HBASE-20869 Endpoint-based Export use incorrect user to write to destination
Signed-off-by: Chia-Ping Tsai <chia7712@gmail.com> Signed-off-by: tedyu <yuzhihong@gmail.com>
This commit is contained in:
parent
36c4f62daf
commit
8461e85880
|
@ -451,9 +451,16 @@ public class Export extends ExportProtos.ExportService implements RegionCoproces
|
|||
SecureWriter(final Configuration conf, final UserProvider userProvider,
|
||||
final Token userToken, final List<SequenceFile.Writer.Option> opts)
|
||||
throws IOException {
|
||||
privilegedWriter = new PrivilegedWriter(getActiveUser(userProvider, userToken),
|
||||
SequenceFile.createWriter(conf,
|
||||
opts.toArray(new SequenceFile.Writer.Option[opts.size()])));
|
||||
User user = getActiveUser(userProvider, userToken);
|
||||
try {
|
||||
SequenceFile.Writer sequenceFileWriter =
|
||||
user.runAs((PrivilegedExceptionAction<SequenceFile.Writer>) () ->
|
||||
SequenceFile.createWriter(conf,
|
||||
opts.toArray(new SequenceFile.Writer.Option[opts.size()])));
|
||||
privilegedWriter = new PrivilegedWriter(user, sequenceFileWriter);
|
||||
} catch (InterruptedException e) {
|
||||
throw new IOException(e);
|
||||
}
|
||||
}
|
||||
|
||||
void append(final Object key, final Object value) throws IOException {
|
||||
|
|
|
@ -29,6 +29,7 @@ import java.util.List;
|
|||
import java.util.Map;
|
||||
import java.util.Properties;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.fs.FileStatus;
|
||||
import org.apache.hadoop.fs.FileSystem;
|
||||
import org.apache.hadoop.fs.Path;
|
||||
import org.apache.hadoop.fs.permission.FsAction;
|
||||
|
@ -336,6 +337,21 @@ public class TestSecureExport {
|
|||
LOG.error(ex.toString(), ex);
|
||||
throw new Exception(ex);
|
||||
} finally {
|
||||
if (fs.exists(new Path(openDir, "output"))) {
|
||||
// if export completes successfully, every file under the output directory should be
|
||||
// owned by the current user, not the hbase service user.
|
||||
FileStatus outputDirFileStatus = fs.getFileStatus(new Path(openDir, "output"));
|
||||
String currentUserName = User.getCurrent().getShortName();
|
||||
assertEquals("Unexpected file owner", currentUserName, outputDirFileStatus.getOwner());
|
||||
|
||||
FileStatus[] outputFileStatus = fs.listStatus(new Path(openDir, "output"));
|
||||
for (FileStatus fileStatus: outputFileStatus) {
|
||||
assertEquals("Unexpected file owner", currentUserName, fileStatus.getOwner());
|
||||
}
|
||||
} else {
|
||||
LOG.info("output directory doesn't exist. Skip check");
|
||||
}
|
||||
|
||||
clearOutput(output);
|
||||
}
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue