hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From te...@apache.org
Subject hbase git commit: HBASE-13171 Change AccessControlClient methods to accept connection object to reduce setup time (Srikanth Srungarapu)
Date Thu, 12 Mar 2015 04:41:33 GMT
Repository: hbase
Updated Branches:
  refs/heads/branch-1 0f892c23e -> da9c5ac18


HBASE-13171 Change AccessControlClient methods to accept connection object to reduce setup
time (Srikanth Srungarapu)


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/da9c5ac1
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/da9c5ac1
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/da9c5ac1

Branch: refs/heads/branch-1
Commit: da9c5ac18cea51843cb4e7adbf7043c05594a371
Parents: 0f892c2
Author: tedyu <yuzhihong@gmail.com>
Authored: Wed Mar 11 21:41:24 2015 -0700
Committer: tedyu <yuzhihong@gmail.com>
Committed: Wed Mar 11 21:41:24 2015 -0700

----------------------------------------------------------------------
 .../security/access/AccessControlClient.java    | 231 +++++++++++++------
 ...egrationTestBigLinkedListWithVisibility.java |   8 +-
 .../hbase/security/access/SecureTestUtil.java   |  24 +-
 .../security/access/TestAccessController.java   |  66 +++---
 .../apache/hadoop/hbase/util/LoadTestTool.java  |   4 +-
 hbase-shell/src/main/ruby/hbase/security.rb     |  17 +-
 6 files changed, 227 insertions(+), 123 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/da9c5ac1/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
index 4500573..919d7a0 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
@@ -60,7 +60,7 @@ public class AccessControlClient {
 
   /**
    * Grants permission on the specified table for the specified user
-   * @param conf
+   * @param connection The Connection instance to use
    * @param tableName
    * @param userName
    * @param family
@@ -68,66 +68,51 @@ public class AccessControlClient {
    * @param actions
    * @throws Throwable
    */
-  public static void grant(Configuration conf, final TableName tableName,
+  public static void grant(final Connection connection, final TableName tableName,
       final String userName, final byte[] family, final byte[] qual,
       final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.grant(getAccessControlServiceStub(table), userName, tableName, family,
qual,
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+      ProtobufUtil.grant(getAccessControlServiceStub(table), userName, tableName, family,
qual,
           actions);
-      }
     }
   }
 
   /**
    * Grants permission on the specified namespace for the specified user.
-   * @param conf
+   * @param connection The Connection instance to use
    * @param namespace
    * @param userName
    * @param actions
    * @throws Throwable
    */
-  public static void grant(Configuration conf, final String namespace,
+  public static void grant(final Connection connection, final String namespace,
       final String userName, final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.grant(getAccessControlServiceStub(table), userName, namespace, actions);
-      }
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+      ProtobufUtil.grant(getAccessControlServiceStub(table), userName, namespace, actions);
     }
   }
 
   /**
+   * @param connection The Connection instance to use
    * Grant global permissions for the specified user.
    */
-  public static void grant(Configuration conf, final String userName,
+  public static void grant(final Connection connection, final String userName,
        final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.grant(getAccessControlServiceStub(table), userName, actions);
-      }
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+      ProtobufUtil.grant(getAccessControlServiceStub(table), userName, actions);
     }
   }
 
-  public static boolean isAccessControllerRunning(Configuration conf)
+  public static boolean isAccessControllerRunning(final Connection connection)
       throws MasterNotRunningException, ZooKeeperConnectionException, IOException {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Admin admin = connection.getAdmin()) {
-        return admin.isTableAvailable(ACL_TABLE_NAME);
-      }
+    try (Admin admin = connection.getAdmin()) {
+      return admin.isTableAvailable(ACL_TABLE_NAME);
     }
   }
 
   /**
    * Revokes the permission on the table
-   * @param conf
+   * @param connection The Connection instance to use
    * @param tableName
    * @param username
    * @param family
@@ -135,78 +120,52 @@ public class AccessControlClient {
    * @param actions
    * @throws Throwable
    */
-  public static void revoke(Configuration conf, final TableName tableName,
+  public static void revoke(final Connection connection, final TableName tableName,
       final String username, final byte[] family, final byte[] qualifier,
       final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.revoke(getAccessControlServiceStub(table), username, tableName, family,
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+      ProtobufUtil.revoke(getAccessControlServiceStub(table), username, tableName, family,
           qualifier, actions);
-      }
     }
   }
 
   /**
    * Revokes the permission on the table for the specified user.
-   * @param conf
+   * @param connection The Connection instance to use
    * @param namespace
    * @param userName
    * @param actions
    * @throws Throwable
    */
-  public static void revoke(Configuration conf, final String namespace,
-    final String userName, final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, namespace, actions);
-      }
+  public static void revoke(final Connection connection, final String namespace,
+      final String userName, final Permission.Action... actions) throws Throwable {
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+      ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, namespace, actions);
     }
   }
 
