elek commented on a change in pull request #1801:
URL: https://github.com/apache/ozone/pull/1801#discussion_r565965650
##########
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OMDBCheckpointServlet.java
##########
@@ -106,6 +132,37 @@ public void doGet(HttpServletRequest request,
HttpServletResponse response) {
return;
}
+ // Check ACL for dbCheckpoint only when global Ozone ACL is enable
+ if (om.getAclsEnabled()) {
+ final String remoteUser = request.getRemoteUser();
+ final java.security.Principal userPrincipal = request.getUserPrincipal();
+ if (userPrincipal == null) {
+ // Fallback to checking login user if userPrincipal is null.
+ // Note: In prod, a secure cluster would deploy Kerberos so this case
Review comment:
> I agree. But since you mentioned Kerberos might not be in-use on a
secure cluster, we would still need some sort of user name verification, no? If
that's the case I can adjust the comment.
I think, it's fine as is, the only thing what I would suggest is to remove
the unit test related part from the production code unless it's fully required
(can be convinced, but let me know which test requires is). Just throw an
exception when user is null.
Instead of this:
```
final java.security.Principal userPrincipal =
request.getUserPrincipal();
if (userPrincipal == null) {
// Fallback to checking login user if getUserPrincipal returns null.
// Note: In prod, a secure cluster with Kerberos should not hit this
// branch. This is mostly here for UT and dev testing.
final String remoteUser = request.getRemoteUser();
if (!hasPermission(remoteUser)) {
LOG.error("Permission denied: Current login user '{}' does not
have"
+ " access to /dbCheckpoint.", remoteUser);
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return;
}
```
I would use this:
```
final java.security.Principal userPrincipal = request.getUserPrincipal();
if (userPrincipal == null) {
LOG.error("Permission denied: Current login user '{}' does not
have"
+ " access to /dbCheckpoint.", remoteUser);
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return;
}
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
