Details

    • Type: Sub-task Sub-task
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.98.0
    • Fix Version/s: 0.98.0
    • Component/s: Coprocessors, security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed
    • Release Note:
      Hide
      VisibilityController CP handles the visibility
      The visibility labels are stored as tags with KVs
      Use Mutation#setCellVisibility(new CellVisibility(<labelExp>)); to add visibility expressions to cells
      The label expression can contain visibility labels joined with logical expressions &, | and !. Also using (, ) one can specify the precedence order
      Eg : SECRET & CONFIDENTIAL & !PUBLIC
      Please note that passing CellVisibility in a Delete mutation is illegal.

      During read, (Scan/Get) one can specify labels associated with that, in Authorizations
      scan.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL));


      Visibility Label admin operations
      ----------------------------------------
      Labels can be added to the system using VisibilityClient#addLabels(). Also can use add_labels shell command
      Only super user (hbase.superuse) have permission to add the labels into the system.
      A set of labels can be associated for a user using setAuths. VisibilityClient#setAuths()
      Similarly labels can be removed from user auths using clearAuths.
      getAuths API can be used to view user auths.
      Also there is support for set_auths, clear_auths and get_auths shell commands
      Same way as in addLabels, only super user have permission for these operations.
      When AccessController is ON the permission checks are handled by AC.
      Using AC along with Visibility is optional. When AC is not available, permission checks are done at VisibilityController level itself.
      Show
      VisibilityController CP handles the visibility The visibility labels are stored as tags with KVs Use Mutation#setCellVisibility(new CellVisibility(<labelExp>)); to add visibility expressions to cells The label expression can contain visibility labels joined with logical expressions &, | and !. Also using (, ) one can specify the precedence order Eg : SECRET & CONFIDENTIAL & !PUBLIC Please note that passing CellVisibility in a Delete mutation is illegal. During read, (Scan/Get) one can specify labels associated with that, in Authorizations scan.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL)); Visibility Label admin operations ---------------------------------------- Labels can be added to the system using VisibilityClient#addLabels(). Also can use add_labels shell command Only super user (hbase.superuse) have permission to add the labels into the system. A set of labels can be associated for a user using setAuths. VisibilityClient#setAuths() Similarly labels can be removed from user auths using clearAuths. getAuths API can be used to view user auths. Also there is support for set_auths, clear_auths and get_auths shell commands Same way as in addLabels, only super user have permission for these operations. When AccessController is ON the permission checks are handled by AC. Using AC along with Visibility is optional. When AC is not available, permission checks are done at VisibilityController level itself.

      Description

      Implement Accumulo-style visibility labels. Consider the following design principles:

      • Coprocessor based implementation
      • Minimal to no changes to core code
      • Use KeyValue tags (HBASE-7448) to carry labels
      • Use OperationWithAttributes# {get,set}

        Attribute for handling visibility labels in the API

      • Implement a new filter for evaluating visibility labels as KVs are streamed through.

      This approach would be consistent in deployment and API details with other per-KV security work, supporting environments where they might be both be employed, even stacked on some tables.

      See the parent issue for more discussion.

      1. HBASE-7663.patch
        383 kB
        Anoop Sam John
      2. HBASE-7663_V9.patch
        535 kB
        Anoop Sam John
      3. HBASE-7663_V8.patch
        534 kB
        Anoop Sam John
      4. HBASE-7663_V7.patch
        536 kB
        Anoop Sam John
      5. HBASE-7663_V6.patch
        536 kB
        Anoop Sam John
      6. HBASE-7663_V5.patch
        550 kB
        Anoop Sam John
      7. HBASE-7663_V4.patch
        549 kB
        Anoop Sam John
      8. HBASE-7663_V3.patch
        605 kB
        Anoop Sam John
      9. HBASE-7663_V2.patch
        560 kB
        Anoop Sam John
      10. HBASE-7663_V10.patch
        535 kB
        Anoop Sam John

