You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sd...@apache.org on 2015/08/14 09:28:51 UTC
[17/50] [abbrv] incubator-sentry git commit: SENTRY-805: Reclassify
CoreAdminHandler Actions (Gregory Chanan, Reviewed by: Vamsee Yarlagadda)
SENTRY-805: Reclassify CoreAdminHandler Actions (Gregory Chanan, Reviewed by: Vamsee Yarlagadda)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/7c2da749
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/7c2da749
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/7c2da749
Branch: refs/heads/hive_plugin_v2
Commit: 7c2da749d3de908f77178a2ea2f409f45f640169
Parents: 77ac995
Author: Vamsee Yarlagadda <va...@cloudera.com>
Authored: Mon Jul 20 11:06:07 2015 -0700
Committer: Vamsee Yarlagadda <va...@cloudera.com>
Committed: Mon Jul 20 11:06:07 2015 -0700
----------------------------------------------------------------------
.../handler/admin/SecureCoreAdminHandler.java | 19 ++++++++++---------
.../admin/SecureCoreAdminHandlerTest.java | 15 +++++++--------
2 files changed, 17 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/7c2da749/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java b/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java
index c1bde31..36ef6d0 100644
--- a/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java
+++ b/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java
@@ -87,15 +87,13 @@ public class SecureCoreAdminHandler extends CoreAdminHandler {
collection = getCollectionFromCoreName(cname);
break;
}
- case REQUESTAPPLYUPDATES: {
+ case CREATE:
+ case REQUESTAPPLYUPDATES:
+ case REQUESTBUFFERUPDATES: {
String cname = params.get(CoreAdminParams.NAME, "");
collection = getCollectionFromCoreName(cname);
break;
}
- case CREATE: {
- collection = params.get(CoreAdminParams.COLLECTION);
- break;
- }
case STATUS:
// CORE is an optional param for STATUS, but since the
// non-parameterized version returns all the core info, it doesn't
@@ -103,8 +101,11 @@ public class SecureCoreAdminHandler extends CoreAdminHandler {
case PERSIST:
case CREATEALIAS:
case DELETEALIAS:
+ case LOAD:
case LOAD_ON_STARTUP:
case TRANSIENT:
+ case REQUESTSTATUS:
+ case OVERSEEROP:
default: {
// these are actions that are not core related or not actually
// handled by the CoreAdminHandler
@@ -114,7 +115,8 @@ public class SecureCoreAdminHandler extends CoreAdminHandler {
}
switch (action) {
- case STATUS: {
+ case STATUS:
+ case REQUESTSTATUS: {
SecureRequestHandlerUtil.checkSentryAdmin(req, SecureRequestHandlerUtil.QUERY_ONLY, checkCollection, collection);
break;
}
@@ -136,10 +138,9 @@ public class SecureCoreAdminHandler extends CoreAdminHandler {
case CREATEALIAS:
case DELETEALIAS:
case LOAD_ON_STARTUP:
+ case TRANSIENT:
case REQUESTBUFFERUPDATES:
- case OVERSEEROP:
- case REQUESTSTATUS:
- case TRANSIENT: {
+ case OVERSEEROP: {
SecureRequestHandlerUtil.checkSentryAdmin(req, SecureRequestHandlerUtil.UPDATE_ONLY, checkCollection, collection);
break;
}
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/7c2da749/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java
index 1857feb..0dbb271 100644
--- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java
+++ b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java
@@ -39,8 +39,8 @@ public class SecureCoreAdminHandlerTest extends SentryTestBase {
private static CloudDescriptor cloudDescriptor;
public final static List<CoreAdminAction> QUERY_ACTIONS = Arrays.asList(
- CoreAdminAction.STATUS
- );
+ CoreAdminAction.STATUS,
+ CoreAdminAction.REQUESTSTATUS);
public final static List<CoreAdminAction> UPDATE_ACTIONS = Arrays.asList(
CoreAdminAction.LOAD,
CoreAdminAction.UNLOAD,
@@ -60,7 +60,6 @@ public class SecureCoreAdminHandlerTest extends SentryTestBase {
CoreAdminAction.LOAD_ON_STARTUP,
CoreAdminAction.TRANSIENT,
CoreAdminAction.OVERSEEROP,
- CoreAdminAction.REQUESTSTATUS,
// RELOAD needs to go last, because our bogus calls leaves things in a bad state for later calls.
// We could handle this more cleanly at the cost of a lot more creating and deleting cores.
CoreAdminAction.RELOAD
@@ -73,6 +72,8 @@ public class SecureCoreAdminHandlerTest extends SentryTestBase {
// actions which don't check the actual collection
public final static List<CoreAdminAction> NO_CHECK_COLLECTIONS = Arrays.asList(
+ CoreAdminAction.STATUS,
+ CoreAdminAction.REQUESTSTATUS,
CoreAdminAction.LOAD,
CoreAdminAction.PERSIST,
CoreAdminAction.CREATEALIAS,
@@ -80,7 +81,6 @@ public class SecureCoreAdminHandlerTest extends SentryTestBase {
CoreAdminAction.LOAD_ON_STARTUP,
CoreAdminAction.REQUESTBUFFERUPDATES,
CoreAdminAction.OVERSEEROP,
- CoreAdminAction.REQUESTSTATUS,
CoreAdminAction.TRANSIENT
);
@@ -130,12 +130,11 @@ public class SecureCoreAdminHandlerTest extends SentryTestBase {
return req;
}
- private void verifyQueryAccess(CoreAdminAction action) throws Exception {
+ private void verifyQueryAccess(CoreAdminAction action, boolean checkCollection) throws Exception {
CoreAdminHandler handler = new SecureCoreAdminHandler(h.getCoreContainer());
verifyAuthorized(handler, getCoreAdminRequest("collection1", "junit", action));
verifyAuthorized(handler, getCoreAdminRequest("queryCollection", "junit", action));
- if (action.equals(CoreAdminAction.STATUS)) {
- // STATUS doesn't check collection permissions
+ if (!checkCollection) {
verifyAuthorized(handler, getCoreAdminRequest("bogusCollection", "junit", action));
verifyAuthorized(handler, getCoreAdminRequest("updateCollection", "junit", action));
} else {
@@ -157,7 +156,7 @@ public class SecureCoreAdminHandlerTest extends SentryTestBase {
@Test
public void testSecureAdminHandler() throws Exception {
for (CoreAdminAction action : QUERY_ACTIONS) {
- verifyQueryAccess(action);
+ verifyQueryAccess(action, !NO_CHECK_COLLECTIONS.contains(action));
}
for (CoreAdminAction action : UPDATE_ACTIONS) {
verifyUpdateAccess(action, !NO_CHECK_COLLECTIONS.contains(action));