[43/49] hbase git commit: HBASE-17978 Ensure superusers can circumvent actions restricted by space quota violations
HBASE-17978 Ensure superusers can circumvent actions restricted by space quota
violations
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/b971b449
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/b971b449
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/b971b449
Branch: refs/heads/master
Commit: b971b449e8de700d7709df2032a5a1429d369394
Parents: ed618da
Author: Josh Elser
Authored: Wed May 3 12:10:50 2017 -0400
Committer: Josh Elser
Committed: Mon May 22 13:41:36 2017 -0400
--
.../hbase/regionserver/RSRpcServices.java | 4 +
.../hbase/quotas/SpaceQuotaHelperForTests.java | 27 +-
.../quotas/TestSuperUserQuotaPermissions.java | 300 +++
3 files changed, 329 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/hbase/blob/b971b449/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
--
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
index 41fe3e5..b3ca94d 100644
---
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
+++
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
@@ -105,6 +105,7 @@ import
org.apache.hadoop.hbase.regionserver.handler.OpenMetaHandler;
import org.apache.hadoop.hbase.regionserver.handler.OpenPriorityRegionHandler;
import org.apache.hadoop.hbase.regionserver.handler.OpenRegionHandler;
import org.apache.hadoop.hbase.regionserver.wal.WALEdit;
+import org.apache.hadoop.hbase.security.Superusers;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.shaded.com.google.protobuf.ByteString;
import org.apache.hadoop.hbase.shaded.com.google.protobuf.Message;
@@ -1509,7 +1510,10 @@ public class RSRpcServices implements
HBaseRPCErrorHandler,
checkOpen();
requestCount.increment();
Region region = getRegion(request.getRegion());
+ // Quota support is enabled, the requesting user is not system/super user
+ // and a quota policy is enforced that disables compactions.
if (QuotaUtil.isQuotaEnabled(getConfiguration()) &&
+ !Superusers.isSuperUser(RpcServer.getRequestUser()) &&
this.regionServer.getRegionServerSpaceQuotaManager().areCompactionsDisabled(
region.getTableDesc().getTableName())) {
throw new DoNotRetryIOException("Compactions on this region are "
http://git-wip-us.apache.org/repos/asf/hbase/blob/b971b449/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
--
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
index b7c51a2..1e2235a 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
@@ -110,6 +110,18 @@ public class SpaceQuotaHelperForTests {
}
}
+ QuotaSettings getTableSpaceQuota(Connection conn, TableName tn) throws
IOException {
+try (QuotaRetriever scanner = QuotaRetriever.open(
+conn.getConfiguration(), new
QuotaFilter().setTableFilter(tn.getNameAsString( {
+ for (QuotaSettings setting : scanner) {
+if (setting.getTableName().equals(tn) && setting.getQuotaType() ==
QuotaType.SPACE) {
+ return setting;
+}
+ }
+ return null;
+}
+ }
+
/**
* Waits 30seconds for the HBase quota table to exist.