        Issue Links

          Activity

          Hide
          Anoop Sam John added a comment -

          VisibilityController CP handles the visibility
          The visibility labels are stored as tags with KVs
          Use put.setCellVisibility(new CellVisibility(<labelExp>)); to add visibility expressions to cells
          The label expression can contain visibility labels joined with logical expressions &, | and !. Also using (, ) one can specify the precedence order
          Eg : SECRET & CONFIDENTIAL & !PUBLIC

          During read, (Scan/Get) one can specify labels associated with that, in Authorizations
          scan.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL));

          Show
          Anoop Sam John added a comment - VisibilityController CP handles the visibility The visibility labels are stored as tags with KVs Use put.setCellVisibility(new CellVisibility(<labelExp>)); to add visibility expressions to cells The label expression can contain visibility labels joined with logical expressions &, | and !. Also using (, ) one can specify the precedence order Eg : SECRET & CONFIDENTIAL & !PUBLIC During read, (Scan/Get) one can specify labels associated with that, in Authorizations scan.setAuthorizations(new Authorizations(SECRET, CONFIDENTIAL));
          Show
          Anoop Sam John added a comment - https://reviews.apache.org/r/14709/
          Hide
          Anoop Sam John added a comment -

          Latest patch with ACL checks in "labels" table.
          Also a clearAuths method and shell script support is added which can be used to remove some label authorizations from a user

          Show
          Anoop Sam John added a comment - Latest patch with ACL checks in "labels" table. Also a clearAuths method and shell script support is added which can be used to remove some label authorizations from a user
          Hide
          Anoop Sam John added a comment -

          Some issues found with AC checks are corrected in latest patch.

          Show
          Anoop Sam John added a comment - Some issues found with AC checks are corrected in latest patch.
          Hide
          Anoop Sam John added a comment -

          Visibility Label admin operations
          ----------------------------------------
          Labels can be added to the system using VisibilityClient#addLabels(). Also can use add_labels shell command
          Only super user (hbase.superuse) have permission to add the labels into the system.
          A set of labels can be associated for a user using setAuths. VisibilityClient#setAuths()
          Similarly labels can be removed from user auths using clearAuths.
          getAuths API can be used to view user auths.
          Also there is support for set_auths, clear_auths and get_auths shell commands
          Same way as in addLabels only super user have permission for these operations.
          When AccessController is ON the permission checks are handled by AC.
          Using AC along with Visibility is optional. When AC is not available, permission checks are done at VisibilityController level itself.

          Show
          Anoop Sam John added a comment - Visibility Label admin operations ---------------------------------------- Labels can be added to the system using VisibilityClient#addLabels(). Also can use add_labels shell command Only super user (hbase.superuse) have permission to add the labels into the system. A set of labels can be associated for a user using setAuths. VisibilityClient#setAuths() Similarly labels can be removed from user auths using clearAuths. getAuths API can be used to view user auths. Also there is support for set_auths, clear_auths and get_auths shell commands Same way as in addLabels only super user have permission for these operations. When AccessController is ON the permission checks are handled by AC. Using AC along with Visibility is optional. When AC is not available, permission checks are done at VisibilityController level itself.
          Hide
          Andrew Purtell added a comment -

          V3 patch is looking pretty good Anoop.

          Debug logging should be wrapped in if (LOG.isDebugEnabled()) conditionals.

          Could use an integration test. Can be follow on work, like HBASE-9846.

          If ParseException is going to be thrown back to clients, it should be in hbase-client.

          In VisibilityController you have this TODO:

          TODO this can be made as a global LRU cache at HRS level?
          

          Could be follow on work but I guess there will be another patch here soon that contains one?

          In VisibilityController#preScannerOpen there is this empty conditional:

          if (region.getRegionInfo().getTable().isSystemTable()) {
          
          }
          

          What is supposed to happen here?

          "getSyetmAndSuperUsers" is misspelled.

          In ZKVisibilityLabelWatcher should we be calling sync() on the ZK handle to insure we are up to date?

          Should we look at javaEWAH instead of BitSet?

