Repository: hbase Updated Branches: refs/heads/0.98 bdf7a9142 -> 2bf6dc07d
HBASE-11136 Add permission check to roll WAL writer (Jerry He) Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/2bf6dc07 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/2bf6dc07 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/2bf6dc07 Branch: refs/heads/0.98 Commit: 2bf6dc07d678566cd90bbb9fe3875af5ca121bc6 Parents: bdf7a91 Author: Andrew Purtell <[email protected]> Authored: Mon Sep 15 10:51:13 2014 -0700 Committer: Andrew Purtell <[email protected]> Committed: Mon Sep 15 10:51:13 2014 -0700 ---------------------------------------------------------------------- .../coprocessor/BaseRegionServerObserver.java | 8 ++++++++ .../hbase/coprocessor/RegionServerObserver.java | 16 ++++++++++++++++ .../hbase/regionserver/HRegionServer.java | 3 +++ .../RegionServerCoprocessorHost.java | 20 ++++++++++++++++++++ .../hbase/security/access/AccessController.java | 10 ++++++++++ .../security/access/TestAccessController.java | 14 ++++++++++++++ 6 files changed, 71 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/2bf6dc07/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java index 4f51d5b..afcd457 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java @@ -68,4 +68,12 @@ public class BaseRegionServerObserver implements RegionServerObserver { public void postRollBackMerge(ObserverContext<RegionServerCoprocessorEnvironment> ctx, HRegion regionA, HRegion regionB) throws IOException { } + @Override + public void preRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx) + throws IOException { } + + @Override + public void postRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx) + throws IOException { } + } http://git-wip-us.apache.org/repos/asf/hbase/blob/2bf6dc07/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java index df1018e..8a76d46 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java @@ -105,4 +105,20 @@ public interface RegionServerObserver extends Coprocessor { void postRollBackMerge(final ObserverContext<RegionServerCoprocessorEnvironment> ctx, final HRegion regionA, final HRegion regionB) throws IOException; + /** + * This will be called before executing user request to roll a region server WAL. + * @param ctx An instance of ObserverContext + * @throws IOException Signals that an I/O exception has occurred. + */ + void preRollWALWriterRequest(final ObserverContext<RegionServerCoprocessorEnvironment> ctx) + throws IOException; + + /** + * This will be called after executing user request to roll a region server WAL. + * @param ctx An instance of ObserverContext + * @throws IOException Signals that an I/O exception has occurred. + */ + void postRollWALWriterRequest(final ObserverContext<RegionServerCoprocessorEnvironment> ctx) + throws IOException; + } http://git-wip-us.apache.org/repos/asf/hbase/blob/2bf6dc07/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java index 392fc70..f808a0d 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java @@ -4148,6 +4148,9 @@ public class HRegionServer implements ClientProtos.ClientService.BlockingInterfa try { checkOpen(); requestCount.increment(); + if (this.rsHost != null) { + this.rsHost.preRollWALWriterRequest(); + } HLog wal = this.getWAL(); byte[][] regionsToFlush = wal.rollWriter(true); RollWALWriterResponse.Builder builder = RollWALWriterResponse.newBuilder(); http://git-wip-us.apache.org/repos/asf/hbase/blob/2bf6dc07/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java index 46d482c..2a4d635 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java @@ -136,6 +136,26 @@ public class RegionServerCoprocessorHost extends }); } + public void preRollWALWriterRequest() throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + @Override + public void call(RegionServerObserver oserver, + ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException { + oserver.preRollWALWriterRequest(ctx); + } + }); + } + + public void postRollWALWriterRequest() throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + @Override + public void call(RegionServerObserver oserver, + ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException { + oserver.postRollWALWriterRequest(ctx); + } + }); + } + private static abstract class CoprocessorOperation extends ObserverContext<RegionServerCoprocessorEnvironment> { public CoprocessorOperation() { http://git-wip-us.apache.org/repos/asf/hbase/blob/2bf6dc07/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java index bc9a45a..5147b92 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java @@ -2197,4 +2197,14 @@ public class AccessController extends BaseMasterAndRegionObserver @Override public void postRollBackMerge(ObserverContext<RegionServerCoprocessorEnvironment> ctx, HRegion regionA, HRegion regionB) throws IOException { } + + @Override + public void preRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx) + throws IOException { + requirePermission("preRollLogWriterRequest", Permission.Action.ADMIN); + } + + @Override + public void postRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx) + throws IOException { } } http://git-wip-us.apache.org/repos/asf/hbase/blob/2bf6dc07/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index f1d4d3f..c66faa4 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -1775,6 +1775,20 @@ public class TestAccessController extends SecureTestUtil { } @Test + public void testRollWALWriterRequest() throws Exception { + AccessTestAction action = new AccessTestAction() { + @Override + public Object run() throws Exception { + ACCESS_CONTROLLER.preRollWALWriterRequest(ObserverContext.createAndPrepare(RSCP_ENV, null)); + return null; + } + }; + + verifyAllowed(action, SUPERUSER, USER_ADMIN); + verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE); + } + + @Test public void testOpenRegion() throws Exception { AccessTestAction action = new AccessTestAction() { @Override
