[jira] [Updated] (HBASE-26001) When turn on access control, the cell level TTL of Increment and Append operations is invalid.

Yutong Xiao (Jira) Mon, 14 Jun 2021 08:45:05 -0700


     [ 
https://issues.apache.org/jira/browse/HBASE-26001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Yutong Xiao updated HBASE-26001:
--------------------------------
    Description: 
AccessController will rewrite the new cell's tags by the old cell's. This will 
makes the other kinds of tag in new cell invisible (apart from ACL tag) after 
this. As in Increment and Append operations, the new cell has already catch 
forward all tags of the old cell, here in AccessController we do not rewrite 
the tags once again. Actually, in Increment and Append operations, the newCell 
has already copied all tags of the oldCell. So the oldCell is useless here.

{code:java}
private Cell createNewCellWithTags(Mutation mutation, Cell oldCell, Cell 
newCell) {
    // Collect any ACLs from the old cell
    List<Tag> tags = Lists.newArrayList();
    List<Tag> aclTags = Lists.newArrayList();
    ListMultimap<String,Permission> perms = ArrayListMultimap.create();
    if (oldCell != null) {
      Iterator<Tag> tagIterator = PrivateCellUtil.tagsIterator(oldCell);
      while (tagIterator.hasNext()) {
        Tag tag = tagIterator.next();
        if (tag.getType() != PermissionStorage.ACL_TAG_TYPE) {
          // Not an ACL tag, just carry it through
          if (LOG.isTraceEnabled()) {
            LOG.trace("Carrying forward tag from " + oldCell + ": type " + 
tag.getType()
                + " length " + tag.getValueLength());
          }
          tags.add(tag);
        } else {
          aclTags.add(tag);
        }
      }
    }

    // Do we have an ACL on the operation?
    byte[] aclBytes = mutation.getACL();
    if (aclBytes != null) {
      // Yes, use it
      tags.add(new ArrayBackedTag(PermissionStorage.ACL_TAG_TYPE, aclBytes));
    } else {
      // No, use what we carried forward
      if (perms != null) {
        // TODO: If we collected ACLs from more than one tag we may have a
        // List<Permission> of size > 1, this can be collapsed into a single
        // Permission
        if (LOG.isTraceEnabled()) {
          LOG.trace("Carrying forward ACLs from " + oldCell + ": " + perms);
        }
        tags.addAll(aclTags);
      }
    }

    // If we have no tags to add, just return
    if (tags.isEmpty()) {
      return newCell;
    }
    // Here the new cell's tags will be in visible.
    return PrivateCellUtil.createCell(newCell, tags);
  }
{code}


  was:
AccessController will rewrite the new cell's tags by the old cell's. This will 
makes the other kinds of tag in new cell invisible (apart from ACL tag) after 
this. As in Increment and Append operations, the new cell has already catch 
forward all tags of the old cell, here in AccessController we do not rewrite 
the tags once again.

{code:java}
private Cell createNewCellWithTags(Mutation mutation, Cell oldCell, Cell 
newCell) {
    // Collect any ACLs from the old cell
    List<Tag> tags = Lists.newArrayList();
    List<Tag> aclTags = Lists.newArrayList();
    ListMultimap<String,Permission> perms = ArrayListMultimap.create();
    if (oldCell != null) {
      Iterator<Tag> tagIterator = PrivateCellUtil.tagsIterator(oldCell);
      while (tagIterator.hasNext()) {
        Tag tag = tagIterator.next();
        if (tag.getType() != PermissionStorage.ACL_TAG_TYPE) {
          // Not an ACL tag, just carry it through
          if (LOG.isTraceEnabled()) {
            LOG.trace("Carrying forward tag from " + oldCell + ": type " + 
tag.getType()
                + " length " + tag.getValueLength());
          }
          tags.add(tag);
        } else {
          aclTags.add(tag);
        }
      }
    }

    // Do we have an ACL on the operation?
    byte[] aclBytes = mutation.getACL();
    if (aclBytes != null) {
      // Yes, use it
      tags.add(new ArrayBackedTag(PermissionStorage.ACL_TAG_TYPE, aclBytes));
    } else {
      // No, use what we carried forward
      if (perms != null) {
        // TODO: If we collected ACLs from more than one tag we may have a
        // List<Permission> of size > 1, this can be collapsed into a single
        // Permission
        if (LOG.isTraceEnabled()) {
          LOG.trace("Carrying forward ACLs from " + oldCell + ": " + perms);
        }
        tags.addAll(aclTags);
      }
    }

    // If we have no tags to add, just return
    if (tags.isEmpty()) {
      return newCell;
    }
    // Here the new cell's tags will be in visible.
    return PrivateCellUtil.createCell(newCell, tags);
  }
{code}



> When turn on access control, the cell level TTL of Increment and Append 
> operations is invalid.
> ----------------------------------------------------------------------------------------------
>
>                 Key: HBASE-26001
>                 URL: https://issues.apache.org/jira/browse/HBASE-26001
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Yutong Xiao
>            Assignee: Yutong Xiao
>            Priority: Major
>
> AccessController will rewrite the new cell's tags by the old cell's. This 
> will makes the other kinds of tag in new cell invisible (apart from ACL tag) 
> after this. As in Increment and Append operations, the new cell has already 
> catch forward all tags of the old cell, here in AccessController we do not 
> rewrite the tags once again. Actually, in Increment and Append operations, 
> the newCell has already copied all tags of the oldCell. So the oldCell is 
> useless here.
> {code:java}
> private Cell createNewCellWithTags(Mutation mutation, Cell oldCell, Cell 
> newCell) {
>     // Collect any ACLs from the old cell
>     List<Tag> tags = Lists.newArrayList();
>     List<Tag> aclTags = Lists.newArrayList();
>     ListMultimap<String,Permission> perms = ArrayListMultimap.create();
>     if (oldCell != null) {
>       Iterator<Tag> tagIterator = PrivateCellUtil.tagsIterator(oldCell);
>       while (tagIterator.hasNext()) {
>         Tag tag = tagIterator.next();
>         if (tag.getType() != PermissionStorage.ACL_TAG_TYPE) {
>           // Not an ACL tag, just carry it through
>           if (LOG.isTraceEnabled()) {
>             LOG.trace("Carrying forward tag from " + oldCell + ": type " + 
> tag.getType()
>                 + " length " + tag.getValueLength());
>           }
>           tags.add(tag);
>         } else {
>           aclTags.add(tag);
>         }
>       }
>     }
>     // Do we have an ACL on the operation?
>     byte[] aclBytes = mutation.getACL();
>     if (aclBytes != null) {
>       // Yes, use it
>       tags.add(new ArrayBackedTag(PermissionStorage.ACL_TAG_TYPE, aclBytes));
>     } else {
>       // No, use what we carried forward
>       if (perms != null) {
>         // TODO: If we collected ACLs from more than one tag we may have a
>         // List<Permission> of size > 1, this can be collapsed into a single
>         // Permission
>         if (LOG.isTraceEnabled()) {
>           LOG.trace("Carrying forward ACLs from " + oldCell + ": " + perms);
>         }
>         tags.addAll(aclTags);
>       }
>     }
>     // If we have no tags to add, just return
>     if (tags.isEmpty()) {
>       return newCell;
>     }
>     // Here the new cell's tags will be in visible.
>     return PrivateCellUtil.createCell(newCell, tags);
>   }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (HBASE-26001) When turn on access control, the cell level TTL of Increment and Append operations is invalid.

Reply via email to