hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jxi...@apache.org
Subject svn commit: r1424604 - in /hbase/trunk: hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/ hbase-protocol/src/main/protobuf/ hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ hbase-server/src/test/java/org/apache...
Date Thu, 20 Dec 2012 17:44:46 GMT
Author: jxiang
Date: Thu Dec 20 17:44:45 2012
New Revision: 1424604

URL: http://svn.apache.org/viewvc?rev=1424604&view=rev
Log:
HBASE-7373 table should not be required in AccessControlService

Modified:
    hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/AccessControlProtos.java
    hbase/trunk/hbase-protocol/src/main/protobuf/AccessControl.proto
    hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
    hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
    hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java

Modified: hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/AccessControlProtos.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/AccessControlProtos.java?rev=1424604&r1=1424603&r2=1424604&view=diff
==============================================================================
--- hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/AccessControlProtos.java
(original)
+++ hbase/trunk/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/AccessControlProtos.java
Thu Dec 20 17:44:45 2012
@@ -4073,7 +4073,7 @@ public final class AccessControlProtos {
   public interface UserPermissionsRequestOrBuilder
       extends com.google.protobuf.MessageOrBuilder {
     
-    // required bytes table = 1;
+    // optional bytes table = 1;
     boolean hasTable();
     com.google.protobuf.ByteString getTable();
   }
@@ -4106,7 +4106,7 @@ public final class AccessControlProtos {
     }
     
     private int bitField0_;
-    // required bytes table = 1;
+    // optional bytes table = 1;
     public static final int TABLE_FIELD_NUMBER = 1;
     private com.google.protobuf.ByteString table_;
     public boolean hasTable() {
@@ -4124,10 +4124,6 @@ public final class AccessControlProtos {
       byte isInitialized = memoizedIsInitialized;
       if (isInitialized != -1) return isInitialized == 1;
       
-      if (!hasTable()) {
-        memoizedIsInitialized = 0;
-        return false;
-      }
       memoizedIsInitialized = 1;
       return true;
     }
@@ -4376,10 +4372,6 @@ public final class AccessControlProtos {
       }
       
       public final boolean isInitialized() {
-        if (!hasTable()) {
-          
-          return false;
-        }
         return true;
       }
       
@@ -4417,7 +4409,7 @@ public final class AccessControlProtos {
       
       private int bitField0_;
       
-      // required bytes table = 1;
+      // optional bytes table = 1;
       private com.google.protobuf.ByteString table_ = com.google.protobuf.ByteString.EMPTY;
       public boolean hasTable() {
         return ((bitField0_ & 0x00000001) == 0x00000001);
@@ -6425,7 +6417,7 @@ public final class AccessControlProtos {
       "\017.UserPermission\"\017\n\rGrantResponse\"4\n\rRev" +
       "okeRequest\022#\n\npermission\030\001 \002(\0132\017.UserPer" +
       "mission\"\020\n\016RevokeResponse\"\'\n\026UserPermiss" +
-      "ionsRequest\022\r\n\005table\030\001 \002(\014\">\n\027UserPermis" +
+      "ionsRequest\022\r\n\005table\030\001 \001(\014\">\n\027UserPermis" +
       "sionsResponse\022#\n\npermission\030\001 \003(\0132\017.User" +
       "Permission\":\n\027CheckPermissionsRequest\022\037\n" +
       "\npermission\030\001 \003(\0132\013.Permission\"\032\n\030CheckP" +

Modified: hbase/trunk/hbase-protocol/src/main/protobuf/AccessControl.proto
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-protocol/src/main/protobuf/AccessControl.proto?rev=1424604&r1=1424603&r2=1424604&view=diff
==============================================================================
--- hbase/trunk/hbase-protocol/src/main/protobuf/AccessControl.proto (original)
+++ hbase/trunk/hbase-protocol/src/main/protobuf/AccessControl.proto Thu Dec 20 17:44:45 2012
@@ -70,7 +70,7 @@ message RevokeResponse {
 
 
 message UserPermissionsRequest {
-    required bytes table = 1;
+    optional bytes table = 1;
 }
 
 message UserPermissionsResponse {

Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java?rev=1424604&r1=1424603&r2=1424604&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
(original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
Thu Dec 20 17:44:45 2012
@@ -1142,8 +1142,11 @@ public class AccessController extends Ba
   public void getUserPermissions(RpcController controller,
                                  AccessControlProtos.UserPermissionsRequest request,
                                  RpcCallback<AccessControlProtos.UserPermissionsResponse>
done) {
-    byte[] table = request.getTable().toByteArray();
     AccessControlProtos.UserPermissionsResponse response = null;
+    byte[] table = null;
+    if (request.hasTable()) {
+      table = request.getTable().toByteArray();
+    }
     try {
       // only allowed to be called on _acl_ region
       if (aclRegion) {

Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java?rev=1424604&r1=1424603&r2=1424604&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
(original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
Thu Dec 20 17:44:45 2012
@@ -352,6 +352,7 @@ public class TableAuthManager {
     if (authorizeUser(username, action)) {
       return true;
     }
+    if (table == null) table = AccessControlLists.ACL_TABLE_NAME;
     return authorize(getTablePermissions(table).getUser(username), table, family,
         qualifier, action);
   }
@@ -380,6 +381,7 @@ public class TableAuthManager {
     if (authorizeGroup(groupName, action)) {
       return true;
     }
+    if (table == null) table = AccessControlLists.ACL_TABLE_NAME;
     return authorize(getTablePermissions(table).getGroup(groupName), table, family, action);
   }
 

Modified: hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java?rev=1424604&r1=1424603&r2=1424604&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
(original)
+++ hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
Thu Dec 20 17:44:45 2012
@@ -33,11 +33,11 @@ import org.apache.hadoop.conf.Configurat
 import org.apache.hadoop.hbase.Coprocessor;
 import org.apache.hadoop.hbase.HBaseTestingUtility;
 import org.apache.hadoop.hbase.HColumnDescriptor;
+import org.apache.hadoop.hbase.HConstants;
 import org.apache.hadoop.hbase.HRegionInfo;
 import org.apache.hadoop.hbase.HTableDescriptor;
 import org.apache.hadoop.hbase.LargeTests;
 import org.apache.hadoop.hbase.ServerName;
-import org.apache.hadoop.hbase.UnknownRowLockException;
 import org.apache.hadoop.hbase.client.Append;
 import org.apache.hadoop.hbase.client.Delete;
 import org.apache.hadoop.hbase.client.Get;
@@ -1161,6 +1161,19 @@ public class TestAccessController {
     admin.deleteTable(tableName);
   }
 
+  @Test
+  public void testGlobalPermissionList() throws Exception {
+    HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
+    BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW);
+    AccessControlService.BlockingInterface protocol =
+      AccessControlService.newBlockingStub(service);
+    List<UserPermission> perms = ProtobufUtil.getUserPermissions(protocol, null);
+    UserPermission adminPerm = new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()),
+      AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW"));
+    assertTrue("Only user admin has permission on table _acl_ per setup",
+      perms.size() == 1 && hasFoundUserPermission(adminPerm, perms));
+  }
+
   /** global operations */
   private void verifyGlobal(PrivilegedExceptionAction<?> action) throws Exception {
     verifyAllowed(action, SUPERUSER);



Mime
View raw message