HBASE-20869 Endpoint-based Export use incorrect user to write to destination
Signed-off-by: Chia-Ping Tsai <chia7712@gmail.com> Signed-off-by: tedyu <yuzhihong@gmail.com>
This commit is contained in:
Wei-Chiu Chuang
Chia-Ping Tsai
parent
724e323494
commit
1ed58e41cc
|
|
@ -451,9 +451,16 @@ public class Export extends ExportProtos.ExportService implements RegionCoproces
|
||||||
SecureWriter(final Configuration conf, final UserProvider userProvider,
|
SecureWriter(final Configuration conf, final UserProvider userProvider,
|
||||||
final Token userToken, final List<SequenceFile.Writer.Option> opts)
|
final Token userToken, final List<SequenceFile.Writer.Option> opts)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
privilegedWriter = new PrivilegedWriter(getActiveUser(userProvider, userToken),
|
User user = getActiveUser(userProvider, userToken);
|
||||||
SequenceFile.createWriter(conf,
|
try {
|
||||||
opts.toArray(new SequenceFile.Writer.Option[opts.size()])));
|
SequenceFile.Writer sequenceFileWriter =
|
||||||
|
user.runAs((PrivilegedExceptionAction<SequenceFile.Writer>) () ->
|
||||||
|
SequenceFile.createWriter(conf,
|
||||||
|
opts.toArray(new SequenceFile.Writer.Option[opts.size()])));
|
||||||
|
privilegedWriter = new PrivilegedWriter(user, sequenceFileWriter);
|
||||||
|
} catch (InterruptedException e) {
|
||||||
|
throw new IOException(e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void append(final Object key, final Object value) throws IOException {
|
void append(final Object key, final Object value) throws IOException {
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,7 @@ import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.fs.FileStatus;
|
||||||
import org.apache.hadoop.fs.FileSystem;
|
import org.apache.hadoop.fs.FileSystem;
|
||||||
import org.apache.hadoop.fs.Path;
|
import org.apache.hadoop.fs.Path;
|
||||||
import org.apache.hadoop.fs.permission.FsAction;
|
import org.apache.hadoop.fs.permission.FsAction;
|
||||||
|
|
@ -336,6 +337,21 @@ public class TestSecureExport {
|
||||||
LOG.error(ex.toString(), ex);
|
LOG.error(ex.toString(), ex);
|
||||||
throw new Exception(ex);
|
throw new Exception(ex);
|
||||||
} finally {
|
} finally {
|
||||||
|
if (fs.exists(new Path(openDir, "output"))) {
|
||||||
|
// if export completes successfully, every file under the output directory should be
|
||||||
|
// owned by the current user, not the hbase service user.
|
||||||
|
FileStatus outputDirFileStatus = fs.getFileStatus(new Path(openDir, "output"));
|
||||||
|
String currentUserName = User.getCurrent().getShortName();
|
||||||
|
assertEquals("Unexpected file owner", currentUserName, outputDirFileStatus.getOwner());
|
||||||
|
|
||||||
|
FileStatus[] outputFileStatus = fs.listStatus(new Path(openDir, "output"));
|
||||||
|
for (FileStatus fileStatus: outputFileStatus) {
|
||||||
|
assertEquals("Unexpected file owner", currentUserName, fileStatus.getOwner());
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
LOG.info("output directory doesn't exist. Skip check");
|
||||||
|
}
|
||||||
|
|
||||||
clearOutput(output);
|
clearOutput(output);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue