Repository: incubator-sentry Updated Branches: refs/heads/master 4622aa4bd -> 789af33b1
SENTRY-825: SecureAdminHandler no longer pulls collection name for create correctly (Gregory Chanan, Reviewed by: Vamsee Yarlagadda) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/789af33b Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/789af33b Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/789af33b Branch: refs/heads/master Commit: 789af33b110919fd393fecb4e5821000cb3c805e Parents: 4622aa4 Author: Vamsee Yarlagadda <[email protected]> Authored: Fri Jul 31 13:19:02 2015 -0700 Committer: Vamsee Yarlagadda <[email protected]> Committed: Fri Jul 31 13:19:02 2015 -0700 ---------------------------------------------------------------------- .../handler/admin/SecureCoreAdminHandler.java | 9 ++- .../admin/SecureCoreAdminHandlerTest.java | 61 ++++++++++++++++---- 2 files changed, 58 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/789af33b/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java b/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java index 77548b9..57ccc94 100644 --- a/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java +++ b/sentry-solr/solr-sentry-handlers/src/main/java/org/apache/solr/handler/admin/SecureCoreAdminHandler.java @@ -21,6 +21,7 @@ import org.apache.solr.common.params.CoreAdminParams; import org.apache.solr.common.params.CoreAdminParams.CoreAdminAction; import org.apache.solr.common.params.SolrParams; import org.apache.solr.core.CoreContainer; +import org.apache.solr.core.CoreDescriptor; import org.apache.solr.core.SolrCore; import org.apache.solr.handler.SecureRequestHandlerUtil; import org.apache.solr.request.SolrQueryRequest; @@ -90,7 +91,13 @@ public class SecureCoreAdminHandler extends CoreAdminHandler { collection = getCollectionFromCoreName(cname); break; } - case CREATE: + case CREATE: { + CoreDescriptor coreDescriptor = buildCoreDescriptor(params, coreContainer); + if (coreDescriptor != null) { + collection = coreDescriptor.getCloudDescriptor().getCollectionName(); + } + break; + } case REQUESTAPPLYUPDATES: case REQUESTBUFFERUPDATES: { String cname = params.get(CoreAdminParams.NAME, ""); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/789af33b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java index 0dbb271..2a19902 100644 --- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java +++ b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/handler/admin/SecureCoreAdminHandlerTest.java @@ -16,14 +16,21 @@ */ package org.apache.solr.handler.admin; +import java.lang.reflect.Method; import java.util.Arrays; import java.util.List; +import java.util.Map; + +import net.sf.cglib.proxy.Enhancer; +import net.sf.cglib.proxy.MethodInterceptor; +import net.sf.cglib.proxy.MethodProxy; import org.apache.solr.cloud.CloudDescriptor; import org.apache.solr.common.params.CoreAdminParams; import org.apache.solr.common.params.CoreAdminParams.CoreAdminAction; import org.apache.solr.common.params.ModifiableSolrParams; import org.apache.solr.common.params.CoreAdminParams.CoreAdminAction; +import org.apache.solr.core.CoreContainer; import org.apache.solr.core.SolrCore; import org.apache.solr.request.SolrQueryRequest; import org.apache.solr.sentry.SentryTestBase; @@ -65,7 +72,7 @@ public class SecureCoreAdminHandlerTest extends SentryTestBase { CoreAdminAction.RELOAD ); - // only specify the collection on these, no cores + // These actions require that the collection is specified on the request. public final static List<CoreAdminAction> REQUIRES_COLLECTION = Arrays.asList( CoreAdminAction.CREATE ); @@ -115,23 +122,25 @@ public class SecureCoreAdminHandlerTest extends SentryTestBase { modParams.set(CoreAdminParams.COLLECTION, ""); modParams.set(CoreAdminParams.CORE, ""); modParams.set(CoreAdminParams.NAME, ""); - if (!REQUIRES_COLLECTION.contains(action)) { - for (SolrCore core : h.getCoreContainer().getCores()) { - if(core.getCoreDescriptor().getCloudDescriptor().getCollectionName().equals(collection)) { - modParams.set(CoreAdminParams.CORE, core.getName()); - modParams.set(CoreAdminParams.NAME, core.getName()); - break; - } + for (SolrCore core : h.getCoreContainer().getCores()) { + if(core.getCoreDescriptor().getCloudDescriptor().getCollectionName().equals(collection)) { + modParams.set(CoreAdminParams.CORE, core.getName()); + modParams.set(CoreAdminParams.NAME, core.getName()); + break; } - } else { + } + if (REQUIRES_COLLECTION.contains(action)) { modParams.set(CoreAdminParams.COLLECTION, collection); + modParams.set(CoreAdminParams.CORE, core.getName()); + modParams.set(CoreAdminParams.NAME, core.getName()); } req.setParams(modParams); return req; } private void verifyQueryAccess(CoreAdminAction action, boolean checkCollection) throws Exception { - CoreAdminHandler handler = new SecureCoreAdminHandler(h.getCoreContainer()); + CoreContainer cc = getCleanCoreContainer(action, h.getCoreContainer()); + CoreAdminHandler handler = new SecureCoreAdminHandler(cc); verifyAuthorized(handler, getCoreAdminRequest("collection1", "junit", action)); verifyAuthorized(handler, getCoreAdminRequest("queryCollection", "junit", action)); if (!checkCollection) { @@ -144,7 +153,8 @@ public class SecureCoreAdminHandlerTest extends SentryTestBase { } private void verifyUpdateAccess(CoreAdminAction action, boolean checkCollection) throws Exception { - CoreAdminHandler handler = new SecureCoreAdminHandler(h.getCoreContainer()); + CoreContainer cc = getCleanCoreContainer(action, h.getCoreContainer()); + CoreAdminHandler handler = new SecureCoreAdminHandler(cc); verifyAuthorized(handler, getCoreAdminRequest("collection1", "junit", action)); verifyAuthorized(handler, getCoreAdminRequest("updateCollection", "junit", action)); verifyUnauthorized(handler, getCoreAdminRequest("bogusCollection", "bogusUser", action), "bogusCollection", "bogusUser", true); @@ -153,6 +163,35 @@ public class SecureCoreAdminHandlerTest extends SentryTestBase { } } + private CoreContainer getZkAwareCoreContainer(final CoreContainer cc) { + Enhancer e = new Enhancer(); + e.setClassLoader(cc.getClass().getClassLoader()); + e.setSuperclass(CoreContainer.class); + e.setCallback(new MethodInterceptor() { + public Object intercept(Object obj, Method method, Object [] args, MethodProxy proxy) throws Throwable { + if (method.getName().equals("isZooKeeperAware")) { + return Boolean.TRUE; + } + return method.invoke(cc, args); + } + }); + return (CoreContainer)e.create(); + } + + private CoreContainer getCleanCoreContainer(CoreAdminAction action, CoreContainer cc) { + // Ensure CoreContainer is empty + for (String coreName : h.getCoreContainer().getCoreNames()) { + h.getCoreContainer().unload(coreName); + } + for (Map.Entry entry : h.getCoreContainer().getCoreInitFailures().entrySet()) { + String coreName = entry.getKey().toString(); + h.getCoreContainer().unload(coreName); + } + // actions that require the collection attempt to read the collection off the CloudDescriptor, which is only + // present when the CoreContainer is ZkAware. + return REQUIRES_COLLECTION.contains(action) ? getZkAwareCoreContainer(h.getCoreContainer()) : h.getCoreContainer(); + } + @Test public void testSecureAdminHandler() throws Exception { for (CoreAdminAction action : QUERY_ACTIONS) {
