HDDS-29. Fix TestStorageContainerManager#testRpcPermission. Contributed by Mukul Kumar Singh.
This commit is contained in:
parent
8a2b5914f3
commit
fc5d49c202
|
@ -40,6 +40,7 @@ import org.apache.hadoop.ipc.ProtobufRpcEngine;
|
||||||
import org.apache.hadoop.ipc.RPC;
|
import org.apache.hadoop.ipc.RPC;
|
||||||
import org.apache.hadoop.ozone.protocolPB
|
import org.apache.hadoop.ozone.protocolPB
|
||||||
.StorageContainerLocationProtocolServerSideTranslatorPB;
|
.StorageContainerLocationProtocolServerSideTranslatorPB;
|
||||||
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
@ -137,17 +138,26 @@ public class SCMClientProtocolServer implements
|
||||||
getClientRpcServer().join();
|
getClientRpcServer().join();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@VisibleForTesting
|
||||||
|
public String getRpcRemoteUsername() {
|
||||||
|
UserGroupInformation user = ProtobufRpcEngine.Server.getRemoteUser();
|
||||||
|
return user == null ? null : user.getUserName();
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public ContainerInfo allocateContainer(HddsProtos.ReplicationType
|
public ContainerInfo allocateContainer(HddsProtos.ReplicationType
|
||||||
replicationType, HddsProtos.ReplicationFactor factor,
|
replicationType, HddsProtos.ReplicationFactor factor,
|
||||||
String owner) throws IOException {
|
String owner) throws IOException {
|
||||||
getScm().checkAdminAccess();
|
String remoteUser = getRpcRemoteUsername();
|
||||||
|
getScm().checkAdminAccess(remoteUser);
|
||||||
return scm.getScmContainerManager()
|
return scm.getScmContainerManager()
|
||||||
.allocateContainer(replicationType, factor, owner);
|
.allocateContainer(replicationType, factor, owner);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public ContainerInfo getContainer(long containerID) throws IOException {
|
public ContainerInfo getContainer(long containerID) throws IOException {
|
||||||
|
String remoteUser = getRpcRemoteUsername();
|
||||||
|
getScm().checkAdminAccess(remoteUser);
|
||||||
return scm.getScmContainerManager()
|
return scm.getScmContainerManager()
|
||||||
.getContainer(containerID);
|
.getContainer(containerID);
|
||||||
}
|
}
|
||||||
|
@ -161,7 +171,8 @@ public class SCMClientProtocolServer implements
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void deleteContainer(long containerID) throws IOException {
|
public void deleteContainer(long containerID) throws IOException {
|
||||||
getScm().checkAdminAccess();
|
String remoteUser = getRpcRemoteUsername();
|
||||||
|
getScm().checkAdminAccess(remoteUser);
|
||||||
scm.getScmContainerManager().deleteContainer(containerID);
|
scm.getScmContainerManager().deleteContainer(containerID);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -620,14 +620,7 @@ public class StorageContainerManager extends ServiceRuntimeInfoImpl
|
||||||
return scmBlockManager;
|
return scmBlockManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
@VisibleForTesting
|
public void checkAdminAccess(String remoteUser) throws IOException {
|
||||||
public String getPpcRemoteUsername() {
|
|
||||||
UserGroupInformation user = ProtobufRpcEngine.Server.getRemoteUser();
|
|
||||||
return user == null ? null : user.getUserName();
|
|
||||||
}
|
|
||||||
|
|
||||||
public void checkAdminAccess() throws IOException {
|
|
||||||
String remoteUser = getPpcRemoteUsername();
|
|
||||||
if (remoteUser != null) {
|
if (remoteUser != null) {
|
||||||
if (!scmAdminUsernames.contains(remoteUser)) {
|
if (!scmAdminUsernames.contains(remoteUser)) {
|
||||||
throw new IOException(
|
throw new IOException(
|
||||||
|
|
|
@ -23,6 +23,7 @@ import java.io.IOException;
|
||||||
import org.apache.commons.lang3.RandomUtils;
|
import org.apache.commons.lang3.RandomUtils;
|
||||||
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
|
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
|
||||||
import org.apache.hadoop.hdds.scm.container.common.helpers.ContainerInfo;
|
import org.apache.hadoop.hdds.scm.container.common.helpers.ContainerInfo;
|
||||||
|
import org.apache.hadoop.hdds.scm.server.SCMClientProtocolServer;
|
||||||
import org.apache.hadoop.hdds.scm.server.SCMStorage;
|
import org.apache.hadoop.hdds.scm.server.SCMStorage;
|
||||||
import org.apache.hadoop.hdds.scm.node.NodeManager;
|
import org.apache.hadoop.hdds.scm.node.NodeManager;