          Consider unit test coverage for the new labels commands, I guess somewhere in the visibility unit tests since they require the CP to be installed.

          The VisibilityController init code assumes if the AccessController is loaded it will be the first in the chain. Should we rely on that?

          Show
          Andrew Purtell added a comment - V3 patch is looking pretty good Anoop. Debug logging should be wrapped in if (LOG.isDebugEnabled()) conditionals. Could use an integration test. Can be follow on work, like HBASE-9846 . If ParseException is going to be thrown back to clients, it should be in hbase-client. In VisibilityController you have this TODO: TODO this can be made as a global LRU cache at HRS level? Could be follow on work but I guess there will be another patch here soon that contains one? In VisibilityController#preScannerOpen there is this empty conditional: if (region.getRegionInfo().getTable().isSystemTable()) { } What is supposed to happen here? "getSyetmAndSuperUsers" is misspelled. In ZKVisibilityLabelWatcher should we be calling sync() on the ZK handle to insure we are up to date? Should we look at javaEWAH instead of BitSet? Consider unit test coverage for the new labels commands, I guess somewhere in the visibility unit tests since they require the CP to be installed. The VisibilityController init code assumes if the AccessController is loaded it will be the first in the chain. Should we rely on that?
          Hide
          Anoop Sam John added a comment -

          Patch V4 addressing review comments in RB
          Also I have not included the REST/Thrift support in this patch. Let me give a patch for that later on another followup task. (This patch is already very big and comments fix made it still bigger)
          Also this patch includes defect fix code HBASE-9874.

          Show
          Anoop Sam John added a comment - Patch V4 addressing review comments in RB Also I have not included the REST/Thrift support in this patch. Let me give a patch for that later on another followup task. (This patch is already very big and comments fix made it still bigger) Also this patch includes defect fix code HBASE-9874 .
          Hide
          Anoop Sam John added a comment -

          Let QA run

          Show
          Anoop Sam John added a comment - Let QA run
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12611752/HBASE-7663_V4.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 10 new or modified tests.

          +1 hadoop1.0. The patch compiles against the hadoop 1.0 profile.

          +1 hadoop2.0. The patch compiles against the hadoop 2.0 profile.

          -1 javadoc. The javadoc tool appears to have generated 13 warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          -1 findbugs. The patch appears to introduce 5 new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 lineLengths. The patch does not introduce lines longer than 100

          -1 site. The patch appears to cause mvn site goal to fail.

          -1 core tests. The patch failed these unit tests:
          org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsWithACL
          org.apache.hadoop.hbase.security.visibility.TestVisibilityLabels

          Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//testReport/
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop1-compat.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
          Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12611752/HBASE-7663_V4.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 10 new or modified tests. +1 hadoop1.0 . The patch compiles against the hadoop 1.0 profile. +1 hadoop2.0 . The patch compiles against the hadoop 2.0 profile. -1 javadoc . The javadoc tool appears to have generated 13 warning messages. +1 javac . The applied patch does not increase the total number of javac compiler warnings. -1 findbugs . The patch appears to introduce 5 new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 lineLengths . The patch does not introduce lines longer than 100 -1 site . The patch appears to cause mvn site goal to fail. -1 core tests . The patch failed these unit tests: org.apache.hadoop.hbase.security.visibility.TestVisibilityLabelsWithACL org.apache.hadoop.hbase.security.visibility.TestVisibilityLabels Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop1-compat.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/7711//console This message is automatically generated.
          Hide
          Anoop Sam John added a comment -

          Fixing test failures and javadoc and findbugs warnings

          Show
          Anoop Sam John added a comment - Fixing test failures and javadoc and findbugs warnings
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12611779/HBASE-7663_V5.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 10 new or modified tests.

          +1 hadoop1.0. The patch compiles against the hadoop 1.0 profile.

          +1 hadoop2.0. The patch compiles against the hadoop 2.0 profile.