   /**
    * Revoke global permissions for the specified user.
+   * @param connection The Connection instance to use
    */
-  public static void revoke(Configuration conf, final String userName,
+  public static void revoke(final Connection connection, final String userName,
       final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, actions);
-      }
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+      ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, actions);
     }
-  }
 
-  /**
-   * List all the userPermissions matching the given pattern.
-   * @param conf
-   * @param tableRegex The regular expression string to match against
-   * @return - returns an array of UserPermissions
-   * @throws Throwable
-   */
-  public static List<UserPermission> getUserPermissions(Configuration conf, String
tableRegex)
-  throws Throwable {
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      return getUserPermissions(connection, tableRegex);
-    }
   }
 
   /**
    * List all the userPermissions matching the given pattern.
-   * @param connection
+   * @param connection The Connection instance to use
    * @param tableRegex The regular expression string to match against
    * @return - returns an array of UserPermissions
    * @throws Throwable
    */
   public static List<UserPermission> getUserPermissions(Connection connection, String
tableRegex)
-  throws Throwable {
+      throws Throwable {
     List<UserPermission> permList = new ArrayList<UserPermission>();
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
     try (Table table = connection.getTable(ACL_TABLE_NAME)) {
       try (Admin admin = connection.getAdmin()) {
         CoprocessorRpcChannel service = table.coprocessorService(HConstants.EMPTY_START_ROW);
@@ -228,4 +187,132 @@ public class AccessControlClient {
     }
     return permList;
   }
-}
\ No newline at end of file
+
+  /**
+   * Grants permission on the specified table for the specified user
+   * @param conf
+   * @param tableName
+   * @param userName
+   * @param family
+   * @param qual
+   * @param actions
+   * @throws Throwable
+   * @deprecated Use {@link #grant(Connection, TableName, String, byte[], byte[],
+   * Permission.Action...)} instead.
+   */
+  @Deprecated
+  public static void grant(Configuration conf, final TableName tableName,
+      final String userName, final byte[] family, final byte[] qual,
+      final Permission.Action... actions) throws Throwable {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      grant(connection, tableName, userName, family, qual, actions);
+    }
+  }
+
+  /**
+   * Grants permission on the specified namespace for the specified user.
+   * @param conf
+   * @param namespace
+   * @param userName
+   * @param actions
+   * @throws Throwable
+   * @deprecated Use {@link #grant(Connection, String, String, Permission.Action...)}
+   * instead.
+   */
+  @Deprecated
+  public static void grant(Configuration conf, final String namespace,
+      final String userName, final Permission.Action... actions) throws Throwable {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      grant(connection, namespace, userName, actions);
+    }
+  }
+
+  /**
+   * Grant global permissions for the specified user.
+   * @deprecated Use {@link #grant(Connection, String, Permission.Action...)} instead.
+   */
+  @Deprecated
+  public static void grant(Configuration conf, final String userName,
+      final Permission.Action... actions) throws Throwable {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      grant(connection, userName, actions);
+    }
+  }
+
+  /**
+   * @deprecated Use {@link #isAccessControllerRunning(Connection)} instead.
+   */
+  @Deprecated
+  public static boolean isAccessControllerRunning(Configuration conf)
+      throws MasterNotRunningException, ZooKeeperConnectionException, IOException {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      return isAccessControllerRunning(connection);
+    }
+  }
+
+  /**
+   * Revokes the permission on the table
+   * @param conf
+   * @param tableName
+   * @param username
+   * @param family
+   * @param qualifier
+   * @param actions
+   * @throws Throwable
+   * @deprecated Use {@link #revoke(Connection, TableName, String, byte[], byte[],
+   * Permission.Action...)} instead.
+   */
+  @Deprecated
+  public static void revoke(Configuration conf, final TableName tableName,
+      final String username, final byte[] family, final byte[] qualifier,
+      final Permission.Action... actions) throws Throwable {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      revoke(connection, tableName, username, family, qualifier, actions);
+    }
+  }
+
+  /**
+   * Revokes the permission on the table for the specified user.
+   * @param conf
+   * @param namespace
+   * @param userName
+   * @param actions
+   * @throws Throwable
+   * @deprecated Use {@link #revoke(Connection, String, String, Permission.Action...)} instead.
+   */
+  @Deprecated
+  public static void revoke(Configuration conf, final String namespace,
+      final String userName, final Permission.Action... actions) throws Throwable {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      revoke(connection, namespace, userName, actions);
+    }
+  }
+
+  /**
+   * Revoke global permissions for the specified user.
+   * @deprecated Use {@link #revoke(Connection, String, Permission.Action...)} instead.
+   */
+  @Deprecated
+  public static void revoke(Configuration conf, final String userName,
+      final Permission.Action... actions) throws Throwable {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      revoke(connection, userName, actions);
+    }
+  }
+
+  /**
+   * List all the userPermissions matching the given pattern.
+   * @param conf
+   * @param tableRegex The regular expression string to match against
+   * @return - returns an array of UserPermissions
+   * @throws Throwable
+   * @deprecated Use {@link #getUserPermissions(Connection, String)} instead.
+   */
+  @Deprecated
+  public static List<UserPermission> getUserPermissions(Configuration conf, String
tableRegex)
+  throws Throwable {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      return getUserPermissions(connection, tableRegex);
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/hbase/blob/da9c5ac1/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java
----------------------------------------------------------------------
diff --git a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java
b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java
index 2514222..5e190e5 100644
--- a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java
+++ b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java
@@ -41,6 +41,7 @@ import org.apache.hadoop.hbase.chaos.factories.MonkeyFactory;
 import org.apache.hadoop.hbase.client.Admin;
 import org.apache.hadoop.hbase.client.BufferedMutator;
 import org.apache.hadoop.hbase.client.BufferedMutatorParams;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Delete;
 import org.apache.hadoop.hbase.client.HBaseAdmin;
 import org.apache.hadoop.hbase.client.HConnection;
@@ -128,7 +129,8 @@ public class IntegrationTestBigLinkedListWithVisibility extends IntegrationTestB
     protected void createSchema() throws IOException {
       LOG.info("Creating tables");
       // Create three tables
-      boolean acl = AccessControlClient.isAccessControllerRunning(getConf());
+      boolean acl = AccessControlClient.isAccessControllerRunning(ConnectionFactory
+          .createConnection(getConf()));
       if(!acl) {
         LOG.info("No ACL available.");
       }
@@ -156,8 +158,8 @@ public class IntegrationTestBigLinkedListWithVisibility extends IntegrationTestB
           LOG.info("Granting permissions for user " + USER.getShortName());
           Permission.Action[] actions = { Permission.Action.READ };
           try {
-            AccessControlClient.grant(getConf(), tableName, USER.getShortName(), null, null,
-                actions);
+            AccessControlClient.grant(ConnectionFactory.createConnection(getConf()), tableName,
+                USER.getShortName(), null, null, actions);
           } catch (Throwable e) {
             LOG.fatal("Error in granting permission for the user " + USER.getShortName(),
e);
             throw new IOException(e);