*/
@@ -130,7 +142,10 @@ public class SpaceQuotaHelperForTests {
}
void writeData(TableName tn, long sizeInBytes) throws IOException {
-final Connection conn = testUtil.getConnection();
+writeData(testUtil.getConnection(), tn, sizeInBytes);
+ }
+
+ void writeData(Connection conn, TableName tn, long sizeInBytes) throws
IOException {
final Table table = conn.getTable(tn);
try {
List updates = new ArrayList<>();
@@ -226,8 +241,16 @@ public class SpaceQuotaHelperForTests {
return
createTableWithRegions(NamespaceDescriptor.DEFAULT_NAMESPACE_NAME_STR,
numRegions);
}
+ TableName createTableWithRegions(Admin admin, int numRegions) throws
Exception {
+return createTableWithRegions(
+testUtil.getAdmin(), NamespaceDescriptor.DEFAULT_NAMESPACE_NAME_STR,
numRegions);
+ }
+
TableName createTableWithRegions(String namespace, int numRegions) throws
Exception {
-final Admin admin = testUtil.getAdmin();
+
[47/50] [abbrv] hbase git commit: HBASE-17978 Ensure superusers can circumvent actions restricted by space quota violations
HBASE-17978 Ensure superusers can circumvent actions restricted by space quota
violations
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/3b2de2a8
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/3b2de2a8
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/3b2de2a8
Branch: refs/heads/HBASE-16961
Commit: 3b2de2a8fdb33ea05a118ed69783932e352ab089
Parents: dd4066a
Author: Josh Elser
Authored: Wed May 3 12:10:50 2017 -0400
Committer: Josh Elser
Committed: Mon May 22 13:08:12 2017 -0400
--
.../hbase/regionserver/RSRpcServices.java | 4 +
.../hbase/quotas/SpaceQuotaHelperForTests.java | 27 +-
.../quotas/TestSuperUserQuotaPermissions.java | 300 +++
3 files changed, 329 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/hbase/blob/3b2de2a8/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
--
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
index 41fe3e5..b3ca94d 100644
---
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
+++
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
@@ -105,6 +105,7 @@ import
org.apache.hadoop.hbase.regionserver.handler.OpenMetaHandler;
import org.apache.hadoop.hbase.regionserver.handler.OpenPriorityRegionHandler;
import org.apache.hadoop.hbase.regionserver.handler.OpenRegionHandler;
import org.apache.hadoop.hbase.regionserver.wal.WALEdit;
+import org.apache.hadoop.hbase.security.Superusers;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.shaded.com.google.protobuf.ByteString;
import org.apache.hadoop.hbase.shaded.com.google.protobuf.Message;
@@ -1509,7 +1510,10 @@ public class RSRpcServices implements
HBaseRPCErrorHandler,
checkOpen();
requestCount.increment();
Region region = getRegion(request.getRegion());
+ // Quota support is enabled, the requesting user is not system/super user
+ // and a quota policy is enforced that disables compactions.
if (QuotaUtil.isQuotaEnabled(getConfiguration()) &&
+ !Superusers.isSuperUser(RpcServer.getRequestUser()) &&
this.regionServer.getRegionServerSpaceQuotaManager().areCompactionsDisabled(
region.getTableDesc().getTableName())) {
throw new DoNotRetryIOException("Compactions on this region are "
http://git-wip-us.apache.org/repos/asf/hbase/blob/3b2de2a8/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
--
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
index b7c51a2..1e2235a 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
@@ -110,6 +110,18 @@ public class SpaceQuotaHelperForTests {
}
}
+ QuotaSettings getTableSpaceQuota(Connection conn, TableName tn) throws
IOException {
+try (QuotaRetriever scanner = QuotaRetriever.open(
+conn.getConfiguration(), new
QuotaFilter().setTableFilter(tn.getNameAsString( {
+ for (QuotaSettings setting : scanner) {
+if (setting.getTableName().equals(tn) && setting.getQuotaType() ==
QuotaType.SPACE) {
+ return setting;
+}
+ }
+ return null;
+}
+ }
+
/**
* Waits 30seconds for the HBase quota table to exist.
