Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-25456 : add security check for setRegionStateInMeta (#2835) (#2833) 

Signed-off-by: Viraj Jasani <vjasani@apache.org>
This commit is contained in:
lujiefsi 2021-01-01 14:49:25 +08:00 committed by GitHub
parent a14f08876b
commit f5a7fffd8b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
View File

@ -2519,6 +2519,7 @@ public class MasterRpcServices extends RSRpcServices implements
@Override
public SetRegionStateInMetaResponse setRegionStateInMeta(RpcController controller,
SetRegionStateInMetaRequest request) throws ServiceException {
rpcPreCheck("setRegionStateInMeta");
SetRegionStateInMetaResponse.Builder builder = SetRegionStateInMetaResponse.newBuilder();
try {
for (RegionSpecifierAndState s : request.getStatesList()) {

24
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
View File

@ -36,7 +36,10 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.fs.FileStatus;
@ -69,6 +72,7 @@ import org.apache.hadoop.hbase.client.Hbck;
import org.apache.hadoop.hbase.client.Increment;
import org.apache.hadoop.hbase.client.MasterSwitchType;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.RegionInfo;
import org.apache.hadoop.hbase.client.RegionLocator;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.ResultScanner;
@ -102,6 +106,7 @@ import org.apache.hadoop.hbase.io.hfile.HFileContext;
import org.apache.hadoop.hbase.io.hfile.HFileContextBuilder;
import org.apache.hadoop.hbase.master.HMaster;
import org.apache.hadoop.hbase.master.MasterCoprocessorHost;
import org.apache.hadoop.hbase.master.RegionState;
import org.apache.hadoop.hbase.master.locking.LockProcedure;
import org.apache.hadoop.hbase.master.procedure.MasterProcedureEnv;
import org.apache.hadoop.hbase.master.procedure.TableProcedureInterface;
@ -390,6 +395,25 @@ public class TestAccessController extends SecureTestUtil {
USER_GROUP_WRITE, USER_GROUP_CREATE);
}
@Test
public void testUnauthorizedSetRegionStateInMeta() throws Exception {
Admin admin = TEST_UTIL.getAdmin();
final List<RegionInfo> regions = admin.getRegions(TEST_TABLE);
RegionInfo closeRegion = regions.get(0);
Map<String, RegionState.State> newStates = new HashMap<>();
newStates.put(closeRegion.getEncodedName(), RegionState.State.CLOSED);
AccessTestAction action = () -> {
try(Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
Hbck hbck = conn.getHbck()){
hbck.setRegionStateInMeta(newStates);
}
return null;
};
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,
USER_GROUP_WRITE, USER_GROUP_CREATE);
}
@Test
public void testUnauthorizedFixMeta() throws Exception {
AccessTestAction action = () -> {