[HBASE-19318] MasterRpcServices#getSecurityCapabilities explicitly checks for the HBase AccessController implementation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.0.0-beta-1, 2.0.0
Component/s: master, security
Labels:
None

Hadoop Flags:

Reviewed
Release Note:
Fixes an issue with loading customer coprocessor endpoint implementations inside of the HBase Master which breaks Apache Ranger.

Description

Sharmadha brought a failure to my attention trying to use Ranger with HBase 2.0 where the grant command was erroring out unexpectedly. The cluster had the Ranger-specific coprocessors deployed, per what was previously working on the HBase 1.1 line.

After some digging, I found that the the Master is actually making a check explicitly for a Coprocessor that has the name org.apache.hadoop.hbase.security.access.AccessController (short name or full name), instead of looking for a deployed coprocessor which can be assigned to AccessController (which is what Ranger does). We have the CoprocessorHost methods to do the latter already implemented; it strikes me that we just accidentally used the wrong method in MasterRpcServices.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HBASE-19318.001.branch-2.patch
22/Nov/17 21:39
14 kB
Josh Elser
HBASE-19318.002.branch-2.patch
24/Nov/17 16:53
14 kB
Josh Elser

Issue Links

is broken by

HBASE-14122 Client API for determining if server side supports cell level security

Closed

Activity

People

Assignee:: Josh Elser

Reporter:: Sharmadha S

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 21/Nov/17 22:02

Updated:: 01/Aug/18 06:23

Resolved:: 27/Nov/17 22:50