This is an automated email from the ASF dual-hosted git repository.
weichiu pushed a commit to branch ozone-2.0
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/ozone-2.0 by this push:
new 614bba0c49 HDDS-12646. Improve OM decommission check (#8122)
614bba0c49 is described below
commit 614bba0c49a8b22738266bbada8384d70363157f
Author: Wei-Chiu Chuang <[email protected]>
AuthorDate: Fri Mar 21 09:43:48 2025 -0700
HDDS-12646. Improve OM decommission check (#8122)
(cherry picked from commit bd579b355ff1668f8bb012bea0293866fb5719bf)
---
.../org/apache/hadoop/ozone/om/TestAddRemoveOzoneManager.java | 11 +++++++++--
.../ozone/protocolPB/OMAdminProtocolServerSideImpl.java | 7 +++++++
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestAddRemoveOzoneManager.java
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestAddRemoveOzoneManager.java
index 7bae826aa8..cacf83634a 100644
---
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestAddRemoveOzoneManager.java
+++
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestAddRemoveOzoneManager.java
@@ -351,11 +351,18 @@ public void testForceBootstrap() throws Exception {
@Test
public void testDecommission() throws Exception {
setupCluster(3);
- user = UserGroupInformation.getCurrentUser();
- // Stop the 3rd OM and decommission it
+ user = UserGroupInformation.createUserForTesting("user", new String[]{});
+ // Stop the 3rd OM and decommission it using non-privileged user
String omNodeId3 = cluster.getOzoneManager(2).getOMNodeId();
cluster.stopOzoneManager(omNodeId3);
+ // decommission should fail
+ assertThrows(IOException.class, () -> decommissionOM(omNodeId3));
+
+ // Switch to admin user
+ user = UserGroupInformation.getCurrentUser();
+ // Stop the 3rd OM and decommission it
+ cluster.stopOzoneManager(omNodeId3);
decommissionOM(omNodeId3);
// Decommission the non leader OM and then stop it. Stopping OM before will
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/protocolPB/OMAdminProtocolServerSideImpl.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/protocolPB/OMAdminProtocolServerSideImpl.java
index e4b7d8672a..3d2826aa41 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/protocolPB/OMAdminProtocolServerSideImpl.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/protocolPB/OMAdminProtocolServerSideImpl.java
@@ -17,12 +17,16 @@
package org.apache.hadoop.ozone.protocolPB;
+import static org.apache.hadoop.hdds.utils.HddsServerUtil.getRemoteUser;
+import static
org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.PERMISSION_DENIED;
+
import com.google.protobuf.RpcController;
import com.google.protobuf.ServiceException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import org.apache.hadoop.ozone.om.OzoneManager;
+import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.helpers.OMNodeDetails;
import org.apache.hadoop.ozone.om.protocolPB.OMAdminProtocolPB;
import org.apache.hadoop.ozone.om.ratis.OzoneManagerRatisServer;
@@ -89,6 +93,9 @@ public DecommissionOMResponse decommission(RpcController
controller,
}
try {
+ if (!ozoneManager.isAdmin(getRemoteUser())) {
+ throw new OMException("Only administrators are authorized to perform
decommission.", PERMISSION_DENIED);
+ }
omRatisServer.removeOMFromRatisRing(decommNode);
} catch (IOException ex) {
return DecommissionOMResponse.newBuilder()
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
