You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by gx...@apache.org on 2020/04/20 02:27:39 UTC
[hbase] branch branch-2 updated: HBASE-23896 Snapshot owner cannot
delete snapshot when ACL is enabled and Kerberos is not enabled (#1211)
This is an automated email from the ASF dual-hosted git repository.
gxcheng pushed a commit to branch branch-2
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2 by this push:
new 2762ddc HBASE-23896 Snapshot owner cannot delete snapshot when ACL is enabled and Kerberos is not enabled (#1211)
2762ddc is described below
commit 2762ddc6a807a9617308db5bed4155b856a8b4b5
Author: Guangxu Cheng <gu...@gmail.com>
AuthorDate: Mon Apr 20 09:59:06 2020 +0800
HBASE-23896 Snapshot owner cannot delete snapshot when ACL is enabled and Kerberos is not enabled (#1211)
Signed-off-by: binlijin <bi...@gmail.com>
---
.../hbase/master/snapshot/SnapshotManager.java | 2 +-
.../hbase/client/SnapshotWithAclTestBase.java | 44 ++++++++++++++++++++++
2 files changed, 45 insertions(+), 1 deletion(-)
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java
index 1b4f9d8..e00c749 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java
@@ -635,7 +635,7 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable
builder.setVersion(SnapshotDescriptionUtils.SNAPSHOT_LAYOUT_VERSION);
}
RpcServer.getRequestUser().ifPresent(user -> {
- if (User.isHBaseSecurityEnabled(master.getConfiguration())) {
+ if (AccessChecker.isAuthorizationSupported(master.getConfiguration())) {
builder.setOwner(user.getShortName());
}
});
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/client/SnapshotWithAclTestBase.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/client/SnapshotWithAclTestBase.java
index 98c84d5..f8dbc94 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/client/SnapshotWithAclTestBase.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/client/SnapshotWithAclTestBase.java
@@ -18,8 +18,11 @@
package org.apache.hadoop.hbase.client;
import java.io.IOException;
+import java.util.List;
+import java.util.regex.Pattern;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.Coprocessor;
+import org.apache.hadoop.hbase.HBaseCommonTestingUtility;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
@@ -228,4 +231,45 @@ public abstract class SnapshotWithAclTestBase extends SecureTestUtil {
verifyAllowed(new AccessWriteAction(TEST_TABLE), USER_OWNER, USER_RW);
verifyDenied(new AccessWriteAction(TEST_TABLE), USER_RO, USER_NONE);
}
+
+
+ final class AccessSnapshotAction implements AccessTestAction {
+ private String snapshotName;
+ private AccessSnapshotAction(String snapshotName) {
+ this.snapshotName = snapshotName;
+ }
+ @Override
+ public Object run() throws Exception {
+ try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
+ Admin admin = conn.getAdmin()) {
+ admin.snapshot(this.snapshotName, TEST_TABLE);
+ }
+ return null;
+ }
+ }
+
+ @Test
+ public void testDeleteSnapshot() throws Exception {
+ String testSnapshotName = HBaseCommonTestingUtility.getRandomUUID().toString();
+ verifyAllowed(new AccessSnapshotAction(testSnapshotName), USER_OWNER);
+ verifyDenied(new AccessSnapshotAction(HBaseCommonTestingUtility.getRandomUUID().toString()),
+ USER_RO, USER_RW, USER_NONE);
+ List<SnapshotDescription> snapshotDescriptions = TEST_UTIL.getAdmin().listSnapshots(
+ Pattern.compile(testSnapshotName));
+ Assert.assertEquals(1, snapshotDescriptions.size());
+ Assert.assertEquals(USER_OWNER.getShortName(), snapshotDescriptions.get(0).getOwner());
+ AccessTestAction deleteSnapshotAction = () -> {
+ try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
+ Admin admin = conn.getAdmin()) {
+ admin.deleteSnapshot(testSnapshotName);
+ }
+ return null;
+ };
+ verifyDenied(deleteSnapshotAction, USER_RO, USER_RW, USER_NONE);
+ verifyAllowed(deleteSnapshotAction, USER_OWNER);
+
+ List<SnapshotDescription> snapshotsAfterDelete = TEST_UTIL.getAdmin().listSnapshots(
+ Pattern.compile(testSnapshotName));
+ Assert.assertEquals(0, snapshotsAfterDelete.size());
+ }
}