Repository: hbase Updated Branches: refs/heads/branch-1 e65004aee -> 28ebd29f0 refs/heads/branch-1.2 0f3bf5489 -> ef847f841 refs/heads/branch-1.3 0507413fe -> 9b1f379f2 refs/heads/branch-1.4 7446b8eaf -> 9519ec2ea refs/heads/branch-2 9cbf936f9 -> 0743bda05
HBASE-19970 Remove unused functions from TableAuthManager. Functions deleted: setTableUserPermissions, setTableGroupPermissions, setNamespaceUserPermissions, setNamespaceGroupPermissions, writeTableToZooKeeper, writeNamespaceToZooKeeper Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/f563b7cf Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/f563b7cf Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/f563b7cf Branch: refs/heads/branch-1.4 Commit: f563b7cf0d3cc15f361f3bb7581db9faf26235a9 Parents: 7446b8e Author: Apekshit Sharma <a...@apache.org> Authored: Mon Feb 12 16:16:38 2018 -0800 Committer: Andrew Purtell <apurt...@apache.org> Committed: Wed Feb 14 14:56:24 2018 -0800 ---------------------------------------------------------------------- .../security/access/AccessControlLists.java | 9 +- .../hbase/security/access/AccessController.java | 4 +- .../hbase/security/access/TableAuthManager.java | 75 -------- .../security/access/TestTablePermissions.java | 2 +- .../access/TestZKPermissionWatcher.java | 179 +++++++++++++++++++ .../access/TestZKPermissionsWatcher.java | 178 ------------------ 6 files changed, 188 insertions(+), 259 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/f563b7cf/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java index 57c0f7b..f508110 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java @@ -73,6 +73,10 @@ import org.apache.hadoop.io.Text; import com.google.common.collect.ArrayListMultimap; import com.google.common.collect.ListMultimap; import com.google.common.collect.Lists; +import org.apache.hadoop.io.Writable; +import org.apache.hadoop.io.WritableFactories; +import org.apache.hadoop.io.WritableUtils; +import org.apache.jasper.tagplugins.jstl.core.Remove; /** * Maintains lists of permission grants to users and groups to allow for @@ -667,8 +671,7 @@ public class AccessControlLists { * * Writes a set of permission [user: table permission] */ - public static byte[] writePermissionsAsBytes(ListMultimap<String, TablePermission> perms, - Configuration conf) { + public static byte[] writePermissionsAsBytes(ListMultimap<String, TablePermission> perms) { return ProtobufUtil.prependPBMagic(ProtobufUtil.toUserTablePermissions(perms).toByteArray()); } @@ -755,7 +758,7 @@ public class AccessControlLists { // Deserialize the table permissions from the KV // TODO: This can be improved. Don't build UsersAndPermissions just to unpack it again, // use the builder - AccessControlProtos.UsersAndPermissions.Builder builder = + AccessControlProtos.UsersAndPermissions.Builder builder = AccessControlProtos.UsersAndPermissions.newBuilder(); ProtobufUtil.mergeFrom(builder, tag.getBuffer(), tag.getTagOffset(), tag.getTagLength()); ListMultimap<String,Permission> kvPerms = http://git-wip-us.apache.org/repos/asf/hbase/blob/f563b7cf/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java index fd0a704..c889a3e 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java @@ -243,7 +243,7 @@ public class AccessController extends BaseMasterAndRegionObserver tables.entrySet()) { byte[] entry = t.getKey(); ListMultimap<String,TablePermission> perms = t.getValue(); - byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms, conf); + byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms); getAuthManager().getZKPermissionWatcher().writeToZookeeper(entry, serialized); } initialized = true; @@ -275,7 +275,7 @@ public class AccessController extends BaseMasterAndRegionObserver try (Table t = regionEnv.getTable(AccessControlLists.ACL_TABLE_NAME)) { ListMultimap<String,TablePermission> perms = AccessControlLists.getPermissions(conf, entry, t); - byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms, conf); + byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms); zkw.writeToZookeeper(entry, serialized); } } catch (IOException ex) { http://git-wip-us.apache.org/repos/asf/hbase/blob/f563b7cf/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java index a12757d..0aabcb3 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java @@ -659,81 +659,6 @@ public class TableAuthManager implements Closeable { tableCache.remove(table); } - /** - * Overwrites the existing permission set for a given user for a table, and - * triggers an update for zookeeper synchronization. - * @param username - * @param table - * @param perms - */ - public void setTableUserPermissions(String username, TableName table, - List<TablePermission> perms) { - PermissionCache<TablePermission> tablePerms = getTablePermissions(table); - tablePerms.replaceUser(username, perms); - writeTableToZooKeeper(table, tablePerms); - } - - /** - * Overwrites the existing permission set for