Return-Path: X-Original-To: apmail-hbase-commits-archive@www.apache.org Delivered-To: apmail-hbase-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8B5C6178E3 for ; Mon, 27 Apr 2015 16:26:37 +0000 (UTC) Received: (qmail 30664 invoked by uid 500); 27 Apr 2015 16:26:32 -0000 Delivered-To: apmail-hbase-commits-archive@hbase.apache.org Received: (qmail 30625 invoked by uid 500); 27 Apr 2015 16:26:32 -0000 Mailing-List: contact commits-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hbase.apache.org Delivered-To: mailing list commits@hbase.apache.org Received: (qmail 30616 invoked by uid 99); 27 Apr 2015 16:26:32 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Apr 2015 16:26:32 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 2B432E17BF; Mon, 27 Apr 2015 16:26:32 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: ddas@apache.org To: commits@hbase.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: hbase git commit: HBASE-12552 Backport listSnapshots should list only owned snapshots for non-super user (Ashish Singhi) Date: Mon, 27 Apr 2015 16:26:32 +0000 (UTC) Repository: hbase Updated Branches: refs/heads/branch-1 5bee2930e -> 93af6b65a HBASE-12552 Backport listSnapshots should list only owned snapshots for non-super user (Ashish Singhi) Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/93af6b65 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/93af6b65 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/93af6b65 Branch: refs/heads/branch-1 Commit: 93af6b65a3e32fcab9e36c57f292a3fd2ce9d870 Parents: 5bee293 Author: Devaraj Das Authored: Mon Apr 27 09:25:56 2015 -0700 Committer: Devaraj Das Committed: Mon Apr 27 09:25:56 2015 -0700 ---------------------------------------------------------------------- .../BaseMasterAndRegionObserver.java | 10 ++++++++ .../hbase/coprocessor/BaseMasterObserver.java | 10 ++++++++ .../hbase/coprocessor/MasterObserver.java | 20 +++++++++++++++ .../hbase/master/MasterCoprocessorHost.java | 23 ++++++++++++++--- .../hbase/master/snapshot/SnapshotManager.java | 17 ++++++++++++ .../hbase/security/access/AccessController.java | 10 ++++++++ .../hbase/coprocessor/TestMasterObserver.java | 27 +++++++++++++++++++- 7 files changed, 113 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/93af6b65/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseMasterAndRegionObserver.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseMasterAndRegionObserver.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseMasterAndRegionObserver.java index 49f21d5..d1045a2 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseMasterAndRegionObserver.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseMasterAndRegionObserver.java @@ -391,6 +391,16 @@ public abstract class BaseMasterAndRegionObserver extends BaseRegionObserver final SnapshotDescription snapshot, final HTableDescriptor hTableDescriptor) throws IOException { } + + @Override + public void preListSnapshot(final ObserverContext ctx, + final SnapshotDescription snapshot) throws IOException { + } + + @Override + public void postListSnapshot(final ObserverContext ctx, + final SnapshotDescription snapshot) throws IOException { + } @Override public void preCloneSnapshot(final ObserverContext ctx, http://git-wip-us.apache.org/repos/asf/hbase/blob/93af6b65/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseMasterObserver.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseMasterObserver.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseMasterObserver.java index 99a8552..b1f6f4b 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseMasterObserver.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseMasterObserver.java @@ -386,6 +386,16 @@ public class BaseMasterObserver implements MasterObserver { } @Override + public void preListSnapshot(final ObserverContext ctx, + final SnapshotDescription snapshot) throws IOException { + } + + @Override + public void postListSnapshot(final ObserverContext ctx, + final SnapshotDescription snapshot) throws IOException { + } + + @Override public void preCloneSnapshot(final ObserverContext ctx, final SnapshotDescription snapshot, final HTableDescriptor hTableDescriptor) throws IOException { http://git-wip-us.apache.org/repos/asf/hbase/blob/93af6b65/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/MasterObserver.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/MasterObserver.