HDFS-15053. RBF: Add permission check for safemode operation. Contributed by Xiaoqiao He.
This commit is contained in:
parent
7fe924b1c0
commit
72aee114f8
@ -241,6 +241,13 @@ public InetSocketAddress getRpcAddress() {
|
||||
return this.adminAddress;
|
||||
}
|
||||
|
||||
void checkSuperuserPrivilege() throws AccessControlException {
|
||||
RouterPermissionChecker pc = RouterAdminServer.getPermissionChecker();
|
||||
if (pc != null) {
|
||||
pc.checkSuperuserPrivilege();
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void serviceInit(Configuration configuration) throws Exception {
|
||||
this.conf = configuration;
|
||||
@ -392,6 +399,7 @@ public GetMountTableEntriesResponse getMountTableEntries(
|
||||
@Override
|
||||
public EnterSafeModeResponse enterSafeMode(EnterSafeModeRequest request)
|
||||
throws IOException {
|
||||
checkSuperuserPrivilege();
|
||||
boolean success = false;
|
||||
RouterSafemodeService safeModeService = this.router.getSafemodeService();
|
||||
if (safeModeService != null) {
|
||||
@ -412,6 +420,7 @@ public EnterSafeModeResponse enterSafeMode(EnterSafeModeRequest request)
|
||||
@Override
|
||||
public LeaveSafeModeResponse leaveSafeMode(LeaveSafeModeRequest request)
|
||||
throws IOException {
|
||||
checkSuperuserPrivilege();
|
||||
boolean success = false;
|
||||
RouterSafemodeService safeModeService = this.router.getSafemodeService();
|
||||
if (safeModeService != null) {
|
||||
@ -508,11 +517,7 @@ private boolean verifySafeMode(boolean isInSafeMode) {
|
||||
@Override
|
||||
public DisableNameserviceResponse disableNameservice(
|
||||
DisableNameserviceRequest request) throws IOException {
|
||||
|
||||
RouterPermissionChecker pc = getPermissionChecker();
|
||||
if (pc != null) {
|
||||
pc.checkSuperuserPrivilege();
|
||||
}
|
||||
checkSuperuserPrivilege();
|
||||
|
||||
String nsId = request.getNameServiceId();
|
||||
boolean success = false;
|
||||
@ -545,10 +550,7 @@ private boolean namespaceExists(final String nsId) throws IOException {
|
||||
@Override
|
||||
public EnableNameserviceResponse enableNameservice(
|
||||
EnableNameserviceRequest request) throws IOException {
|
||||
RouterPermissionChecker pc = getPermissionChecker();
|
||||
if (pc != null) {
|
||||
pc.checkSuperuserPrivilege();
|
||||
}
|
||||
checkSuperuserPrivilege();
|
||||
|
||||
String nsId = request.getNameServiceId();
|
||||
DisabledNameserviceStore store = getDisabledNameserviceStore();
|
||||
|
@ -862,6 +862,43 @@ public void testSafeModeStatus() throws Exception {
|
||||
assertTrue(out.toString().contains("false"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSafeModePermission() throws Exception {
|
||||
// ensure the Router become RUNNING state
|
||||
waitState(RouterServiceState.RUNNING);
|
||||
assertFalse(routerContext.getRouter().getSafemodeService().isInSafeMode());
|
||||
|
||||
UserGroupInformation superUser = UserGroupInformation.createRemoteUser(
|
||||
UserGroupInformation.getCurrentUser().getShortUserName());
|
||||
UserGroupInformation remoteUser = UserGroupInformation
|
||||
.createRemoteUser(TEST_USER);
|
||||
try {
|
||||
// use normal user as current user to test
|
||||
UserGroupInformation.setLoginUser(remoteUser);
|
||||
assertEquals(-1,
|
||||
ToolRunner.run(admin, new String[]{"-safemode", "enter"}));
|
||||
|
||||
// set back login user
|
||||
UserGroupInformation.setLoginUser(superUser);
|
||||
assertEquals(0,
|
||||
ToolRunner.run(admin, new String[]{"-safemode", "enter"}));
|
||||
|
||||
// use normal user as current user to test
|
||||
UserGroupInformation.setLoginUser(remoteUser);
|
||||
assertEquals(-1,
|
||||
ToolRunner.run(admin, new String[]{"-safemode", "leave"}));
|
||||
|
||||
// set back login user
|
||||
UserGroupInformation.setLoginUser(superUser);
|
||||
assertEquals(0,
|
||||
ToolRunner.run(admin, new String[]{"-safemode", "leave"}));
|
||||
} finally {
|
||||
// set back login user to make sure it doesn't pollute other unit tests
|
||||
// even this one fails.
|
||||
UserGroupInformation.setLoginUser(superUser);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCreateInvalidEntry() throws Exception {
|
||||
String[] argv = new String[] {
|
||||
|
Loading…
Reference in New Issue
Block a user