a group and triggers an update - * for zookeeper synchronization. - * @param group - * @param table - * @param perms - */ - public void setTableGroupPermissions(String group, TableName table, - List<TablePermission> perms) { - PermissionCache<TablePermission> tablePerms = getTablePermissions(table); - tablePerms.replaceGroup(group, perms); - writeTableToZooKeeper(table, tablePerms); - } - - /** - * Overwrites the existing permission set for a given user for a table, and - * triggers an update for zookeeper synchronization. - * @param username - * @param namespace - * @param perms - */ - public void setNamespaceUserPermissions(String username, String namespace, - List<TablePermission> perms) { - PermissionCache<TablePermission> tablePerms = getNamespacePermissions(namespace); - tablePerms.replaceUser(username, perms); - writeNamespaceToZooKeeper(namespace, tablePerms); - } - - /** - * Overwrites the existing permission set for a group and triggers an update - * for zookeeper synchronization. - * @param group - * @param namespace - * @param perms - */ - public void setNamespaceGroupPermissions(String group, String namespace, - List<TablePermission> perms) { - PermissionCache<TablePermission> tablePerms = getNamespacePermissions(namespace); - tablePerms.replaceGroup(group, perms); - writeNamespaceToZooKeeper(namespace, tablePerms); - } - - public void writeTableToZooKeeper(TableName table, - PermissionCache<TablePermission> tablePerms) { - byte[] serialized = new byte[0]; - if (tablePerms != null) { - serialized = AccessControlLists.writePermissionsAsBytes(tablePerms.getAllPermissions(), conf); - } - zkperms.writeToZookeeper(table.getName(), serialized); - } - - public void writeNamespaceToZooKeeper(String namespace, - PermissionCache<TablePermission> tablePerms) { - byte[] serialized = new byte[0]; - if (tablePerms != null) { - serialized = AccessControlLists.writePermissionsAsBytes(tablePerms.getAllPermissions(), conf); - } - zkperms.writeToZookeeper(Bytes.toBytes(AccessControlLists.toNamespaceEntry(namespace)), - serialized); - } - public long getMTime() { return mtime.get(); } http://git-wip-us.apache.org/repos/asf/hbase/blob/f563b7cf/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java index f8fad9f..26ca9eb 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java @@ -323,7 +323,7 @@ public class TestTablePermissions { public void testSerialization() throws Exception { Configuration conf = UTIL.getConfiguration(); ListMultimap<String,TablePermission> permissions = createPermissions(); - byte[] permsData = AccessControlLists.writePermissionsAsBytes(permissions, conf); + byte[] permsData = AccessControlLists.writePermissionsAsBytes(permissions); ListMultimap<String, TablePermission> copy = AccessControlLists.readPermissions(permsData, conf); http://git-wip-us.apache.org/repos/asf/hbase/blob/f563b7cf/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java new file mode 100644 index 0000000..a80f184 --- /dev/null +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java @@ -0,0 +1,179 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hbase.security.access; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import com.google.common.collect.ArrayListMultimap; +import com.google.common.collect.ListMultimap; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.concurrent.atomic.AtomicBoolean; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.hbase.Abortable; +import org.apache.hadoop.hbase.TableName; +import org.apache.hadoop.hbase.HBaseTestingUtility; +import org.apache.hadoop.hbase.testclassification.LargeTests; +import org.apache.hadoop.hbase.Waiter.Predicate; +import org.apache.hadoop.hbase.security.User; +import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +/** + * Test the reading and writing of access permissions to and from zookeeper. + */ +@Category(LargeTests.class) +public class TestZKPermissionsWatcher { + private static final Log LOG = LogFactory.getLog(TestZKPermissionsWatcher.class); + private static final HBaseTestingUtility UTIL = new HBaseTestingUtility(); + private static TableAuthManager AUTH_A; + private static TableAuthManager AUTH_B; + private final static Abortable ABORTABLE = new Abortable() { + private final AtomicBoolean abort = new AtomicBoolean(false); + + @Override + public void abort(String why, Throwable e) { + LOG.info(why, e); + abort.set(true); + } + + @Override + public boolean isAborted() { + return abort.get(); + } + }; + + private static TableName TEST_TABLE = + TableName.valueOf("perms_test"); + + @BeforeClass + public static void beforeClass() throws Exception { + // setup configuration + Configuration conf = UTIL.getConfiguration(); + SecureTestUtil.enableSecurity(conf); + + // start minicluster + UTIL.startMiniCluster(); + AUTH_A = TableAuthManager.getOrCreate(new ZooKeeperWatcher(conf, + "TestZKPermissionsWatcher_1", ABORTABLE), conf); + AUTH_B = TableAuthManager.getOrCreate(new ZooKeeperWatcher(conf, + "TestZKPermissionsWatcher_2", ABORTABLE), conf); + } + + @AfterClass + public static void afterClass() throws Exception { + UTIL.shutdownMiniCluster(); + } + + private void setTableACL( + User user, TableAuthManager srcAuthManager, TableAuthManager destAuthManager, + TablePermission.Action... actions) throws Exception{ + // update ACL: george RW + ListMultimap<String, TablePermission> perms = ArrayListMultimap.create(); + perms.replaceValues(user.getShortName(), + Collections.singletonList(new TablePermission(TEST_TABLE, null, actions))); + byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms); + final long mtime = destAuthManager.getMTime(); + srcAuthManager.getZKPermissionWatcher().writeToZookeeper(TEST_TABLE.getName(), serialized); + // Wait for the update to propagate + UTIL.waitFor(10000, 100, new Predicate<Exception>() { + @Override + public boolean evaluate() throws Exception { + return destAuthManager.getMTime() > mtime; + } + }); + Thread.sleep(1000); + } + + @Test + public void testPermissionsWatcher() throws Exception { + Configuration conf = UTIL.getConfiguration(); + User george = User.createUserForTesting(conf, "george", new String[] { }); + User hubert = User.createUserForTesting(conf, "hubert", new String[] { }); + + assertFalse(AUTH_A.authorizeUser(george, TEST_TABLE, null, + TablePermission.Action.READ)); + assertFalse(AUTH_A.authorizeUser(george, TEST_TABLE, null, + TablePermission.Action.WRITE)); + assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null, + TablePermission.Action.READ)); + assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null, + TablePermission.Action.WRITE)); + + assertFalse(AUTH_B.authorizeUser(george, TEST_TABLE, null, + TablePermission.Action.READ)); + assertFalse(AUTH_B.authorizeUser(george, TEST_TABLE, null, + TablePermission.Action.WRITE)); + assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null, + TablePermission.Action.READ)); + assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null, + TablePermission.Action.WRITE)); + + // update ACL: george, RW + setTableACL(george, AUTH_A, AUTH_B, + TablePermission.Action.READ, TablePermission.Action.WRITE); + + // check it + assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null, + TablePermission.Action.READ)); + assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null, + TablePermission.Action.WRITE)); + assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null, + TablePermission.Action.READ)); + assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null, + TablePermission.Action.WRITE)); + assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null, + TablePermission.Action.READ)); + assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null, + TablePermission.Action.WRITE)); + assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null, + TablePermission.Action.READ)); + assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null, + TablePermission.Action.WRITE)); + + // update ACL: hubert, Read + setTableACL(hubert, AUTH_B, AUTH_A, TablePermission.Action.READ); + + // check it + assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null, + TablePermission.Action.READ)); + assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null, + TablePermission.Action.WRITE)); + assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null, + TablePermission.Action.READ)); + assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null, + TablePermission.Action.WRITE)); + assertTrue(AUTH_A.authorizeUser(hubert, TEST_TABLE, null, + TablePermission.Action.READ)); + assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null, + TablePermission.Action.WRITE)); + assertTrue(AUTH_B.authorizeUser(hubert, TEST_TABLE, null, + TablePermission.Action.READ)); + assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null, + TablePermission.Action.WRITE)); + } +} http://git-wip-us.apache.org/repos/asf/hbase/blob/f563b7cf/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java deleted file mode 100644 index c99cbaa..0000000 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java +++ /dev/null @@ -1,178 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hbase.security.access; - -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; - -import java.util.ArrayList; -import java.util.List; -import java.util.concurrent.atomic.AtomicBoolean; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.hbase.Abortable; -import org.apache.hadoop.hbase.TableName; -import org.apache.hadoop.hbase.HBaseTestingUtility; -import org.apache.hadoop.hbase.testclassification.LargeTests; -import org.apache.hadoop.hbase.Waiter.Predicate; -import org.apache.hadoop.hbase.security.User; -import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher; -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -/** - * Test the reading and writing of access permissions to and