|
||||||
import org.apache.hadoop.ozone.container.ContainerTestHelper;
|
import org.apache.hadoop.ozone.container.ContainerTestHelper;
|
||||||
|
@ -107,19 +108,19 @@ public class TestStorageContainerManager {
|
||||||
MiniOzoneCluster cluster = MiniOzoneCluster.newBuilder(ozoneConf).build();
|
MiniOzoneCluster cluster = MiniOzoneCluster.newBuilder(ozoneConf).build();
|
||||||
cluster.waitForClusterToBeReady();
|
cluster.waitForClusterToBeReady();
|
||||||
try {
|
try {
|
||||||
String fakeUser = fakeRemoteUsername;
|
|
||||||
StorageContainerManager mockScm = Mockito.spy(
|
SCMClientProtocolServer mockClientServer = Mockito.spy(
|
||||||
cluster.getStorageContainerManager());
|
cluster.getStorageContainerManager().getClientProtocolServer());
|
||||||
Mockito.when(mockScm.getPpcRemoteUsername())
|
Mockito.when(mockClientServer.getRpcRemoteUsername())
|
||||||
.thenReturn(fakeUser);
|
.thenReturn(fakeRemoteUsername);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
mockScm.getClientProtocolServer().deleteContainer(
|
mockClientServer.deleteContainer(
|
||||||
ContainerTestHelper.getTestContainerID());
|
ContainerTestHelper.getTestContainerID());
|
||||||
fail("Operation should fail, expecting an IOException here.");
|
fail("Operation should fail, expecting an IOException here.");
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
if (expectPermissionDenied) {
|
if (expectPermissionDenied) {
|
||||||
verifyPermissionDeniedException(e, fakeUser);
|
verifyPermissionDeniedException(e, fakeRemoteUsername);
|
||||||
} else {
|
} else {
|
||||||
// If passes permission check, it should fail with
|
// If passes permission check, it should fail with
|
||||||
// container not exist exception.
|
// container not exist exception.
|
||||||
|
@ -129,7 +130,7 @@ public class TestStorageContainerManager {
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
ContainerInfo container2 = mockScm.getClientProtocolServer()
|
ContainerInfo container2 = mockClientServer
|
||||||
.allocateContainer(xceiverClientManager.getType(),
|
.allocateContainer(xceiverClientManager.getType(),
|
||||||
HddsProtos.ReplicationFactor.ONE, "OZONE");
|
HddsProtos.ReplicationFactor.ONE, "OZONE");
|
||||||
if (expectPermissionDenied) {
|
if (expectPermissionDenied) {
|
||||||
|
@ -138,11 +139,11 @@ public class TestStorageContainerManager {
|
||||||
Assert.assertEquals(1, container2.getPipeline().getMachines().size());
|
Assert.assertEquals(1, container2.getPipeline().getMachines().size());
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
verifyPermissionDeniedException(e, fakeUser);
|
verifyPermissionDeniedException(e, fakeRemoteUsername);
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
ContainerInfo container3 = mockScm.getClientProtocolServer()
|
ContainerInfo container3 = mockClientServer
|
||||||
.allocateContainer(xceiverClientManager.getType(),
|
.allocateContainer(xceiverClientManager.getType(),
|
||||||
HddsProtos.ReplicationFactor.ONE, "OZONE");
|
HddsProtos.ReplicationFactor.ONE, "OZONE");
|
||||||
if (expectPermissionDenied) {
|
if (expectPermissionDenied) {
|
||||||
|
@ -151,16 +152,16 @@ public class TestStorageContainerManager {
|
||||||
Assert.assertEquals(1, container3.getPipeline().getMachines().size());
|
Assert.assertEquals(1, container3.getPipeline().getMachines().size());
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
verifyPermissionDeniedException(e, fakeUser);
|
verifyPermissionDeniedException(e, fakeRemoteUsername);
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
mockScm.getClientProtocolServer().getContainer(
|
mockClientServer.getContainer(
|
||||||
ContainerTestHelper.getTestContainerID());
|
ContainerTestHelper.getTestContainerID());
|
||||||
fail("Operation should fail, expecting an IOException here.");
|
fail("Operation should fail, expecting an IOException here.");
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
if (expectPermissionDenied) {
|
if (expectPermissionDenied) {
|
||||||
verifyPermissionDeniedException(e, fakeUser);
|
verifyPermissionDeniedException(e, fakeRemoteUsername);
|
||||||
} else {
|
} else {
|
||||||
// If passes permission check, it should fail with
|
// If passes permission check, it should fail with
|
||||||
// key not exist exception.
|
// key not exist exception.
|
||||||
|
|
Loading…
Reference in New Issue