You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by re...@apache.org on 2020/05/09 15:33:39 UTC
[hbase] branch branch-2 updated: HBASE-24345 [ACL] renameRSGroup
should require Admin level permission (#1686)
This is an automated email from the ASF dual-hosted git repository.
reidchan pushed a commit to branch branch-2
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2 by this push:
new 11ef0fd HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1686)
11ef0fd is described below
commit 11ef0fd752eedfcbb065abe71d11460dc95cfc49
Author: Reid Chan <re...@apache.org>
AuthorDate: Sat May 9 23:33:27 2020 +0800
HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1686)
Signed-off-by: Viraj Jasani <vj...@apache.org>
Signed-off-by: Pankaj <pa...@apache.org>
---
.../apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java | 1 +
.../org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java | 12 ++++++------
.../org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java | 12 ++++++++++++
3 files changed, 19 insertions(+), 6 deletions(-)
diff --git a/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java b/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
index fbbd671..1c2e76e 100644
--- a/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
+++ b/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
@@ -458,6 +458,7 @@ public class RSGroupAdminEndpoint implements MasterCoprocessor, MasterObserver {
if (master.getMasterCoprocessorHost() != null) {
master.getMasterCoprocessorHost().preRenameRSGroup(oldRSGroup, newRSGroup);
}
+ checkPermission("renameRSGroup");
groupAdminServer.renameRSGroup(oldRSGroup, newRSGroup);
if (master.getMasterCoprocessorHost() != null) {
master.getMasterCoprocessorHost().postRenameRSGroup(oldRSGroup, newRSGroup);
diff --git a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
index 6cb738d..a134a83 100644
--- a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
+++ b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
@@ -304,8 +304,8 @@ public abstract class TestRSGroupsBase {
boolean postRemoveServersCalled = false;
boolean preMoveServersAndTables = false;
boolean postMoveServersAndTables = false;
- boolean preReNameRSGroupCalled = false;
- boolean postReNameRSGroupCalled = false;
+ boolean preRenameRSGroupCalled = false;
+ boolean postRenameRSGroupCalled = false;
public void resetFlags() {
preBalanceRSGroupCalled = false;
@@ -322,8 +322,8 @@ public abstract class TestRSGroupsBase {
postRemoveServersCalled = false;
preMoveServersAndTables = false;
postMoveServersAndTables = false;
- preReNameRSGroupCalled = false;
- postReNameRSGroupCalled = false;
+ preRenameRSGroupCalled = false;
+ postRenameRSGroupCalled = false;
}
@Override
@@ -420,13 +420,13 @@ public abstract class TestRSGroupsBase {
@Override
public void preRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
String oldName, String newName) throws IOException {
- preReNameRSGroupCalled = true;
+ preRenameRSGroupCalled = true;
}
@Override
public void postRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
String oldName, String newName) throws IOException {
- postReNameRSGroupCalled = true;
+ postRenameRSGroupCalled = true;
}
}
diff --git a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
index 19cb37a..db43777 100644
--- a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
+++ b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
@@ -333,4 +333,16 @@ public class TestRSGroupsWithACL extends SecureTestUtil{
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
}
+
+ @Test
+ public void testRenameRSGroup() throws Exception {
+ AccessTestAction action = () -> {
+ rsGroupAdminEndpoint.checkPermission("renameRSGroup");
+ return null;
+ };
+
+ verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);
+ verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
+ USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
+ }
}