*/
@@ -130,7 +142,10 @@ public class SpaceQuotaHelperForTests {
}
void writeData(TableName tn, long sizeInBytes) throws IOException {
-final Connection conn = testUtil.getConnection();
+writeData(testUtil.getConnection(), tn, sizeInBytes);
+ }
+
+ void writeData(Connection conn, TableName tn, long sizeInBytes) throws
IOException {
final Table table = conn.getTable(tn);
try {
List updates = new ArrayList<>();
@@ -226,8 +241,16 @@ public class SpaceQuotaHelperForTests {
return
createTableWithRegions(NamespaceDescriptor.DEFAULT_NAMESPACE_NAME_STR,
numRegions);
}
+ TableName createTableWithRegions(Admin admin, int numRegions) throws
Exception {
+return createTableWithRegions(
+testUtil.getAdmin(), NamespaceDescriptor.DEFAULT_NAMESPACE_NAME_STR,
numRegions);
+ }
+
TableName createTableWithRegions(String namespace, int numRegions) throws
Exception {
-final Admin admin = testUtil.getAdmin
[49/50] [abbrv] hbase git commit: HBASE-17978 Ensure superusers can circumvent actions restricted by space quota violations
HBASE-17978 Ensure superusers can circumvent actions restricted by space quota
violations
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/3ef2be1f
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/3ef2be1f
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/3ef2be1f
Branch: refs/heads/HBASE-16961
Commit: 3ef2be1f42768d4cb69d8ca127301fa9892624ba
Parents: 3561b11
Author: Josh Elser
Authored: Wed May 3 12:10:50 2017 -0400
Committer: Josh Elser
Committed: Fri May 19 12:37:51 2017 -0400
--
.../hbase/regionserver/RSRpcServices.java | 4 +
.../hbase/quotas/SpaceQuotaHelperForTests.java | 27 +-
.../quotas/TestSuperUserQuotaPermissions.java | 300 +++
3 files changed, 329 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/hbase/blob/3ef2be1f/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
--
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
index 41fe3e5..b3ca94d 100644
---
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
+++
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
@@ -105,6 +105,7 @@ import
org.apache.hadoop.hbase.regionserver.handler.OpenMetaHandler;
import org.apache.hadoop.hbase.regionserver.handler.OpenPriorityRegionHandler;
import org.apache.hadoop.hbase.regionserver.handler.OpenRegionHandler;
import org.apache.hadoop.hbase.regionserver.wal.WALEdit;
+import org.apache.hadoop.hbase.security.Superusers;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.shaded.com.google.protobuf.ByteString;
import org.apache.hadoop.hbase.shaded.com.google.protobuf.Message;
@@ -1509,7 +1510,10 @@ public class RSRpcServices implements
HBaseRPCErrorHandler,
checkOpen();
requestCount.increment();
Region region = getRegion(request.getRegion());
+ // Quota support is enabled, the requesting user is not system/super user
+ // and a quota policy is enforced that disables compactions.
if (QuotaUtil.isQuotaEnabled(getConfiguration()) &&
+ !Superusers.isSuperUser(RpcServer.getRequestUser()) &&
this.regionServer.getRegionServerSpaceQuotaManager().areCompactionsDisabled(
region.getTableDesc().getTableName())) {
throw new DoNotRetryIOException("Compactions on this region are "
http://git-wip-us.apache.org/repos/asf/hbase/blob/3ef2be1f/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
--
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
index b7c51a2..1e2235a 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
@@ -110,6 +110,18 @@ public class SpaceQuotaHelperForTests {
}
}
+ QuotaSettings getTableSpaceQuota(Connection conn, TableName tn) throws
IOException {
+try (QuotaRetriever scanner = QuotaRetriever.open(
+conn.getConfiguration(), new
QuotaFilter().setTableFilter(tn.getNameAsString( {
+ for (QuotaSettings setting : scanner) {
+if (setting.getTableName().equals(tn) && setting.getQuotaType() ==
QuotaType.SPACE) {
+ return setting;
+}
+ }
+ return null;
+}
+ }
+
/**
* Waits 30seconds for the HBase quota table to exist.
