HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1686)
Signed-off-by: Viraj Jasani <vjasani@apache.org> Signed-off-by: Pankaj <pankajkumar@apache.org>
This commit is contained in:
parent
f41c9038e7
commit
11ef0fd752
|
@ -458,6 +458,7 @@ public class RSGroupAdminEndpoint implements MasterCoprocessor, MasterObserver {
|
||||||
if (master.getMasterCoprocessorHost() != null) {
|
if (master.getMasterCoprocessorHost() != null) {
|
||||||
master.getMasterCoprocessorHost().preRenameRSGroup(oldRSGroup, newRSGroup);
|
master.getMasterCoprocessorHost().preRenameRSGroup(oldRSGroup, newRSGroup);
|
||||||
}
|
}
|
||||||
|
checkPermission("renameRSGroup");
|
||||||
groupAdminServer.renameRSGroup(oldRSGroup, newRSGroup);
|
groupAdminServer.renameRSGroup(oldRSGroup, newRSGroup);
|
||||||
if (master.getMasterCoprocessorHost() != null) {
|
if (master.getMasterCoprocessorHost() != null) {
|
||||||
master.getMasterCoprocessorHost().postRenameRSGroup(oldRSGroup, newRSGroup);
|
master.getMasterCoprocessorHost().postRenameRSGroup(oldRSGroup, newRSGroup);
|
||||||
|
|
|
@ -304,8 +304,8 @@ public abstract class TestRSGroupsBase {
|
||||||
boolean postRemoveServersCalled = false;
|
boolean postRemoveServersCalled = false;
|
||||||
boolean preMoveServersAndTables = false;
|
boolean preMoveServersAndTables = false;
|
||||||
boolean postMoveServersAndTables = false;
|
boolean postMoveServersAndTables = false;
|
||||||
boolean preReNameRSGroupCalled = false;
|
boolean preRenameRSGroupCalled = false;
|
||||||
boolean postReNameRSGroupCalled = false;
|
boolean postRenameRSGroupCalled = false;
|
||||||
|
|
||||||
public void resetFlags() {
|
public void resetFlags() {
|
||||||
preBalanceRSGroupCalled = false;
|
preBalanceRSGroupCalled = false;
|
||||||
|
@ -322,8 +322,8 @@ public abstract class TestRSGroupsBase {
|
||||||
postRemoveServersCalled = false;
|
postRemoveServersCalled = false;
|
||||||
preMoveServersAndTables = false;
|
preMoveServersAndTables = false;
|
||||||
postMoveServersAndTables = false;
|
postMoveServersAndTables = false;
|
||||||
preReNameRSGroupCalled = false;
|
preRenameRSGroupCalled = false;
|
||||||
postReNameRSGroupCalled = false;
|
postRenameRSGroupCalled = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -420,13 +420,13 @@ public abstract class TestRSGroupsBase {
|
||||||
@Override
|
@Override
|
||||||
public void preRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
|
public void preRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
|
||||||
String oldName, String newName) throws IOException {
|
String oldName, String newName) throws IOException {
|
||||||
preReNameRSGroupCalled = true;
|
preRenameRSGroupCalled = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void postRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
|
public void postRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
|
||||||
String oldName, String newName) throws IOException {
|
String oldName, String newName) throws IOException {
|
||||||
postReNameRSGroupCalled = true;
|
postRenameRSGroupCalled = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -333,4 +333,16 @@ public class TestRSGroupsWithACL extends SecureTestUtil{
|
||||||
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
|
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
|
||||||
USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
|
USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testRenameRSGroup() throws Exception {
|
||||||
|
AccessTestAction action = () -> {
|
||||||
|
rsGroupAdminEndpoint.checkPermission("renameRSGroup");
|
||||||
|
return null;
|
||||||
|
};
|
||||||
|
|
||||||
|
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);
|
||||||
|
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
|
||||||
|
USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue