You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by gx...@apache.org on 2020/04/20 02:27:45 UTC

[hbase] branch branch-2.3 updated: HBASE-23896 Snapshot owner cannot delete snapshot when ACL is enabled and Kerberos is not enabled (#1211)

This is an automated email from the ASF dual-hosted git repository.

gxcheng pushed a commit to branch branch-2.3
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/branch-2.3 by this push:
     new 2335803  HBASE-23896 Snapshot owner cannot delete snapshot when ACL is enabled and Kerberos is not enabled (#1211)
2335803 is described below

commit 23358038d927df4f56d754fc853e7d6b64102363
Author: Guangxu Cheng <gu...@gmail.com>
AuthorDate: Mon Apr 20 09:59:06 2020 +0800

    HBASE-23896 Snapshot owner cannot delete snapshot when ACL is enabled and Kerberos is not enabled (#1211)
    
    Signed-off-by: binlijin <bi...@gmail.com>
---
 .../hbase/master/snapshot/SnapshotManager.java     |  2 +-
 .../hbase/client/SnapshotWithAclTestBase.java      | 44 ++++++++++++++++++++++
 2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java
index 1b4f9d8..e00c749 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java
@@ -635,7 +635,7 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable
       builder.setVersion(SnapshotDescriptionUtils.SNAPSHOT_LAYOUT_VERSION);
     }
     RpcServer.getRequestUser().ifPresent(user -> {
-      if (User.isHBaseSecurityEnabled(master.getConfiguration())) {
+      if (AccessChecker.isAuthorizationSupported(master.getConfiguration())) {
         builder.setOwner(user.getShortName());
       }
     });
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/client/SnapshotWithAclTestBase.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/client/SnapshotWithAclTestBase.java
index 98c84d5..f8dbc94 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/client/SnapshotWithAclTestBase.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/client/SnapshotWithAclTestBase.java
@@ -18,8 +18,11 @@
 package org.apache.hadoop.hbase.client;
 
 import java.io.IOException;
+import java.util.List;
+import java.util.regex.Pattern;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.Coprocessor;
+import org.apache.hadoop.hbase.HBaseCommonTestingUtility;
 import org.apache.hadoop.hbase.HBaseTestingUtility;
 import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
@@ -228,4 +231,45 @@ public abstract class SnapshotWithAclTestBase extends SecureTestUtil {
     verifyAllowed(new AccessWriteAction(TEST_TABLE), USER_OWNER, USER_RW);
     verifyDenied(new AccessWriteAction(TEST_TABLE), USER_RO, USER_NONE);
   }
+
+
+  final class AccessSnapshotAction implements AccessTestAction {
+    private String snapshotName;
+    private AccessSnapshotAction(String snapshotName) {
+      this.snapshotName = snapshotName;
+    }
+    @Override
+    public Object run() throws Exception {
+      try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
+        Admin admin = conn.getAdmin()) {
+        admin.snapshot(this.snapshotName, TEST_TABLE);
+      }
+      return null;
+    }
+  }
+
+  @Test
+  public void testDeleteSnapshot() throws Exception {
+    String testSnapshotName = HBaseCommonTestingUtility.getRandomUUID().toString();
+    verifyAllowed(new AccessSnapshotAction(testSnapshotName), USER_OWNER);
+    verifyDenied(new AccessSnapshotAction(HBaseCommonTestingUtility.getRandomUUID().toString()),
+      USER_RO, USER_RW, USER_NONE);
+    List<SnapshotDescription> snapshotDescriptions = TEST_UTIL.getAdmin().listSnapshots(
+      Pattern.compile(testSnapshotName));
+    Assert.assertEquals(1, snapshotDescriptions.size());
+    Assert.assertEquals(USER_OWNER.getShortName(), snapshotDescriptions.get(0).getOwner());
+    AccessTestAction deleteSnapshotAction = () -> {
+      try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
+        Admin admin = conn.getAdmin()) {
+        admin.deleteSnapshot(testSnapshotName);
+      }
+      return null;
+    };
+    verifyDenied(deleteSnapshotAction, USER_RO, USER_RW, USER_NONE);
+    verifyAllowed(deleteSnapshotAction, USER_OWNER);
+
+    List<SnapshotDescription> snapshotsAfterDelete = TEST_UTIL.getAdmin().listSnapshots(
+      Pattern.compile(testSnapshotName));
+    Assert.assertEquals(0, snapshotsAfterDelete.size());
+  }
 }