This is an automated email from the ASF dual-hosted git repository.
vjasani pushed a commit to branch branch-2.4
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2.4 by this push:
new f5a7fff HBASE-25456 : add security check for setRegionStateInMeta
(#2835) (#2833)
f5a7fff is described below
commit f5a7fffd8bdb4c78a05a4ecb6c2bf04137d66f7c
Author: lujiefsi <[email protected]>
AuthorDate: Fri Jan 1 14:49:25 2021 +0800
HBASE-25456 : add security check for setRegionStateInMeta (#2835) (#2833)
Signed-off-by: Viraj Jasani <[email protected]>
---
.../hadoop/hbase/master/MasterRpcServices.java | 1 +
.../security/access/TestAccessController.java | 24 ++++++++++++++++++++++
2 files changed, 25 insertions(+)
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
index 77d5918..c3b94d9 100644
---
a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
+++
b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
@@ -2519,6 +2519,7 @@ public class MasterRpcServices extends RSRpcServices
implements
@Override
public SetRegionStateInMetaResponse setRegionStateInMeta(RpcController
controller,
SetRegionStateInMetaRequest request) throws ServiceException {
+ rpcPreCheck("setRegionStateInMeta");
SetRegionStateInMetaResponse.Builder builder =
SetRegionStateInMetaResponse.newBuilder();
try {
for (RegionSpecifierAndState s : request.getStatesList()) {
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
index 28f1b79..94b2385 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
@@ -36,7 +36,10 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
+
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.fs.FileStatus;
@@ -69,6 +72,7 @@ import org.apache.hadoop.hbase.client.Hbck;
import org.apache.hadoop.hbase.client.Increment;
import org.apache.hadoop.hbase.client.MasterSwitchType;
import org.apache.hadoop.hbase.client.Put;
+import org.apache.hadoop.hbase.client.RegionInfo;
import org.apache.hadoop.hbase.client.RegionLocator;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.ResultScanner;
@@ -102,6 +106,7 @@ import org.apache.hadoop.hbase.io.hfile.HFileContext;
import org.apache.hadoop.hbase.io.hfile.HFileContextBuilder;
import org.apache.hadoop.hbase.master.HMaster;
import org.apache.hadoop.hbase.master.MasterCoprocessorHost;
+import org.apache.hadoop.hbase.master.RegionState;
import org.apache.hadoop.hbase.master.locking.LockProcedure;
import org.apache.hadoop.hbase.master.procedure.MasterProcedureEnv;
import org.apache.hadoop.hbase.master.procedure.TableProcedureInterface;
@@ -391,6 +396,25 @@ public class TestAccessController extends SecureTestUtil {
}
@Test
+ public void testUnauthorizedSetRegionStateInMeta() throws Exception {
+ Admin admin = TEST_UTIL.getAdmin();
+ final List<RegionInfo> regions = admin.getRegions(TEST_TABLE);
+ RegionInfo closeRegion = regions.get(0);
+ Map<String, RegionState.State> newStates = new HashMap<>();
+ newStates.put(closeRegion.getEncodedName(), RegionState.State.CLOSED);
+ AccessTestAction action = () -> {
+ try(Connection conn =
ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
+ Hbck hbck = conn.getHbck()){
+ hbck.setRegionStateInMeta(newStates);
+ }
+ return null;
+ };
+
+ verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE,
USER_GROUP_READ,
+ USER_GROUP_WRITE, USER_GROUP_CREATE);
+ }
+
+ @Test
public void testUnauthorizedFixMeta() throws Exception {
AccessTestAction action = () -> {
try(Connection conn =
ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
