hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-16207) can't restore snapshot without "Admin" permission
Date Tue, 12 Jul 2016 18:14:20 GMT

    [ https://issues.apache.org/jira/browse/HBASE-16207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15373359#comment-15373359
] 

Hudson commented on HBASE-16207:
--------------------------------

SUCCESS: Integrated in HBase-1.4 #282 (See [https://builds.apache.org/job/HBase-1.4/282/])
HBASE-16207 can't restore snapshot without "Admin" permission (matteo.bertozzi: rev 36a48a3cf9b6989350a9c1d0ad179c3043f95b43)
* hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
* hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java


> can't restore snapshot without "Admin" permission
> -------------------------------------------------
>
>                 Key: HBASE-16207
>                 URL: https://issues.apache.org/jira/browse/HBASE-16207
>             Project: HBase
>          Issue Type: Bug
>          Components: master, snapshots
>    Affects Versions: 2.0.0, 1.3.0, 1.2.1, 1.1.5
>            Reporter: Matteo Bertozzi
>            Assignee: Matteo Bertozzi
>             Fix For: 2.0.0, 1.2.2, 1.1.6, 1.3.1, 0.98.21
>
>         Attachments: HBASE-16207-v0.patch, HBASE-16207-v0_branch-1.patch
>
>
> MasterRpcServices.restoreSnapshot() tries to verify if the NS exists before starting
the restore, but instead of calling ensureNamespaceExists() it calls master.getNamespace()
which requires ADMIN permission to get the NS descriptor. 
> {code}
> public RestoreSnapshotResponse restoreSnapshot(RpcController controller,
> ...
>   // Ensure namespace exists. Will throw exception if non-known NS.
>   master.getNamespace(dstTable.getNamespaceAsString());
> {code}
> unfortunately i'm not aware of any unit-test that cover this kind of situations. we cover
single ACLs from the TestAccessController but we don't exercise rpc calls and verify if there
is more than one check on the ACLs like in this case



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message