You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by re...@apache.org on 2020/05/09 15:52:55 UTC

[hbase] branch branch-2.2 updated: HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1686)

This is an automated email from the ASF dual-hosted git repository.

reidchan pushed a commit to branch branch-2.2
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/branch-2.2 by this push:
     new 90fe480  HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1686)
90fe480 is described below

commit 90fe480e9538b282dfa721e8be92b305dc9c3cf2
Author: Reid Chan <re...@apache.org>
AuthorDate: Sat May 9 23:33:27 2020 +0800

    HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1686)
    
    Signed-off-by: Viraj Jasani <vj...@apache.org>
    Signed-off-by: Pankaj <pa...@apache.org>
---
 .../apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java    |  1 +
 .../org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java    | 12 ++++++------
 .../org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java | 12 ++++++++++++
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java b/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
index ad71294..73cec8c 100644
--- a/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
+++ b/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
@@ -461,6 +461,7 @@ public class RSGroupAdminEndpoint implements MasterCoprocessor, MasterObserver {
         if (master.getMasterCoprocessorHost() != null) {
           master.getMasterCoprocessorHost().preRenameRSGroup(oldRSGroup, newRSGroup);
         }
+        checkPermission("renameRSGroup");
         groupAdminServer.renameRSGroup(oldRSGroup, newRSGroup);
         if (master.getMasterCoprocessorHost() != null) {
           master.getMasterCoprocessorHost().postRenameRSGroup(oldRSGroup, newRSGroup);
diff --git a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
index 6cb738d..a134a83 100644
--- a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
+++ b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
@@ -304,8 +304,8 @@ public abstract class TestRSGroupsBase {
     boolean postRemoveServersCalled = false;
     boolean preMoveServersAndTables = false;
     boolean postMoveServersAndTables = false;
-    boolean preReNameRSGroupCalled = false;
-    boolean postReNameRSGroupCalled = false;
+    boolean preRenameRSGroupCalled = false;
+    boolean postRenameRSGroupCalled = false;
 
     public void resetFlags() {
       preBalanceRSGroupCalled = false;
@@ -322,8 +322,8 @@ public abstract class TestRSGroupsBase {
       postRemoveServersCalled = false;
       preMoveServersAndTables = false;
       postMoveServersAndTables = false;
-      preReNameRSGroupCalled = false;
-      postReNameRSGroupCalled = false;
+      preRenameRSGroupCalled = false;
+      postRenameRSGroupCalled = false;
     }
 
     @Override
@@ -420,13 +420,13 @@ public abstract class TestRSGroupsBase {
     @Override
     public void preRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
         String oldName, String newName) throws IOException {
-      preReNameRSGroupCalled = true;
+      preRenameRSGroupCalled = true;
     }
 
     @Override
     public void postRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
         String oldName, String newName) throws IOException {
-      postReNameRSGroupCalled = true;
+      postRenameRSGroupCalled = true;
     }
   }
 
diff --git a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
index b0a9cdd..c9992f6 100644
--- a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
+++ b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
@@ -337,4 +337,16 @@ public class TestRSGroupsWithACL extends SecureTestUtil{
     verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
         USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
   }
+
+  @Test
+  public void testRenameRSGroup() throws Exception {
+    AccessTestAction action = () -> {
+      rsGroupAdminEndpoint.checkPermission("renameRSGroup");
+      return null;
+    };
+
+    verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);
+    verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
+      USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
+  }
 }