Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
None
-
None
-
Reviewed
-
Fixes an issue with loading customer coprocessor endpoint implementations inside of the HBase Master which breaks Apache Ranger.
Description
Sharmadha brought a failure to my attention trying to use Ranger with HBase 2.0 where the grant command was erroring out unexpectedly. The cluster had the Ranger-specific coprocessors deployed, per what was previously working on the HBase 1.1 line.
After some digging, I found that the the Master is actually making a check explicitly for a Coprocessor that has the name org.apache.hadoop.hbase.security.access.AccessController (short name or full name), instead of looking for a deployed coprocessor which can be assigned to AccessController (which is what Ranger does). We have the CoprocessorHost methods to do the latter already implemented; it strikes me that we just accidentally used the wrong method in MasterRpcServices.
Attachments
Attachments
Issue Links
- is broken by
-
HBASE-14122 Client API for determining if server side supports cell level security
- Closed