Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-23896 Snapshot owner cannot delete snapshot when ACL is enabled and Kerberos is not enabled (#1211) 

Signed-off-by: binlijin <binlijin@gmail.com>
This commit is contained in:
Guangxu Cheng 2020-04-20 09:59:06 +08:00 committed by GitHub
parent 2846ea4700
commit bcacc4ce93
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java
View File

@ -635,7 +635,7 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable
builder.setVersion(SnapshotDescriptionUtils.SNAPSHOT_LAYOUT_VERSION); builder.setVersion(SnapshotDescriptionUtils.SNAPSHOT_LAYOUT_VERSION);
} }
RpcServer.getRequestUser().ifPresent(user -> { RpcServer.getRequestUser().ifPresent(user -> {
if (User.isHBaseSecurityEnabled(master.getConfiguration())) { if (AccessChecker.isAuthorizationSupported(master.getConfiguration())) {
builder.setOwner(user.getShortName()); builder.setOwner(user.getShortName());
} }
}); });

44
hbase-server/src/test/java/org/apache/hadoop/hbase/client/SnapshotWithAclTestBase.java
View File

@ -18,8 +18,11 @@
package org.apache.hadoop.hbase.client; package org.apache.hadoop.hbase.client;
import java.io.IOException; import java.io.IOException;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.Coprocessor; import org.apache.hadoop.hbase.Coprocessor;
import org.apache.hadoop.hbase.HBaseCommonTestingUtility;
import org.apache.hadoop.hbase.HBaseTestingUtility; import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost; import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
@ -228,4 +231,45 @@ public abstract class SnapshotWithAclTestBase extends SecureTestUtil {
verifyAllowed(new AccessWriteAction(TEST_TABLE), USER_OWNER, USER_RW); verifyAllowed(new AccessWriteAction(TEST_TABLE), USER_OWNER, USER_RW);
verifyDenied(new AccessWriteAction(TEST_TABLE), USER_RO, USER_NONE); verifyDenied(new AccessWriteAction(TEST_TABLE), USER_RO, USER_NONE);
} }
final class AccessSnapshotAction implements AccessTestAction {
private String snapshotName;
private AccessSnapshotAction(String snapshotName) {
this.snapshotName = snapshotName;
}
@Override
public Object run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
Admin admin = conn.getAdmin()) {
admin.snapshot(this.snapshotName, TEST_TABLE);
}
return null;
}
}
@Test
public void testDeleteSnapshot() throws Exception {
String testSnapshotName = HBaseCommonTestingUtility.getRandomUUID().toString();
verifyAllowed(new AccessSnapshotAction(testSnapshotName), USER_OWNER);
verifyDenied(new AccessSnapshotAction(HBaseCommonTestingUtility.getRandomUUID().toString()),
USER_RO, USER_RW, USER_NONE);
List<SnapshotDescription> snapshotDescriptions = TEST_UTIL.getAdmin().listSnapshots(
Pattern.compile(testSnapshotName));
Assert.assertEquals(1, snapshotDescriptions.size());
Assert.assertEquals(USER_OWNER.getShortName(), snapshotDescriptions.get(0).getOwner());
AccessTestAction deleteSnapshotAction = () -> {
try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
Admin admin = conn.getAdmin()) {
admin.deleteSnapshot(testSnapshotName);
}
return null;
};
verifyDenied(deleteSnapshotAction, USER_RO, USER_RW, USER_NONE);
verifyAllowed(deleteSnapshotAction, USER_OWNER);
List<SnapshotDescription> snapshotsAfterDelete = TEST_UTIL.getAdmin().listSnapshots(
Pattern.compile(testSnapshotName));
Assert.assertEquals(0, snapshotsAfterDelete.size());
}
} }