hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mberto...@apache.org
Subject [1/3] git commit: HBASE-12301 user_permission command does not show global permissions
Date Wed, 22 Oct 2014 09:48:29 GMT
Repository: hbase
Updated Branches:
  refs/heads/0.98 a93921cc0 -> babc3a7ab
  refs/heads/branch-1 ab816ea67 -> 4f32987de
  refs/heads/master feaa8fa9c -> 2908c1137


HBASE-12301 user_permission command does not show global permissions


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/2908c113
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/2908c113
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/2908c113

Branch: refs/heads/master
Commit: 2908c1137155c2167fca0a26180f9ae5fe6fd863
Parents: feaa8fa
Author: Matteo Bertozzi <matteo.bertozzi@cloudera.com>
Authored: Wed Oct 22 10:08:31 2014 +0100
Committer: Matteo Bertozzi <matteo.bertozzi@cloudera.com>
Committed: Wed Oct 22 10:08:31 2014 +0100

----------------------------------------------------------------------
 .../apache/hadoop/hbase/protobuf/ProtobufUtil.java |  6 +++---
 .../hbase/security/access/AccessControlClient.java | 17 ++++++-----------
 .../hbase/security/access/AccessControlLists.java  |  4 ++--
 hbase-shell/src/main/ruby/hbase/security.rb        |  4 ++--
 .../main/ruby/shell/commands/user_permission.rb    |  2 +-
 5 files changed, 14 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/2908c113/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java
index fd9d1ab..c7d2b24 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java
@@ -2279,7 +2279,7 @@ public final class ProtobufUtil {
     AccessControlProtos.GetUserPermissionsRequest request = builder.build();
     AccessControlProtos.GetUserPermissionsResponse response =
       protocol.getUserPermissions(null, request);
-    List<UserPermission> perms = new ArrayList<UserPermission>();
+    List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount());
     for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) {
       perms.add(ProtobufUtil.toUserPermission(perm));
     }
@@ -2307,7 +2307,7 @@ public final class ProtobufUtil {
     AccessControlProtos.GetUserPermissionsRequest request = builder.build();
     AccessControlProtos.GetUserPermissionsResponse response =
       protocol.getUserPermissions(null, request);
-    List<UserPermission> perms = new ArrayList<UserPermission>();
+    List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount());
     for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) {
       perms.add(ProtobufUtil.toUserPermission(perm));
     }
@@ -2335,7 +2335,7 @@ public final class ProtobufUtil {
     AccessControlProtos.GetUserPermissionsRequest request = builder.build();
     AccessControlProtos.GetUserPermissionsResponse response =
       protocol.getUserPermissions(null, request);
-    List<UserPermission> perms = new ArrayList<UserPermission>();
+    List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount());
     for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) {
       perms.add(ProtobufUtil.toUserPermission(perm));
     }

http://git-wip-us.apache.org/repos/asf/hbase/blob/2908c113/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
index eb63751..922bf67 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
@@ -47,12 +47,11 @@ import org.apache.hadoop.hbase.util.Bytes;
 @InterfaceAudience.Public
 @InterfaceStability.Evolving
 public class AccessControlClient {
+  public static final TableName ACL_TABLE_NAME =
+      TableName.valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR, "acl");
 
   private static HTable getAclTable(Configuration conf) throws IOException {
-    TableName aclTableName =
-        TableName.valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR,
-            AccessControlConstants.OP_ATTRIBUTE_ACL);
-    return new HTable(conf, aclTableName.getName());
+    return new HTable(conf, ACL_TABLE_NAME);
   }
 
   private static BlockingInterface getAccessControlServiceStub(HTable ht)
@@ -111,12 +110,10 @@ public class AccessControlClient {
 