from zookeeper. - */ -@Category(LargeTests.class) -public class TestZKPermissionsWatcher { - private static final Log LOG = LogFactory.getLog(TestZKPermissionsWatcher.class); - private static final HBaseTestingUtility UTIL = new HBaseTestingUtility(); - private static TableAuthManager AUTH_A; - private static TableAuthManager AUTH_B; - private final static Abortable ABORTABLE = new Abortable() { - private final AtomicBoolean abort = new AtomicBoolean(false); - - @Override - public void abort(String why, Throwable e) { - LOG.info(why, e); - abort.set(true); - } - - @Override - public boolean isAborted() { - return abort.get(); - } - }; - - private static TableName TEST_TABLE = - TableName.valueOf("perms_test"); - - @BeforeClass - public static void beforeClass() throws Exception { - // setup configuration - Configuration conf = UTIL.getConfiguration(); - SecureTestUtil.enableSecurity(conf); - - // start minicluster - UTIL.startMiniCluster(); - AUTH_A = TableAuthManager.getOrCreate(new ZooKeeperWatcher(conf, - "TestZKPermissionsWatcher_1", ABORTABLE), conf); - AUTH_B = TableAuthManager.getOrCreate(new ZooKeeperWatcher(conf, - "TestZKPermissionsWatcher_2", ABORTABLE), conf); - } - - @AfterClass - public static void afterClass() throws Exception { - UTIL.shutdownMiniCluster(); - } - - @Test - public void testPermissionsWatcher() throws Exception { - Configuration conf = UTIL.getConfiguration(); - User george = User.createUserForTesting(conf, "george", new String[] { }); - User hubert = User.createUserForTesting(conf, "hubert", new String[] { }); - - assertFalse(AUTH_A.authorizeUser(george, TEST_TABLE, null, - TablePermission.Action.READ)); - assertFalse(AUTH_A.authorizeUser(george, TEST_TABLE, null, - TablePermission.Action.WRITE)); - assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null, - TablePermission.Action.READ)); - assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null, - TablePermission.Action.WRITE)); - - assertFalse(AUTH_B.authorizeUser(george, TEST_TABLE, null, - TablePermission.Action.READ)); - assertFalse(AUTH_B.authorizeUser(george, TEST_TABLE, null, - TablePermission.Action.WRITE)); - assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null, - TablePermission.Action.READ)); - assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null, - TablePermission.Action.WRITE)); - - // update ACL: george RW - List<TablePermission> acl = new ArrayList<TablePermission>(); - acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ, - TablePermission.Action.WRITE)); - final long mtimeB = AUTH_B.getMTime(); - AUTH_A.setTableUserPermissions(george.getShortName(), TEST_TABLE, acl); - // Wait for the update to propagate - UTIL.waitFor(10000, 100, new Predicate<Exception>() { - @Override - public boolean evaluate() throws Exception { - return AUTH_B.getMTime() > mtimeB; - } - }); - Thread.sleep(1000); - - // check it - assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null, - TablePermission.Action.READ)); - assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null, - TablePermission.Action.WRITE)); - assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null, - TablePermission.Action.READ)); - assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null, - TablePermission.Action.WRITE)); - assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null, - TablePermission.Action.READ)); - assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null, - TablePermission.Action.WRITE)); - assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null, - TablePermission.Action.READ)); - assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null, - TablePermission.Action.WRITE)); - - // update ACL: hubert R - acl = new ArrayList<TablePermission>(); - acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ)); - final long mtimeA = AUTH_A.getMTime(); - AUTH_B.setTableUserPermissions("hubert", TEST_TABLE, acl); - // Wait for the update to propagate - UTIL.waitFor(10000, 100, new Predicate<Exception>() { - @Override - public boolean evaluate() throws Exception { - return AUTH_A.getMTime() > mtimeA; - } - }); - Thread.sleep(1000); - - // check it - assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null, - TablePermission.Action.READ)); - assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null, - TablePermission.Action.WRITE)); - assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null, - TablePermission.Action.READ)); - assertTrue(AUTH_B.authorizeUser(george, TEST_TABLE, null, - TablePermission.Action.WRITE)); - assertTrue(AUTH_A.authorizeUser(hubert, TEST_TABLE, null, - TablePermission.Action.READ)); - assertFalse(AUTH_A.authorizeUser(hubert, TEST_TABLE, null, - TablePermission.Action.WRITE)); - assertTrue(AUTH_B.authorizeUser(hubert, TEST_TABLE, null, - TablePermission.Action.READ)); - assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null, - TablePermission.Action.WRITE)); - } -}