          +1 javadoc. The javadoc tool did not generate any warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          -1 findbugs. The patch appears to introduce 4 new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 lineLengths. The patch does not introduce lines longer than 100

          -1 site. The patch appears to cause mvn site goal to fail.

          +1 core tests. The patch passed unit tests in .

          Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//testReport/
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop1-compat.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
          Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12611779/HBASE-7663_V5.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 10 new or modified tests. +1 hadoop1.0 . The patch compiles against the hadoop 1.0 profile. +1 hadoop2.0 . The patch compiles against the hadoop 2.0 profile. +1 javadoc . The javadoc tool did not generate any warning messages. +1 javac . The applied patch does not increase the total number of javac compiler warnings. -1 findbugs . The patch appears to introduce 4 new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 lineLengths . The patch does not introduce lines longer than 100 -1 site . The patch appears to cause mvn site goal to fail. +1 core tests . The patch passed unit tests in . Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop1-compat.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/7713//console This message is automatically generated.
          Hide
          Andrew Purtell added a comment -

          Carrying over a discussion from RB:

          If the latest KV was skipped due to a label mismatch the previous KV was getting included. May be we can check for the same in ACLs too? we can come up with a common soln.

          This is correct behavior. Cell permissions are a part of the HBase data model, not separate from it. If you want to hide/overwrite all previous versions of a cell then you have to lay down a delete marker and then a new value with a later timestamp. If you want only one version of a cell with the latest visibility or ACL, then it's the same. This is easy to reason about.

          We say all policies apply at the point in time when the value is stored. This allows easy policy evolution over time. If a user does not have permission or visibility to read the current value, but did have permission or visibility to read the previous version, then they should still see the previous version, because the policy that allowed the user to read the previous version was in effect at that time.

          This does make increments and appends interesting but otherwise we are special casing how permissions work relative the rest of the HBase model. We should document this stuff carefully.

          If delete-then-put (or read-delete-put) is inconvenient (I think it is explicit) then we can consider adding a DeleteAndPut op or similar. Actually that would also address open JIRAs regarding deletes and puts with the same timestamp.

          Show
          Andrew Purtell added a comment - Carrying over a discussion from RB: If the latest KV was skipped due to a label mismatch the previous KV was getting included. May be we can check for the same in ACLs too? we can come up with a common soln. This is correct behavior. Cell permissions are a part of the HBase data model, not separate from it. If you want to hide/overwrite all previous versions of a cell then you have to lay down a delete marker and then a new value with a later timestamp. If you want only one version of a cell with the latest visibility or ACL, then it's the same. This is easy to reason about. We say all policies apply at the point in time when the value is stored. This allows easy policy evolution over time. If a user does not have permission or visibility to read the current value, but did have permission or visibility to read the previous version, then they should still see the previous version, because the policy that allowed the user to read the previous version was in effect at that time. This does make increments and appends interesting but otherwise we are special casing how permissions work relative the rest of the HBase model. We should document this stuff carefully. If delete-then-put (or read-delete-put) is inconvenient (I think it is explicit) then we can consider adding a DeleteAndPut op or similar. Actually that would also address open JIRAs regarding deletes and puts with the same timestamp.
          Hide
          Anoop Sam John added a comment -

          Rebased patch for latest trunk.

          Show
          Anoop Sam John added a comment - Rebased patch for latest trunk.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12612320/HBASE-7663_V6.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 10 new or modified tests.

          +1 hadoop1.0. The patch compiles against the hadoop 1.0 profile.

          +1 hadoop2.0. The patch compiles against the hadoop 2.0 profile.

          -1 javadoc. The javadoc tool appears to have generated 1 warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          -1 findbugs. The patch appears to introduce 6 new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 lineLengths. The patch does not introduce lines longer than 100

          -1 site. The patch appears to cause mvn site goal to fail.

          +1 core tests. The patch passed unit tests in .

          Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//testReport/
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop1-compat.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
          Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12612320/HBASE-7663_V6.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 10 new or modified tests. +1 hadoop1.0 . The patch compiles against the hadoop 1.0 profile. +1 hadoop2.0 . The patch compiles against the hadoop 2.0 profile. -1 javadoc . The javadoc tool appears to have generated 1 warning messages. +1 javac . The applied patch does not increase the total number of javac compiler warnings. -1 findbugs . The patch appears to introduce 6 new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 lineLengths . The patch does not introduce lines longer than 100 -1 site . The patch appears to cause mvn site goal to fail. +1 core tests . The patch passed unit tests in . Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop1-compat.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/7744//console This message is automatically generated.
          Hide
          stack added a comment -

          Skimming the patch...

          Should setAuthorizations and getAuthorizations be pushed up to the super class or do they only apply to certain 'types' – like setCellVisibility and getCellVisibility. Or seems like they are for Get and Scan only. Should we have an Interface that is other-than-Mutation that Scan and Get implement (and Increment i suppose since it retturns a value)? We'd add these methods there?

          An illegal operation is different to an AccessDeniedE? It is not necessarily of the security realm?

          Does CellVisibility need a class comment? Or maybe it is ok given it is in the visibility package and it is called CellVisibility (no need to be pedantic)

          Ok... let me go look at your responses up on RB now...... I realize I did not go back to them.

          Show
          stack added a comment - Skimming the patch... Should setAuthorizations and getAuthorizations be pushed up to the super class or do they only apply to certain 'types' – like setCellVisibility and getCellVisibility. Or seems like they are for Get and Scan only. Should we have an Interface that is other-than-Mutation that Scan and Get implement (and Increment i suppose since it retturns a value)? We'd add these methods there? An illegal operation is different to an AccessDeniedE? It is not necessarily of the security realm? Does CellVisibility need a class comment? Or maybe it is ok given it is in the visibility package and it is called CellVisibility (no need to be pedantic) Ok... let me go look at your responses up on RB now...... I realize I did not go back to them.
          Hide
          Andrew Purtell added a comment -

          Should we have an Interface that is other-than-Mutation that Scan and Get implement (and Increment i suppose since it retturns a value)?

          I have the same issue over on the cell ACL patch, I need to duplicate these convenience getters and setters in Get, Mutation, and Scan. It would be good to have a common interface or base class for Scan and Get, maybe 'Query' (for symmetry with Mutation)? I have fun in places receiving OperationWithAttributes and then downcasting, that would go away.

          Show
          Andrew Purtell added a comment - Should we have an Interface that is other-than-Mutation that Scan and Get implement (and Increment i suppose since it retturns a value)? I have the same issue over on the cell ACL patch, I need to duplicate these convenience getters and setters in Get, Mutation, and Scan. It would be good to have a common interface or base class for Scan and Get, maybe 'Query' (for symmetry with Mutation)? I have fun in places receiving OperationWithAttributes and then downcasting, that would go away.
          Hide
          Anoop Sam John added a comment -

          +1 for having a base class like Mutation. +1 for the name Query.
          There are many setter and getters which are common for Scan and Get, like setFilter, setTimeRange, setTimeStamp etc. All these setters are returning current object for chained call. So moving these to its base class will change the signature! New methods for Authorizations and acl can be in super class.

          Show
          Anoop Sam John added a comment - +1 for having a base class like Mutation. +1 for the name Query. There are many setter and getters which are common for Scan and Get, like setFilter, setTimeRange, setTimeStamp etc. All these setters are returning current object for chained call. So moving these to its base class will change the signature! New methods for Authorizations and acl can be in super class.
          Hide
          ramkrishna.s.vasudevan added a comment -

          +1. For now can move authorizations and acl things into that super class.

          Show
          ramkrishna.s.vasudevan added a comment - +1. For now can move authorizations and acl things into that super class.
          Hide
          Anoop Sam John added a comment -

          Patch with a super class for Scan and Get.

          Show
          Anoop Sam John added a comment - Patch with a super class for Scan and Get.
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12613323/HBASE-7663_V7.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 10 new or modified tests.

