Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes #533 - Create scanner with default user auths #744

Merged
merged 1 commit into from Nov 2, 2018

Conversation

@mikewalch
Copy link
Member

commented Nov 1, 2018

  • Can specify authorizations when building Accumulo client
  • Can specify in accumulo-client.properties using scan.authorizations
@@ -64,6 +64,9 @@
"Change the" + " durability for the BatchWriter session. To use the table's durability"
+ " setting. use \"default\" which is the table's durability setting."),

// Scan
SCAN_AUTHORIZATIONS("scan.authorizations", "", "Authorizations used by Scanner & BatchScanner"),

This comment has been minimized.

Copy link
@milleruntime

milleruntime Nov 2, 2018

Contributor

Should mention the default value and that its comma separated.

@mikewalch mikewalch force-pushed the mikewalch:scan-auths branch from d1154a2 to 59019c4 Nov 2, 2018

* @throws TableNotFoundException
* when the specified table doesn't exist
*/
BatchScanner createBatchScanner(String tableName) throws TableNotFoundException, AccumuloSecurityException, AccumuloException;

This comment has been minimized.

Copy link
@keith-turner

keith-turner Nov 2, 2018

Contributor

Instead of creating this new method could add javadoc to the existing method linking to securityOperations().getUserAuthorizations()

This comment has been minimized.

Copy link
@ctubbsii

ctubbsii Nov 2, 2018

Member

With the pluggable authorizations, a user could have an infinite set. So, it may not be sufficient to document that they retrieve and submit their authorizations. I think it makes more sense to provide the method. The first pass implementation could get the user authorizations, but later, we'll probably want to pass along a flag that says "don't intersect with user-provided auths" to the visibility filter when it evaluates visibilities.

* @throws TableNotFoundException
* when the specified table doesn't exist
*/
BatchScanner createBatchScanner(String tableName) throws TableNotFoundException, AccumuloSecurityException, AccumuloException;

This comment has been minimized.

Copy link
@ctubbsii

ctubbsii Nov 2, 2018

Member

With the pluggable authorizations, a user could have an infinite set. So, it may not be sufficient to document that they retrieve and submit their authorizations. I think it makes more sense to provide the method. The first pass implementation could get the user authorizations, but later, we'll probably want to pass along a flag that says "don't intersect with user-provided auths" to the visibility filter when it evaluates visibilities.

@Override
public BatchScanner createBatchScanner(String tableName) throws TableNotFoundException,
AccumuloSecurityException, AccumuloException {
Authorizations auths = securityOperations().getUserAuthorizations(context.getPrincipal());

This comment has been minimized.

Copy link
@ctubbsii

ctubbsii Nov 2, 2018

Member

See comment above. This is okay for a first pass implementation, but not sufficient with pluggable authorization providers which could have an infinite set of auths.

@mikewalch mikewalch changed the title Fixes #533 - Add scan authorization to Accumulo clients Fixes #533 - Create scanner with default user auths Nov 2, 2018

@mikewalch mikewalch merged commit 18e3266 into apache:master Nov 2, 2018

1 of 2 checks passed

continuous-integration/travis-ci/pr The Travis CI build failed
Details
Jenkins This pull request looks good
Details

@mikewalch mikewalch deleted the mikewalch:scan-auths branch Nov 2, 2018

@ctubbsii ctubbsii added the v2.0.0 label Nov 9, 2018

@ctubbsii ctubbsii added this to Done in 2.0.0 Jun 14, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
4 participants
You can’t perform that action at this time.