HBASE-23896 Snapshot owner cannot delete snapshot when ACL is enabled and Kerberos is not enabled (apache#1211)

Signed-off-by: binlijin <[email protected]>
(cherry picked from commit 5f7e55b)

Change-Id: Ib229a5878ee67d7c587d10942ed2359026a9a6c1

Author: guangxuCheng

hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java

@@ -633,7 +633,7 @@ private void takeSnapshotInternal(SnapshotDescription snapshot) throws IOExcepti
       builder.setVersion(SnapshotDescriptionUtils.SNAPSHOT_LAYOUT_VERSION);
     }
     RpcServer.getRequestUser().ifPresent(user -> {
-      if (User.isHBaseSecurityEnabled(master.getConfiguration())) {
+      if (AccessChecker.isAuthorizationSupported(master.getConfiguration())) {
         builder.setOwner(user.getShortName());
       }
     });

hbase-server/src/test/java/org/apache/hadoop/hbase/client/SnapshotWithAclTestBase.java

@@ -18,8 +18,11 @@
 package org.apache.hadoop.hbase.client;
 
 import java.io.IOException;
+import java.util.List;
+import java.util.regex.Pattern;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.Coprocessor;
+import org.apache.hadoop.hbase.HBaseCommonTestingUtility;
 import org.apache.hadoop.hbase.HBaseTestingUtility;
 import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
@@ -228,4 +231,45 @@ public void testRestoreSnapshot() throws Exception {
     verifyAllowed(new AccessWriteAction(TEST_TABLE), USER_OWNER, USER_RW);
     verifyDenied(new AccessWriteAction(TEST_TABLE), USER_RO, USER_NONE);
   }
+
+
+  final class AccessSnapshotAction implements AccessTestAction {
+    private String snapshotName;
+    private AccessSnapshotAction(String snapshotName) {
+      this.snapshotName = snapshotName;
+    }
+    @Override
+    public Object run() throws Exception {
+      try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
+        Admin admin = conn.getAdmin()) {
+        admin.snapshot(this.snapshotName, TEST_TABLE);
+      }
+      return null;
+    }
+  }
+
+  @Test
+  public void testDeleteSnapshot() throws Exception {
+    String testSnapshotName = HBaseCommonTestingUtility.getRandomUUID().toString();
+    verifyAllowed(new AccessSnapshotAction(testSnapshotName), USER_OWNER);
+    verifyDenied(new AccessSnapshotAction(HBaseCommonTestingUtility.getRandomUUID().toString()),
+      USER_RO, USER_RW, USER_NONE);
+    List<SnapshotDescription> snapshotDescriptions = TEST_UTIL.getAdmin().listSnapshots(
+      Pattern.compile(testSnapshotName));
+    Assert.assertEquals(1, snapshotDescriptions.size());
+    Assert.assertEquals(USER_OWNER.getShortName(), snapshotDescriptions.get(0).getOwner());
+    AccessTestAction deleteSnapshotAction = () -> {
+      try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
+        Admin admin = conn.getAdmin()) {
+        admin.deleteSnapshot(testSnapshotName);
+      }
+      return null;
+    };
+    verifyDenied(deleteSnapshotAction, USER_RO, USER_RW, USER_NONE);
+    verifyAllowed(deleteSnapshotAction, USER_OWNER);
+
+    List<SnapshotDescription> snapshotsAfterDelete = TEST_UTIL.getAdmin().listSnapshots(
+      Pattern.compile(testSnapshotName));
+    Assert.assertEquals(0, snapshotsAfterDelete.size());
+  }
 }