HBase
  1. HBase
  2. HBASE-5352 ACL improvements
  3. HBASE-5385

Delete table/column should delete stored permissions on -acl- table

    Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.94.0
    • Fix Version/s: 0.94.1, 0.95.0
    • Component/s: security
    • Labels:
      None

      Description

      Deleting the table or a column does not cascade to the stored permissions at the acl table. We should also remove those permissions, otherwise, it can be a security leak, where freshly created tables contain permissions from previous same-named tables. We might also want to ensure, upon table creation, that no entries are already stored at the acl table.

      1. 5385-v3.patch
        4 kB
        Ted Yu
      2. HBASE-5385-v0.patch
        2 kB
        Matteo Bertozzi
      3. HBASE-5385-v1.patch
        4 kB
        Matteo Bertozzi
      4. HBASE-5385-v2.patch
        4 kB
        Matteo Bertozzi
      5. HBASE-5385-v3.patch
        4 kB
        Matteo Bertozzi

        Activity

        Hide
        Matteo Bertozzi added a comment -

        Remove a table from acl is straightforward, but remove a column from it is not as easy.

        The acl table has table name as key, and has one column family that contains user rights.

        tablename -> user -> rights
        tablename -> user,family -> rights
        tablename -> user,family,qualifier -> rights
        

        To remove a table column from the acl we need to remove the table rows where the qualifier contains ',family'.

        Any thoughts on how to implement that? Adding a Delete Filter?

        Show
        Matteo Bertozzi added a comment - Remove a table from acl is straightforward, but remove a column from it is not as easy. The acl table has table name as key, and has one column family that contains user rights. tablename -> user -> rights tablename -> user,family -> rights tablename -> user,family,qualifier -> rights To remove a table column from the acl we need to remove the table rows where the qualifier contains ',family'. Any thoughts on how to implement that? Adding a Delete Filter?
        Hide
        Matteo Bertozzi added a comment -

        Perform a Scan with QualifierFilter to remove a column from the acl table.

        Show
        Matteo Bertozzi added a comment - Perform a Scan with QualifierFilter to remove a column from the acl table.
        Hide
        Enis Soztutar added a comment -

        Looks good. Can we add:
        1. Audit logging AccessController.AUDITLOG
        2. On preCreateTable and preAddColumn, ensure that the acl table is empty for the table / column. We might still have residual acl entries if smt goes wrong. If so, we should refuse creating a table by throwing a kind of access control exception.

        Andrew, any comments?

        Show
        Enis Soztutar added a comment - Looks good. Can we add: 1. Audit logging AccessController.AUDITLOG 2. On preCreateTable and preAddColumn, ensure that the acl table is empty for the table / column. We might still have residual acl entries if smt goes wrong. If so, we should refuse creating a table by throwing a kind of access control exception. Andrew, any comments?
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12525101/HBASE-5385-v1.patch
        against trunk revision .

        +1 @author. The patch does not contain any @author tags.

        -1 tests included. The patch doesn't appear to include any new or modified tests.
        Please justify why no new tests are needed for this patch.
        Also please list what manual steps were performed to verify this patch.

        +1 hadoop23. The patch compiles against the hadoop 0.23.x profile.

        +1 javadoc. The javadoc tool did not generate any warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        -1 findbugs. The patch appears to introduce 2 new Findbugs (version 1.3.9) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        -1 core tests. The patch failed these unit tests:

        Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1693//testReport/
        Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1693//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
        Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1693//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12525101/HBASE-5385-v1.patch against trunk revision . +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 2 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1693//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1693//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1693//console This message is automatically generated.
        Hide
        Matteo Bertozzi added a comment -

        On preCreateTable and preAddColumn, ensure that the acl table is empty for the table / column. We might still have residual acl entries if smt goes wrong. If so, we should refuse creating a table by throwing a kind of access control exception.

        Currently there's no check on grant to see if the table/family/qualifier exist.
        Maybe we can open another jira for this, to implement the exists check on grant and verify in all pre* if there's nothing left.

        Show
        Matteo Bertozzi added a comment - On preCreateTable and preAddColumn, ensure that the acl table is empty for the table / column. We might still have residual acl entries if smt goes wrong. If so, we should refuse creating a table by throwing a kind of access control exception. Currently there's no check on grant to see if the table/family/qualifier exist. Maybe we can open another jira for this, to implement the exists check on grant and verify in all pre* if there's nothing left.
        Hide
        Andrew Purtell added a comment -

        +1 looks good.

        Maybe we can open another jira for this, to implement the exists check on grant and verify in all pre* if there's nothing left.

        This is a good idea since it's a different problem scope than this jira.

        Show
        Andrew Purtell added a comment - +1 looks good. Maybe we can open another jira for this, to implement the exists check on grant and verify in all pre* if there's nothing left. This is a good idea since it's a different problem scope than this jira.
        Hide
        Matteo Bertozzi added a comment -

        patch rebased, HBASE-5732 went in.

        (Also opened HBASE-5947, for the pre/post check for empty acl)

        Show
        Matteo Bertozzi added a comment - patch rebased, HBASE-5732 went in. (Also opened HBASE-5947 , for the pre/post check for empty acl)
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12526613/HBASE-5385-v2.patch
        against trunk revision .

