You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by re...@apache.org on 2020/05/09 15:33:39 UTC

[hbase] branch branch-2 updated: HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1686)

This is an automated email from the ASF dual-hosted git repository.

reidchan pushed a commit to branch branch-2
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/branch-2 by this push:
     new 11ef0fd  HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1686)
11ef0fd is described below

commit 11ef0fd752eedfcbb065abe71d11460dc95cfc49
Author: Reid Chan <re...@apache.org>
AuthorDate: Sat May 9 23:33:27 2020 +0800

    HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1686)
    
    Signed-off-by: Viraj Jasani <vj...@apache.org>
    Signed-off-by: Pankaj <pa...@apache.org>
---
 .../apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java    |  1 +
 .../org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java    | 12 ++++++------
 .../org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java | 12 ++++++++++++
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java b/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
index fbbd671..1c2e76e 100644
--- a/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
+++ b/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
@@ -458,6 +458,7 @@ public class RSGroupAdminEndpoint implements MasterCoprocessor, MasterObserver {
         if (master.getMasterCoprocessorHost() != null) {
           master.getMasterCoprocessorHost().preRenameRSGroup(oldRSGroup, newRSGroup);
         }
+        checkPermission("renameRSGroup");
         groupAdminServer.renameRSGroup(oldRSGroup, newRSGroup);
         if (master.getMasterCoprocessorHost() != null) {
           master.getMasterCoprocessorHost().postRenameRSGroup(oldRSGroup, newRSGroup);
diff --git a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
index 6cb738d..a134a83 100644
--- a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
+++ b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
@@ -304,8 +304,8 @@ public abstract class TestRSGroupsBase {
     boolean postRemoveServersCalled = false;
     boolean preMoveServersAndTables = false;
     boolean postMoveServersAndTables = false;
-    boolean preReNameRSGroupCalled = false;
-    boolean postReNameRSGroupCalled = false;
+    boolean preRenameRSGroupCalled = false;
+    boolean postRenameRSGroupCalled = false;
 
     public void resetFlags() {
       preBalanceRSGroupCalled = false;
@@ -322,8 +322,8 @@ public abstract class TestRSGroupsBase {
       postRemoveServersCalled = false;
       preMoveServersAndTables = false;
       postMoveServersAndTables = false;
-      preReNameRSGroupCalled = false;
-      postReNameRSGroupCalled = false;
+      preRenameRSGroupCalled = false;
+      postRenameRSGroupCalled = false;
     }
 
     @Override
@@ -420,13 +420,13 @@ public abstract class TestRSGroupsBase {
     @Override
     public void preRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
         String oldName, String newName) throws IOException {
-      preReNameRSGroupCalled = true;
+      preRenameRSGroupCalled = true;
     }
 
     @Override
     public void postRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
         String oldName, String newName) throws IOException {
-      postReNameRSGroupCalled = true;
+      postRenameRSGroupCalled = true;
     }
   }
 
diff --git a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
index 19cb37a..db43777 100644
--- a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
+++ b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
@@ -333,4 +333,16 @@ public class TestRSGroupsWithACL extends SecureTestUtil{
     verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
         USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
   }
+
+  @Test
+  public void testRenameRSGroup() throws Exception {
+    AccessTestAction action = () -> {
+      rsGroupAdminEndpoint.checkPermission("renameRSGroup");
+      return null;
+    };
+
+    verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);
+    verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
+      USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
+  }
 }