Review Board 1.7.22


HBASE-3025: Coprocessor based simple access control

Review Request #2041 - Created Sept. 23, 2011 and submitted

Gary Helmling
trunk
HBASE-3025
Reviewers
hbase
hbase-git
This patch implements access control list based authorization of HBase operations.  The patch depends on the currently posted patch for HBASE-2742 (secure RPC engine).

Key parts of the implementation are:

* AccessControlLists - encapsulates storage of permission grants in a metadata table ("_acl_").  This differs from previous implementation where the ".META." table was used to store permissions.

* AccessController - 
  - implements MasterObserver and RegionObserver, performing authorization checks in each of the preXXX() hooks.  If authorization fails, an AccessDeniedException is thrown.
  - implements AccessControllerProtocol as a coprocessor endpoint to provide RPC methods for granting, revoking and listing permissions.

* ZKPermissionWatcher (and TableAuthManager) - synchronizes ACL entries and updates throughout the cluster nodes using ZK.  ACL entries are stored in per-table znodes as /hbase/acl/tablename.

* Additional ruby shell scripts providing the "grant", "revoke" and "user_permission" commands

* Support for a new OWNER attribute in HTableDescriptor.  I could separate out this change into a new JIRA for discussion, but I don't see it as currently useful outside of security.  Alternately, I could handle the OWNER attribute completely in AccessController without changing HTD, but that would make interaction via hbase shell a bit uglier.

 
Review request changed
Updated (Nov. 17, 2011, 6:48 p.m.)
Minor update removing javadoc lines as commented by Stack.
Ship it!
Posted (Nov. 17, 2011, 11:10 p.m.)
I looked at diff between 4 and 5.  Seems fine to me.  Some comments below.
src/main/ruby/hbase/admin.rb (Diff revisions 4 - 5)
 
 
Did you fix this in another separate patch?
  1. This just seems like the HBASE-4793 change peeking through when comparing diff 4 and diff 5.  Not sure why review board shows it, but it's in trunk, not my patch.
src/main/ruby/hbase/security.rb (Diff revisions 4 - 5)
 
 
This seems like pretty important change.
  1. Yeah, I should have called this out.  Wasn't sure if it was already in the previous patch.  This is how I stumbled across HBASE-4793 in the first place.
Posted (Nov. 18, 2011, 10:21 p.m.)

   

  
src/main/ruby/hbase/admin.rb (Diff revision 5)
 
 
This is duplicated code from a merge somewhere along the way.  I'll remove on commit.