You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Yutong Xiao (Jira)" <ji...@apache.org> on 2021/06/14 11:35:00 UTC

[jira] [Updated] (HBASE-26001) When turn on access control, the TTL of Increment and Append operations is invalid.

     [ https://issues.apache.org/jira/browse/HBASE-26001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Yutong Xiao updated HBASE-26001:
--------------------------------
    Description: 
AccessController will rewrite the new cell's tags by the old cell's. This will makes the other kinds of tag in new cell invisible (apart from ACL tag) after this. As in Increment and Append operations, the new cell has already catch forward all tags of the old cell, here in AccessController we do not rewrite the tags once again.

{code:java}
private Cell createNewCellWithTags(Mutation mutation, Cell oldCell, Cell newCell) {
    // Collect any ACLs from the old cell
    List<Tag> tags = Lists.newArrayList();
    List<Tag> aclTags = Lists.newArrayList();
    ListMultimap<String,Permission> perms = ArrayListMultimap.create();
    if (oldCell != null) {
      Iterator<Tag> tagIterator = PrivateCellUtil.tagsIterator(oldCell);
      while (tagIterator.hasNext()) {
        Tag tag = tagIterator.next();
        if (tag.getType() != PermissionStorage.ACL_TAG_TYPE) {
          // Not an ACL tag, just carry it through
          if (LOG.isTraceEnabled()) {
            LOG.trace("Carrying forward tag from " + oldCell + ": type " + tag.getType()
                + " length " + tag.getValueLength());
          }
          tags.add(tag);
        } else {
          aclTags.add(tag);
        }
      }
    }

    // Do we have an ACL on the operation?
    byte[] aclBytes = mutation.getACL();
    if (aclBytes != null) {
      // Yes, use it
      tags.add(new ArrayBackedTag(PermissionStorage.ACL_TAG_TYPE, aclBytes));
    } else {
      // No, use what we carried forward
      if (perms != null) {
        // TODO: If we collected ACLs from more than one tag we may have a
        // List<Permission> of size > 1, this can be collapsed into a single
        // Permission
        if (LOG.isTraceEnabled()) {
          LOG.trace("Carrying forward ACLs from " + oldCell + ": " + perms);
        }
        tags.addAll(aclTags);
      }
    }

    // If we have no tags to add, just return
    if (tags.isEmpty()) {
      return newCell;
    }
    // Here the new cell's tags will be in visible.
    return PrivateCellUtil.createCell(newCell, tags);
  }
{code}


  was:AccessController will rewrite the new cell's tags by the old cell's. This will makes the other kinds of tag in new cell invisible (apart from ACL tag) after this. As in Increment and Append operations, the new cell has already catch forward all tags of the old cell, here in AccessController we do not rewrite the tags once again.


> When turn on access control, the TTL of Increment and Append operations is invalid.
> -----------------------------------------------------------------------------------
>
>                 Key: HBASE-26001
>                 URL: https://issues.apache.org/jira/browse/HBASE-26001
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Yutong Xiao
>            Assignee: Yutong Xiao
>            Priority: Major
>
> AccessController will rewrite the new cell's tags by the old cell's. This will makes the other kinds of tag in new cell invisible (apart from ACL tag) after this. As in Increment and Append operations, the new cell has already catch forward all tags of the old cell, here in AccessController we do not rewrite the tags once again.
> {code:java}
> private Cell createNewCellWithTags(Mutation mutation, Cell oldCell, Cell newCell) {
>     // Collect any ACLs from the old cell
>     List<Tag> tags = Lists.newArrayList();
>     List<Tag> aclTags = Lists.newArrayList();
>     ListMultimap<String,Permission> perms = ArrayListMultimap.create();
>     if (oldCell != null) {
>       Iterator<Tag> tagIterator = PrivateCellUtil.tagsIterator(oldCell);
>       while (tagIterator.hasNext()) {
>         Tag tag = tagIterator.next();
>         if (tag.getType() != PermissionStorage.ACL_TAG_TYPE) {
>           // Not an ACL tag, just carry it through
>           if (LOG.isTraceEnabled()) {
>             LOG.trace("Carrying forward tag from " + oldCell + ": type " + tag.getType()
>                 + " length " + tag.getValueLength());
>           }
>           tags.add(tag);
>         } else {
>           aclTags.add(tag);
>         }
>       }
>     }
>     // Do we have an ACL on the operation?
>     byte[] aclBytes = mutation.getACL();
>     if (aclBytes != null) {
>       // Yes, use it
>       tags.add(new ArrayBackedTag(PermissionStorage.ACL_TAG_TYPE, aclBytes));
>     } else {
>       // No, use what we carried forward
>       if (perms != null) {
>         // TODO: If we collected ACLs from more than one tag we may have a
>         // List<Permission> of size > 1, this can be collapsed into a single
>         // Permission
>         if (LOG.isTraceEnabled()) {
>           LOG.trace("Carrying forward ACLs from " + oldCell + ": " + perms);
>         }
>         tags.addAll(aclTags);
>       }
>     }
>     // If we have no tags to add, just return
>     if (tags.isEmpty()) {
>       return newCell;
>     }
>     // Here the new cell's tags will be in visible.
>     return PrivateCellUtil.createCell(newCell, tags);
>   }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)