org.apache.hadoop.hbase.security.access
Class SecureBulkLoadEndpoint
java.lang.Object
org.apache.hadoop.hbase.protobuf.generated.SecureBulkLoadProtos.SecureBulkLoadService
org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint
- All Implemented Interfaces:
- com.google.protobuf.Service, Coprocessor, CoprocessorService
@InterfaceAudience.Private
public class SecureBulkLoadEndpoint
- extends SecureBulkLoadProtos.SecureBulkLoadService
- implements CoprocessorService, Coprocessor
Coprocessor service for bulk loads in secure mode.
This coprocessor has to be installed as part of enabling
security in HBase.
This service addresses two issues:
1. Moving files in a secure filesystem wherein the HBase Client
and HBase Server are different filesystem users.
2. Does moving in a secure manner. Assuming that the filesystem
is POSIX compliant.
The algorithm is as follows:
1. Create an hbase owned staging directory which is
world traversable (711): /hbase/staging
2. A user writes out data to his secure output directory: /user/foo/data
3. A call is made to hbase to create a secret staging directory
which globally rwx (777): /user/staging/averylongandrandomdirectoryname
4. The user moves the data into the random staging directory,
then calls bulkLoadHFiles()
Like delegation tokens the strength of the security lies in the length
and randomness of the secret directory.
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
VERSION
public static final long VERSION
- See Also:
- Constant Field Values
SecureBulkLoadEndpoint
public SecureBulkLoadEndpoint()
start
public void start(CoprocessorEnvironment env)
- Specified by:
start
in interface Coprocessor
stop
public void stop(CoprocessorEnvironment env)
throws IOException
- Specified by:
stop
in interface Coprocessor
- Throws:
IOException
prepareBulkLoad
public void prepareBulkLoad(com.google.protobuf.RpcController controller,
SecureBulkLoadProtos.PrepareBulkLoadRequest request,
com.google.protobuf.RpcCallback<SecureBulkLoadProtos.PrepareBulkLoadResponse> done)
- Description copied from class:
SecureBulkLoadProtos.SecureBulkLoadService
rpc PrepareBulkLoad(.PrepareBulkLoadRequest) returns (.PrepareBulkLoadResponse);
- Specified by:
prepareBulkLoad
in class SecureBulkLoadProtos.SecureBulkLoadService
cleanupBulkLoad
public void cleanupBulkLoad(com.google.protobuf.RpcController controller,
SecureBulkLoadProtos.CleanupBulkLoadRequest request,
com.google.protobuf.RpcCallback<SecureBulkLoadProtos.CleanupBulkLoadResponse> done)
- Description copied from class:
SecureBulkLoadProtos.SecureBulkLoadService
rpc CleanupBulkLoad(.CleanupBulkLoadRequest) returns (.CleanupBulkLoadResponse);
- Specified by:
cleanupBulkLoad
in class SecureBulkLoadProtos.SecureBulkLoadService
secureBulkLoadHFiles
public void secureBulkLoadHFiles(com.google.protobuf.RpcController controller,
SecureBulkLoadProtos.SecureBulkLoadHFilesRequest request,
com.google.protobuf.RpcCallback<SecureBulkLoadProtos.SecureBulkLoadHFilesResponse> done)
- Description copied from class:
SecureBulkLoadProtos.SecureBulkLoadService
rpc SecureBulkLoadHFiles(.SecureBulkLoadHFilesRequest) returns (.SecureBulkLoadHFilesResponse);
- Specified by:
secureBulkLoadHFiles
in class SecureBulkLoadProtos.SecureBulkLoadService
getService
public com.google.protobuf.Service getService()
- Specified by:
getService
in interface CoprocessorService
Copyright © 2015 The Apache Software Foundation. All rights reserved.