Add support for HBase 2.6 #588
Description
Description
HBase 2.6 has been released a while ago and it includes several advancements over the currently supported 2.4 version.
Value
The security model has been consolidated and it allows us implement an authorizer based on the Open Policy Agent. This would align HBase with Trino, HDFS and other products already supporting OPA.
Dependencies
- New product image
- HBase operator tools library needs to be tested and eventually updated.
- Phoenix compatibility needs to be tested and eventually fixed
- OMID compatibility needs to be tested and eventually fixed
- The new OPA based access controller needs to be tested
- The HBase operator needs to produce new configuration files for log4j2.
### Tasks
- [x] New product image @razvan
- [x] The new OPA based access controller needs to be tested with regorules @adwk67
- [x] HBase operator tools library needs to be tested and eventually updated.
- [ ] https://github.com/stackabletech/issues/issues/589
- [ ] https://github.com/stackabletech/issues/issues/593
- [x] The HBase operator needs to produce new configuration files for log4j2.
- [x] Operator documentation that showcases the OPA authorizer @adwk67
- [x] Integration test for the OPA authorizer @adwk67
- [ ] Vulnerability management: diff with previous supported version and potentially handle low-hanging (easy) CVEs.
- [ ] https://github.com/stackabletech/hbase-operator/issues/488
- [ ] https://github.com/stackabletech/issues/issues/597
- [ ] Review and update any necessary patches
Related repos and PRs
- HBase 2.6.0 image: feat(hbase): version 2.6.0 docker-images#701
- HBase op tests: feat: add support for 2.6.0 and OPA authorizer hbase-operator#506
- OPA authorizer OPA-Authorizer co-processor for HBase hbase-opa-authorizer#1
Integration tests
🟢 OpenShift: https://ci.stackable.tech/view/06%20Replicated/job/hbase-operator-it-replicated/14/
🟢 All Tests: https://ci.stackable.tech/view/06%20Replicated/job/hbase-operator-it-replicated/12/
(Information Security) Risk Assessment
- Any existing network policies need to be updated for the HBase authorizer to communicate with OPA.
- ...
Accessibility Assessment
Quality
- There are unit tests, integration tests.
- The hdfs-hbase demo is using authorization to access the data.