HDFS-15053. RBF: Add permission check for safemode operation. Contributed by Xiaoqiao He.
This commit is contained in:
parent
7fe924b1c0
commit
72aee114f8
@ -241,6 +241,13 @@ public InetSocketAddress getRpcAddress() {
|
|||||||
return this.adminAddress;
|
return this.adminAddress;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void checkSuperuserPrivilege() throws AccessControlException {
|
||||||
|
RouterPermissionChecker pc = RouterAdminServer.getPermissionChecker();
|
||||||
|
if (pc != null) {
|
||||||
|
pc.checkSuperuserPrivilege();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void serviceInit(Configuration configuration) throws Exception {
|
protected void serviceInit(Configuration configuration) throws Exception {
|
||||||
this.conf = configuration;
|
this.conf = configuration;
|
||||||
@ -392,6 +399,7 @@ public GetMountTableEntriesResponse getMountTableEntries(
|
|||||||
@Override
|
@Override
|
||||||
public EnterSafeModeResponse enterSafeMode(EnterSafeModeRequest request)
|
public EnterSafeModeResponse enterSafeMode(EnterSafeModeRequest request)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
|
checkSuperuserPrivilege();
|
||||||
boolean success = false;
|
boolean success = false;
|
||||||
RouterSafemodeService safeModeService = this.router.getSafemodeService();
|
RouterSafemodeService safeModeService = this.router.getSafemodeService();
|
||||||
if (safeModeService != null) {
|
if (safeModeService != null) {
|
||||||
@ -412,6 +420,7 @@ public EnterSafeModeResponse enterSafeMode(EnterSafeModeRequest request)
|
|||||||
@Override
|
@Override
|
||||||
public LeaveSafeModeResponse leaveSafeMode(LeaveSafeModeRequest request)
|
public LeaveSafeModeResponse leaveSafeMode(LeaveSafeModeRequest request)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
|
checkSuperuserPrivilege();
|
||||||
boolean success = false;
|
boolean success = false;
|
||||||
RouterSafemodeService safeModeService = this.router.getSafemodeService();
|
RouterSafemodeService safeModeService = this.router.getSafemodeService();
|
||||||
if (safeModeService != null) {
|
if (safeModeService != null) {
|
||||||
@ -508,11 +517,7 @@ private boolean verifySafeMode(boolean isInSafeMode) {
|
|||||||
@Override
|
@Override
|
||||||
public DisableNameserviceResponse disableNameservice(
|
public DisableNameserviceResponse disableNameservice(
|
||||||
DisableNameserviceRequest request) throws IOException {
|
DisableNameserviceRequest request) throws IOException {
|
||||||
|
checkSuperuserPrivilege();
|
||||||
RouterPermissionChecker pc = getPermissionChecker();
|
|
||||||
if (pc != null) {
|
|
||||||
pc.checkSuperuserPrivilege();
|
|
||||||
}
|
|
||||||
|
|
||||||
String nsId = request.getNameServiceId();
|
String nsId = request.getNameServiceId();
|
||||||
boolean success = false;
|
boolean success = false;
|
||||||
@ -545,10 +550,7 @@ private boolean namespaceExists(final String nsId) throws IOException {
|
|||||||
@Override
|
@Override
|
||||||
public EnableNameserviceResponse enableNameservice(
|
public EnableNameserviceResponse enableNameservice(
|
||||||
EnableNameserviceRequest request) throws IOException {
|
EnableNameserviceRequest request) throws IOException {
|
||||||
RouterPermissionChecker pc = getPermissionChecker();
|
checkSuperuserPrivilege();
|
||||||
if (pc != null) {
|
|
||||||
pc.checkSuperuserPrivilege();
|
|
||||||
}
|
|
||||||
|
|
||||||
String nsId = request.getNameServiceId();
|
String nsId = request.getNameServiceId();
|
||||||
DisabledNameserviceStore store = getDisabledNameserviceStore();
|
DisabledNameserviceStore store = getDisabledNameserviceStore();
|
||||||
|
@ -862,6 +862,43 @@ public void testSafeModeStatus() throws Exception {
|
|||||||
assertTrue(out.toString().contains("false"));
|
assertTrue(out.toString().contains("false"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testSafeModePermission() throws Exception {
|
||||||
|
// ensure the Router become RUNNING state
|
||||||
|
waitState(RouterServiceState.RUNNING);
|
||||||
|
assertFalse(routerContext.getRouter().getSafemodeService().isInSafeMode());
|
||||||
|
|
||||||
|
UserGroupInformation superUser = UserGroupInformation.createRemoteUser(
|
||||||
|
UserGroupInformation.getCurrentUser().getShortUserName());
|
||||||
|
UserGroupInformation remoteUser = UserGroupInformation
|
||||||
|
.createRemoteUser(TEST_USER);
|
||||||
|
try {
|
||||||
|
// use normal user as current user to test
|
||||||
|
UserGroupInformation.setLoginUser(remoteUser);
|
||||||
|
assertEquals(-1,
|
||||||
|
ToolRunner.run(admin, new String[]{"-safemode", "enter"}));
|
||||||
|
|
||||||
|
// set back login user
|
||||||
|
UserGroupInformation.setLoginUser(superUser);
|
||||||
|
assertEquals(0,
|
||||||
|
ToolRunner.run(admin, new String[]{"-safemode", "enter"}));
|
||||||
|
|
||||||
|
// use normal user as current user to test
|
||||||
|
UserGroupInformation.setLoginUser(remoteUser);
|
||||||
|
assertEquals(-1,
|
||||||
|
ToolRunner.run(admin, new String[]{"-safemode", "leave"}));
|
||||||
|
|
||||||
|
// set back login user
|
||||||
|
UserGroupInformation.setLoginUser(superUser);
|
||||||
|
assertEquals(0,
|
||||||
|
ToolRunner.run(admin, new String[]{"-safemode", "leave"}));
|
||||||
|
} finally {
|
||||||
|
// set back login user to make sure it doesn't pollute other unit tests
|
||||||
|
// even this one fails.
|
||||||
|
UserGroupInformation.setLoginUser(superUser);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testCreateInvalidEntry() throws Exception {
|
public void testCreateInvalidEntry() throws Exception {
|
||||||
String[] argv = new String[] {
|
String[] argv = new String[] {
|
||||||
|
Loading…
Reference in New Issue
Block a user