Repository: hbase
Updated Branches:
refs/heads/branch-1 f9fce4caf -> 81c4caf1f
HBASE-12142 Truncate command does not preserve ACLs table (Vandana
Ayyalasomayajula)
Conflicts:
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/81c4caf1
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/81c4caf1
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/81c4caf1
Branch: refs/heads/branch-1
Commit: 81c4caf1f1ded4132339f4c7de17ce48725d81e5
Parents: f9fce4c
Author: Andrew Purtell <[email protected]>
Authored: Tue Oct 28 09:59:45 2014 -0700
Committer: Andrew Purtell <[email protected]>
Committed: Tue Oct 28 09:59:45 2014 -0700
----------------------------------------------------------------------
.../hbase/security/access/AccessController.java | 23 ++++++++++++++++++-
.../security/access/TestAccessController.java | 24 ++++++++++++++++++--
2 files changed, 44 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/81c4caf1/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
----------------------------------------------------------------------
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
index bd91501..1602f9f 100644
---
a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
+++
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
@@ -175,6 +175,8 @@ public class AccessController extends
BaseMasterAndRegionObserver
private Map<InternalScanner,String> scannerOwners =
new MapMaker().weakKeys().makeMap();
+ private Map<TableName, List<UserPermission>> tableAcls;
+
// Provider for mapping principal names to Users
private UserProvider userProvider;
@@ -857,6 +859,8 @@ public class AccessController extends
BaseMasterAndRegionObserver
} else {
throw new RuntimeException("Error obtaining TableAuthManager, zk found
null.");
}
+
+ tableAcls = new MapMaker().weakValues().makeMap();
}
public void stop(CoprocessorEnvironment env) {
@@ -934,7 +938,24 @@ public class AccessController extends
BaseMasterAndRegionObserver
@Override
public void preTruncateTable(ObserverContext<MasterCoprocessorEnvironment>
c, TableName tableName)
throws IOException {
- requirePermission("truncateTable", tableName, null, null, Action.ADMIN,
Action.CREATE);
+ requirePermission("truncateTable", tableName, null, null, Action.ADMIN);
+ List<UserPermission> acls =
AccessControlLists.getUserTablePermissions(c.getEnvironment()
+ .getConfiguration(), tableName);
+ if (acls != null) {
+ tableAcls.put(tableName, acls);
+ }
+ }
+
+ @Override
+ public void postTruncateTable(ObserverContext<MasterCoprocessorEnvironment>
ctx,
+ TableName tableName) throws IOException {
+ List<UserPermission> perms = tableAcls.get(tableName);
+ if (perms != null) {
+ for (UserPermission perm : perms) {
+
AccessControlLists.addUserPermission(ctx.getEnvironment().getConfiguration(),
perm);
+ }
+ }
+ tableAcls.remove(tableName);
}
@Override
http://git-wip-us.apache.org/repos/asf/hbase/blob/81c4caf1/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
----------------------------------------------------------------------
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
index f5bb872..9dde626 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
@@ -37,6 +37,7 @@ import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hbase.Coprocessor;
import org.apache.hadoop.hbase.CoprocessorEnvironment;
+import org.apache.hadoop.hbase.HBaseIOException;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HConstants;
@@ -335,8 +336,8 @@ public class TestAccessController extends SecureTestUtil {
}
};
- verifyAllowed(truncateTable, SUPERUSER, USER_ADMIN, USER_CREATE,
USER_OWNER);
- verifyDenied(truncateTable, USER_RW, USER_RO, USER_NONE);
+ verifyAllowed(truncateTable, SUPERUSER, USER_ADMIN);
+ verifyDenied(truncateTable, USER_RW, USER_RO, USER_NONE,USER_CREATE,
USER_OWNER);
}
@Test
@@ -2280,4 +2281,23 @@ public class TestAccessController extends SecureTestUtil
{
}
TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(namespace);
}
+
+ @Test
+ public void testTruncatePerms() throws Exception {
+ try {
+ List<UserPermission> existingPerms =
AccessControlClient.getUserPermissions(conf, TEST_TABLE
+ .getTableName().getNameAsString());
+ assertTrue(existingPerms != null);
+ assertTrue(existingPerms.size() > 1);
+ TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE.getTableName());
+ TEST_UTIL.getHBaseAdmin().truncateTable(TEST_TABLE.getTableName(), true);
+ List<UserPermission> perms =
AccessControlClient.getUserPermissions(conf, TEST_TABLE
+ .getTableName().getNameAsString());
+ assertTrue(perms != null);
+ assertEquals(existingPerms.size(), perms.size());
+ } catch (Throwable e) {
+ throw new HBaseException(e);
+ }
+ }
+
}
