[
https://issues.apache.org/jira/browse/HADOOP-17397?focusedWorklogId=519806&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-519806
]
ASF GitHub Bot logged work on HADOOP-17397:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 03/Dec/20 18:22
Start Date: 03/Dec/20 18:22
Worklog Time Spent: 10m
Work Description: ThomasMarquardt commented on a change in pull request
#2504:
URL: https://github.com/apache/hadoop/pull/2504#discussion_r535475833
##########
File path:
hadoop-tools/hadoop-azure/src/test/java/org/apache/hadoop/fs/azurebfs/ITestAzureBlobFileSystemDelegationSAS.java
##########
@@ -410,4 +417,64 @@ public void testSignatureMaskOnExceptionMessage() throws
Exception {
.renamePath("testABC/test.xt", "testABC/abc.txt", null));
}
+ @Test
+ // SetPermission should fail when saoid is not the owner and succeed when it
is.
+ public void testSetPermissionForNonOwner() throws Exception {
+ final AzureBlobFileSystem fs = getFileSystem();
+
+ Path rootPath = new Path("/");
+ FileStatus rootStatus = fs.getFileStatus(rootPath);
+ assertEquals("The permissions are not expected.",
+ "rwxr-x---",
+ rootStatus.getPermission().toString());
+ assertNotEquals("The owner is not expected.",
+ MockDelegationSASTokenProvider.TEST_OWNER,
+ rootStatus.getOwner());
+
+ // Attempt to set permission without being the owner.
+ try {
Review comment:
Thanks @steveloughran for the heads up regarding the intercept helper.
I'll wait for a review from a member next time. By the way, the
DelegationSASGenerator.java file demonstrates the minimal permissions required
for each operation, and is used by some as a guide for implementing a
SASTokenProvider. If anyone picked up the previous change for HADOOP-17397,
they should pick up this fix too since the previous commit introduced an
elevation of privilege bug.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 519806)
Time Spent: 1h 50m (was: 1h 40m)
> ABFS: SAS Test updates for version and permission update
> --------------------------------------------------------
>
> Key: HADOOP-17397
> URL: https://issues.apache.org/jira/browse/HADOOP-17397
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/azure
> Affects Versions: 3.3.0
> Reporter: Sneha Vijayarajan
> Assignee: Sneha Vijayarajan
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.3.1
>
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> This Jira will track the below 2 updates to SAS test code:
> # Upgrading the SAS version in Service SAS generator (test code)
> # Updating the permission in Delegation SAS to "op" from "p" for ACL
> operation as identities added as suoid/saoid added by tests are not owners of
> test path (Again test code).
> [Relevant public documentation:
> https://docs.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas#specify-a-signed-object-id-for-a-security-principal-preview|https://docs.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas#specify-a-signed-object-id-for-a-security-principal-preview]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