          -1 hadoop1.0. The patch failed to compile against the hadoop 1.0 profile.

          Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/7822//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12613323/HBASE-7663_V7.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 10 new or modified tests. -1 hadoop1.0 . The patch failed to compile against the hadoop 1.0 profile. Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/7822//console This message is automatically generated.
          Hide
          Andrew Purtell added a comment -

          +1 v7 patch, looks good

          Show
          Andrew Purtell added a comment - +1 v7 patch, looks good
          Hide
          Anoop Sam John added a comment -

          Trunk is changed with tagsIterator() moving from KV. Will rebase and give a patch soon. Also need HBASE-9962 in.

          Show
          Anoop Sam John added a comment - Trunk is changed with tagsIterator() moving from KV. Will rebase and give a patch soon. Also need HBASE-9962 in.
          Hide
          Anoop Sam John added a comment -

          Rebased patch for latest trunk

          Show
          Anoop Sam John added a comment - Rebased patch for latest trunk
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12613788/HBASE-7663_V8.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 10 new or modified tests.

          +1 hadoop1.0. The patch compiles against the hadoop 1.0 profile.

          +1 hadoop2.0. The patch compiles against the hadoop 2.0 profile.

          -1 javadoc. The javadoc tool appears to have generated 2 warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 lineLengths. The patch does not introduce lines longer than 100

          -1 site. The patch appears to cause mvn site goal to fail.

          +1 core tests. The patch passed unit tests in .

          Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//testReport/
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop1-compat.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
          Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12613788/HBASE-7663_V8.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 10 new or modified tests. +1 hadoop1.0 . The patch compiles against the hadoop 1.0 profile. +1 hadoop2.0 . The patch compiles against the hadoop 2.0 profile. -1 javadoc . The javadoc tool appears to have generated 2 warning messages. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 lineLengths . The patch does not introduce lines longer than 100 -1 site . The patch appears to cause mvn site goal to fail. +1 core tests . The patch passed unit tests in . Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop1-compat.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/7857//console This message is automatically generated.
          Hide
          Andrew Purtell added a comment -

          Still +1 after rebase. If you are waiting further Anoop Sam John can you extract the new base class for Get and Scan into a separate patch and commit it so I can update HBASE-7662?

          Show
          Andrew Purtell added a comment - Still +1 after rebase. If you are waiting further Anoop Sam John can you extract the new base class for Get and Scan into a separate patch and commit it so I can update HBASE-7662 ?
          Hide
          Anoop Sam John added a comment -

          Will commit tomorrow unless objections

          Show
          Anoop Sam John added a comment - Will commit tomorrow unless objections
          Hide
          stack added a comment -

          I skimmed diffs since my review. Seems good to me.

          Show
          stack added a comment - I skimmed diffs since my review. Seems good to me.
          Hide
          Anoop Sam John added a comment -

          Patch rebased for latest Trunk. Will commit once QA passes

          Show
          Anoop Sam John added a comment - Patch rebased for latest Trunk. Will commit once QA passes
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12614342/HBASE-7663_V9.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 15 new or modified tests.

          +1 hadoop1.0. The patch compiles against the hadoop 1.0 profile.

          +1 hadoop2.0. The patch compiles against the hadoop 2.0 profile.

          -1 javadoc. The javadoc tool appears to have generated 10 warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 lineLengths. The patch does not introduce lines longer than 100

          -1 site. The patch appears to cause mvn site goal to fail.

          +1 core tests. The patch passed unit tests in .

          Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//testReport/
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop1-compat.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html
          Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
          Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12614342/HBASE-7663_V9.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 15 new or modified tests. +1 hadoop1.0 . The patch compiles against the hadoop 1.0 profile. +1 hadoop2.0 . The patch compiles against the hadoop 2.0 profile. -1 javadoc . The javadoc tool appears to have generated 10 warning messages. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 lineLengths . The patch does not introduce lines longer than 100 -1 site . The patch appears to cause mvn site goal to fail. +1 core tests . The patch passed unit tests in . Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop1-compat.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/7910//console This message is automatically generated.
          Hide
          Anoop Sam John added a comment -

          Committed to Trunk..
          Thanks to Ram for pairing with me in this implementation.
          Thanks to Andrew for his suggestions, discussions, and reviews.
          Thanks to Stack for his detailed review and comments.

