From 5f7e55b6439e35aff8a0c9e355277c7222d07583 Mon Sep 17 00:00:00 2001 From: Guangxu Cheng Date: Mon, 20 Apr 2020 09:59:06 +0800 Subject: [PATCH] HBASE-23896 Snapshot owner cannot delete snapshot when ACL is enabled and Kerberos is not enabled (#1211) Signed-off-by: binlijin --- .../master/snapshot/SnapshotManager.java | 2 +- .../hbase/client/SnapshotWithAclTestBase.java | 44 +++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java index b8084f3d9751..709796d39b8d 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java @@ -633,7 +633,7 @@ private void takeSnapshotInternal(SnapshotDescription snapshot) throws IOExcepti builder.setVersion(SnapshotDescriptionUtils.SNAPSHOT_LAYOUT_VERSION); } RpcServer.getRequestUser().ifPresent(user -> { - if (User.isHBaseSecurityEnabled(master.getConfiguration())) { + if (AccessChecker.isAuthorizationSupported(master.getConfiguration())) { builder.setOwner(user.getShortName()); } }); diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/client/SnapshotWithAclTestBase.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/client/SnapshotWithAclTestBase.java index 9359fcc54f2a..e694e9bc3a0c 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/client/SnapshotWithAclTestBase.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/client/SnapshotWithAclTestBase.java @@ -18,8 +18,11 @@ package org.apache.hadoop.hbase.client; import java.io.IOException; +import java.util.List; +import java.util.regex.Pattern; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hbase.Coprocessor; +import org.apache.hadoop.hbase.HBaseCommonTestingUtility; import org.apache.hadoop.hbase.HBaseTestingUtility; import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.coprocessor.CoprocessorHost; @@ -228,4 +231,45 @@ public void testRestoreSnapshot() throws Exception { verifyAllowed(new AccessWriteAction(TEST_TABLE), USER_OWNER, USER_RW); verifyDenied(new AccessWriteAction(TEST_TABLE), USER_RO, USER_NONE); } + + + final class AccessSnapshotAction implements AccessTestAction { + private String snapshotName; + private AccessSnapshotAction(String snapshotName) { + this.snapshotName = snapshotName; + } + @Override + public Object run() throws Exception { + try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration()); + Admin admin = conn.getAdmin()) { + admin.snapshot(this.snapshotName, TEST_TABLE); + } + return null; + } + } + + @Test + public void testDeleteSnapshot() throws Exception { + String testSnapshotName = HBaseCommonTestingUtility.getRandomUUID().toString(); + verifyAllowed(new AccessSnapshotAction(testSnapshotName), USER_OWNER); + verifyDenied(new AccessSnapshotAction(HBaseCommonTestingUtility.getRandomUUID().toString()), + USER_RO, USER_RW, USER_NONE); + List snapshotDescriptions = TEST_UTIL.getAdmin().listSnapshots( + Pattern.compile(testSnapshotName)); + Assert.assertEquals(1, snapshotDescriptions.size()); + Assert.assertEquals(USER_OWNER.getShortName(), snapshotDescriptions.get(0).getOwner()); + AccessTestAction deleteSnapshotAction = () -> { + try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration()); + Admin admin = conn.getAdmin()) { + admin.deleteSnapshot(testSnapshotName); + } + return null; + }; + verifyDenied(deleteSnapshotAction, USER_RO, USER_RW, USER_NONE); + verifyAllowed(deleteSnapshotAction, USER_OWNER); + + List snapshotsAfterDelete = TEST_UTIL.getAdmin().listSnapshots( + Pattern.compile(testSnapshotName)); + Assert.assertEquals(0, snapshotsAfterDelete.size()); + } }