errose28 commented on a change in pull request #2217:
URL: https://github.com/apache/ozone/pull/2217#discussion_r631216191
##########
File path:
hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java
##########
@@ -663,13 +663,33 @@ public boolean getReplicationManagerStatus() {
@Override
public StatusAndMessages finalizeScmUpgrade(String upgradeClientID) throws
IOException {
+ // check admin authorization
+ String remoteUser = getRpcRemoteUsername();
+ try {
+ getScm().checkAdminAccess(remoteUser);
+ } catch (IOException e) {
+ LOG.error("Authorisation failed for finalize scm upgrade", e);
+ throw e;
+ }
return scm.finalizeUpgrade(upgradeClientID);
}
@Override
public StatusAndMessages queryUpgradeFinalizationProgress(
String upgradeClientID, boolean force, boolean readonly)
- throws IOException {
+ throws IOException {
+ if (!readonly) {
Review comment:
This isn't a problem for OM
(`OzoneManager#queryUpgradeFinalizationProgress`) due to differences in where
admin access is checked between OM and SCM. We check admin access in the
finalize upgrade OM request, where the readonly flag is false. Other calls just
querying the status have the readonly flag set to true.
So in SCM we have to authenticate in this method, but in the OM equivalent
we can authenticate before this method.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
