You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by we...@apache.org on 2017/07/28 07:51:17 UTC
hadoop git commit: HDFS-12062. removeErasureCodingPolicy needs super
user permission. Contributed by Wei-Chiu Chuang.
Repository: hadoop
Updated Branches:
refs/heads/trunk 9902be72c -> 369f73126
HDFS-12062. removeErasureCodingPolicy needs super user permission. Contributed by Wei-Chiu Chuang.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/369f7312
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/369f7312
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/369f7312
Branch: refs/heads/trunk
Commit: 369f731264d77617452e4074d15404bd62ec6093
Parents: 9902be7
Author: Wei-Chiu Chuang <we...@apache.org>
Authored: Fri Jul 28 00:50:08 2017 -0700
Committer: Wei-Chiu Chuang <we...@apache.org>
Committed: Fri Jul 28 00:51:03 2017 -0700
----------------------------------------------------------------------
.../java/org/apache/hadoop/hdfs/DFSClient.java | 26 ++++++++--
.../hdfs/server/namenode/NameNodeRpcServer.java | 1 +
.../hadoop/hdfs/TestDistributedFileSystem.java | 50 ++++++++++++++++++++
.../hadoop/hdfs/TestErasureCodingPolicies.java | 20 ++++++++
4 files changed, 93 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/369f7312/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/DFSClient.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/DFSClient.java b/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/DFSClient.java
index 8acda61..677ea35 100644
--- a/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/DFSClient.java
+++ b/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/DFSClient.java
@@ -2774,25 +2774,43 @@ public class DFSClient implements java.io.Closeable, RemotePeerFactory,
public AddECPolicyResponse[] addErasureCodingPolicies(
ErasureCodingPolicy[] policies) throws IOException {
checkOpen();
- return namenode.addErasureCodingPolicies(policies);
+ try (TraceScope ignored = tracer.newScope("addErasureCodingPolicies")) {
+ return namenode.addErasureCodingPolicies(policies);
+ } catch (RemoteException re) {
+ throw re.unwrapRemoteException(AccessControlException.class);
+ }
}
public void removeErasureCodingPolicy(String ecPolicyName)
throws IOException {
checkOpen();
- namenode.removeErasureCodingPolicy(ecPolicyName);
+ try (TraceScope ignored = tracer.newScope("removeErasureCodingPolicy")) {
+ namenode.removeErasureCodingPolicy(ecPolicyName);
+ } catch (RemoteException re) {
+ throw re.unwrapRemoteException(AccessControlException.class);
+ }
}
public void enableErasureCodingPolicy(String ecPolicyName)
throws IOException {
checkOpen();
- namenode.enableErasureCodingPolicy(ecPolicyName);
+ try (TraceScope ignored = tracer.newScope("enableErasureCodingPolicy")) {
+ namenode.enableErasureCodingPolicy(ecPolicyName);
+ } catch (RemoteException re) {
+ throw re.unwrapRemoteException(AccessControlException.class,
+ SafeModeException.class);
+ }
}
public void disableErasureCodingPolicy(String ecPolicyName)
throws IOException {
checkOpen();
- namenode.disableErasureCodingPolicy(ecPolicyName);
+ try (TraceScope ignored = tracer.newScope("disableErasureCodingPolicy")) {
+ namenode.disableErasureCodingPolicy(ecPolicyName);
+ } catch (RemoteException re) {
+ throw re.unwrapRemoteException(AccessControlException.class,
+ SafeModeException.class);
+ }
}
public DFSInotifyEventInputStream getInotifyEventStream() throws IOException {
http://git-wip-us.apache.org/repos/asf/hadoop/blob/369f7312/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java
index 39d93df..9cd58cb 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java
@@ -2304,6 +2304,7 @@ public class NameNodeRpcServer implements NamenodeProtocols {
public void removeErasureCodingPolicy(String ecPolicyName)
throws IOException {
checkNNStartup();
+ namesystem.checkSuperuserPrivilege();
namesystem.removeErasureCodingPolicy(ecPolicyName);
}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/369f7312/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDistributedFileSystem.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDistributedFileSystem.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDistributedFileSystem.java
index b35d374..9525609 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDistributedFileSystem.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDistributedFileSystem.java
@@ -93,6 +93,7 @@ import org.apache.hadoop.net.DNSToSwitchMapping;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.net.ScriptBasedMapping;
import org.apache.hadoop.net.StaticMapping;
+import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.util.DataChecksum;
@@ -1561,6 +1562,27 @@ public class TestDistributedFileSystem {
fs.removeErasureCodingPolicy(policyName);
assertEquals(policyName, ErasureCodingPolicyManager.getInstance().
