Repository: hbase Updated Branches: refs/heads/branch-1 435530b4d -> 1f1a2c514
HBASE-11136 Add permission check to roll WAL writer (Jerry He) Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/1f1a2c51 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/1f1a2c51 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/1f1a2c51 Branch: refs/heads/branch-1 Commit: 1f1a2c514ec4fcc45f8f6d9979069b8a1bfbcc9e Parents: 435530b Author: Ted Yu <[email protected]> Authored: Mon Sep 15 16:22:38 2014 +0000 Committer: Ted Yu <[email protected]> Committed: Mon Sep 15 16:23:41 2014 +0000 ---------------------------------------------------------------------- .../coprocessor/BaseRegionServerObserver.java | 8 ++++++++ .../hbase/coprocessor/RegionServerObserver.java | 16 ++++++++++++++++ .../hbase/regionserver/RSRpcServices.java | 1 + .../RegionServerCoprocessorHost.java | 20 ++++++++++++++++++++ .../hbase/security/access/AccessController.java | 10 ++++++++++ .../security/access/TestAccessController.java | 14 ++++++++++++++ 6 files changed, 69 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/1f1a2c51/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java index 4f51d5b..afcd457 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java @@ -68,4 +68,12 @@ public class BaseRegionServerObserver implements RegionServerObserver { public void postRollBackMerge(ObserverContext<RegionServerCoprocessorEnvironment> ctx, HRegion regionA, HRegion regionB) throws IOException { } + @Override + public void preRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx) + throws IOException { } + + @Override + public void postRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx) + throws IOException { } + } http://git-wip-us.apache.org/repos/asf/hbase/blob/1f1a2c51/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java index df1018e..8a76d46 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java @@ -105,4 +105,20 @@ public interface RegionServerObserver extends Coprocessor { void postRollBackMerge(final ObserverContext<RegionServerCoprocessorEnvironment> ctx, final HRegion regionA, final HRegion regionB) throws IOException; + /** + * This will be called before executing user request to roll a region server WAL. + * @param ctx An instance of ObserverContext + * @throws IOException Signals that an I/O exception has occurred. + */ + void preRollWALWriterRequest(final ObserverContext<RegionServerCoprocessorEnvironment> ctx) + throws IOException; + + /** + * This will be called after executing user request to roll a region server WAL. + * @param ctx An instance of ObserverContext + * @throws IOException Signals that an I/O exception has occurred. + */ + void postRollWALWriterRequest(final ObserverContext<RegionServerCoprocessorEnvironment> ctx) + throws IOException; + } http://git-wip-us.apache.org/repos/asf/hbase/blob/1f1a2c51/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java index 0bd9067..647c904 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java @@ -1469,6 +1469,7 @@ public class RSRpcServices implements HBaseRPCErrorHandler, try { checkOpen(); requestCount.increment(); + regionServer.getRegionServerCoprocessorHost().preRollWALWriterRequest(); HLog wal = regionServer.getWAL(); byte[][] regionsToFlush = wal.rollWriter(true); RollWALWriterResponse.Builder builder = RollWALWriterResponse.newBuilder(); http://git-wip-us.apache.org/repos/asf/hbase/blob/1f1a2c51/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java index 46d482c..2a4d635 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java @@ -136,6 +136,26 @@ public class RegionServerCoprocessorHost extends }); } + public void preRollWALWriterRequest() throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + @Override + public void call(RegionServerObserver oserver, + ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException { + oserver.preRollWALWriterRequest(ctx); + } + }); + } + + public void postRollWALWriterRequest() throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + @Override + public void call(RegionServerObserver oserver, + ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException { + oserver.postRollWALWriterRequest(ctx); + } + }); + } + private static abstract class CoprocessorOperation extends ObserverContext<RegionServerCoprocessorEnvironment> { public CoprocessorOperation() { http://git-wip-us.apache.org/repos/asf/hbase/blob/1f1a2c51/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java index 2e23860..0cba3bd 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java @@ -2207,4 +2207,14 @@ public class AccessController extends BaseMasterAndRegionObserver @Override public void postRollBackMerge(ObserverContext<RegionServerCoprocessorEnvironment> ctx, HRegion regionA, HRegion regionB) throws IOException { } + + @Override + public void preRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx) + throws IOException { + requirePermission("preRollLogWriterRequest", Permission.Action.ADMIN); + } + + @Override + public void postRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx) + throws IOException { } } http://git-wip-us.apache.org/repos/asf/hbase/blob/1f1a2c51/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index 2075762..a6e3d71 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -1794,6 +1794,20 @@ public class TestAccessController extends SecureTestUtil { } @Test + public void testRollWALWriterRequest() throws Exception { + AccessTestAction action = new AccessTestAction() { + @Override + public Object run() throws Exception { + ACCESS_CONTROLLER.preRollWALWriterRequest(ObserverContext.createAndPrepare(RSCP_ENV, null)); + return null; + } + }; + + verifyAllowed(action, SUPERUSER, USER_ADMIN); + verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE); + } + + @Test public void testOpenRegion() throws Exception { AccessTestAction action = new AccessTestAction() { @Override
