Repository: ranger Updated Branches: refs/heads/master 1befffcc1 -> 93c900c34
Remove deprecated and unused code from the HBase plugin Signed-off-by: Colm O hEigeartaigh <cohei...@apache.org> Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/93c900c3 Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/93c900c3 Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/93c900c3 Branch: refs/heads/master Commit: 93c900c346cdac33e268c2e76e2f37568cc1c7f3 Parents: 1befffc Author: Zsombor Gegesy <gzsom...@gmail.com> Authored: Sat Jul 22 23:36:06 2017 +0200 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Fri Aug 4 12:04:02 2017 +0100 ---------------------------------------------------------------------- .../hbase/RangerAuthorizationCoprocessor.java | 15 -------- .../hbase/RangerAuthorizationFilter.java | 9 ++--- .../hbase/RangerAuthorizationFilterTest.java | 38 +++++++++++++------- 3 files changed, 30 insertions(+), 32 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/93c900c3/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java index fc1db46..da73c67 100644 --- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java +++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java @@ -21,11 +21,8 @@ import java.io.IOException; import java.net.InetAddress; import java.util.ArrayList; import java.util.Arrays; -import java.util.Calendar; import java.util.Collection; import java.util.Collections; -import java.util.Date; -import java.util.GregorianCalendar; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; @@ -34,7 +31,6 @@ import java.util.List; import java.util.Map; import java.util.NavigableSet; import java.util.Set; -import java.util.TimeZone; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.logging.Log; @@ -122,8 +118,6 @@ public class RangerAuthorizationCoprocessor extends RangerAuthorizationCoprocess private static final String WILDCARD = "*"; private static final String NAMESPACE_SEPARATOR = ":"; - private static final TimeZone gmtTimeZone = TimeZone.getTimeZone("GMT+0"); - private RegionCoprocessorEnvironment regionEnv; private Map<InternalScanner, String> scannerOwners = new MapMaker().weakKeys().makeMap(); @@ -1170,15 +1164,6 @@ public class RangerAuthorizationCoprocessor extends RangerAuthorizationCoprocess requirePermission("preCleanupBulkLoad", Permission.Action.WRITE, ctx.getEnvironment(), cfs); } - public static Date getUTCDate() { - Calendar local=Calendar.getInstance(); - int offset = local.getTimeZone().getOffset(local.getTimeInMillis()); - GregorianCalendar utc = new GregorianCalendar(gmtTimeZone); - utc.setTimeInMillis(local.getTimeInMillis()); - utc.add(Calendar.MILLISECOND, -offset); - return utc.getTime(); - } - @Override public void grant(RpcController controller, AccessControlProtos.GrantRequest request, RpcCallback<AccessControlProtos.GrantResponse> done) { boolean isSuccess = false; http://git-wip-us.apache.org/repos/asf/ranger/blob/93c900c3/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilter.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilter.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilter.java index 0254100..4006afc 100644 --- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilter.java +++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilter.java @@ -28,6 +28,7 @@ import com.google.common.base.Objects; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.hbase.Cell; +import org.apache.hadoop.hbase.CellUtil; import org.apache.hadoop.hbase.filter.FilterBase; import org.apache.hadoop.hbase.util.Bytes; import org.apache.ranger.audit.model.AuthzAuditEvent; @@ -55,7 +56,6 @@ public class RangerAuthorizationFilter extends FilterBase { _session.auditHandler(_auditHandler); } - @SuppressWarnings("deprecation") @Override public ReturnCode filterKeyValue(Cell kv) throws IOException { @@ -64,7 +64,7 @@ public class RangerAuthorizationFilter extends FilterBase { } String family = null; - byte[] familyBytes = kv.getFamily(); + byte[] familyBytes = CellUtil.cloneFamily(kv); if (familyBytes != null && familyBytes.length > 0) { family = Bytes.toString(familyBytes); if (LOG.isDebugEnabled()) { @@ -72,8 +72,9 @@ public class RangerAuthorizationFilter extends FilterBase { } } String column = null; - if (kv.getQualifier() != null && kv.getQualifier().length > 0) { - column = Bytes.toString(kv.getQualifier()); + byte[] qualifier = CellUtil.cloneQualifier(kv); + if (qualifier != null && qualifier.length > 0) { + column = Bytes.toString(qualifier); if (LOG.isDebugEnabled()) { LOG.debug("filterKeyValue: evaluating column[" + column + "]."); } http://git-wip-us.apache.org/repos/asf/ranger/blob/93c900c3/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilterTest.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilterTest.java b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilterTest.java index 48b8a17..e009347 100644 --- a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilterTest.java +++ b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilterTest.java @@ -19,7 +19,7 @@ package org.apache.ranger.authorization.hbase; import static org.junit.Assert.assertEquals; -import static org.mockito.Matchers.anyString; +import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -33,7 +33,6 @@ import org.apache.hadoop.hbase.Cell; import org.apache.hadoop.hbase.filter.Filter.ReturnCode; import org.junit.Test; -@SuppressWarnings("deprecation") public class RangerAuthorizationFilterTest { @Test @@ -61,43 +60,56 @@ public class RangerAuthorizationFilterTest { Cell aCell = mock(Cell.class); // families with know denied acess for (String family : deniedFamilies) { - when(aCell.getFamily()).thenReturn(family.getBytes()); + setFamilyArray(aCell, family.getBytes()); + setQualifierArray(aCell, new byte[0]); assertEquals(ReturnCode.NEXT_COL, filter.filterKeyValue(aCell)); } // family that isn't in allowed and if cell does not have column then it should be denied - when(aCell.getFamily()).thenReturn("family7".getBytes()); - when(aCell.getQualifier()).thenReturn(null); + setFamilyArray(aCell, "family7".getBytes()); + setQualifierArray(aCell, new byte[0]); assertEquals(ReturnCode.NEXT_COL, filter.filterKeyValue(aCell)); // families with known partial access for (String column : family7KnowGoodColumns ) { - when(aCell.getQualifier()).thenReturn(column.getBytes()); + setQualifierArray(aCell, column.getBytes()); assertEquals(ReturnCode.INCLUDE, filter.filterKeyValue(aCell)); } - when(aCell.getFamily()).thenReturn("family8".getBytes()); + setFamilyArray(aCell, "family8".getBytes()); for (String column : family8KnowGoodColumns ) { - when(aCell.getQualifier()).thenReturn(column.getBytes()); + setQualifierArray(aCell, column.getBytes()); assertEquals(ReturnCode.INCLUDE, filter.filterKeyValue(aCell)); } // try some columns that are not in the cache for (String column : new String[] { "family8-column3", "family8-column4"}) { - when(aCell.getQualifier()).thenReturn(column.getBytes()); + setQualifierArray(aCell, column.getBytes()); assertEquals(ReturnCode.NEXT_COL, filter.filterKeyValue(aCell)); } // families with known allowed access - for these we need to doctor up the session when(session.isAuthorized()).thenReturn(true); for (String family : allowedFamilies) { - when(aCell.getFamily()).thenReturn(family.getBytes()); - when(aCell.getQualifier()).thenReturn("some-column".getBytes()); + setFamilyArray(aCell, family.getBytes()); + setQualifierArray(aCell, "some-column".getBytes()); assertEquals(ReturnCode.INCLUDE, filter.filterKeyValue(aCell)); } when(session.isAuthorized()).thenReturn(false); for (String family : indeterminateFamilies) { - when(aCell.getFamily()).thenReturn(family.getBytes()); - when(aCell.getQualifier()).thenReturn("some-column".getBytes()); + setFamilyArray(aCell, family.getBytes()); + setQualifierArray(aCell, "some-column".getBytes()); assertEquals(ReturnCode.NEXT_COL, filter.filterKeyValue(aCell)); } } + private void setFamilyArray(Cell aCell, byte[] familyArray) { + when(aCell.getFamilyArray()).thenReturn(familyArray); + when(aCell.getFamilyLength()).thenReturn((byte) familyArray.length); + when(aCell.getFamilyOffset()).thenReturn(0); + } + + private void setQualifierArray(Cell aCell, byte[] qualifierArray) { + when(aCell.getQualifierArray()).thenReturn(qualifierArray); + when(aCell.getQualifierLength()).thenReturn(qualifierArray.length); + when(aCell.getQualifierOffset()).thenReturn(0); + } + AuthorizationSession createSessionMock() { AuthorizationSession session = mock(AuthorizationSession.class); when(session.column(anyString())).thenReturn(session);