   public static boolean isAccessControllerRunning(Configuration conf)
       throws MasterNotRunningException, ZooKeeperConnectionException, IOException {
-    TableName aclTableName = TableName
-        .valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR, "acl");
     HBaseAdmin ha = null;
     try {
       ha = new HBaseAdmin(conf);
-      return ha.isTableAvailable(aclTableName.getNameAsString());
+      return ha.isTableAvailable(ACL_TABLE_NAME);
     } finally {
       if (ha != null) {
         ha.close();
@@ -183,16 +180,14 @@ public class AccessControlClient {
     Table ht = null;
     Admin ha = null;
     try {
-      TableName aclTableName = TableName.valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR,
-        "acl");
       ha = new HBaseAdmin(conf);
-      ht = new HTable(conf, aclTableName);
+      ht = new HTable(conf, ACL_TABLE_NAME);
       CoprocessorRpcChannel service = ht.coprocessorService(HConstants.EMPTY_START_ROW);
       BlockingInterface protocol = AccessControlProtos.AccessControlService
           .newBlockingStub(service);
       HTableDescriptor[] htds = null;
 
-      if (tableRegex == null) {
+      if (tableRegex == null || tableRegex.isEmpty()) {
         permList = ProtobufUtil.getUserPermissions(protocol);
       } else if (tableRegex.charAt(0) == '@') {
         String namespace = tableRegex.substring(1);

http://git-wip-us.apache.org/repos/asf/hbase/blob/2908c113/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
index 007e610..c49bc33 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
@@ -464,7 +464,7 @@ public class AccessControlLists {
    */
   static ListMultimap<String, TablePermission> getPermissions(Configuration conf,
       byte[] entryName) throws IOException {
-    if (entryName == null) entryName = ACL_TABLE_NAME.getName();
+    if (entryName == null) entryName = ACL_GLOBAL_NAME;
 
     // for normal user tables, we just read the table row from _acl_
     ListMultimap<String, TablePermission> perms = ArrayListMultimap.create();
@@ -659,7 +659,7 @@ public class AccessControlLists {
   public static boolean isNamespaceEntry(byte[] entryName) {
     return entryName[0] == NAMESPACE_PREFIX;
   }
-  
+
   public static String toNamespaceEntry(String namespace) {
      return NAMESPACE_PREFIX + namespace;
    }

http://git-wip-us.apache.org/repos/asf/hbase/blob/2908c113/hbase-shell/src/main/ruby/hbase/security.rb
----------------------------------------------------------------------
diff --git a/hbase-shell/src/main/ruby/hbase/security.rb b/hbase-shell/src/main/ruby/hbase/security.rb
index 1361c19..154c5ca 100644
--- a/hbase-shell/src/main/ruby/hbase/security.rb
+++ b/hbase-shell/src/main/ruby/hbase/security.rb
@@ -156,13 +156,13 @@ module Hbase
       count  = 0
       all_perms.each do |value|
           user_name = String.from_java_bytes(value.getUser)
-          if (isNamespace?(table_regex))
+          if (table_regex != nil && isNamespace?(table_regex))
             namespace = table_regex[1...table_regex.length]
           else
             namespace = (value.getTableName != nil) ? value.getTableName.getNamespaceAsString()
: ''
           end
           table = (value.getTableName != nil) ? value.getTableName.getNameAsString() : ''
-          family = (value.getFamily != nil) ? 
+          family = (value.getFamily != nil) ?
             org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getFamily) :
             ''
           qualifier = (value.getQualifier != nil) ?

http://git-wip-us.apache.org/repos/asf/hbase/blob/2908c113/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
----------------------------------------------------------------------
diff --git a/hbase-shell/src/main/ruby/shell/commands/user_permission.rb b/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
index 7c29261..57d83be 100644
--- a/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
+++ b/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
@@ -33,7 +33,7 @@ For example:
 EOF
       end
 
-      def command(table_regex=".*")
+      def command(table_regex=nil)
         #format_simple_command do
         #admin.user_permission(table_regex)
         now = Time.now


Mime
View raw message