*/
@@ -130,7 +142,10 @@ public class SpaceQuotaHelperForTests {
}
void writeData(TableName tn, long sizeInBytes) throws IOException {
-final Connection conn = testUtil.getConnection();
+writeData(testUtil.getConnection(), tn, sizeInBytes);
+ }
+
+ void writeData(Connection conn, TableName tn, long sizeInBytes) throws
IOException {
final Table table = conn.getTable(tn);
try {
List updates = new ArrayList<>();
@@ -226,8 +241,16 @@ public class SpaceQuotaHelperForTests {
return
createTableWithRegions(NamespaceDescriptor.DEFAULT_NAMESPACE_NAME_STR,
numRegions);
}
+ TableName createTableWithRegions(Admin admin, int numRegions) throws
Exception {
+return createTableWithRegions(
+testUtil.getAdmin(), NamespaceDescriptor.DEFAULT_NAMESPACE_NAME_STR,
numRegions);
+ }
+
TableName createTableWithRegions(String namespace, int numRegions) throws
Exception {
-final Admin admin = testUtil.getAdmin
hbase git commit: HBASE-17978 Ensure superusers can circumvent actions restricted by space quota violations
Repository: hbase
Updated Branches:
refs/heads/HBASE-16961 ea14f -> 06f71477c
HBASE-17978 Ensure superusers can circumvent actions restricted by space quota
violations
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/06f71477
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/06f71477
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/06f71477
Branch: refs/heads/HBASE-16961
Commit: 06f71477c087b7c695786042e353769578dfd74c
Parents: ea1
Author: Josh Elser
Authored: Wed May 3 12:10:50 2017 -0400
Committer: Josh Elser
Committed: Wed May 3 17:01:56 2017 -0400
--
.../hbase/regionserver/RSRpcServices.java | 4 +
.../hbase/quotas/SpaceQuotaHelperForTests.java | 27 +-
.../quotas/TestSuperUserQuotaPermissions.java | 300 +++
3 files changed, 329 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/hbase/blob/06f71477/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
--
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
index 679bba2..56fccce 100644
---
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
+++
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
@@ -112,6 +112,7 @@ import
org.apache.hadoop.hbase.regionserver.handler.OpenMetaHandler;
import org.apache.hadoop.hbase.regionserver.handler.OpenPriorityRegionHandler;
import org.apache.hadoop.hbase.regionserver.handler.OpenRegionHandler;
import org.apache.hadoop.hbase.regionserver.wal.WALEdit;
+import org.apache.hadoop.hbase.security.Superusers;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.shaded.com.google.protobuf.ByteString;
import org.apache.hadoop.hbase.shaded.com.google.protobuf.Message;
@@ -1471,7 +1472,10 @@ public class RSRpcServices implements
HBaseRPCErrorHandler,
checkOpen();
requestCount.increment();
Region region = getRegion(request.getRegion());
+ // Quota support is enabled, the requesting user is not system/super user
+ // and a quota policy is enforced that disables compactions.
if (QuotaUtil.isQuotaEnabled(getConfiguration()) &&
+ !Superusers.isSuperUser(RpcServer.getRequestUser()) &&
this.regionServer.getRegionServerSpaceQuotaManager().areCompactionsDisabled(
region.getTableDesc().getTableName())) {
throw new DoNotRetryIOException("Compactions on this region are "
http://git-wip-us.apache.org/repos/asf/hbase/blob/06f71477/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
--
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
index b7c51a2..1e2235a 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/quotas/SpaceQuotaHelperForTests.java
@@ -110,6 +110,18 @@ public class SpaceQuotaHelperForTests {
}
}
+ QuotaSettings getTableSpaceQuota(Connection conn, TableName tn) throws
IOException {
+try (QuotaRetriever scanner = QuotaRetriever.open(
+conn.getConfiguration(), new
QuotaFilter().setTableFilter(tn.getNameAsString( {
+ for (QuotaSettings setting : scanner) {
+if (setting.getTableName().equals(tn) && setting.getQuotaType() ==
QuotaType.SPACE) {
+ return setting;
+}
+ }
+ return null;
+}
+ }
+
/**
* Waits 30seconds for the HBase quota table to exist.
*/
@@ -130,7 +142,10 @@ public class SpaceQuotaHelperForTests {
}
void writeData(TableName tn, long sizeInBytes) throws IOException {
-final Connection conn = testUtil.getConnection();
+writeData(testUtil.getConnection(), tn, sizeInBytes);
+ }
+
+ void writeData(Connection conn, TableName tn, long sizeInBytes) throws
IOException {
final Table table = conn.getTable(tn);
try {
List updates = new ArrayList<>();
@@ -226,8 +241,16 @@ public class SpaceQuotaHelperForTests {
return
createTableWithRegions(NamespaceDescriptor.DEFAULT_NAMESPACE_NAME_STR,
numRegions);
}
+ TableName createTableWithRegions(Admin admin, int numRegions) throws
Exception {
+return createTableWithRegions(
+testUtil.getAdmin(), NamespaceDescriptor.DEFAULT_NAMESPACE_NAME_STR,
numRegions);
+ }
+
TableName createTableWithRegions(String name
