Apache/hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-24184 Backport HBASE-23896 to branch-1: Snapshot owner cannot delete snapshot when ACL is enabled and Kerberos is not enabled (#1510)

Browse Source 
Signed-off-by: binlijin <binlijin@gmail.com>
This commit is contained in:
thangTang 2020-06-10 16:12:36 +08:00 committed by GitHub
parent b6598ccaad
commit e07aaf7fef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java
View File

@ -607,7 +607,8 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable
builder.setVersion(SnapshotDescriptionUtils.SNAPSHOT_LAYOUT_VERSION);
}
User user = RpcServer.getRequestUser();
if (User.isHBaseSecurityEnabled(master.getConfiguration()) && user != null) {
if (master.getConfiguration().
getBoolean(User.HBASE_SECURITY_AUTHORIZATION_CONF_KEY, false) && user != null) {
builder.setOwner(user.getShortName());
}
snapshot = builder.build();

16
hbase-server/src/test/java/org/apache/hadoop/hbase/client/TestSnapshotWithAcl.java
View File

@ -18,6 +18,8 @@
package org.apache.hadoop.hbase.client;
import static org.junit.Assert.assertNotSame;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.Coprocessor;
import org.apache.hadoop.hbase.HBaseTestingUtility;
@ -26,6 +28,7 @@ import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
import org.apache.hadoop.hbase.master.MasterCoprocessorHost;
import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.AccessControlConstants;
import org.apache.hadoop.hbase.security.access.AccessControlLists;
@ -42,6 +45,7 @@ import org.junit.Test;
import org.junit.experimental.categories.Category;
import java.io.IOException;
import java.util.List;
import java.util.UUID;
@Category(MediumTests.class)
@ -243,4 +247,16 @@ public class TestSnapshotWithAcl extends SecureTestUtil {
verifyAllowed(new AccessWriteAction(TEST_TABLE), USER_OWNER, USER_RW);
verifyDenied(new AccessWriteAction(TEST_TABLE), USER_RO, USER_NONE);
}
@Test
public void testListSnapshot() throws Exception {
String snapshotName1 = UUID.randomUUID().toString();
admin.snapshot(snapshotName1, TEST_TABLE);
List<HBaseProtos.SnapshotDescription> snapshotDescriptions = admin.listSnapshots();
for (HBaseProtos.SnapshotDescription snapshotDescription:
snapshotDescriptions) {
assertNotSame(snapshotDescription.getOwner(), "");
}
admin.deleteSnapshot(snapshotName1);
}
}