Skip to content

Commit

Permalink
HBASE-23896 Snapshot owner cannot delete snapshot when ACL is enabled…
Browse files Browse the repository at this point in the history
… and Kerberos is not enabled (apache#1211)

Signed-off-by: binlijin <[email protected]>
  • Loading branch information
guangxuCheng authored and meiyi committed Jul 10, 2020
1 parent 3bfa1fd commit 28784c1
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -652,7 +652,7 @@ private void takeSnapshotInternal(SnapshotDescription snapshot) throws IOExcepti
builder.setVersion(SnapshotDescriptionUtils.SNAPSHOT_LAYOUT_VERSION);
}
RpcServer.getRequestUser().ifPresent(user -> {
if (User.isHBaseSecurityEnabled(master.getConfiguration())) {
if (AccessChecker.isAuthorizationSupported(master.getConfiguration())) {
builder.setOwner(user.getShortName());
}
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,11 @@
package org.apache.hadoop.hbase.client;

import java.io.IOException;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.Coprocessor;
import org.apache.hadoop.hbase.HBaseCommonTestingUtility;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
Expand Down Expand Up @@ -228,4 +231,45 @@ public void testRestoreSnapshot() throws Exception {
verifyAllowed(new AccessWriteAction(TEST_TABLE), USER_OWNER, USER_RW);
verifyDenied(new AccessWriteAction(TEST_TABLE), USER_RO, USER_NONE);
}


final class AccessSnapshotAction implements AccessTestAction {
private String snapshotName;
private AccessSnapshotAction(String snapshotName) {
this.snapshotName = snapshotName;
}
@Override
public Object run() throws Exception {
try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
Admin admin = conn.getAdmin()) {
admin.snapshot(this.snapshotName, TEST_TABLE);
}
return null;
}
}

@Test
public void testDeleteSnapshot() throws Exception {
String testSnapshotName = HBaseCommonTestingUtility.getRandomUUID().toString();
verifyAllowed(new AccessSnapshotAction(testSnapshotName), USER_OWNER);
verifyDenied(new AccessSnapshotAction(HBaseCommonTestingUtility.getRandomUUID().toString()),
USER_RO, USER_RW, USER_NONE);
List<SnapshotDescription> snapshotDescriptions = TEST_UTIL.getAdmin().listSnapshots(
Pattern.compile(testSnapshotName));
Assert.assertEquals(1, snapshotDescriptions.size());
Assert.assertEquals(USER_OWNER.getShortName(), snapshotDescriptions.get(0).getOwner());
AccessTestAction deleteSnapshotAction = () -> {
try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
Admin admin = conn.getAdmin()) {
admin.deleteSnapshot(testSnapshotName);
}
return null;
};
verifyDenied(deleteSnapshotAction, USER_RO, USER_RW, USER_NONE);
verifyAllowed(deleteSnapshotAction, USER_OWNER);

List<SnapshotDescription> snapshotsAfterDelete = TEST_UTIL.getAdmin().listSnapshots(
Pattern.compile(testSnapshotName));
Assert.assertEquals(0, snapshotsAfterDelete.size());
}
}

0 comments on commit 28784c1

Please sign in to comment.