http://git-wip-us.apache.org/repos/asf/hbase/blob/da9c5ac1/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
index fa52de3..f77bb85 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
@@ -403,13 +403,13 @@ public class SecureTestUtil {
    * or will throw an exception upon timeout (10 seconds).
    */
   public static void grantOnNamespaceUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final String namespace,
+      final Connection connection, final String user, final String namespace,
       final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.grant(conf, namespace, user, actions);
+          AccessControlClient.grant(connection, namespace, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -424,13 +424,13 @@ public class SecureTestUtil {
    * or will throw an exception upon timeout (10 seconds).
    */
   public static void revokeFromNamespaceUsingAccessControlClient(final HBaseTestingUtility
util,
-      final Configuration conf, final String user, final String namespace,
+      final Connection connection, final String user, final String namespace,
       final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.revoke(conf, namespace, user, actions);
+          AccessControlClient.revoke(connection, namespace, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -492,13 +492,13 @@ public class SecureTestUtil {
    * throw an exception upon timeout (10 seconds).
    */
   public static void grantOnTableUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final TableName table, final byte[] family,
+      final Connection connection, final String user, final TableName table, final byte[]
family,
       final byte[] qualifier, final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.grant(conf, table, user, family, qualifier, actions);
+          AccessControlClient.grant(connection, table, user, family, qualifier, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -513,13 +513,13 @@ public class SecureTestUtil {
    * throw an exception upon timeout (10 seconds).
    */
   public static void grantGlobalUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final Permission.Action... actions)
+      final Connection connection, final String user, final Permission.Action... actions)
       throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.grant(conf, user, actions);
+          AccessControlClient.grant(connection, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -558,13 +558,13 @@ public class SecureTestUtil {
    * throw an exception upon timeout (10 seconds).
    */
   public static void revokeFromTableUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final TableName table, final byte[] family,
+      final Connection connection, final String user, final TableName table, final byte[]
family,
       final byte[] qualifier, final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.revoke(conf, table, user, family, qualifier, actions);
+          AccessControlClient.revoke(connection, table, user, family, qualifier, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -579,13 +579,13 @@ public class SecureTestUtil {
    * throw an exception upon timeout (10 seconds).
    */
   public static void revokeGlobalUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user,final Permission.Action... actions)
+      final Connection connection, final String user,final Permission.Action... actions)
       throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.revoke(conf, user, actions);
+          AccessControlClient.revoke(connection, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }

http://git-wip-us.apache.org/repos/asf/hbase/blob/da9c5ac1/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
index aac9757..76f54af 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
@@ -137,6 +137,8 @@ public class TestAccessController extends SecureTestUtil {
   @Rule public TestTableName TEST_TABLE = new TestTableName();
   private static HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
   private static Configuration conf;
+  private static Connection connection;
+
 