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/MasterObserver.java index 5dc50da..1136cd0 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/MasterObserver.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/MasterObserver.java @@ -598,6 +598,26 @@ public interface MasterObserver extends Coprocessor { throws IOException; /** + * Called before listSnapshots request has been processed. + * It can't bypass the default action, e.g., ctx.bypass() won't have effect. + * @param ctx the environment to interact with the framework and master + * @param snapshot the SnapshotDescriptor of the snapshot to list + * @throws IOException + */ + void preListSnapshot(final ObserverContext ctx, + final SnapshotDescription snapshot) throws IOException; + + /** + * Called after listSnapshots request has been processed. + * It can't bypass the default action, e.g., ctx.bypass() won't have effect. + * @param ctx the environment to interact with the framework and master + * @param snapshot the SnapshotDescriptor of the snapshot to list + * @throws IOException + */ + void postListSnapshot(final ObserverContext ctx, + final SnapshotDescription snapshot) throws IOException; + + /** * Called before a snapshot is cloned. * Called as part of restoreSnapshot RPC call. * It can't bypass the default action, e.g., ctx.bypass() won't have effect. http://git-wip-us.apache.org/repos/asf/hbase/blob/93af6b65/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterCoprocessorHost.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterCoprocessorHost.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterCoprocessorHost.java index 3c92f72..858e674 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterCoprocessorHost.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterCoprocessorHost.java @@ -37,9 +37,6 @@ import org.apache.hadoop.hbase.coprocessor.*; import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.SnapshotDescription; import org.apache.hadoop.hbase.protobuf.generated.QuotaProtos.Quotas; -import java.io.IOException; -import java.util.List; - /** * Provides the coprocessor framework and environment for master oriented * operations. {@link HMaster} interacts with the loaded coprocessors @@ -780,6 +777,26 @@ public class MasterCoprocessorHost }); } + public void preListSnapshot(final SnapshotDescription snapshot) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + @Override + public void call(MasterObserver observer, ObserverContext ctx) + throws IOException { + observer.preListSnapshot(ctx, snapshot); + } + }); + } + + public void postListSnapshot(final SnapshotDescription snapshot) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + @Override + public void call(MasterObserver observer, ObserverContext ctx) + throws IOException { + observer.postListSnapshot(ctx, snapshot); + } + }); + } + public void preCloneSnapshot(final SnapshotDescription snapshot, final HTableDescriptor hTableDescriptor) throws IOException { execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { http://git-wip-us.apache.org/repos/asf/hbase/blob/93af6b65/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java index fb6b3c2..59446cb 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java @@ -65,6 +65,7 @@ import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.ProcedureDescripti import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.SnapshotDescription; import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.SnapshotDescription.Type; import org.apache.hadoop.hbase.protobuf.generated.ZooKeeperProtos; +import org.apache.hadoop.hbase.security.AccessDeniedException; import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.snapshot.ClientSnapshotDescriptionUtils; import org.apache.hadoop.hbase.snapshot.HBaseSnapshotException; @@ -213,6 +214,7 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable // ignore all the snapshots in progress FileStatus[] snapshots = fs.listStatus(snapshotDir, new SnapshotDescriptionUtils.CompletedSnaphotDirectoriesFilter(fs)); + MasterCoprocessorHost cpHost = master.getMasterCoprocessorHost(); // loop through all the completed snapshots for (FileStatus snapshot : snapshots) { Path info = new Path(snapshot.getPath(), SnapshotDescriptionUtils.SNAPSHOTINFO_FILE); @@ -225,7 +227,22 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable try { in = fs.open(info); SnapshotDescription desc = SnapshotDescription.parseFrom(in); + if (cpHost != null) { + try { + cpHost.preListSnapshot(desc); + } catch (AccessDeniedException e) { + LOG.warn("Current user does not have access to " + desc.getName() + " snapshot. " + + "Either you should be owner of this snapshot or admin user."); + // Skip this and try for next snapshot + continue; + } + } snapshotDescs.add(desc); + + // call coproc post hook + if (cpHost != null) { + cpHost.postListSnapshot(desc); + } } catch (IOException e) { LOG.warn("Found a corrupted snapshot " + snapshot.getPath(), e); } finally { http://git-wip-us.apache.org/repos/asf/hbase/blob/93af6b65/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java index bb22a4e..aeafade 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java @@ -1241,6 +1241,16 @@ public class AccessController extends BaseMasterAndRegionObserver } @Override + public void preListSnapshot(ObserverContext ctx, + final SnapshotDescription snapshot) throws IOException { + if (SnapshotDescriptionUtils.isSnapshotOwner(snapshot, getActiveUser())) { + // list it, if user is the owner of snapshot + } else { + requirePermission("listSnapshot", Action.ADMIN); + } + } + + @Override public void preCloneSnapshot(final ObserverContext ctx, final SnapshotDescription snapshot, final HTableDescriptor hTableDescriptor) throws IOException { http://git-wip-us.apache.org/repos/asf/hbase/blob/93af6b65/hbase-server/src/test/java/org/apache/hadoop/hbase/coprocessor/TestMasterObserver.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/coprocessor/TestMasterObserver.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/coprocessor/TestMasterObserver.java index ba5ca2c..46f9976 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/coprocessor/TestMasterObserver.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/coprocessor/TestMasterObserver.java @@ -39,7 +39,6 @@ import org.apache.hadoop.hbase.HBaseTestingUtility; import org.apache.hadoop.hbase.HColumnDescriptor; import org.apache.hadoop.hbase.HRegionInfo; import org.apache.hadoop.hbase.HTableDescriptor; -import org.apache.hadoop.hbase.testclassification.MediumTests; import org.apache.hadoop.hbase.MiniHBaseCluster; import org.apache.hadoop.hbase.NamespaceDescriptor; import org.apache.hadoop.hbase.ServerName; @@ -58,6 +57,7 @@ import org.apache.hadoop.hbase.protobuf.generated.MasterProtos.GetTableDescripto import org.apache.hadoop.hbase.protobuf.generated.MasterProtos.GetTableNamesRequest; import org.apache.hadoop.hbase.protobuf.generated.QuotaProtos.Quotas; import org.apache.hadoop.hbase.regionserver.HRegionServer; +import org.apache.hadoop.hbase.testclassification.MediumTests; import org.apache.hadoop.hbase.util.Bytes; import org.apache.hadoop.hbase.util.Threads; import org.junit.AfterClass; @@ -129,6 +129,8 @@ public class TestMasterObserver { private boolean stopCalled; private boolean preSnapshotCalled; private boolean postSnapshotCalled; + private boolean preListSnapshotCalled; + private boolean postListSnapshotCalled; private boolean preCloneSnapshotCalled; private boolean postCloneSnapshotCalled; private boolean preRestoreSnapshotCalled; @@ -205,6 +207,8 @@ public class TestMasterObserver { postBalanceSwitchCalled = false; preSnapshotCalled = false; postSnapshotCalled = false; + preListSnapshotCalled = false; + postListSnapshotCalled = false; preCloneSnapshotCalled = false; postCloneSnapshotCalled = false; preRestoreSnapshotCalled = false; @@ -759,6 +763,22 @@ public class TestMasterObserver { public boolean wasSnapshotCalled() { return preSnapshotCalled && postSnapshotCalled; } + + @Override + public void preListSnapshot(final ObserverContext ctx, + final SnapshotDescription snapshot) throws IOException { + preListSnapshotCalled = true; + } + + @Override + public void postListSnapshot(final ObserverContext ctx, + final SnapshotDescription snapshot) throws IOException { + postListSnapshotCalled = true; + } + + public boolean wasListSnapshotCalled() { + return preListSnapshotCalled && postListSnapshotCalled; + } @Override public void preCloneSnapshot(final ObserverContext ctx, @@ -1387,6 +1407,11 @@ public class TestMasterObserver { admin.snapshot(TEST_SNAPSHOT, tableName); assertTrue("Coprocessor should have been called on snapshot", cp.wasSnapshotCalled()); + + //Test list operation + admin.listSnapshots(); + assertTrue("Coprocessor should have been called on snapshot list", + cp.wasListSnapshotCalled()); // Test clone operation admin.cloneSnapshot(TEST_SNAPSHOT, TEST_CLONE);