Repository: hbase Updated Branches: refs/heads/0.98 a93921cc0 -> babc3a7ab refs/heads/branch-1 ab816ea67 -> 4f32987de refs/heads/master feaa8fa9c -> 2908c1137
HBASE-12301 user_permission command does not show global permissions Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/2908c113 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/2908c113 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/2908c113 Branch: refs/heads/master Commit: 2908c1137155c2167fca0a26180f9ae5fe6fd863 Parents: feaa8fa Author: Matteo Bertozzi <matteo.berto...@cloudera.com> Authored: Wed Oct 22 10:08:31 2014 +0100 Committer: Matteo Bertozzi <matteo.berto...@cloudera.com> Committed: Wed Oct 22 10:08:31 2014 +0100 ---------------------------------------------------------------------- .../apache/hadoop/hbase/protobuf/ProtobufUtil.java | 6 +++--- .../hbase/security/access/AccessControlClient.java | 17 ++++++----------- .../hbase/security/access/AccessControlLists.java | 4 ++-- hbase-shell/src/main/ruby/hbase/security.rb | 4 ++-- .../main/ruby/shell/commands/user_permission.rb | 2 +- 5 files changed, 14 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/2908c113/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java ---------------------------------------------------------------------- diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java index fd9d1ab..c7d2b24 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java @@ -2279,7 +2279,7 @@ public final class ProtobufUtil { AccessControlProtos.GetUserPermissionsRequest request = builder.build(); AccessControlProtos.GetUserPermissionsResponse response = protocol.getUserPermissions(null, request); - List<UserPermission> perms = new ArrayList<UserPermission>(); + List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount()); for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) { perms.add(ProtobufUtil.toUserPermission(perm)); } @@ -2307,7 +2307,7 @@ public final class ProtobufUtil { AccessControlProtos.GetUserPermissionsRequest request = builder.build(); AccessControlProtos.GetUserPermissionsResponse response = protocol.getUserPermissions(null, request); - List<UserPermission> perms = new ArrayList<UserPermission>(); + List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount()); for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) { perms.add(ProtobufUtil.toUserPermission(perm)); } @@ -2335,7 +2335,7 @@ public final class ProtobufUtil { AccessControlProtos.GetUserPermissionsRequest request = builder.build(); AccessControlProtos.GetUserPermissionsResponse response = protocol.getUserPermissions(null, request); - List<UserPermission> perms = new ArrayList<UserPermission>(); + List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount()); for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) { perms.add(ProtobufUtil.toUserPermission(perm)); } http://git-wip-us.apache.org/repos/asf/hbase/blob/2908c113/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java ---------------------------------------------------------------------- diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java index eb63751..922bf67 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java @@ -47,12 +47,11 @@ import org.apache.hadoop.hbase.util.Bytes; @InterfaceAudience.Public @InterfaceStability.Evolving public class AccessControlClient { + public static final TableName ACL_TABLE_NAME = + TableName.valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR, "acl"); private static HTable getAclTable(Configuration conf) throws IOException { - TableName aclTableName = - TableName.valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR, - AccessControlConstants.OP_ATTRIBUTE_ACL); - return new HTable(conf, aclTableName.getName()); + return new HTable(conf, ACL_TABLE_NAME); } private static BlockingInterface getAccessControlServiceStub(HTable ht) @@ -111,12 +110,10 @@ public class AccessControlClient { public static boolean isAccessControllerRunning(Configuration conf) throws MasterNotRunningException, ZooKeeperConnectionException, IOException { - TableName aclTableName = TableName - .valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR, "acl"); HBaseAdmin ha = null; try { ha = new HBaseAdmin(conf); - return ha.isTableAvailable(aclTableName.getNameAsString()); + return ha.isTableAvailable(ACL_TABLE_NAME); } finally { if (ha != null) { ha.close(); @@ -183,16 +180,14 @@ public class AccessControlClient { Table ht = null; Admin ha = null; try { - TableName aclTableName = TableName.valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR, - "acl"); ha = new HBaseAdmin(conf); - ht = new HTable(conf, aclTableName); + ht = new HTable(conf, ACL_TABLE_NAME); CoprocessorRpcChannel service = ht.coprocessorService(HConstants.EMPTY_START_ROW); BlockingInterface protocol = AccessControlProtos.AccessControlService .newBlockingStub(service); HTableDescriptor[] htds = null; - if (tableRegex == null) { + if (tableRegex == null || tableRegex.isEmpty()) { permList = ProtobufUtil.getUserPermissions(protocol); } else if (tableRegex.charAt(0) == '@') { String namespace = tableRegex.substring(1); http://git-wip-us.apache.org/repos/asf/hbase/blob/2908c113/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java index 007e610..c49bc33 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java @@ -464,7 +464,7 @@ public class AccessControlLists { */ static ListMultimap<String, TablePermission> getPermissions(Configuration conf, byte[] entryName) throws IOException { - if (entryName == null) entryName = ACL_TABLE_NAME.getName(); + if (entryName == null) entryName = ACL_GLOBAL_NAME; // for normal user tables, we just read the table row from _acl_ ListMultimap<String, TablePermission> perms = ArrayListMultimap.create(); @@ -659,7 +659,7 @@ public class AccessControlLists { public static boolean isNamespaceEntry(byte[] entryName) { return entryName[0] == NAMESPACE_PREFIX; } - + public static String toNamespaceEntry(String namespace) { return NAMESPACE_PREFIX + namespace; } http://git-wip-us.apache.org/repos/asf/hbase/blob/2908c113/hbase-shell/src/main/ruby/hbase/security.rb ---------------------------------------------------------------------- diff --git a/hbase-shell/src/main/ruby/hbase/security.rb b/hbase-shell/src/main/ruby/hbase/security.rb index 1361c19..154c5ca 100644 --- a/hbase-shell/src/main/ruby/hbase/security.rb +++ b/hbase-shell/src/main/ruby/hbase/security.rb @@ -156,13 +156,13 @@ module Hbase count = 0 all_perms.each do |value| user_name = String.from_java_bytes(value.getUser) - if (isNamespace?(table_regex)) + if (table_regex != nil && isNamespace?(table_regex)) namespace = table_regex[1...table_regex.length] else namespace = (value.getTableName != nil) ? value.getTableName.getNamespaceAsString() : '' end table = (value.getTableName != nil) ? value.getTableName.getNameAsString() : '' - family = (value.getFamily != nil) ? + family = (value.getFamily != nil) ? org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getFamily) : '' qualifier = (value.getQualifier != nil) ? http://git-wip-us.apache.org/repos/asf/hbase/blob/2908c113/hbase-shell/src/main/ruby/shell/commands/user_permission.rb ---------------------------------------------------------------------- diff --git a/hbase-shell/src/main/ruby/shell/commands/user_permission.rb b/hbase-shell/src/main/ruby/shell/commands/user_permission.rb index 7c29261..57d83be 100644 --- a/hbase-shell/src/main/ruby/shell/commands/user_permission.rb +++ b/hbase-shell/src/main/ruby/shell/commands/user_permission.rb @@ -33,7 +33,7 @@ For example: EOF end - def command(table_regex=".*") + def command(table_regex=nil) #format_simple_command do #admin.user_permission(table_regex) now = Time.now