You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by te...@apache.org on 2014/09/15 18:23:54 UTC
git commit: HBASE-11136 Add permission check to roll WAL writer
(Jerry He)
Repository: hbase
Updated Branches:
refs/heads/branch-1 435530b4d -> 1f1a2c514
HBASE-11136 Add permission check to roll WAL writer (Jerry He)
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/1f1a2c51
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/1f1a2c51
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/1f1a2c51
Branch: refs/heads/branch-1
Commit: 1f1a2c514ec4fcc45f8f6d9979069b8a1bfbcc9e
Parents: 435530b
Author: Ted Yu <te...@apache.org>
Authored: Mon Sep 15 16:22:38 2014 +0000
Committer: Ted Yu <te...@apache.org>
Committed: Mon Sep 15 16:23:41 2014 +0000
----------------------------------------------------------------------
.../coprocessor/BaseRegionServerObserver.java | 8 ++++++++
.../hbase/coprocessor/RegionServerObserver.java | 16 ++++++++++++++++
.../hbase/regionserver/RSRpcServices.java | 1 +
.../RegionServerCoprocessorHost.java | 20 ++++++++++++++++++++
.../hbase/security/access/AccessController.java | 10 ++++++++++
.../security/access/TestAccessController.java | 14 ++++++++++++++
6 files changed, 69 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/1f1a2c51/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java
index 4f51d5b..afcd457 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java
@@ -68,4 +68,12 @@ public class BaseRegionServerObserver implements RegionServerObserver {
public void postRollBackMerge(ObserverContext<RegionServerCoprocessorEnvironment> ctx,
HRegion regionA, HRegion regionB) throws IOException { }
+ @Override
+ public void preRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
+ throws IOException { }
+
+ @Override
+ public void postRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
+ throws IOException { }
+
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/1f1a2c51/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java
index df1018e..8a76d46 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java
@@ -105,4 +105,20 @@ public interface RegionServerObserver extends Coprocessor {
void postRollBackMerge(final ObserverContext<RegionServerCoprocessorEnvironment> ctx,
final HRegion regionA, final HRegion regionB) throws IOException;
+ /**
+ * This will be called before executing user request to roll a region server WAL.
+ * @param ctx An instance of ObserverContext
+ * @throws IOException Signals that an I/O exception has occurred.
+ */
+ void preRollWALWriterRequest(final ObserverContext<RegionServerCoprocessorEnvironment> ctx)
+ throws IOException;
+
+ /**
+ * This will be called after executing user request to roll a region server WAL.
+ * @param ctx An instance of ObserverContext
+ * @throws IOException Signals that an I/O exception has occurred.
+ */
+ void postRollWALWriterRequest(final ObserverContext<RegionServerCoprocessorEnvironment> ctx)
+ throws IOException;
+
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/1f1a2c51/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
index 0bd9067..647c904 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
@@ -1469,6 +1469,7 @@ public class RSRpcServices implements HBaseRPCErrorHandler,
try {
checkOpen();
requestCount.increment();
+ regionServer.getRegionServerCoprocessorHost().preRollWALWriterRequest();
HLog wal = regionServer.getWAL();
byte[][] regionsToFlush = wal.rollWriter(true);
RollWALWriterResponse.Builder builder = RollWALWriterResponse.newBuilder();
http://git-wip-us.apache.org/repos/asf/hbase/blob/1f1a2c51/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java
index 46d482c..2a4d635 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java
@@ -136,6 +136,26 @@ public class RegionServerCoprocessorHost extends
});
}
+ public void preRollWALWriterRequest() throws IOException {
+ execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() {
+ @Override
+ public void call(RegionServerObserver oserver,
+ ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException {
+ oserver.preRollWALWriterRequest(ctx);
+ }
+ });
+ }
+
+ public void postRollWALWriterRequest() throws IOException {
+ execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() {
+ @Override
+ public void call(RegionServerObserver oserver,
+ ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException {
+ oserver.postRollWALWriterRequest(ctx);
+ }
+ });
+ }
+
private static abstract class CoprocessorOperation
extends ObserverContext<RegionServerCoprocessorEnvironment> {
public CoprocessorOperation() {
http://git-wip-us.apache.org/repos/asf/hbase/blob/1f1a2c51/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
index 2e23860..0cba3bd 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
@@ -2207,4 +2207,14 @@ public class AccessController extends BaseMasterAndRegionObserver
@Override
public void postRollBackMerge(ObserverContext<RegionServerCoprocessorEnvironment> ctx,
HRegion regionA, HRegion regionB) throws IOException { }
+
+ @Override
+ public void preRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
+ throws IOException {
+ requirePermission("preRollLogWriterRequest", Permission.Action.ADMIN);
+ }
+
+ @Override
+ public void postRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
+ throws IOException { }
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/1f1a2c51/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
index 2075762..a6e3d71 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
@@ -1794,6 +1794,20 @@ public class TestAccessController extends SecureTestUtil {
}
@Test
+ public void testRollWALWriterRequest() throws Exception {
+ AccessTestAction action = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ ACCESS_CONTROLLER.preRollWALWriterRequest(ObserverContext.createAndPrepare(RSCP_ENV, null));
+ return null;
+ }
+ };
+
+ verifyAllowed(action, SUPERUSER, USER_ADMIN);
+ verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE);
+ }
+
+ @Test
public void testOpenRegion() throws Exception {
AccessTestAction action = new AccessTestAction() {
@Override