to look into this? Would appreciate your input.
          Hide
          Andrew Purtell added a comment -

          +1 apologies for the delay

          Show
          Andrew Purtell added a comment - +1 apologies for the delay
          Hide
          Ted Yu added a comment -

          Addendum integrated into 0.94 and TRUNK.

          Waiting for Stack's confirmation on when to integrate into 0.92

          Show
          Ted Yu added a comment - Addendum integrated into 0.94 and TRUNK. Waiting for Stack's confirmation on when to integrate into 0.92
          Hide
          Hudson added a comment -

          Integrated in HBase-0.94 #12 (See https://builds.apache.org/job/HBase-0.94/12/)
          HBASE-5371 Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) API, addendum (Enis) (Revision 1296710)

          Result = SUCCESS
          tedyu :
          Files :

          • /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
          • /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          Show
          Hudson added a comment - Integrated in HBase-0.94 #12 (See https://builds.apache.org/job/HBase-0.94/12/ ) HBASE-5371 Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) API, addendum (Enis) (Revision 1296710) Result = SUCCESS tedyu : Files : /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java /hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          Hide
          Hudson added a comment -

          Integrated in HBase-TRUNK-security #128 (See https://builds.apache.org/job/HBase-TRUNK-security/128/)
          HBASE-5371 Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) API, addendum (Enis) (Revision 1296709)

          Result = FAILURE
          tedyu :
          Files :

          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          Show
          Hudson added a comment - Integrated in HBase-TRUNK-security #128 (See https://builds.apache.org/job/HBase-TRUNK-security/128/ ) HBASE-5371 Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) API, addendum (Enis) (Revision 1296709) Result = FAILURE tedyu : Files : /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          Hide
          stack added a comment -

          Please integrate into 0.92 Ted. Thanks.

          Show
          stack added a comment - Please integrate into 0.92 Ted. Thanks.
          Hide
          Ted Yu added a comment -

          Integrated to 0.92 after HBASE-5358 went in.

          Show
          Ted Yu added a comment - Integrated to 0.92 after HBASE-5358 went in.
          Hide
          Hudson added a comment -

          Integrated in HBase-0.92 #315 (See https://builds.apache.org/job/HBase-0.92/315/)
          HBASE-5371 Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons)
          API (Enis) (Revision 1297268)

          Result = SUCCESS
          tedyu :
          Files :

          • /hbase/branches/0.92/CHANGES.txt
          • /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
          • /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          • /hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
          Show
          Hudson added a comment - Integrated in HBase-0.92 #315 (See https://builds.apache.org/job/HBase-0.92/315/ ) HBASE-5371 Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) API (Enis) (Revision 1297268) Result = SUCCESS tedyu : Files : /hbase/branches/0.92/CHANGES.txt /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java /hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
          Hide
          Hudson added a comment -

          Integrated in HBase-TRUNK #2672 (See https://builds.apache.org/job/HBase-TRUNK/2672/)
          HBASE-5371 Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) API, addendum (Enis) (Revision 1296709)

          Result = SUCCESS
          tedyu :
          Files :

          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
          • /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          Show
          Hudson added a comment - Integrated in HBase-TRUNK #2672 (See https://builds.apache.org/job/HBase-TRUNK/2672/ ) HBASE-5371 Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) API, addendum (Enis) (Revision 1296709) Result = SUCCESS tedyu : Files : /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          Hide
          Hudson added a comment -

          Integrated in HBase-0.92-security #97 (See https://builds.apache.org/job/HBase-0.92-security/97/)
          HBASE-5371 Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons)
          API (Enis) (Revision 1297268)

          Result = FAILURE
          tedyu :
          Files :

          • /hbase/branches/0.92/CHANGES.txt
          • /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
          • /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java
          • /hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
          Show
          Hudson added a comment - Integrated in HBase-0.92-security #97 (See https://builds.apache.org/job/HBase-0.92-security/97/ ) HBASE-5371 Introduce AccessControllerProtocol.checkPermissions(Permission[] permissons) API (Enis) (Revision 1297268) Result = FAILURE tedyu : Files : /hbase/branches/0.92/CHANGES.txt /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java /hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessControllerProtocol.java /hbase/branches/0.92/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
          Hide
          Lars Hofhansl added a comment -

          This was committed, marking as fixed.

          Show
          Lars Hofhansl added a comment - This was committed, marking as fixed.

            People

            • Assignee:
              Enis Soztutar
              Reporter:
              Enis Soztutar
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development