[phoenix] branch master updated: PHOENIX-5905 Reset user to hbase by changing rpc context before getting user permissions on access controller service(Rajeshbabu)-made test case works with all 2.x profiles

rajeshbabu Wed, 17 Jun 2020 18:19:12 -0700

This is an automated email from the ASF dual-hosted git repository.

rajeshbabu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/phoenix.git



The following commit(s) were added to refs/heads/master by this push:
     new b15468e  PHOENIX-5905 Reset user to hbase by changing rpc context 
before getting user permissions on access controller service(Rajeshbabu)-made 
test case works with all 2.x profiles
b15468e is described below

commit b15468e6784a0626bd140ed0c95b317d96efd052
Author: Rajeshbabu Chintaguntla <rajeshb...@apache.org>
AuthorDate: Thu Jun 18 06:30:51 2020 +0530

    PHOENIX-5905 Reset user to hbase by changing rpc context before getting 
user permissions on access controller service(Rajeshbabu)-made test case works 
with all 2.x profiles
---
 .../apache/phoenix/end2end/BasePermissionsIT.java  | 67 +++++++++++++---------
 1 file changed, 40 insertions(+), 27 deletions(-)

diff --git 
a/phoenix-core/src/it/java/org/apache/phoenix/end2end/BasePermissionsIT.java 
b/phoenix-core/src/it/java/org/apache/phoenix/end2end/BasePermissionsIT.java
index a211030..888f24f 100644
--- a/phoenix-core/src/it/java/org/apache/phoenix/end2end/BasePermissionsIT.java
+++ b/phoenix-core/src/it/java/org/apache/phoenix/end2end/BasePermissionsIT.java
@@ -28,7 +28,7 @@ import org.apache.hadoop.hbase.LocalHBaseCluster;
 import org.apache.hadoop.hbase.NamespaceDescriptor;
 import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.client.ConnectionFactory;
-import org.apache.hadoop.hbase.ipc.CoprocessorRpcUtils;
+import org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment;
 import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
 import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos;
 import org.apache.hadoop.hbase.security.AccessDeniedException;
@@ -36,9 +36,9 @@ import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.security.access.AccessControlClient;
 import org.apache.hadoop.hbase.security.access.AccessControlUtil;
 import org.apache.hadoop.hbase.security.access.AccessController;
-import org.apache.hadoop.hbase.security.access.GetUserPermissionsRequest;
 import org.apache.hadoop.hbase.security.access.Permission;
 import org.apache.hadoop.hbase.security.access.UserPermission;
+import org.apache.hadoop.hbase.shaded.protobuf.ResponseConverter;
 import org.apache.phoenix.coprocessor.MetaDataProtocol;
 import org.apache.phoenix.jdbc.PhoenixConnection;
 import org.apache.phoenix.jdbc.PhoenixDatabaseMetaData;
@@ -67,6 +67,7 @@ import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
@@ -1436,45 +1437,57 @@ public abstract class BasePermissionsIT extends 
BaseTest {
 
     public static class  CustomAccessController extends AccessController {
 
-        org.apache.hadoop.hbase.client.Connection connection;
+        Configuration configuration;
+        boolean aclRegion;
         @Override
         public void start(CoprocessorEnvironment env) throws IOException {
             super.start(env);
-             connection = 
ConnectionFactory.createConnection(env.getConfiguration());
+            configuration = env.getConfiguration();
+            if(env instanceof RegionCoprocessorEnvironment) {
+                aclRegion = AccessControlClient.ACL_TABLE_NAME.
+                        equals(((RegionCoprocessorEnvironment) 
env).getRegion().
+                                getTableDescriptor().getTableName());
+            }
         }
 
         @Override
         public void getUserPermissions(RpcController controller,
                                        
AccessControlProtos.GetUserPermissionsRequest request,
                                        
RpcCallback<AccessControlProtos.GetUserPermissionsResponse> done) {
+            if(aclRegion) {
+                super.getUserPermissions(controller,request,done);
+                return;
+            }
             AccessControlProtos.GetUserPermissionsResponse response = null;
+            org.apache.hadoop.hbase.client.Connection connection;
+            try {
+                connection = ConnectionFactory.createConnection(configuration);
+            } catch (IOException e) {
+                // pass exception back up
+                ResponseConverter.setControllerException(controller, new 
IOException(e));
+                return;
+            }
             try {
-                final String userName = request.hasUserName() ? 
request.getUserName().toStringUtf8() : null;
-                final String namespace =
-                        request.hasNamespaceName() ? 
request.getNamespaceName().toStringUtf8() : null;
-                final TableName table =
-                        request.hasTableName() ? 
ProtobufUtil.toTableName(request.getTableName()) : null;
-                final byte[] cf =
-                        request.hasColumnFamily() ? 
request.getColumnFamily().toByteArray() : null;
-                final byte[] cq =
-                        request.hasColumnQualifier() ? 
request.getColumnQualifier().toByteArray() : null;
-                GetUserPermissionsRequest getUserPermissionsRequest = null;
-                if (request.getType() == 
AccessControlProtos.Permission.Type.Table) {
-                    getUserPermissionsRequest = 
GetUserPermissionsRequest.newBuilder(table).withFamily(cf)
-                            .withQualifier(cq).withUserName(userName).build();
-                } else if (request.getType() == 
AccessControlProtos.Permission.Type.Namespace) {
-                    getUserPermissionsRequest =
-                            
GetUserPermissionsRequest.newBuilder(namespace).withUserName(userName).build();
-                } else {
-                    getUserPermissionsRequest =
-                            
GetUserPermissionsRequest.newBuilder().withUserName(userName).build();
+                final List<UserPermission> perms = new ArrayList<>();
+                if(request.getType() == 
AccessControlProtos.Permission.Type.Table) {
+                    final TableName table =
+                            request.hasTableName() ? 
ProtobufUtil.toTableName(request.getTableName()) : null;
+                    
perms.addAll(AccessControlClient.getUserPermissions(connection, 
table.getNameAsString()));
+                } else if(request.getType() == 
AccessControlProtos.Permission.Type.Namespace) {
+                    final String namespace =
+                            request.hasNamespaceName() ? 
request.getNamespaceName().toStringUtf8() : null;
+                    
perms.addAll(AccessControlClient.getUserPermissions(connection, 
AuthUtil.toGroupEntry(namespace)));
                 }
-                List<UserPermission> perms =
-                        
connection.getAdmin().getUserPermissions(getUserPermissionsRequest);
                 response = 
AccessControlUtil.buildGetUserPermissionsResponse(perms);
-            } catch (IOException e) {
+            } catch (Throwable ioe) {
                 // pass exception back up
-                CoprocessorRpcUtils.setControllerException(controller, e);
+                ResponseConverter.setControllerException(controller, new 
IOException(ioe));
+            }
+            if(connection != null) {
+                try {
+                    connection.close();
+                } catch (IOException e) {
+                }
             }
             done.run(response);
         }

[phoenix] branch master updated: PHOENIX-5905 Reset user to hbase by changing rpc context before getting user permissions on access controller service(Rajeshbabu)-made test case works with all 2.x profiles

Reply via email to