commit aff1384a5ea171e1e3f5365d4e21bbcadfa2bfef Author: Enis Soztutar Date: Tue Jan 27 15:33:29 2015 -0800 HBASE-12916 No access control for replicating WAL entries (Liu Shaohui) Conflicts: hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java diff --git hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java index c21cdf8..1f34f88 100644 --- hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java +++ hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java @@ -20,9 +20,11 @@ import java.util.List; import org.apache.hadoop.hbase.classification.InterfaceAudience; import org.apache.hadoop.hbase.classification.InterfaceStability; +import org.apache.hadoop.hbase.CellScanner; import org.apache.hadoop.hbase.CoprocessorEnvironment; import org.apache.hadoop.hbase.HBaseInterfaceAudience; import org.apache.hadoop.hbase.client.Mutation; +import org.apache.hadoop.hbase.protobuf.generated.AdminProtos.WALEntry; import org.apache.hadoop.hbase.regionserver.HRegion; import org.apache.hadoop.hbase.replication.ReplicationEndpoint; @@ -83,4 +85,11 @@ public class BaseRegionServerObserver implements RegionServerObserver { return endpoint; } + @Override + public void preReplicateLogEntries(ObserverContext ctx, + List entries, CellScanner cells) throws IOException { } + + @Override + public void postReplicateLogEntries(ObserverContext ctx, + List entries, CellScanner cells) throws IOException { } } diff --git hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java index dfb993b..d89e424 100644 --- hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java +++ hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java @@ -21,9 +21,11 @@ package org.apache.hadoop.hbase.coprocessor; import java.io.IOException; import java.util.List; +import org.apache.hadoop.hbase.CellScanner; import org.apache.hadoop.hbase.Coprocessor; import org.apache.hadoop.hbase.MetaMutationAnnotation; import org.apache.hadoop.hbase.client.Mutation; +import org.apache.hadoop.hbase.protobuf.generated.AdminProtos.WALEntry; import org.apache.hadoop.hbase.regionserver.HRegion; import org.apache.hadoop.hbase.replication.ReplicationEndpoint; @@ -133,4 +135,23 @@ public interface RegionServerObserver extends Coprocessor { ReplicationEndpoint postCreateReplicationEndPoint( ObserverContext ctx, ReplicationEndpoint endpoint); + /** + * This will be called before executing replication request to shipping log entries. + * @param ctx An instance of ObserverContext + * @param entries list of WALEntries to replicate + * @param cells Cells that the WALEntries refer to (if cells is non-null) + * @throws IOException Signals that an I/O exception has occurred. + */ + void preReplicateLogEntries(final ObserverContext ctx, + List entries, CellScanner cells) throws IOException; + + /** + * This will be called after executing replication request to shipping log entries. + * @param ctx An instance of ObserverContext + * @param entries list of WALEntries to replicate + * @param cells Cells that the WALEntries refer to (if cells is non-null) + * @throws IOException Signals that an I/O exception has occurred. + */ + void postReplicateLogEntries(final ObserverContext ctx, + List entries, CellScanner cells) throws IOException; } diff --git hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java index 08e714d..2fafdb1 100644 --- hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java +++ hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java @@ -4195,8 +4195,11 @@ public class HRegionServer implements ClientProtos.ClientService.BlockingInterfa if (replicationSinkHandler != null) { checkOpen(); requestCount.increment(); - this.replicationSinkHandler.replicateLogEntries(request.getEntryList(), - ((PayloadCarryingRpcController)controller).cellScanner()); + List entries = request.getEntryList(); + CellScanner cellScanner = ((PayloadCarryingRpcController)controller).cellScanner(); + rsHost.preReplicateLogEntries(entries, cellScanner); + replicationSinkHandler.replicateLogEntries(entries, cellScanner); + rsHost.postReplicateLogEntries(entries, cellScanner); } return ReplicateWALEntryResponse.newBuilder().build(); } catch (IOException ie) { diff --git hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java index 9e122cd..b684d77 100644 --- hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java +++ hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java @@ -23,6 +23,7 @@ import java.util.Comparator; import java.util.List; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.hbase.CellScanner; import org.apache.hadoop.hbase.Coprocessor; import org.apache.hadoop.hbase.CoprocessorEnvironment; import org.apache.hadoop.hbase.HBaseInterfaceAudience; @@ -35,6 +36,7 @@ import org.apache.hadoop.hbase.coprocessor.ObserverContext; import org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessorEnvironment; import org.apache.hadoop.hbase.coprocessor.RegionServerObserver; import org.apache.hadoop.hbase.coprocessor.SingletonCoprocessorService; +import org.apache.hadoop.hbase.protobuf.generated.AdminProtos.WALEntry; import org.apache.hadoop.hbase.replication.ReplicationEndpoint; @InterfaceAudience.LimitedPrivate(HBaseInterfaceAudience.COPROC) @@ -158,6 +160,28 @@ public class RegionServerCoprocessorHost extends }); } + public void preReplicateLogEntries(final List entries, final CellScanner cells) + throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + @Override + public void call(RegionServerObserver oserver, + ObserverContext ctx) throws IOException { + oserver.preReplicateLogEntries(ctx, entries, cells); + } + }); + } + + public void postReplicateLogEntries(final List entries, final CellScanner cells) + throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + @Override + public void call(RegionServerObserver oserver, + ObserverContext ctx) throws IOException { + oserver.postReplicateLogEntries(ctx, entries, cells); + } + }); + } + public ReplicationEndpoint postCreateReplicationEndPoint(final ReplicationEndpoint endpoint) throws IOException { return execOperationWithResult(endpoint, coprocessors.isEmpty() ? null diff --git hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java index cffcf10..2c0b05f 100644 --- hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java +++ hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java @@ -82,6 +82,7 @@ import org.apache.hadoop.hbase.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.protobuf.ResponseConverter; import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos; import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService; +import org.apache.hadoop.hbase.protobuf.generated.AdminProtos.WALEntry; import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.SnapshotDescription; import org.apache.hadoop.hbase.protobuf.generated.SecureBulkLoadProtos.CleanupBulkLoadRequest; import org.apache.hadoop.hbase.protobuf.generated.SecureBulkLoadProtos.PrepareBulkLoadRequest; @@ -2315,4 +2316,15 @@ public class AccessController extends BaseMasterAndRegionObserver ObserverContext ctx, ReplicationEndpoint endpoint) { return endpoint; } + + @Override + public void preReplicateLogEntries(ObserverContext ctx, + List entries, CellScanner cells) throws IOException { + requirePermission("replicateLogEntries", Action.WRITE); + } + + @Override + public void postReplicateLogEntries(ObserverContext ctx, + List entries, CellScanner cells) throws IOException { + } } diff --git hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index ed885e2..646a0a6 100644 --- hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -2395,4 +2395,21 @@ public class TestAccessController extends SecureTestUtil { verifyAnyCreate(prepareBulkLoadAction); verifyAnyCreate(cleanupBulkLoadAction); } + + @Test + public void testReplicateLogEntries() throws Exception { + AccessTestAction replicateLogEntriesAction = new AccessTestAction() { + @Override + public Object run() throws Exception { + ACCESS_CONTROLLER.preReplicateLogEntries(ObserverContext.createAndPrepare(RSCP_ENV, null), + null, null); + ACCESS_CONTROLLER.postReplicateLogEntries(ObserverContext.createAndPrepare(RSCP_ENV, null), + null, null); + return null; + } + }; + + verifyAllowed(replicateLogEntriesAction, SUPERUSER, USER_ADMIN); + verifyDenied(replicateLogEntriesAction, USER_CREATE, USER_RW, USER_RO, USER_NONE, USER_OWNER); + } }