hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Busbey (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HBASE-16207) can't restore snapshot without "Admin" permission
Date Tue, 12 Jul 2016 19:30:20 GMT

     [ https://issues.apache.org/jira/browse/HBASE-16207?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sean Busbey updated HBASE-16207:
--------------------------------
    Fix Version/s:     (was: 1.2.2)
                   1.2.3

> can't restore snapshot without "Admin" permission
> -------------------------------------------------
>
>                 Key: HBASE-16207
>                 URL: https://issues.apache.org/jira/browse/HBASE-16207
>             Project: HBase
>          Issue Type: Bug
>          Components: master, snapshots
>    Affects Versions: 2.0.0, 1.3.0, 1.2.1, 1.1.5
>            Reporter: Matteo Bertozzi
>            Assignee: Matteo Bertozzi
>             Fix For: 2.0.0, 1.1.6, 1.3.1, 0.98.21, 1.2.3
>
>         Attachments: HBASE-16207-v0.patch, HBASE-16207-v0_branch-1.patch
>
>
> MasterRpcServices.restoreSnapshot() tries to verify if the NS exists before starting
the restore, but instead of calling ensureNamespaceExists() it calls master.getNamespace()
which requires ADMIN permission to get the NS descriptor. 
> {code}
> public RestoreSnapshotResponse restoreSnapshot(RpcController controller,
> ...
>   // Ensure namespace exists. Will throw exception if non-known NS.
>   master.getNamespace(dstTable.getNamespaceAsString());
> {code}
> unfortunately i'm not aware of any unit-test that cover this kind of situations. we cover
single ACLs from the TestAccessController but we don't exercise rpc calls and verify if there
is more than one check on the ACLs like in this case



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message