[HDDS-5138] Upgrade related RPC calls should be allowed only for admins - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
- pull-request-available

Description

As far as I see any user can finalize upgrade (and I assume the same is true for preparation).

bash-4.2$ kinit -kt /etc/security/keytabs/testuser.keytab testuser/scm
bash-4.2$ ozone sh volume create /vol1
PERMISSION_DENIED User testuser/scm@EXAMPLE.COM doesn't have CREATE 
permission to access volume vol1 null null

Failed as I am not an admin, but:

bash-4.2$ ozone admin scm  finalizeupgrade
Upgrade has already been finalized.
Exiting...
bash-4.2$

Please confirm, but I think a quick isAdmin check is missing from all the related RPC endpoints.

Attachments

Issue Links

links to

GitHub Pull Request #2217

pull-request

Activity

People

Assignee:: Ethan Rose

Reporter:: Marton Elek

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Apr/21 08:54

Updated:: 24/May/21 21:16

Resolved:: 24/May/21 21:16