You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ozone.apache.org by av...@apache.org on 2021/05/24 21:16:43 UTC
[ozone] branch HDDS-3698-nonrolling-upgrade updated: HDDS-5138.
Upgrade related RPC calls should be allowed only for admins. (#2217)
This is an automated email from the ASF dual-hosted git repository.
avijayan pushed a commit to branch HDDS-3698-nonrolling-upgrade
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/HDDS-3698-nonrolling-upgrade by this push:
new 5f046fa HDDS-5138. Upgrade related RPC calls should be allowed only for admins. (#2217)
5f046fa is described below
commit 5f046fa1e1da9c8ca9a2e7539e30c1c5a87a17cb
Author: Ethan Rose <33...@users.noreply.github.com>
AuthorDate: Mon May 24 17:16:29 2021 -0400
HDDS-5138. Upgrade related RPC calls should be allowed only for admins. (#2217)
---
.../hdds/scm/server/SCMClientProtocolServer.java | 26 +++++++++++++++++++---
.../dist/src/main/compose/ozone-ha/test.sh | 4 ----
.../org/apache/hadoop/ozone/om/TestOmAcls.java | 1 -
.../org/apache/hadoop/ozone/om/OzoneManager.java | 11 +++++++++
.../ozone/om/ratis/OzoneManagerStateMachine.java | 24 +++++++++++++++-----
.../om/request/upgrade/OMCancelPrepareRequest.java | 9 ++++++++
.../request/upgrade/OMFinalizeUpgradeRequest.java | 8 +++++++
.../om/ratis/TestOzoneManagerStateMachine.java | 3 +++
.../ozone/om/request/key/TestOMKeyRequest.java | 1 +
9 files changed, 74 insertions(+), 13 deletions(-)
diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java
index 3f22bab..69ed5af 100644
--- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java
+++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java
@@ -667,13 +667,33 @@ public class SCMClientProtocolServer implements
@Override
public StatusAndMessages finalizeScmUpgrade(String upgradeClientID) throws
IOException {
+ // check admin authorization
+ String remoteUser = getRpcRemoteUsername();
+ try {
+ getScm().checkAdminAccess(remoteUser);
+ } catch (IOException e) {
+ LOG.error("Authorization failed for finalize scm upgrade", e);
+ throw e;
+ }
return scm.finalizeUpgrade(upgradeClientID);
}
@Override
public StatusAndMessages queryUpgradeFinalizationProgress(
String upgradeClientID, boolean force, boolean readonly)
- throws IOException {
+ throws IOException {
+ if (!readonly) {
+ // check admin authorization
+ String remoteUser = getRpcRemoteUsername();
+ try {
+ getScm().checkAdminAccess(remoteUser);
+ } catch (IOException e) {
+ LOG.error("Authorization failed for query scm upgrade finalization " +
+ "progress", e);
+ throw e;
+ }
+ }
+
return scm.queryUpgradeFinalizationProgress(upgradeClientID, force,
readonly);
}
@@ -697,7 +717,7 @@ public class SCMClientProtocolServer implements
try {
getScm().checkAdminAccess(remoteUser);
} catch (IOException e) {
- LOG.error("Authorisation failed", e);
+ LOG.error("Authorization failed", e);
throw e;
}
@@ -765,7 +785,7 @@ public class SCMClientProtocolServer implements
try {
getScm().checkAdminAccess(remoteUser);
} catch (IOException e) {
- LOG.error("Authorisation failed", e);
+ LOG.error("Authorization failed", e);
throw e;
}
diff --git a/hadoop-ozone/dist/src/main/compose/ozone-ha/test.sh b/hadoop-ozone/dist/src/main/compose/ozone-ha/test.sh
index 438b2bb..7b1f9e5 100755
--- a/hadoop-ozone/dist/src/main/compose/ozone-ha/test.sh
+++ b/hadoop-ozone/dist/src/main/compose/ozone-ha/test.sh
@@ -33,10 +33,6 @@ execute_robot_test ${SCM} basic/links.robot
execute_robot_test ${SCM} s3
execute_robot_test ${SCM} freon
-# prepare test should be the last test to run, until a cancel prepare test is
-# added. (TODO)
-execute_robot_test ${SCM} omha/om-prepare.robot
-
stop_docker_env
generate_report
diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOmAcls.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOmAcls.java
index f835abb..03124bb 100644
--- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOmAcls.java
+++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOmAcls.java
@@ -161,5 +161,4 @@ public class TestOmAcls {
return TestOmAcls.aclAllow;
}
}
-
}
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
index f9ee84f..2a4345b 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
@@ -205,6 +205,7 @@ import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED_DEFAULT;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_WILDCARD;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_KEY_PREALLOCATION_BLOCKS_MAX;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_KEY_PREALLOCATION_BLOCKS_MAX_DEFAULT;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_SCM_BLOCK_SIZE;
@@ -3624,6 +3625,16 @@ public final class OzoneManager extends ServiceRuntimeInfoImpl
return ozAdmins;
}
+ public boolean isAdmin(String username) throws IOException {
+ if (isAclEnabled) {
+ Collection<String> ozAdmins = getOzoneAdmins(configuration);
+ return ozAdmins.contains(OZONE_ADMINISTRATORS_WILDCARD)
+ || ozAdmins.contains(username);
+ } else {
+ return true;
+ }
+ }
+
/**
* Returns true if OzoneNativeAuthorizer is enabled and false if otherwise.
*
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/ratis/OzoneManagerStateMachine.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/ratis/OzoneManagerStateMachine.java
index e930f1c..6329ed5 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/ratis/OzoneManagerStateMachine.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/ratis/OzoneManagerStateMachine.java
@@ -211,14 +211,28 @@ public class OzoneManagerStateMachine extends BaseStateMachine {
trx.getStateMachineLogEntry().getLogData());
OzoneManagerProtocolProtos.Type cmdType = request.getCmdType();
- // In prepare mode, only prepare and cancel requests are allowed to go
- // through.
OzoneManagerPrepareState prepareState = ozoneManager.getPrepareState();
- if (prepareState.requestAllowed(cmdType)) {
- if (cmdType == OzoneManagerProtocolProtos.Type.Prepare) {
+
+ if (cmdType == OzoneManagerProtocolProtos.Type.Prepare) {
+ // Must authenticate prepare requests here, since we must determine
+ // whether or not to apply the prepare gate before proceeding with the
+ // prepare request.
+ String username = request.getUserInfo().getUserName();
+ if (!ozoneManager.isAdmin(username)) {
+ String message = "Access denied for user " + username + ". " +
+ "Superuser privilege is required to prepare ozone managers.";
+ OMException cause =
+ new OMException(message, OMException.ResultCodes.ACCESS_DENIED);
+ // Leader should not step down because of this failure.
+ throw new StateMachineException(message, cause, false);
+ } else {
prepareState.enablePrepareGate();
}
- // TODO: Add cancel prepare here after it is implemented.
+ }
+
+ // In prepare mode, only prepare and cancel requests are allowed to go
+ // through.
+ if (prepareState.requestAllowed(cmdType)) {
return trx;
} else {
String message = "Cannot apply write request " +
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/upgrade/OMCancelPrepareRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/upgrade/OMCancelPrepareRequest.java
index 4f0def5..8c9934c 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/upgrade/OMCancelPrepareRequest.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/upgrade/OMCancelPrepareRequest.java
@@ -18,6 +18,7 @@
package org.apache.hadoop.ozone.om.request.upgrade;
import org.apache.hadoop.ozone.om.OzoneManager;
+import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.om.request.OMClientRequest;
import org.apache.hadoop.ozone.om.request.util.OmResponseUtil;
@@ -58,6 +59,14 @@ public class OMCancelPrepareRequest extends OMClientRequest {
OMClientResponse response = null;
try {
+ String username = getOmRequest().getUserInfo().getUserName();
+ if (!ozoneManager.isAdmin(username)) {
+ throw new OMException("Access denied for user " + username + ". " +
+ "Superuser privilege is required to cancel ozone manager " +
+ "preparation.",
+ OMException.ResultCodes.ACCESS_DENIED);
+ }
+
// Create response.
CancelPrepareResponse omResponse = CancelPrepareResponse.newBuilder()
.build();
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/upgrade/OMFinalizeUpgradeRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/upgrade/OMFinalizeUpgradeRequest.java
index c3c9367..4a774ce 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/upgrade/OMFinalizeUpgradeRequest.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/upgrade/OMFinalizeUpgradeRequest.java
@@ -26,6 +26,7 @@ import org.apache.hadoop.hdds.utils.db.cache.CacheKey;
import org.apache.hadoop.hdds.utils.db.cache.CacheValue;
import org.apache.hadoop.ozone.om.OMMetadataManager;
import org.apache.hadoop.ozone.om.OzoneManager;
+import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.om.request.OMClientRequest;
import org.apache.hadoop.ozone.om.request.util.OmResponseUtil;
@@ -65,6 +66,13 @@ public class OMFinalizeUpgradeRequest extends OMClientRequest {
OMClientResponse response = null;
try {
+ String username = getOmRequest().getUserInfo().getUserName();
+ if (!ozoneManager.isAdmin(username)) {
+ throw new OMException("Access denied for user " + username + ". " +
+ "Superuser privilege is required to finalize upgrade.",
+ OMException.ResultCodes.ACCESS_DENIED);
+ }
+
FinalizeUpgradeRequest request =
getOmRequest().getFinalizeUpgradeRequest();
diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/ratis/TestOzoneManagerStateMachine.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/ratis/TestOzoneManagerStateMachine.java
index 8b5f782..bf14255 100644
--- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/ratis/TestOzoneManagerStateMachine.java
+++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/ratis/TestOzoneManagerStateMachine.java
@@ -45,6 +45,7 @@ import org.mockito.Mockito;
import java.util.ArrayList;
import java.util.List;
+import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.when;
/**
@@ -63,6 +64,8 @@ public class TestOzoneManagerStateMachine {
OzoneManagerRatisServer ozoneManagerRatisServer =
Mockito.mock(OzoneManagerRatisServer.class);
OzoneManager ozoneManager = Mockito.mock(OzoneManager.class);
+ // Allow testing of prepare pre-append gate.
+ when(ozoneManager.isAdmin(any())).thenReturn(true);
OzoneConfiguration conf = new OzoneConfiguration();
conf.set(OMConfigKeys.OZONE_OM_DB_DIRS,
diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/key/TestOMKeyRequest.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/key/TestOMKeyRequest.java
index 1b4766c..9a4ef0b 100644
--- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/key/TestOMKeyRequest.java
+++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/key/TestOMKeyRequest.java
@@ -125,6 +125,7 @@ public class TestOMKeyRequest {
when(ozoneManager.isRatisEnabled()).thenReturn(true);
auditLogger = Mockito.mock(AuditLogger.class);
when(ozoneManager.getAuditLogger()).thenReturn(auditLogger);
+ when(ozoneManager.isAdmin(any())).thenReturn(true);
Mockito.doNothing().when(auditLogger).logWrite(any(AuditMessage.class));
scmClient = Mockito.mock(ScmClient.class);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ozone.apache.org
For additional commands, e-mail: commits-help@ozone.apache.org