Repository: hbase Updated Branches: refs/heads/master d5be58dfd -> 5420b4c78
HBASE-12142 Truncate command does not preserve ACLs table (Vandana Ayyalasomayajula) Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/5420b4c7 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/5420b4c7 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/5420b4c7 Branch: refs/heads/master Commit: 5420b4c78bd156296e5f02ca6639afdd2b4762a1 Parents: d5be58d Author: stack <[email protected]> Authored: Thu Oct 9 15:35:36 2014 -0700 Committer: stack <[email protected]> Committed: Thu Oct 9 15:35:36 2014 -0700 ---------------------------------------------------------------------- .../hbase/security/access/AccessController.java | 23 ++++++++++++++++++- .../security/access/TestAccessController.java | 24 ++++++++++++++++++-- 2 files changed, 44 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/5420b4c7/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java index e62c452..400e20a 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java @@ -173,6 +173,8 @@ public class AccessController extends BaseMasterAndRegionObserver private Map<InternalScanner,String> scannerOwners = new MapMaker().weakKeys().makeMap(); + private Map<TableName, List<UserPermission>> tableAcls; + // Provider for mapping principal names to Users private UserProvider userProvider; @@ -861,6 +863,8 @@ public class AccessController extends BaseMasterAndRegionObserver } else { throw new RuntimeException("Error obtaining TableAuthManager, zk found null."); } + + tableAcls = new MapMaker().weakValues().makeMap(); } public void stop(CoprocessorEnvironment env) { @@ -938,7 +942,24 @@ public class AccessController extends BaseMasterAndRegionObserver @Override public void preTruncateTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName) throws IOException { - requirePermission("truncateTable", tableName, null, null, Action.ADMIN, Action.CREATE); + requirePermission("truncateTable", tableName, null, null, Action.ADMIN); + List<UserPermission> acls = AccessControlLists.getUserTablePermissions(c.getEnvironment() + .getConfiguration(), tableName); + if (acls != null) { + tableAcls.put(tableName, acls); + } + } + + @Override + public void postTruncateTable(ObserverContext<MasterCoprocessorEnvironment> ctx, + TableName tableName) throws IOException { + List<UserPermission> perms = tableAcls.get(tableName); + if (perms != null) { + for (UserPermission perm : perms) { + AccessControlLists.addUserPermission(ctx.getEnvironment().getConfiguration(), perm); + } + } + tableAcls.remove(tableName); } @Override http://git-wip-us.apache.org/repos/asf/hbase/blob/5420b4c7/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index d2edeb9..44a800f 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -36,6 +36,7 @@ import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.permission.FsPermission; import org.apache.hadoop.hbase.Coprocessor; import org.apache.hadoop.hbase.CoprocessorEnvironment; +import org.apache.hadoop.hbase.HBaseIOException; import org.apache.hadoop.hbase.HBaseTestingUtility; import org.apache.hadoop.hbase.HColumnDescriptor; import org.apache.hadoop.hbase.HConstants; @@ -337,8 +338,8 @@ public class TestAccessController extends SecureTestUtil { } }; - verifyAllowed(truncateTable, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER); - verifyDenied(truncateTable, USER_RW, USER_RO, USER_NONE); + verifyAllowed(truncateTable, SUPERUSER, USER_ADMIN); + verifyDenied(truncateTable, USER_RW, USER_RO, USER_NONE,USER_CREATE, USER_OWNER); } @Test @@ -2324,4 +2325,23 @@ public class TestAccessController extends SecureTestUtil { } TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(namespace); } + + @Test + public void testTruncatePerms() throws Exception { + try { + List<UserPermission> existingPerms = AccessControlClient.getUserPermissions(conf, + TEST_TABLE.getTableName().getNameAsString()); + assertTrue(existingPerms != null); + assertTrue(existingPerms.size() > 1); + TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE.getTableName()); + TEST_UTIL.truncateTable(TEST_TABLE.getTableName()); + List<UserPermission> perms = AccessControlClient.getUserPermissions(conf, + TEST_TABLE.getTableName().getNameAsString()); + assertTrue(perms != null); + assertEquals(existingPerms.size(), perms.size()); + } catch (Throwable e) { + throw new HBaseIOException(e); + } + } + }
