big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HDFS-12062. removeErasureCodingPolicy needs super user permission. Contributed by Wei-Chiu Chuang.

Browse Source
This commit is contained in:
Wei-Chiu Chuang 2017-07-28 00:50:08 -07:00
parent 9902be72cb
commit 369f731264
4 changed files with 93 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/DFSClient.java
View File

@ -2774,25 +2774,43 @@ public HashMap<String, String> getErasureCodingCodecs() throws IOException {
public AddECPolicyResponse[] addErasureCodingPolicies( public AddECPolicyResponse[] addErasureCodingPolicies(
ErasureCodingPolicy[] policies) throws IOException { ErasureCodingPolicy[] policies) throws IOException {
checkOpen(); checkOpen();
try (TraceScope ignored = tracer.newScope("addErasureCodingPolicies")) {
return namenode.addErasureCodingPolicies(policies); return namenode.addErasureCodingPolicies(policies);
} catch (RemoteException re) {
throw re.unwrapRemoteException(AccessControlException.class);
}
} }
public void removeErasureCodingPolicy(String ecPolicyName) public void removeErasureCodingPolicy(String ecPolicyName)
throws IOException { throws IOException {
checkOpen(); checkOpen();
try (TraceScope ignored = tracer.newScope("removeErasureCodingPolicy")) {
namenode.removeErasureCodingPolicy(ecPolicyName); namenode.removeErasureCodingPolicy(ecPolicyName);
} catch (RemoteException re) {
throw re.unwrapRemoteException(AccessControlException.class);
}
} }
public void enableErasureCodingPolicy(String ecPolicyName) public void enableErasureCodingPolicy(String ecPolicyName)
throws IOException { throws IOException {
checkOpen(); checkOpen();
try (TraceScope ignored = tracer.newScope("enableErasureCodingPolicy")) {
namenode.enableErasureCodingPolicy(ecPolicyName); namenode.enableErasureCodingPolicy(ecPolicyName);
} catch (RemoteException re) {
throw re.unwrapRemoteException(AccessControlException.class,
SafeModeException.class);
}
} }
public void disableErasureCodingPolicy(String ecPolicyName) public void disableErasureCodingPolicy(String ecPolicyName)
throws IOException { throws IOException {
checkOpen(); checkOpen();
try (TraceScope ignored = tracer.newScope("disableErasureCodingPolicy")) {
namenode.disableErasureCodingPolicy(ecPolicyName); namenode.disableErasureCodingPolicy(ecPolicyName);
} catch (RemoteException re) {
throw re.unwrapRemoteException(AccessControlException.class,
SafeModeException.class);
}
} }
public DFSInotifyEventInputStream getInotifyEventStream() throws IOException { public DFSInotifyEventInputStream getInotifyEventStream() throws IOException {

1
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java
View File

@ -2304,6 +2304,7 @@ public AddECPolicyResponse[] addErasureCodingPolicies(
public void removeErasureCodingPolicy(String ecPolicyName) public void removeErasureCodingPolicy(String ecPolicyName)
throws IOException { throws IOException {
checkNNStartup(); checkNNStartup();
namesystem.checkSuperuserPrivilege();
namesystem.removeErasureCodingPolicy(ecPolicyName); namesystem.removeErasureCodingPolicy(ecPolicyName);
} }

50
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDistributedFileSystem.java
View File

@ -93,6 +93,7 @@
import org.apache.hadoop.net.NetUtils; import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.net.ScriptBasedMapping; import org.apache.hadoop.net.ScriptBasedMapping;
import org.apache.hadoop.net.StaticMapping; import org.apache.hadoop.net.StaticMapping;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.test.GenericTestUtils; import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.util.DataChecksum; import org.apache.hadoop.util.DataChecksum;
@ -1561,6 +1562,27 @@ public void testRemoveErasureCodingPolicy() throws Exception {
fs.removeErasureCodingPolicy(policyName); fs.removeErasureCodingPolicy(policyName);
assertEquals(policyName, ErasureCodingPolicyManager.getInstance(). assertEquals(policyName, ErasureCodingPolicyManager.getInstance().
getRemovedPolicies().get(0).getName()); getRemovedPolicies().get(0).getName());
// remove erasure coding policy as a user without privilege
UserGroupInformation fakeUGI = UserGroupInformation.createUserForTesting(
"ProbablyNotARealUserName", new String[] {"ShangriLa"});
final MiniDFSCluster finalCluster = cluster;
fakeUGI.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
DistributedFileSystem fs = finalCluster.getFileSystem();
try {
fs.removeErasureCodingPolicy(policyName);
fail();
} catch (AccessControlException ace) {
GenericTestUtils.assertExceptionContains("Access denied for user " +
"ProbablyNotARealUserName. Superuser privilege is required",
ace);
}
return null;
}
});
} finally { } finally {
if (cluster != null) { if (cluster != null) {
cluster.shutdown(); cluster.shutdown();
@ -1609,6 +1631,34 @@ public void testEnableAndDisableErasureCodingPolicy() throws Exception {
GenericTestUtils.assertExceptionContains("does not exists", e); GenericTestUtils.assertExceptionContains("does not exists", e);
// pass // pass
} }
// disable and enable erasure coding policy as a user without privilege
UserGroupInformation fakeUGI = UserGroupInformation.createUserForTesting(
"ProbablyNotARealUserName", new String[] {"ShangriLa"});
final MiniDFSCluster finalCluster = cluster;
fakeUGI.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
DistributedFileSystem fs = finalCluster.getFileSystem();
try {
fs.disableErasureCodingPolicy(policyName);
fail();
} catch (AccessControlException ace) {
GenericTestUtils.assertExceptionContains("Access denied for user " +
"ProbablyNotARealUserName. Superuser privilege is required",
ace);
}
try {
fs.enableErasureCodingPolicy(policyName);
fail();
} catch (AccessControlException ace) {
GenericTestUtils.assertExceptionContains("Access denied for user " +
"ProbablyNotARealUserName. Superuser privilege is required",
ace);
}
return null;
}
});
} finally { } finally {
if (cluster != null) { if (cluster != null) {
cluster.shutdown(); cluster.shutdown();

20
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestErasureCodingPolicies.java
View File

@ -693,5 +693,25 @@ public void testAddErasureCodingPolicies() throws Exception {
assertTrue(responses[0].isSucceed()); assertTrue(responses[0].isSucceed());
assertEquals(SystemErasureCodingPolicies.getPolicies().size() + 1, assertEquals(SystemErasureCodingPolicies.getPolicies().size() + 1,
ErasureCodingPolicyManager.getInstance().getPolicies().length); ErasureCodingPolicyManager.getInstance().getPolicies().length);
// add erasure coding policy as a user without privilege
UserGroupInformation fakeUGI = UserGroupInformation.createUserForTesting(
"ProbablyNotARealUserName", new String[] {"ShangriLa"});
final ErasureCodingPolicy ecPolicy = newPolicy;
fakeUGI.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
DistributedFileSystem fs = cluster.getFileSystem();
try {
fs.addErasureCodingPolicies(new ErasureCodingPolicy[]{ecPolicy});
fail();
} catch (AccessControlException ace) {
GenericTestUtils.assertExceptionContains("Access denied for user " +
"ProbablyNotARealUserName. Superuser privilege is required",
ace);
}
return null;
}
});
} }
} }