You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by jx...@apache.org on 2012/12/20 18:44:46 UTC
svn commit: r1424604 - in /hbase/trunk:
hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/
hbase-protocol/src/main/protobuf/
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/
hbase-server/src/test/java/org/apache...
Author: jxiang
Date: Thu Dec 20 17:44:45 2012
New Revision: 1424604
URL: http://svn.apache.org/viewvc?rev=1424604&view=rev
Log:
HBASE-7373 table should not be required in AccessControlService
Modified:
hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/AccessControlProtos.java
hbase/trunk/hbase-protocol/src/main/protobuf/AccessControl.proto
hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
Modified: hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/AccessControlProtos.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/AccessControlProtos.java?rev=1424604&r1=1424603&r2=1424604&view=diff
==============================================================================
--- hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/AccessControlProtos.java (original)
+++ hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/AccessControlProtos.java Thu Dec 20 17:44:45 2012
@@ -4073,7 +4073,7 @@ public final class AccessControlProtos {
public interface UserPermissionsRequestOrBuilder
extends com.google.protobuf.MessageOrBuilder {
- // required bytes table = 1;
+ // optional bytes table = 1;
boolean hasTable();
com.google.protobuf.ByteString getTable();
}
@@ -4106,7 +4106,7 @@ public final class AccessControlProtos {
}
private int bitField0_;
- // required bytes table = 1;
+ // optional bytes table = 1;
public static final int TABLE_FIELD_NUMBER = 1;
private com.google.protobuf.ByteString table_;
public boolean hasTable() {
@@ -4124,10 +4124,6 @@ public final class AccessControlProtos {
byte isInitialized = memoizedIsInitialized;
if (isInitialized != -1) return isInitialized == 1;
- if (!hasTable()) {
- memoizedIsInitialized = 0;
- return false;
- }
memoizedIsInitialized = 1;
return true;
}
@@ -4376,10 +4372,6 @@ public final class AccessControlProtos {
}
public final boolean isInitialized() {
- if (!hasTable()) {
-
- return false;
- }
return true;
}
@@ -4417,7 +4409,7 @@ public final class AccessControlProtos {
private int bitField0_;
- // required bytes table = 1;
+ // optional bytes table = 1;
private com.google.protobuf.ByteString table_ = com.google.protobuf.ByteString.EMPTY;
public boolean hasTable() {
return ((bitField0_ & 0x00000001) == 0x00000001);
@@ -6425,7 +6417,7 @@ public final class AccessControlProtos {
"\017.UserPermission\"\017\n\rGrantResponse\"4\n\rRev" +
"okeRequest\022#\n\npermission\030\001 \002(\0132\017.UserPer" +
"mission\"\020\n\016RevokeResponse\"\'\n\026UserPermiss" +
- "ionsRequest\022\r\n\005table\030\001 \002(\014\">\n\027UserPermis" +
+ "ionsRequest\022\r\n\005table\030\001 \001(\014\">\n\027UserPermis" +
"sionsResponse\022#\n\npermission\030\001 \003(\0132\017.User" +
"Permission\":\n\027CheckPermissionsRequest\022\037\n" +
"\npermission\030\001 \003(\0132\013.Permission\"\032\n\030CheckP" +
Modified: hbase/trunk/hbase-protocol/src/main/protobuf/AccessControl.proto
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-protocol/src/main/protobuf/AccessControl.proto?rev=1424604&r1=1424603&r2=1424604&view=diff
==============================================================================
--- hbase/trunk/hbase-protocol/src/main/protobuf/AccessControl.proto (original)
+++ hbase/trunk/hbase-protocol/src/main/protobuf/AccessControl.proto Thu Dec 20 17:44:45 2012
@@ -70,7 +70,7 @@ message RevokeResponse {
message UserPermissionsRequest {
- required bytes table = 1;
+ optional bytes table = 1;
}
message UserPermissionsResponse {
Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java?rev=1424604&r1=1424603&r2=1424604&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java (original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java Thu Dec 20 17:44:45 2012
@@ -1142,8 +1142,11 @@ public class AccessController extends Ba
public void getUserPermissions(RpcController controller,
AccessControlProtos.UserPermissionsRequest request,
RpcCallback<AccessControlProtos.UserPermissionsResponse> done) {
- byte[] table = request.getTable().toByteArray();
AccessControlProtos.UserPermissionsResponse response = null;
+ byte[] table = null;
+ if (request.hasTable()) {
+ table = request.getTable().toByteArray();
+ }
try {
// only allowed to be called on _acl_ region
if (aclRegion) {
Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java?rev=1424604&r1=1424603&r2=1424604&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java (original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java Thu Dec 20 17:44:45 2012
@@ -352,6 +352,7 @@ public class TableAuthManager {
if (authorizeUser(username, action)) {
return true;
}
+ if (table == null) table = AccessControlLists.ACL_TABLE_NAME;
return authorize(getTablePermissions(table).getUser(username), table, family,
qualifier, action);
}
@@ -380,6 +381,7 @@ public class TableAuthManager {
if (authorizeGroup(groupName, action)) {
return true;
}
+ if (table == null) table = AccessControlLists.ACL_TABLE_NAME;
return authorize(getTablePermissions(table).getGroup(groupName), table, family, action);
}
Modified: hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java?rev=1424604&r1=1424603&r2=1424604&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java (original)
+++ hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java Thu Dec 20 17:44:45 2012
@@ -33,11 +33,11 @@ import org.apache.hadoop.conf.Configurat
import org.apache.hadoop.hbase.Coprocessor;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HColumnDescriptor;
+import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.HRegionInfo;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.LargeTests;
import org.apache.hadoop.hbase.ServerName;
-import org.apache.hadoop.hbase.UnknownRowLockException;
import org.apache.hadoop.hbase.client.Append;
import org.apache.hadoop.hbase.client.Delete;
import org.apache.hadoop.hbase.client.Get;
@@ -1161,6 +1161,19 @@ public class TestAccessController {
admin.deleteTable(tableName);
}
+ @Test
+ public void testGlobalPermissionList() throws Exception {
+ HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+ BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW);
+ AccessControlService.BlockingInterface protocol =
+ AccessControlService.newBlockingStub(service);
+ List<UserPermission> perms = ProtobufUtil.getUserPermissions(protocol, null);
+ UserPermission adminPerm = new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()),
+ AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW"));
+ assertTrue("Only user admin has permission on table _acl_ per setup",
+ perms.size() == 1 && hasFoundUserPermission(adminPerm, perms));
+ }
+
/** global operations */
private void verifyGlobal(PrivilegedExceptionAction<?> action) throws Exception {
verifyAllowed(action, SUPERUSER);