You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by re...@apache.org on 2020/05/11 06:50:30 UTC

[hbase] branch branch-1 updated: HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1689)

This is an automated email from the ASF dual-hosted git repository.

reidchan pushed a commit to branch branch-1
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/branch-1 by this push:
     new 29c24e7  HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1689)
29c24e7 is described below

commit 29c24e725759653487f1cb6ad158c15f0213b070
Author: Reid Chan <re...@apache.org>
AuthorDate: Mon May 11 14:50:21 2020 +0800

    HBASE-24345 [ACL] renameRSGroup should require Admin level permission (#1689)
---
 .../apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java |  1 +
 .../org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java | 14 +++++++-------
 .../apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java  | 15 +++++++++++++++
 3 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java b/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
index 574fa0e..4ae8e0f 100644
--- a/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
+++ b/hbase-rsgroup/src/main/java/org/apache/hadoop/hbase/rsgroup/RSGroupAdminEndpoint.java
@@ -502,6 +502,7 @@ public class RSGroupAdminEndpoint extends RSGroupAdminService
       if (master.getMasterCoprocessorHost() != null) {
         master.getMasterCoprocessorHost().preRenameRSGroup(oldRSGroup, newRSGroup);
       }
+      checkPermission("renameRSGroup");
       groupAdminServer.renameRSGroup(oldRSGroup, newRSGroup);
       if (master.getMasterCoprocessorHost() != null) {
         master.getMasterCoprocessorHost().postRenameRSGroup(oldRSGroup, newRSGroup);
diff --git a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
index 8a8f011..3d19df0 100644
--- a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
+++ b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsBase.java
@@ -292,8 +292,8 @@ public abstract class TestRSGroupsBase {
     boolean postRemoveServersCalled = false;
     boolean preMoveServersAndTables = false;
     boolean postMoveServersAndTables = false;
-    boolean preReNameRSGroupCalled = false;
-    boolean postReNameRSGroupCalled = false;
+    boolean preRenameRSGroupCalled = false;
+    boolean postRenameRSGroupCalled = false;
 
     public void resetFlags() {
       preBalanceRSGroupCalled = false;
@@ -310,8 +310,8 @@ public abstract class TestRSGroupsBase {
       postRemoveServersCalled = false;
       preMoveServersAndTables = false;
       postMoveServersAndTables = false;
-      preReNameRSGroupCalled = false;
-      postReNameRSGroupCalled = false;
+      preRenameRSGroupCalled = false;
+      postRenameRSGroupCalled = false;
     }
 
     @Override
@@ -403,13 +403,13 @@ public abstract class TestRSGroupsBase {
     @Override
     public void preRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                  String oldName, String newName) throws IOException {
-      preReNameRSGroupCalled = true;
+      preRenameRSGroupCalled = true;
     }
 
     @Override
     public void postRenameRSGroup(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                   String oldName, String newName) throws IOException {
-      postReNameRSGroupCalled = true;
+      postRenameRSGroupCalled = true;
     }
   }
-}
\ No newline at end of file
+}
diff --git a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
index 3122e59..f1cb4d8 100644
--- a/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
+++ b/hbase-rsgroup/src/test/java/org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.java
@@ -356,4 +356,19 @@ public class TestRSGroupsWithACL extends SecureTestUtil{
     verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
         USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
   }
+
+  @Test
+  public void testRenameRSGroup() throws Exception {
+    AccessTestAction action = new AccessTestAction() {
+      @Override
+      public Object run() throws Exception {
+        rsGroupAdminEndpoint.checkPermission("renameRSGroup");
+        return null;
+      }
+    };
+
+    verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN);
+    verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO,
+      USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE);
+  }
 }