HBASE-20869 Endpoint-based Export use incorrect user to write to destination

Signed-off-by: Chia-Ping Tsai <chia7712@gmail.com>
Signed-off-by: tedyu <yuzhihong@gmail.com>
This commit is contained in:
Wei-Chiu Chuang 2018-07-19 20:17:06 +08:00 committed by Chia-Ping Tsai
parent 36c4f62daf
commit 8461e85880
2 changed files with 26 additions and 3 deletions

View File

@ -451,9 +451,16 @@ public class Export extends ExportProtos.ExportService implements RegionCoproces
SecureWriter(final Configuration conf, final UserProvider userProvider,
final Token userToken, final List<SequenceFile.Writer.Option> opts)
throws IOException {
privilegedWriter = new PrivilegedWriter(getActiveUser(userProvider, userToken),
SequenceFile.createWriter(conf,
opts.toArray(new SequenceFile.Writer.Option[opts.size()])));
User user = getActiveUser(userProvider, userToken);
try {
SequenceFile.Writer sequenceFileWriter =
user.runAs((PrivilegedExceptionAction<SequenceFile.Writer>) () ->
SequenceFile.createWriter(conf,
opts.toArray(new SequenceFile.Writer.Option[opts.size()])));
privilegedWriter = new PrivilegedWriter(user, sequenceFileWriter);
} catch (InterruptedException e) {
throw new IOException(e);
}
}
void append(final Object key, final Object value) throws IOException {

View File

@ -29,6 +29,7 @@ import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsAction;
@ -336,6 +337,21 @@ public class TestSecureExport {
LOG.error(ex.toString(), ex);
throw new Exception(ex);
} finally {
if (fs.exists(new Path(openDir, "output"))) {
// if export completes successfully, every file under the output directory should be
// owned by the current user, not the hbase service user.
FileStatus outputDirFileStatus = fs.getFileStatus(new Path(openDir, "output"));
String currentUserName = User.getCurrent().getShortName();
assertEquals("Unexpected file owner", currentUserName, outputDirFileStatus.getOwner());
FileStatus[] outputFileStatus = fs.listStatus(new Path(openDir, "output"));
for (FileStatus fileStatus: outputFileStatus) {
assertEquals("Unexpected file owner", currentUserName, fileStatus.getOwner());
}
} else {
LOG.info("output directory doesn't exist. Skip check");
}
clearOutput(output);
}
};