You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by mb...@apache.org on 2014/10/22 11:48:30 UTC

[2/3] git commit: HBASE-12301 user_permission command does not show global permissions

HBASE-12301 user_permission command does not show global permissions


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/4f32987d
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/4f32987d
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/4f32987d

Branch: refs/heads/branch-1
Commit: 4f32987de786d6e56d0eb8b90f37179216c39a91
Parents: ab816ea
Author: Matteo Bertozzi <ma...@cloudera.com>
Authored: Wed Oct 22 10:08:31 2014 +0100
Committer: Matteo Bertozzi <ma...@cloudera.com>
Committed: Wed Oct 22 10:13:46 2014 +0100

----------------------------------------------------------------------
 .../apache/hadoop/hbase/protobuf/ProtobufUtil.java |  6 +++---
 .../hbase/security/access/AccessControlClient.java | 17 ++++++-----------
 .../hbase/security/access/AccessControlLists.java  |  4 ++--
 hbase-shell/src/main/ruby/hbase/security.rb        |  4 ++--
 .../main/ruby/shell/commands/user_permission.rb    |  2 +-
 5 files changed, 14 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/4f32987d/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java
index 9152e38..d8db312 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java
@@ -2278,7 +2278,7 @@ public final class ProtobufUtil {
     AccessControlProtos.GetUserPermissionsRequest request = builder.build();
     AccessControlProtos.GetUserPermissionsResponse response =
       protocol.getUserPermissions(null, request);
-    List<UserPermission> perms = new ArrayList<UserPermission>();
+    List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount());
     for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) {
       perms.add(ProtobufUtil.toUserPermission(perm));
     }
@@ -2306,7 +2306,7 @@ public final class ProtobufUtil {
     AccessControlProtos.GetUserPermissionsRequest request = builder.build();
     AccessControlProtos.GetUserPermissionsResponse response =
       protocol.getUserPermissions(null, request);
-    List<UserPermission> perms = new ArrayList<UserPermission>();
+    List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount());
     for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) {
       perms.add(ProtobufUtil.toUserPermission(perm));
     }
@@ -2334,7 +2334,7 @@ public final class ProtobufUtil {
     AccessControlProtos.GetUserPermissionsRequest request = builder.build();
     AccessControlProtos.GetUserPermissionsResponse response =
       protocol.getUserPermissions(null, request);
-    List<UserPermission> perms = new ArrayList<UserPermission>();
+    List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount());
     for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) {
       perms.add(ProtobufUtil.toUserPermission(perm));
     }

http://git-wip-us.apache.org/repos/asf/hbase/blob/4f32987d/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
index eb63751..922bf67 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
@@ -47,12 +47,11 @@ import org.apache.hadoop.hbase.util.Bytes;
 @InterfaceAudience.Public
 @InterfaceStability.Evolving
 public class AccessControlClient {
+  public static final TableName ACL_TABLE_NAME =
+      TableName.valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR, "acl");
 
   private static HTable getAclTable(Configuration conf) throws IOException {
-    TableName aclTableName =
-        TableName.valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR,
-            AccessControlConstants.OP_ATTRIBUTE_ACL);
-    return new HTable(conf, aclTableName.getName());
+    return new HTable(conf, ACL_TABLE_NAME);
   }
 
   private static BlockingInterface getAccessControlServiceStub(HTable ht)
@@ -111,12 +110,10 @@ public class AccessControlClient {
 
   public static boolean isAccessControllerRunning(Configuration conf)
       throws MasterNotRunningException, ZooKeeperConnectionException, IOException {
-    TableName aclTableName = TableName
-        .valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR, "acl");
     HBaseAdmin ha = null;
     try {
       ha = new HBaseAdmin(conf);
-      return ha.isTableAvailable(aclTableName.getNameAsString());
+      return ha.isTableAvailable(ACL_TABLE_NAME);
     } finally {
       if (ha != null) {
         ha.close();
@@ -183,16 +180,14 @@ public class AccessControlClient {
     Table ht = null;
     Admin ha = null;
     try {
-      TableName aclTableName = TableName.valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR,
-        "acl");
       ha = new HBaseAdmin(conf);
-      ht = new HTable(conf, aclTableName);
+      ht = new HTable(conf, ACL_TABLE_NAME);
       CoprocessorRpcChannel service = ht.coprocessorService(HConstants.EMPTY_START_ROW);
       BlockingInterface protocol = AccessControlProtos.AccessControlService
           .newBlockingStub(service);
       HTableDescriptor[] htds = null;
 
-      if (tableRegex == null) {
+      if (tableRegex == null || tableRegex.isEmpty()) {
         permList = ProtobufUtil.getUserPermissions(protocol);
       } else if (tableRegex.charAt(0) == '@') {
         String namespace = tableRegex.substring(1);

http://git-wip-us.apache.org/repos/asf/hbase/blob/4f32987d/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
index 007e610..c49bc33 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
@@ -464,7 +464,7 @@ public class AccessControlLists {
    */
   static ListMultimap<String, TablePermission> getPermissions(Configuration conf,
       byte[] entryName) throws IOException {
-    if (entryName == null) entryName = ACL_TABLE_NAME.getName();
+    if (entryName == null) entryName = ACL_GLOBAL_NAME;
 
     // for normal user tables, we just read the table row from _acl_
     ListMultimap<String, TablePermission> perms = ArrayListMultimap.create();
@@ -659,7 +659,7 @@ public class AccessControlLists {
   public static boolean isNamespaceEntry(byte[] entryName) {
     return entryName[0] == NAMESPACE_PREFIX;
   }
-  
+
   public static String toNamespaceEntry(String namespace) {
      return NAMESPACE_PREFIX + namespace;
    }

http://git-wip-us.apache.org/repos/asf/hbase/blob/4f32987d/hbase-shell/src/main/ruby/hbase/security.rb
----------------------------------------------------------------------
diff --git a/hbase-shell/src/main/ruby/hbase/security.rb b/hbase-shell/src/main/ruby/hbase/security.rb
index 1361c19..154c5ca 100644
--- a/hbase-shell/src/main/ruby/hbase/security.rb
+++ b/hbase-shell/src/main/ruby/hbase/security.rb
@@ -156,13 +156,13 @@ module Hbase
       count  = 0
       all_perms.each do |value|
           user_name = String.from_java_bytes(value.getUser)
-          if (isNamespace?(table_regex))
+          if (table_regex != nil && isNamespace?(table_regex))
             namespace = table_regex[1...table_regex.length]
           else
             namespace = (value.getTableName != nil) ? value.getTableName.getNamespaceAsString() : ''
           end
           table = (value.getTableName != nil) ? value.getTableName.getNameAsString() : ''
-          family = (value.getFamily != nil) ? 
+          family = (value.getFamily != nil) ?
             org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getFamily) :
             ''
           qualifier = (value.getQualifier != nil) ?

http://git-wip-us.apache.org/repos/asf/hbase/blob/4f32987d/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
----------------------------------------------------------------------
diff --git a/hbase-shell/src/main/ruby/shell/commands/user_permission.rb b/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
index 7c29261..57d83be 100644
--- a/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
+++ b/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
@@ -33,7 +33,7 @@ For example:
 EOF
       end
 
-      def command(table_regex=".*")
+      def command(table_regex=nil)
         #format_simple_command do
         #admin.user_permission(table_regex)
         now = Time.now