        +1 @author. The patch does not contain any @author tags.

        -1 tests included. The patch doesn't appear to include any new or modified tests.
        Please justify why no new tests are needed for this patch.
        Also please list what manual steps were performed to verify this patch.

        +1 hadoop23. The patch compiles against the hadoop 0.23.x profile.

        +1 javadoc. The javadoc tool did not generate any warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        -1 findbugs. The patch appears to introduce 27 new Findbugs (version 1.3.9) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        -1 core tests. The patch failed these unit tests:
        org.apache.hadoop.hbase.replication.TestReplication

        Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1856//testReport/
        Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1856//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
        Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1856//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12526613/HBASE-5385-v2.patch against trunk revision . +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 27 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.hbase.replication.TestReplication Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1856//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1856//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1856//console This message is automatically generated.
        Hide
        Ted Yu added a comment -

        Patch v3 puts scanner.close() in finally block.

        Show
        Ted Yu added a comment - Patch v3 puts scanner.close() in finally block.
        Hide
        Ted Yu added a comment -

        @Matteo:
        Now that HBASE-5342 went in, can you rebase patch v3 ?

        Show
        Ted Yu added a comment - @Matteo: Now that HBASE-5342 went in, can you rebase patch v3 ?
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12526619/5385-v3.patch
        against trunk revision .

        +1 @author. The patch does not contain any @author tags.

        -1 tests included. The patch doesn't appear to include any new or modified tests.
        Please justify why no new tests are needed for this patch.
        Also please list what manual steps were performed to verify this patch.

        +1 hadoop23. The patch compiles against the hadoop 0.23.x profile.

        +1 javadoc. The javadoc tool did not generate any warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        -1 findbugs. The patch appears to introduce 27 new Findbugs (version 1.3.9) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        -1 core tests. The patch failed these unit tests:
        org.apache.hadoop.hbase.TestDrainingServer

        Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1859//testReport/
        Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1859//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
        Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1859//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12526619/5385-v3.patch against trunk revision . +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 27 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.hbase.TestDrainingServer Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1859//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1859//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1859//console This message is automatically generated.
        Hide
        Matteo Bertozzi added a comment -

        rebase after HBASE-5342 merge

        Show
        Matteo Bertozzi added a comment - rebase after HBASE-5342 merge
        Hide
        Ted Yu added a comment -

        Patch v3 integrated to trunk.

        Thanks for the patch, Matteo.

        Thanks for the review, Andy.

        Show
        Ted Yu added a comment - Patch v3 integrated to trunk. Thanks for the patch, Matteo. Thanks for the review, Andy.
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12526622/HBASE-5385-v3.patch
        against trunk revision .

        +1 @author. The patch does not contain any @author tags.

        -1 tests included. The patch doesn't appear to include any new or modified tests.
        Please justify why no new tests are needed for this patch.
        Also please list what manual steps were performed to verify this patch.

        +1 hadoop23. The patch compiles against the hadoop 0.23.x profile.

        +1 javadoc. The javadoc tool did not generate any warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        -1 findbugs. The patch appears to introduce 31 new Findbugs (version 1.3.9) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        -1 core tests. The patch failed these unit tests:
        org.apache.hadoop.hbase.TestDrainingServer

        Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1860//testReport/
        Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1860//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html
        Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1860//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12526622/HBASE-5385-v3.patch against trunk revision . +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 hadoop23. The patch compiles against the hadoop 0.23.x profile. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 31 new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. -1 core tests. The patch failed these unit tests: org.apache.hadoop.hbase.TestDrainingServer Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/1860//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/1860//artifact/trunk/patchprocess/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/1860//console This message is automatically generated.
        Hide
        Hudson added a comment -

        Integrated in HBase-TRUNK-on-Hadoop-2.0.0 #2 (See https://builds.apache.org/job/HBase-TRUNK-on-Hadoop-2.0.0/2/)
        HBASE-5385 Delete table/column should delete stored permissions on acl table (Matteo Bertozi) (Revision 1337512)

        Result = FAILURE
        tedyu :
        Files :

        • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
        • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
        Show
        Hudson added a comment - Integrated in HBase-TRUNK-on-Hadoop-2.0.0 #2 (See https://builds.apache.org/job/HBase-TRUNK-on-Hadoop-2.0.0/2/ ) HBASE-5385 Delete table/column should delete stored permissions on acl table (Matteo Bertozi) (Revision 1337512) Result = FAILURE tedyu : Files : /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
        Hide
        Hudson added a comment -

        Integrated in HBase-TRUNK #2876 (See https://builds.apache.org/job/HBase-TRUNK/2876/)
        HBASE-5385 Delete table/column should delete stored permissions on acl table (Matteo Bertozi) (Revision 1337512)

        Result = FAILURE
        tedyu :
        Files :

        • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
        • /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
        Show
        Hudson added a comment - Integrated in HBase-TRUNK #2876 (See https://builds.apache.org/job/HBase-TRUNK/2876/ ) HBASE-5385 Delete table/column should delete stored permissions on acl table (Matteo Bertozi) (Revision 1337512) Result = FAILURE tedyu : Files : /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java /hbase/trunk/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java

          People

          • Assignee:
            Matteo Bertozzi
            Reporter:
            Enis Soztutar
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development