ThomasMarquardt commented on a change in pull request #2504:
URL: https://github.com/apache/hadoop/pull/2504#discussion_r535475833
##########
File path:
hadoop-tools/hadoop-azure/src/test/java/org/apache/hadoop/fs/azurebfs/ITestAzureBlobFileSystemDelegationSAS.java
##########
@@ -410,4 +417,64 @@ public void testSignatureMaskOnExceptionMessage() throws
Exception {
.renamePath("testABC/test.xt", "testABC/abc.txt", null));
}
+ @Test
+ // SetPermission should fail when saoid is not the owner and succeed when it
is.
+ public void testSetPermissionForNonOwner() throws Exception {
+ final AzureBlobFileSystem fs = getFileSystem();
+
+ Path rootPath = new Path("/");
+ FileStatus rootStatus = fs.getFileStatus(rootPath);
+ assertEquals("The permissions are not expected.",
+ "rwxr-x---",
+ rootStatus.getPermission().toString());
+ assertNotEquals("The owner is not expected.",
+ MockDelegationSASTokenProvider.TEST_OWNER,
+ rootStatus.getOwner());
+
+ // Attempt to set permission without being the owner.
+ try {
Review comment:
Thanks @steveloughran for the heads up regarding the intercept helper.
I'll wait for a review from a member next time. By the way, the
DelegationSASGenerator.java file demonstrates the minimal permissions required
for each operation, and is used by some as a guide for implementing a
SASTokenProvider. If anyone picked up the previous change for HADOOP-17397,
they should pick up this fix too since the previous commit introduced an
elevation of privilege bug.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
