HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1686)

Signed-off-by: Viraj Jasani <vjasani@apache.org>
Signed-off-by: Pankaj <pankajkumar@apache.org>
This commit is contained in:
Reid Chan 2020-05-09 23:33:27 +08:00 committed by GitHub
parent f41c9038e7
commit 11ef0fd752
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 6 deletions

View File

@ -458,6 +458,7 @@ public class RSGroupAdminEndpoint implements MasterCoprocessor, MasterObserver {
if (master.getMasterCoprocessorHost() != null) { if (master.getMasterCoprocessorHost() != null) {
master.getMasterCoprocessorHost().preRenameRSGroup(oldRSGroup, newRSGroup); master.getMasterCoprocessorHost().preRenameRSGroup(oldRSGroup, newRSGroup);
} }
checkPermission("renameRSGroup");
groupAdminServer.renameRSGroup(oldRSGroup, newRSGroup); groupAdminServer.renameRSGroup(oldRSGroup, newRSGroup);
if (master.getMasterCoprocessorHost() != null) { if (master.getMasterCoprocessorHost() != null) {
master.getMasterCoprocessorHost().postRenameRSGroup(oldRSGroup, newRSGroup); master.getMasterCoprocessorHost().postRenameRSGroup(oldRSGroup, newRSGroup);

View File

@ -304,8 +304,8 @@ public abstract class TestRSGroupsBase {
boolean postRemoveServersCalled = false; boolean postRemoveServersCalled = false;
boolean preMoveServersAndTables = false; boolean preMoveServersAndTables = false;
boolean postMoveServersAndTables = false; boolean postMoveServersAndTables = false;
boolean preReNameRSGroupCalled = false; boolean preRenameRSGroupCalled = false;
boolean postReNameRSGroupCalled = false; boolean postRenameRSGroupCalled = false;
public void resetFlags() { public void resetFlags() {
preBalanceRSGroupCalled = false; preBalanceRSGroupCalled = false;
@ -322,8 +322,8 @@ public abstract class TestRSGroupsBase {
postRemoveServersCalled = false; postRemoveServersCalled = false;
preMoveServersAndTables = false; preMoveServersAndTables = false;
postMoveServersAndTables = false; postMoveServersAndTables = false;
preReNameRSGroupCalled = false; preRenameRSGroupCalled = false;
postReNameRSGroupCalled = false; postRenameRSGroupCalled = false;
} }
@Override @Override
@ -420,13 +420,13 @@ public abstract class TestRSGroupsBase {
@Override @Override
public void preRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx, public void preRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
String oldName, String newName) throws IOException { String oldName, String newName) throws IOException {
preReNameRSGroupCalled = true; preRenameRSGroupCalled = true;
} }
@Override @Override
public void postRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx, public void postRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
String oldName, String newName) throws IOException { String oldName, String newName) throws IOException {
postReNameRSGroupCalled = true; postRenameRSGroupCalled = true;
} }
} }

View File

@ -333,4 +333,16 @@ public class TestRSGroupsWithACL extends SecureTestUtil{
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE); USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
} }
@Test
public void testRenameRSGroup() throws Exception {
AccessTestAction action = () -> {
rsGroupAdminEndpoint.checkPermission("renameRSGroup");
return null;
};
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
}
} }