You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by st...@apache.org on 2018/02/13 14:18:45 UTC
hbase git commit: Revert "HBASE-19970 Remove unused functions from
TableAuthManager."
Repository: hbase
Updated Branches:
refs/heads/branch-2 6923472f7 -> 562402ec2
Revert "HBASE-19970 Remove unused functions from TableAuthManager."
This reverts commit b19531f04b2fd7178d8152068b8782e829b697ac.
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/562402ec
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/562402ec
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/562402ec
Branch: refs/heads/branch-2
Commit: 562402ec233dc847acacc42eca7fb14e06fe6f3e
Parents: 6923472
Author: Michael Stack <st...@apache.org>
Authored: Tue Feb 13 06:17:10 2018 -0800
Committer: Michael Stack <st...@apache.org>
Committed: Tue Feb 13 06:18:35 2018 -0800
----------------------------------------------------------------------
.../security/access/AccessControlLists.java | 3 +-
.../hbase/security/access/AccessController.java | 4 +-
.../hbase/security/access/TableAuthManager.java | 75 ++++++++++++++++++++
.../security/access/TestTablePermissions.java | 2 +-
.../access/TestZKPermissionWatcher.java | 55 +++++++-------
5 files changed, 107 insertions(+), 32 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/562402ec/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
index 663d0c5..b0f33bd 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
@@ -644,7 +644,8 @@ public class AccessControlLists {
*
* Writes a set of permission [user: table permission]
*/
- public static byte[] writePermissionsAsBytes(ListMultimap<String, TablePermission> perms) {
+ public static byte[] writePermissionsAsBytes(ListMultimap<String, TablePermission> perms,
+ Configuration conf) {
return ProtobufUtil.prependPBMagic(AccessControlUtil.toUserTablePermissions(perms).toByteArray());
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/562402ec/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
index 578cc4d..3a4bf82 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
@@ -246,7 +246,7 @@ public class AccessController implements MasterCoprocessor, RegionCoprocessor,
tables.entrySet()) {
byte[] entry = t.getKey();
ListMultimap<String,TablePermission> perms = t.getValue();
- byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms);
+ byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms, conf);
getAuthManager().getZKPermissionWatcher().writeToZookeeper(entry, serialized);
}
initialized = true;
@@ -283,7 +283,7 @@ public class AccessController implements MasterCoprocessor, RegionCoprocessor,
currentEntry = entry;
ListMultimap<String, TablePermission> perms =
AccessControlLists.getPermissions(conf, entry, t);
- byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms);
+ byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms, conf);
zkw.writeToZookeeper(entry, serialized);
}
} catch(IOException ex) {
http://git-wip-us.apache.org/repos/asf/hbase/blob/562402ec/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
index fdfd5c8..76feff4 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
@@ -656,6 +656,81 @@ public class TableAuthManager implements Closeable {
tableCache.remove(table);
}
+ /**
+ * Overwrites the existing permission set for a given user for a table, and
+ * triggers an update for zookeeper synchronization.
+ * @param username
+ * @param table
+ * @param perms
+ */
+ public void setTableUserPermissions(String username, TableName table,
+ List<TablePermission> perms) {
+ PermissionCache<TablePermission> tablePerms = getTablePermissions(table);
+ tablePerms.replaceUser(username, perms);
+ writeTableToZooKeeper(table, tablePerms);
+ }
+
+ /**
+ * Overwrites the existing permission set for a group and triggers an update
+ * for zookeeper synchronization.
+ * @param group
+ * @param table
+ * @param perms
+ */
+ public void setTableGroupPermissions(String group, TableName table,
+ List<TablePermission> perms) {
+ PermissionCache<TablePermission> tablePerms = getTablePermissions(table);
+ tablePerms.replaceGroup(group, perms);
+ writeTableToZooKeeper(table, tablePerms);
+ }
+
+ /**
+ * Overwrites the existing permission set for a given user for a table, and
+ * triggers an update for zookeeper synchronization.
+ * @param username
+ * @param namespace
+ * @param perms
+ */
+ public void setNamespaceUserPermissions(String username, String namespace,
+ List<TablePermission> perms) {
+ PermissionCache<TablePermission> tablePerms = getNamespacePermissions(namespace);
+ tablePerms.replaceUser(username, perms);
+ writeNamespaceToZooKeeper(namespace, tablePerms);
+ }
+
+ /**
+ * Overwrites the existing permission set for a group and triggers an update
+ * for zookeeper synchronization.
+ * @param group
+ * @param namespace
+ * @param perms
+ */
+ public void setNamespaceGroupPermissions(String group, String namespace,
+ List<TablePermission> perms) {
+ PermissionCache<TablePermission> tablePerms = getNamespacePermissions(namespace);
+ tablePerms.replaceGroup(group, perms);
+ writeNamespaceToZooKeeper(namespace, tablePerms);
+ }
+
+ public void writeTableToZooKeeper(TableName table,
+ PermissionCache<TablePermission> tablePerms) {
+ byte[] serialized = new byte[0];
+ if (tablePerms != null) {
+ serialized = AccessControlLists.writePermissionsAsBytes(tablePerms.getAllPermissions(), conf);
+ }
+ zkperms.writeToZookeeper(table.getName(), serialized);
+ }
+
+ public void writeNamespaceToZooKeeper(String namespace,
+ PermissionCache<TablePermission> tablePerms) {
+ byte[] serialized = new byte[0];
+ if (tablePerms != null) {
+ serialized = AccessControlLists.writePermissionsAsBytes(tablePerms.getAllPermissions(), conf);
+ }
+ zkperms.writeToZookeeper(Bytes.toBytes(AccessControlLists.toNamespaceEntry(namespace)),
+ serialized);
+ }
+
public long getMTime() {
return mtime.get();
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/562402ec/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
index cabd984..7243690 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java
@@ -293,7 +293,7 @@ public class TestTablePermissions {
public void testSerialization() throws Exception {
Configuration conf = UTIL.getConfiguration();
ListMultimap<String,TablePermission> permissions = createPermissions();
- byte[] permsData = AccessControlLists.writePermissionsAsBytes(permissions);
+ byte[] permsData = AccessControlLists.writePermissionsAsBytes(permissions, conf);
ListMultimap<String, TablePermission> copy =
AccessControlLists.readPermissions(permsData, conf);
http://git-wip-us.apache.org/repos/asf/hbase/blob/562402ec/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java
index 84cdea2..c8ab863 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionWatcher.java
@@ -21,7 +21,6 @@ import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import java.util.ArrayList;
-import java.util.Collections;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.hadoop.conf.Configuration;
@@ -34,8 +33,6 @@ import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.testclassification.LargeTests;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.apache.hadoop.hbase.zookeeper.ZKWatcher;
-import org.apache.hbase.thirdparty.com.google.common.collect.ArrayListMultimap;
-import org.apache.hbase.thirdparty.com.google.common.collect.ListMultimap;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.ClassRule;
@@ -95,26 +92,6 @@ public class TestZKPermissionWatcher {
UTIL.shutdownMiniCluster();
}
- private void setTableACL(
- User user, TableAuthManager srcAuthManager, TableAuthManager destAuthManager,
- TablePermission.Action... actions) throws Exception{
- // update ACL: george RW
- ListMultimap<String, TablePermission> perms = ArrayListMultimap.create();
- perms.replaceValues(user.getShortName(),
- Collections.singletonList(new TablePermission(TEST_TABLE, null, actions)));
- byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms);
- final long mtime = destAuthManager.getMTime();
- srcAuthManager.getZKPermissionWatcher().writeToZookeeper(TEST_TABLE.getName(), serialized);
- // Wait for the update to propagate
- UTIL.waitFor(10000, 100, new Predicate<Exception>() {
- @Override
- public boolean evaluate() throws Exception {
- return destAuthManager.getMTime() > mtime;
- }
- });
- Thread.sleep(1000);
- }
-
@Test
public void testPermissionsWatcher() throws Exception {
Configuration conf = UTIL.getConfiguration();
@@ -139,9 +116,20 @@ public class TestZKPermissionWatcher {
assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
TablePermission.Action.WRITE));
- // update ACL: george, RW
- setTableACL(george, AUTH_A, AUTH_B,
- TablePermission.Action.READ, TablePermission.Action.WRITE);
+ // update ACL: george RW
+ List<TablePermission> acl = new ArrayList<>(1);
+ acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ,
+ TablePermission.Action.WRITE));
+ final long mtimeB = AUTH_B.getMTime();
+ AUTH_A.setTableUserPermissions(george.getShortName(), TEST_TABLE, acl);
+ // Wait for the update to propagate
+ UTIL.waitFor(10000, 100, new Predicate<Exception>() {
+ @Override
+ public boolean evaluate() throws Exception {
+ return AUTH_B.getMTime() > mtimeB;
+ }
+ });
+ Thread.sleep(1000);
// check it
assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,
@@ -161,8 +149,19 @@ public class TestZKPermissionWatcher {
assertFalse(AUTH_B.authorizeUser(hubert, TEST_TABLE, null,
TablePermission.Action.WRITE));
- // update ACL: hubert, Read
- setTableACL(hubert, AUTH_B, AUTH_A, TablePermission.Action.READ);
+ // update ACL: hubert R
+ acl = new ArrayList<>(1);
+ acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ));
+ final long mtimeA = AUTH_A.getMTime();
+ AUTH_B.setTableUserPermissions("hubert", TEST_TABLE, acl);
+ // Wait for the update to propagate
+ UTIL.waitFor(10000, 100, new Predicate<Exception>() {
+ @Override
+ public boolean evaluate() throws Exception {
+ return AUTH_A.getMTime() > mtimeA;
+ }
+ });
+ Thread.sleep(1000);
// check it
assertTrue(AUTH_A.authorizeUser(george, TEST_TABLE, null,