errose28 commented on a change in pull request #2217:
URL: https://github.com/apache/ozone/pull/2217#discussion_r631195733
##########
File path:
hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java
##########
@@ -663,13 +663,33 @@ public boolean getReplicationManagerStatus() {
@Override
public StatusAndMessages finalizeScmUpgrade(String upgradeClientID) throws
IOException {
+ // check admin authorization
+ String remoteUser = getRpcRemoteUsername();
+ try {
+ getScm().checkAdminAccess(remoteUser);
+ } catch (IOException e) {
+ LOG.error("Authorisation failed for finalize scm upgrade", e);
+ throw e;
+ }
return scm.finalizeUpgrade(upgradeClientID);
}
@Override
public StatusAndMessages queryUpgradeFinalizationProgress(
String upgradeClientID, boolean force, boolean readonly)
- throws IOException {
+ throws IOException {
+ if (!readonly) {
Review comment:
When readonly=true, the caller gets the status of the upgrade only. When
readonly=false, the caller gets the status of the upgrade as well as any queued
messages about the upgrade progress (see
`StorageContainerManager#queryUpgradeFinalizationProgress`). These messages are
only delivered once, since we don't keep track of which client has received
which messages. Anyone should be able to query the status of the upgrade, but
we do not want to allow regular users to steal upgrade messages intended for
admins.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
