Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-11136 Add permission check to roll WAL writer (Jerry He)

This commit is contained in:
Ted Yu 2014-09-15 16:24:57 +00:00
parent 8c4baf6a8a
commit 57477fe18c
6 changed files with 69 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java
View File

@ -68,4 +68,12 @@ public class BaseRegionServerObserver implements RegionServerObserver {
public void postRollBackMerge(ObserverContext<RegionServerCoprocessorEnvironment> ctx, public void postRollBackMerge(ObserverContext<RegionServerCoprocessorEnvironment> ctx,
HRegion regionA, HRegion regionB) throws IOException { } HRegion regionA, HRegion regionB) throws IOException { }
@Override
public void preRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
throws IOException { }
@Override
public void postRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
throws IOException { }
} }

16
hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java
View File

@ -105,4 +105,20 @@ public interface RegionServerObserver extends Coprocessor {
void postRollBackMerge(final ObserverContext<RegionServerCoprocessorEnvironment> ctx, void postRollBackMerge(final ObserverContext<RegionServerCoprocessorEnvironment> ctx,
final HRegion regionA, final HRegion regionB) throws IOException; final HRegion regionA, final HRegion regionB) throws IOException;
/**
* This will be called before executing user request to roll a region server WAL.
* @param ctx An instance of ObserverContext
* @throws IOException Signals that an I/O exception has occurred.
*/
void preRollWALWriterRequest(final ObserverContext<RegionServerCoprocessorEnvironment> ctx)
throws IOException;
/**
* This will be called after executing user request to roll a region server WAL.
* @param ctx An instance of ObserverContext
* @throws IOException Signals that an I/O exception has occurred.
*/
void postRollWALWriterRequest(final ObserverContext<RegionServerCoprocessorEnvironment> ctx)
throws IOException;
} }

1
hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
View File

@ -1454,6 +1454,7 @@ public class RSRpcServices implements HBaseRPCErrorHandler,
try { try {
checkOpen(); checkOpen();
requestCount.increment(); requestCount.increment();
regionServer.getRegionServerCoprocessorHost().preRollWALWriterRequest();
HLog wal = regionServer.getWAL(); HLog wal = regionServer.getWAL();
byte[][] regionsToFlush = wal.rollWriter(true); byte[][] regionsToFlush = wal.rollWriter(true);
RollWALWriterResponse.Builder builder = RollWALWriterResponse.newBuilder(); RollWALWriterResponse.Builder builder = RollWALWriterResponse.newBuilder();

20
hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java
View File

@ -136,6 +136,26 @@ public class RegionServerCoprocessorHost extends
}); });
} }
public void preRollWALWriterRequest() throws IOException {
execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() {
@Override
public void call(RegionServerObserver oserver,
ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException {
oserver.preRollWALWriterRequest(ctx);
}
});
}
public void postRollWALWriterRequest() throws IOException {
execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() {
@Override
public void call(RegionServerObserver oserver,
ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException {
oserver.postRollWALWriterRequest(ctx);
}
});
}
private static abstract class CoprocessorOperation private static abstract class CoprocessorOperation
extends ObserverContext<RegionServerCoprocessorEnvironment> { extends ObserverContext<RegionServerCoprocessorEnvironment> {
public CoprocessorOperation() { public CoprocessorOperation() {

10
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
View File

@ -2218,4 +2218,14 @@ public class AccessController extends BaseMasterAndRegionObserver
@Override @Override
public void postRollBackMerge(ObserverContext<RegionServerCoprocessorEnvironment> ctx, public void postRollBackMerge(ObserverContext<RegionServerCoprocessorEnvironment> ctx,
HRegion regionA, HRegion regionB) throws IOException { } HRegion regionA, HRegion regionB) throws IOException { }
@Override
public void preRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
throws IOException {
requirePermission("preRollLogWriterRequest", Permission.Action.ADMIN);
}
@Override
public void postRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
throws IOException { }
} }

14
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
View File

@ -1794,6 +1794,20 @@ public class TestAccessController extends SecureTestUtil {
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE); verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE);
} }
@Test
public void testRollWALWriterRequest() throws Exception {
AccessTestAction action = new AccessTestAction() {
@Override
public Object run() throws Exception {
ACCESS_CONTROLLER.preRollWALWriterRequest(ObserverContext.createAndPrepare(RSCP_ENV, null));
return null;
}
};
verifyAllowed(action, SUPERUSER, USER_ADMIN);
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE);
}
@Test @Test
public void testOpenRegion() throws Exception { public void testOpenRegion() throws Exception {
AccessTestAction action = new AccessTestAction() { AccessTestAction action = new AccessTestAction() {