Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-25456 : add security check for setRegionStateInMeta (#2833) 

Signed-off-by: Viraj Jasani <vjasani@apache.org>
This commit is contained in:
lujiefsi 2021-01-01 14:47:34 +08:00 committed by GitHub
parent ec63cc3144
commit 126d01dae3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
View File

@ -2550,6 +2550,7 @@ public class MasterRpcServices extends RSRpcServices implements
@Override @Override
public SetRegionStateInMetaResponse setRegionStateInMeta(RpcController controller, public SetRegionStateInMetaResponse setRegionStateInMeta(RpcController controller,
SetRegionStateInMetaRequest request) throws ServiceException { SetRegionStateInMetaRequest request) throws ServiceException {
rpcPreCheck("setRegionStateInMeta");
SetRegionStateInMetaResponse.Builder builder = SetRegionStateInMetaResponse.newBuilder(); SetRegionStateInMetaResponse.Builder builder = SetRegionStateInMetaResponse.newBuilder();
try { try {
for (RegionSpecifierAndState s : request.getStatesList()) { for (RegionSpecifierAndState s : request.getStatesList()) {

23
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
View File

@ -31,7 +31,10 @@ import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys; import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.fs.FileStatus; import org.apache.hadoop.fs.FileStatus;
@ -88,6 +91,7 @@ import org.apache.hadoop.hbase.io.hfile.HFileContext;
import org.apache.hadoop.hbase.io.hfile.HFileContextBuilder; import org.apache.hadoop.hbase.io.hfile.HFileContextBuilder;
import org.apache.hadoop.hbase.master.HMaster; import org.apache.hadoop.hbase.master.HMaster;
import org.apache.hadoop.hbase.master.MasterCoprocessorHost; import org.apache.hadoop.hbase.master.MasterCoprocessorHost;
import org.apache.hadoop.hbase.master.RegionState;
import org.apache.hadoop.hbase.master.locking.LockProcedure; import org.apache.hadoop.hbase.master.locking.LockProcedure;
import org.apache.hadoop.hbase.master.procedure.MasterProcedureEnv; import org.apache.hadoop.hbase.master.procedure.MasterProcedureEnv;
import org.apache.hadoop.hbase.master.procedure.TableProcedureInterface; import org.apache.hadoop.hbase.master.procedure.TableProcedureInterface;
@ -395,6 +399,25 @@ public class TestAccessController extends SecureTestUtil {
USER_GROUP_WRITE, USER_GROUP_CREATE); USER_GROUP_WRITE, USER_GROUP_CREATE);
} }
@Test
public void testUnauthorizedSetRegionStateInMeta() throws Exception {
Admin admin = TEST_UTIL.getAdmin();
final List<RegionInfo> regions = admin.getRegions(TEST_TABLE);
RegionInfo closeRegion = regions.get(0);
Map<String, RegionState.State> newStates = new HashMap<>();
newStates.put(closeRegion.getEncodedName(), RegionState.State.CLOSED);
AccessTestAction action = () -> {
try(Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
Hbck hbck = conn.getHbck()){
hbck.setRegionStateInMeta(newStates);
}
return null;
};
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,
USER_GROUP_WRITE, USER_GROUP_CREATE);
}
@Test @Test
public void testUnauthorizedFixMeta() throws Exception { public void testUnauthorizedFixMeta() throws Exception {
AccessTestAction action = () -> { AccessTestAction action = () -> {