You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by re...@apache.org on 2020/05/11 06:50:30 UTC
[hbase] branch branch-1 updated: HBASE-24345 [ACL] renameRSGroup
should require Admin level permission (#1689)
This is an automated email from the ASF dual-hosted git repository.
reidchan pushed a commit to branch branch-1
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-1 by this push:
new 29c24e7 HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1689)
29c24e7 is described below
commit 29c24e725759653487f1cb6ad158c15f0213b070
Author: Reid Chan <re...@apache.org>
AuthorDate: Mon May 11 14:50:21 2020 +0800
HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1689)
---
.../apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java | 1 +
.../org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java | 14 +++++++-------
.../apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java | 15 +++++++++++++++
3 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java b/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
index 574fa0e..4ae8e0f 100644
--- a/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
+++ b/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
@@ -502,6 +502,7 @@ public class RSGroupAdminEndpoint extends RSGroupAdminService
if (master.getMasterCoprocessorHost() != null) {
master.getMasterCoprocessorHost().preRenameRSGroup(oldRSGroup, newRSGroup);
}
+ checkPermission("renameRSGroup");
groupAdminServer.renameRSGroup(oldRSGroup, newRSGroup);
if (master.getMasterCoprocessorHost() != null) {
master.getMasterCoprocessorHost().postRenameRSGroup(oldRSGroup, newRSGroup);
diff --git a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
index 8a8f011..3d19df0 100644
--- a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
+++ b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
@@ -292,8 +292,8 @@ public abstract class TestRSGroupsBase {
boolean postRemoveServersCalled = false;
boolean preMoveServersAndTables = false;
boolean postMoveServersAndTables = false;
- boolean preReNameRSGroupCalled = false;
- boolean postReNameRSGroupCalled = false;
+ boolean preRenameRSGroupCalled = false;
+ boolean postRenameRSGroupCalled = false;
public void resetFlags() {
preBalanceRSGroupCalled = false;
@@ -310,8 +310,8 @@ public abstract class TestRSGroupsBase {
postRemoveServersCalled = false;
preMoveServersAndTables = false;
postMoveServersAndTables = false;
- preReNameRSGroupCalled = false;
- postReNameRSGroupCalled = false;
+ preRenameRSGroupCalled = false;
+ postRenameRSGroupCalled = false;
}
@Override
@@ -403,13 +403,13 @@ public abstract class TestRSGroupsBase {
@Override
public void preRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
String oldName, String newName) throws IOException {
- preReNameRSGroupCalled = true;
+ preRenameRSGroupCalled = true;
}
@Override
public void postRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
String oldName, String newName) throws IOException {
- postReNameRSGroupCalled = true;
+ postRenameRSGroupCalled = true;
}
}
-}
\ No newline at end of file
+}
diff --git a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
index 3122e59..f1cb4d8 100644
--- a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
+++ b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
@@ -356,4 +356,19 @@ public class TestRSGroupsWithACL extends SecureTestUtil{
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
}
+
+ @Test
+ public void testRenameRSGroup() throws Exception {
+ AccessTestAction action = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ rsGroupAdminEndpoint.checkPermission("renameRSGroup");
+ return null;
+ }
+ };
+
+ verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);
+ verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
+ USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
+ }
}