hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-16207) can't restore snapshot without "Admin" permission
Date Tue, 12 Jul 2016 19:37:20 GMT

    [ https://issues.apache.org/jira/browse/HBASE-16207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15373551#comment-15373551
] 

Hudson commented on HBASE-16207:
--------------------------------

FAILURE: Integrated in HBase-Trunk_matrix #1216 (See [https://builds.apache.org/job/HBase-Trunk_matrix/1216/])
HBASE-16207 can't restore snapshot without "Admin" permission (matteo.bertozzi: rev 2650711e944244b3b87e6d6805b7716b216e8786)
* hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java


> can't restore snapshot without "Admin" permission
> -------------------------------------------------
>
>                 Key: HBASE-16207
>                 URL: https://issues.apache.org/jira/browse/HBASE-16207
>             Project: HBase
>          Issue Type: Bug
>          Components: master, snapshots
>    Affects Versions: 2.0.0, 1.3.0, 1.2.1, 1.1.5
>            Reporter: Matteo Bertozzi
>            Assignee: Matteo Bertozzi
>             Fix For: 2.0.0, 1.1.6, 1.3.1, 0.98.21, 1.2.3
>
>         Attachments: HBASE-16207-v0.patch, HBASE-16207-v0_branch-1.patch
>
>
> MasterRpcServices.restoreSnapshot() tries to verify if the NS exists before starting
the restore, but instead of calling ensureNamespaceExists() it calls master.getNamespace()
which requires ADMIN permission to get the NS descriptor. 
> {code}
> public RestoreSnapshotResponse restoreSnapshot(RpcController controller,
> ...
>   // Ensure namespace exists. Will throw exception if non-known NS.
>   master.getNamespace(dstTable.getNamespaceAsString());
> {code}
> unfortunately i'm not aware of any unit-test that cover this kind of situations. we cover
single ACLs from the TestAccessController but we don't exercise rpc calls and verify if there
is more than one check on the ACLs like in this case



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message