getRemovedPolicies().get(0).getName());
+
+ // remove erasure coding policy as a user without privilege
+ UserGroupInformation fakeUGI = UserGroupInformation.createUserForTesting(
+ "ProbablyNotARealUserName", new String[] {"ShangriLa"});
+ final MiniDFSCluster finalCluster = cluster;
+ fakeUGI.doAs(new PrivilegedExceptionAction<Object>() {
+ @Override
+ public Object run() throws Exception {
+ DistributedFileSystem fs = finalCluster.getFileSystem();
+ try {
+ fs.removeErasureCodingPolicy(policyName);
+ fail();
+ } catch (AccessControlException ace) {
+ GenericTestUtils.assertExceptionContains("Access denied for user " +
+ "ProbablyNotARealUserName. Superuser privilege is required",
+ ace);
+ }
+ return null;
+ }
+ });
+
} finally {
if (cluster != null) {
cluster.shutdown();
@@ -1609,6 +1631,34 @@ public class TestDistributedFileSystem {
GenericTestUtils.assertExceptionContains("does not exists", e);
// pass
}
+
+ // disable and enable erasure coding policy as a user without privilege
+ UserGroupInformation fakeUGI = UserGroupInformation.createUserForTesting(
+ "ProbablyNotARealUserName", new String[] {"ShangriLa"});
+ final MiniDFSCluster finalCluster = cluster;
+ fakeUGI.doAs(new PrivilegedExceptionAction<Object>() {
+ @Override
+ public Object run() throws Exception {
+ DistributedFileSystem fs = finalCluster.getFileSystem();
+ try {
+ fs.disableErasureCodingPolicy(policyName);
+ fail();
+ } catch (AccessControlException ace) {
+ GenericTestUtils.assertExceptionContains("Access denied for user " +
+ "ProbablyNotARealUserName. Superuser privilege is required",
+ ace);
+ }
+ try {
+ fs.enableErasureCodingPolicy(policyName);
+ fail();
+ } catch (AccessControlException ace) {
+ GenericTestUtils.assertExceptionContains("Access denied for user " +
+ "ProbablyNotARealUserName. Superuser privilege is required",
+ ace);
+ }
+ return null;
+ }
+ });
} finally {
if (cluster != null) {
cluster.shutdown();
http://git-wip-us.apache.org/repos/asf/hadoop/blob/369f7312/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestErasureCodingPolicies.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestErasureCodingPolicies.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestErasureCodingPolicies.java
index f90a2f3..127dad1 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestErasureCodingPolicies.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestErasureCodingPolicies.java
@@ -693,5 +693,25 @@ public class TestErasureCodingPolicies {
assertTrue(responses[0].isSucceed());
assertEquals(SystemErasureCodingPolicies.getPolicies().size() + 1,
ErasureCodingPolicyManager.getInstance().getPolicies().length);
+
+ // add erasure coding policy as a user without privilege
+ UserGroupInformation fakeUGI = UserGroupInformation.createUserForTesting(
+ "ProbablyNotARealUserName", new String[] {"ShangriLa"});
+ final ErasureCodingPolicy ecPolicy = newPolicy;
+ fakeUGI.doAs(new PrivilegedExceptionAction<Object>() {
+ @Override
+ public Object run() throws Exception {
+ DistributedFileSystem fs = cluster.getFileSystem();
+ try {
+ fs.addErasureCodingPolicies(new ErasureCodingPolicy[]{ecPolicy});
+ fail();
+ } catch (AccessControlException ace) {
+ GenericTestUtils.assertExceptionContains("Access denied for user " +
+ "ProbablyNotARealUserName. Superuser privilege is required",
+ ace);
+ }
+ return null;
+ }
+ });
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org