Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-13771

Replication clients should not access zookeeper directly

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Critical
    • Resolution: Implemented
    • 1.0.1, 1.1.0, 0.98.12, 1.2.0, 2.0.0
    • None
    • None
    • None

    Description

      Replication client actions set and modify znodes directly. This is legacy from an era before we had the AccessController available and missing coverage of admin action in our security model.

      All replication client actions should be mediated by the master, and hooked up to the coprocessor framework for use by the AccessController. After adding this functionality we should should restrict access to replication znodes to only the HBase service principal, but provide a configuration option to relax those permissions for as long as older admin clients are in use (with a stern suggestion to upgrade ASAP). This type of functional change, with optional backwards compatibility, should be fine for all branches.

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. HBASE-13772 Replication endpoints should restrict access to a limited set of principals

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          Is contained by

          New Feature - A new feature of the product, which has yet to be developed. HBASE-19397 Design procedures for ReplicationManager to notify peer change event from master

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              apurtell Andrew Kyle Purtell
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: