You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by an...@apache.org on 2013/11/28 17:49:12 UTC
svn commit: r1546396 - in /hbase/trunk/hbase-server/src:
main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
Author: anoopsamjohn
Date: Thu Nov 28 16:49:12 2013
New Revision: 1546396
URL: http://svn.apache.org/r1546396
Log:
HBASE-10005 TestVisibilityLabels fails occasionally
Modified:
hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java?rev=1546396&r1=1546395&r2=1546396&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java (original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java Thu Nov 28 16:49:12 2013
@@ -1078,8 +1078,7 @@ public class VisibilityController extend
done.run(response.build());
}
- private void performACLCheck()
- throws IOException {
+ private void performACLCheck() throws IOException {
// Do ACL check only when the security is enabled.
if (this.acOn && !isSystemOrSuperUser()) {
User user = getActiveUser();
@@ -1166,33 +1165,41 @@ public class VisibilityController extend
byte[] user = request.getUser().toByteArray();
GetAuthsResponse.Builder response = GetAuthsResponse.newBuilder();
response.setUser(request.getUser());
+ try {
+ List<String> labels = getUserAuthsFromLablesTable(user);
+ for (String label : labels) {
+ response.addAuth(ZeroCopyLiteralByteString.wrap(Bytes.toBytes(label)));
+ }
+ } catch (IOException e) {
+ ResponseConverter.setControllerException(controller, e);
+ }
+ done.run(response.build());
+ }
+ private List<String> getUserAuthsFromLablesTable(byte[] user) throws IOException {
Scan s = new Scan();
s.addColumn(LABELS_TABLE_FAMILY, user);
Filter filter = createVisibilityLabelFilter(this.regionEnv.getRegion(), new Authorizations(
SYSTEM_LABEL));
s.setFilter(filter);
- try {
- // We do ACL check here as we create scanner directly on region. It will not make calls to
- // AccessController CP methods.
- performACLCheck();
- RegionScanner scanner = this.regionEnv.getRegion().getScanner(s);
- List<Cell> results = new ArrayList<Cell>(1);
- while (true) {
- scanner.next(results);
- if (results.isEmpty()) break;
- Cell cell = results.get(0);
- int ordinal = Bytes.toInt(cell.getRowArray(), cell.getRowOffset(), cell.getRowLength());
- String label = this.visibilityManager.getLabel(ordinal);
- if (label != null) {
- response.addAuth(ZeroCopyLiteralByteString.wrap(Bytes.toBytes(label)));
- }
- results.clear();
+ List<String> auths = new ArrayList<String>();
+ // We do ACL check here as we create scanner directly on region. It will not make calls to
+ // AccessController CP methods.
+ performACLCheck();
+ RegionScanner scanner = this.regionEnv.getRegion().getScanner(s);
+ List<Cell> results = new ArrayList<Cell>(1);
+ while (true) {
+ scanner.next(results);
+ if (results.isEmpty()) break;
+ Cell cell = results.get(0);
+ int ordinal = Bytes.toInt(cell.getRowArray(), cell.getRowOffset(), cell.getRowLength());
+ String label = this.visibilityManager.getLabel(ordinal);
+ if (label != null) {
+ auths.add(label);
}
- } catch (IOException e) {
- ResponseConverter.setControllerException(controller, e);
+ results.clear();
}
- done.run(response.build());
+ return auths;
}
@Override
@@ -1203,7 +1210,7 @@ public class VisibilityController extend
byte[] user = request.getUser().toByteArray();
try {
checkCallingUserAuth();
- List<String> currentAuths = this.visibilityManager.getAuths(Bytes.toString(user));
+ List<String> currentAuths = this.getUserAuthsFromLablesTable(user);
List<Mutation> deletes = new ArrayList<Mutation>(auths.size());
RegionActionResult successResult = RegionActionResult.newBuilder().build();
for (ByteString authBS : auths) {
Modified: hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java?rev=1546396&r1=1546395&r2=1546396&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java (original)
+++ hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java Thu Nov 28 16:49:12 2013
@@ -348,6 +348,12 @@ public class TestVisibilityLabels {
} catch (InterruptedException e) {
}
}
+ while (regionServer.getOnlineRegions(LABELS_TABLE_NAME).isEmpty()) {
+ try {
+ Thread.sleep(10);
+ } catch (InterruptedException e) {
+ }
+ }
HTable table = createTableAndWriteDataWithLabels(tableName, "(" + SECRET + "|" + CONFIDENTIAL
+ ")", PRIVATE);
try {
@@ -379,6 +385,13 @@ public class TestVisibilityLabels {
} catch (InterruptedException e) {
}
}
+ while (regionServer.getOnlineRegions(LABELS_TABLE_NAME).isEmpty()) {
+ try {
+ Thread.sleep(10);
+ } catch (InterruptedException e) {
+ }
+ }
+
String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, "ABC", "XYZ" };
try {
VisibilityClient.addLabels(conf, labels);