Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1689)

This commit is contained in:
Reid Chan 2020-05-11 14:50:21 +08:00 committed by GitHub
parent be59ddc263
commit 29c24e7257
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
View File

@ -502,6 +502,7 @@ public class RSGroupAdminEndpoint extends RSGroupAdminService
if (master.getMasterCoprocessorHost() != null) { if (master.getMasterCoprocessorHost() != null) {
master.getMasterCoprocessorHost().preRenameRSGroup(oldRSGroup, newRSGroup); master.getMasterCoprocessorHost().preRenameRSGroup(oldRSGroup, newRSGroup);
} }
checkPermission("renameRSGroup");
groupAdminServer.renameRSGroup(oldRSGroup, newRSGroup); groupAdminServer.renameRSGroup(oldRSGroup, newRSGroup);
if (master.getMasterCoprocessorHost() != null) { if (master.getMasterCoprocessorHost() != null) {
master.getMasterCoprocessorHost().postRenameRSGroup(oldRSGroup, newRSGroup); master.getMasterCoprocessorHost().postRenameRSGroup(oldRSGroup, newRSGroup);

14
hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
View File

@ -292,8 +292,8 @@ public abstract class TestRSGroupsBase {
boolean postRemoveServersCalled = false; boolean postRemoveServersCalled = false;
boolean preMoveServersAndTables = false; boolean preMoveServersAndTables = false;
boolean postMoveServersAndTables = false; boolean postMoveServersAndTables = false;
boolean preReNameRSGroupCalled = false; boolean preRenameRSGroupCalled = false;
boolean postReNameRSGroupCalled = false; boolean postRenameRSGroupCalled = false;
public void resetFlags() { public void resetFlags() {
preBalanceRSGroupCalled = false; preBalanceRSGroupCalled = false;
@ -310,8 +310,8 @@ public abstract class TestRSGroupsBase {
postRemoveServersCalled = false; postRemoveServersCalled = false;
preMoveServersAndTables = false; preMoveServersAndTables = false;
postMoveServersAndTables = false; postMoveServersAndTables = false;
preReNameRSGroupCalled = false; preRenameRSGroupCalled = false;
postReNameRSGroupCalled = false; postRenameRSGroupCalled = false;
} }
@Override @Override
@ -403,13 +403,13 @@ public abstract class TestRSGroupsBase {
@Override @Override
public void preRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx, public void preRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
String oldName, String newName) throws IOException { String oldName, String newName) throws IOException {
preReNameRSGroupCalled = true; preRenameRSGroupCalled = true;
} }
@Override @Override
public void postRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx, public void postRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
String oldName, String newName) throws IOException { String oldName, String newName) throws IOException {
postReNameRSGroupCalled = true; postRenameRSGroupCalled = true;
} }
} }
} }

15
hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
View File

@ -356,4 +356,19 @@ public class TestRSGroupsWithACL extends SecureTestUtil{
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE); USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
} }
@Test
public void testRenameRSGroup() throws Exception {
AccessTestAction action = new AccessTestAction() {
@Override
public Object run() throws Exception {
rsGroupAdminEndpoint.checkPermission("renameRSGroup");
return null;
}
};
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
}
} }