          Show
          Anoop Sam John added a comment - Committed to Trunk.. Thanks to Ram for pairing with me in this implementation. Thanks to Andrew for his suggestions, discussions, and reviews. Thanks to Stack for his detailed review and comments.
          Hide
          Anoop Sam John added a comment -

          This is what I applied to Trunk.

          Show
          Anoop Sam John added a comment - This is what I applied to Trunk.
          Hide
          Hudson added a comment -

          SUCCESS: Integrated in HBase-TRUNK #4687 (See https://builds.apache.org/job/HBase-TRUNK/4687/)
          HBASE-7663 [Per-KV security] Visibility labels (anoopsamjohn: rev 1543314)

          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Get.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Mutation.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Query.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Scan.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/Authorizations.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/CellVisibility.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/InvalidLabelException.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/LabelAlreadyExistsException.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityClient.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityConstants.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelsValidator.java
          • /hbase/trunk/hbase-common/src/main/java/org/apache/hadoop/hbase/io/util/StreamUtils.java
          • /hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/ClientProtos.java
          • /hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/VisibilityLabelsProtos.java
          • /hbase/trunk/hbase-protocol/src/main/protobuf/Client.proto
          • /hbase/trunk/hbase-protocol/src/main/protobuf/VisibilityLabels.proto
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefaultScanLabelGenerator.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ExpressionExpander.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ExpressionParser.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ParseException.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ScanLabelGenerator.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/SimpleScanLabelGenerator.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelFilter.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelsManager.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ZKVisibilityLabelWatcher.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/ExpressionNode.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/LeafExpressionNode.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/NonLeafExpressionNode.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/Operator.java
          • /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility
          • /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestExpressionExpander.java
          • /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestExpressionParser.java
          • /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
          • /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.java
          • /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
          • /hbase/trunk/hbase-shell/src/main/ruby/hbase.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/hbase/hbase.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/hbase/visibility_labels.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/shell.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/shell/commands.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/add_labels.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/clear_auths.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/get_auths.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/set_auths.rb
          Show
          Hudson added a comment - SUCCESS: Integrated in HBase-TRUNK #4687 (See https://builds.apache.org/job/HBase-TRUNK/4687/ ) HBASE-7663 [Per-KV security] Visibility labels (anoopsamjohn: rev 1543314) /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Get.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Mutation.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Query.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Scan.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/Authorizations.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/CellVisibility.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/InvalidLabelException.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/LabelAlreadyExistsException.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityClient.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityConstants.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelsValidator.java /hbase/trunk/hbase-common/src/main/java/org/apache/hadoop/hbase/io/util/StreamUtils.java /hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/ClientProtos.java /hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/VisibilityLabelsProtos.java /hbase/trunk/hbase-protocol/src/main/protobuf/Client.proto /hbase/trunk/hbase-protocol/src/main/protobuf/VisibilityLabels.proto /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefaultScanLabelGenerator.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ExpressionExpander.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ExpressionParser.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ParseException.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ScanLabelGenerator.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/SimpleScanLabelGenerator.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelFilter.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelsManager.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ZKVisibilityLabelWatcher.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/ExpressionNode.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/LeafExpressionNode.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/NonLeafExpressionNode.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/Operator.java /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestExpressionExpander.java /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestExpressionParser.java /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.java /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java /hbase/trunk/hbase-shell/src/main/ruby/hbase.rb /hbase/trunk/hbase-shell/src/main/ruby/hbase/hbase.rb /hbase/trunk/hbase-shell/src/main/ruby/hbase/visibility_labels.rb /hbase/trunk/hbase-shell/src/main/ruby/shell.rb /hbase/trunk/hbase-shell/src/main/ruby/shell/commands.rb /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/add_labels.rb /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/clear_auths.rb /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/get_auths.rb /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/set_auths.rb
          Hide
          Hudson added a comment -

          SUCCESS: Integrated in HBase-TRUNK-on-Hadoop-2.0.0 #844 (See https://builds.apache.org/job/HBase-TRUNK-on-Hadoop-2.0.0/844/)
          HBASE-7663 [Per-KV security] Visibility labels (anoopsamjohn: rev 1543314)

          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Get.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Mutation.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Query.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Scan.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/Authorizations.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/CellVisibility.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/InvalidLabelException.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/LabelAlreadyExistsException.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityClient.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityConstants.java
          • /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelsValidator.java
          • /hbase/trunk/hbase-common/src/main/java/org/apache/hadoop/hbase/io/util/StreamUtils.java
          • /hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/ClientProtos.java
          • /hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/VisibilityLabelsProtos.java
          • /hbase/trunk/hbase-protocol/src/main/protobuf/Client.proto
          • /hbase/trunk/hbase-protocol/src/main/protobuf/VisibilityLabels.proto
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefaultScanLabelGenerator.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ExpressionExpander.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ExpressionParser.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ParseException.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ScanLabelGenerator.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/SimpleScanLabelGenerator.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelFilter.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelsManager.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ZKVisibilityLabelWatcher.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/ExpressionNode.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/LeafExpressionNode.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/NonLeafExpressionNode.java
          • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/Operator.java
          • /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility
          • /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestExpressionExpander.java
          • /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestExpressionParser.java
          • /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
          • /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.java
          • /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java
          • /hbase/trunk/hbase-shell/src/main/ruby/hbase.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/hbase/hbase.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/hbase/visibility_labels.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/shell.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/shell/commands.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/add_labels.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/clear_auths.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/get_auths.rb
          • /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/set_auths.rb
          Show
          Hudson added a comment - SUCCESS: Integrated in HBase-TRUNK-on-Hadoop-2.0.0 #844 (See https://builds.apache.org/job/HBase-TRUNK-on-Hadoop-2.0.0/844/ ) HBASE-7663 [Per-KV security] Visibility labels (anoopsamjohn: rev 1543314) /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Get.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Mutation.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Query.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Scan.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/Authorizations.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/CellVisibility.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/InvalidLabelException.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/LabelAlreadyExistsException.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityClient.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityConstants.java /hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelsValidator.java /hbase/trunk/hbase-common/src/main/java/org/apache/hadoop/hbase/io/util/StreamUtils.java /hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/ClientProtos.java /hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/VisibilityLabelsProtos.java /hbase/trunk/hbase-protocol/src/main/protobuf/Client.proto /hbase/trunk/hbase-protocol/src/main/protobuf/VisibilityLabels.proto /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefaultScanLabelGenerator.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ExpressionExpander.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ExpressionParser.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ParseException.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ScanLabelGenerator.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/SimpleScanLabelGenerator.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelFilter.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelsManager.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/ZKVisibilityLabelWatcher.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/ExpressionNode.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/LeafExpressionNode.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/NonLeafExpressionNode.java /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/expression/Operator.java /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestExpressionExpander.java /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestExpressionParser.java /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsOpWithDifferentUsersNoACL.java /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithACL.java /hbase/trunk/hbase-shell/src/main/ruby/hbase.rb /hbase/trunk/hbase-shell/src/main/ruby/hbase/hbase.rb /hbase/trunk/hbase-shell/src/main/ruby/hbase/visibility_labels.rb /hbase/trunk/hbase-shell/src/main/ruby/shell.rb /hbase/trunk/hbase-shell/src/main/ruby/shell/commands.rb /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/add_labels.rb /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/clear_auths.rb /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/get_auths.rb /hbase/trunk/hbase-shell/src/main/ruby/shell/commands/set_auths.rb

            People

            • Assignee:
              Anoop Sam John
              Reporter:
              Andrew Purtell
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development