   // user with all permissions
   private static User SUPERUSER;
@@ -208,10 +210,13 @@ public class TestAccessController extends SecureTestUtil {
     USER_CREATE = User.createUserForTesting(conf, "tbl_create", new String[0]);
     USER_NONE = User.createUserForTesting(conf, "nouser", new String[0]);
     USER_ADMIN_CF = User.createUserForTesting(conf, "col_family_admin", new String[0]);
+
+    connection = ConnectionFactory.createConnection(conf);
   }
 
   @AfterClass
   public static void tearDownAfterClass() throws Exception {
+    connection.close();
     TEST_UTIL.shutdownMiniCluster();
   }
 
@@ -262,7 +267,8 @@ public class TestAccessController extends SecureTestUtil {
 
     assertEquals(5, AccessControlLists.getTablePermissions(conf, TEST_TABLE.getTableName()).size());
     try {
-      assertEquals(5, AccessControlClient.getUserPermissions(conf, TEST_TABLE.toString()).size());
+      assertEquals(5, AccessControlClient.getUserPermissions(connection,
+          TEST_TABLE.toString()).size());
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.getUserPermissions. ", e);
     }
@@ -2118,7 +2124,7 @@ public class TestAccessController extends SecureTestUtil {
 
     // Grant table READ permissions to testGrantRevoke.
     try {
-      grantOnTableUsingAccessControlClient(TEST_UTIL, conf, testGrantRevoke.getShortName(),
+      grantOnTableUsingAccessControlClient(TEST_UTIL, connection, testGrantRevoke.getShortName(),
           TEST_TABLE.getTableName(), null, null, Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.grant. ", e);
@@ -2129,7 +2135,7 @@ public class TestAccessController extends SecureTestUtil {
 
     // Revoke table READ permission to testGrantRevoke.
     try {
-      revokeFromTableUsingAccessControlClient(TEST_UTIL, conf, testGrantRevoke.getShortName(),
+      revokeFromTableUsingAccessControlClient(TEST_UTIL, connection, testGrantRevoke.getShortName(),
           TEST_TABLE.getTableName(), null, null, Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.revoke ", e);
@@ -2160,8 +2166,8 @@ public class TestAccessController extends SecureTestUtil {
 
     // Grant table READ permissions to testGlobalGrantRevoke.
     try {
-      grantGlobalUsingAccessControlClient(TEST_UTIL, conf, testGlobalGrantRevoke.getShortName(),
-        Permission.Action.READ);
+      grantGlobalUsingAccessControlClient(TEST_UTIL, connection,
+          testGlobalGrantRevoke.getShortName(), Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.grant. ", e);
     }
@@ -2171,8 +2177,8 @@ public class TestAccessController extends SecureTestUtil {
 
     // Revoke table READ permission to testGlobalGrantRevoke.
     try {
-      revokeGlobalUsingAccessControlClient(TEST_UTIL, conf, testGlobalGrantRevoke.getShortName(),
-        Permission.Action.READ);
+      revokeGlobalUsingAccessControlClient(TEST_UTIL, connection,
+          testGlobalGrantRevoke.getShortName(), Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.revoke ", e);
     }
@@ -2201,7 +2207,7 @@ public class TestAccessController extends SecureTestUtil {
 
     // Grant namespace READ to testNS, this should supersede any table permissions
     try {
-      grantOnNamespaceUsingAccessControlClient(TEST_UTIL, conf, testNS.getShortName(),
+      grantOnNamespaceUsingAccessControlClient(TEST_UTIL, connection, testNS.getShortName(),
           TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.grant. ", e);
@@ -2212,7 +2218,7 @@ public class TestAccessController extends SecureTestUtil {
 
     // Revoke namespace READ to testNS, this should supersede any table permissions
     try {
-      revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, conf, testNS.getShortName(),
+      revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, connection, testNS.getShortName(),
           TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.revoke ", e);
@@ -2345,13 +2351,13 @@ public class TestAccessController extends SecureTestUtil {
 
    @Test
    public void testGetNamespacePermission() throws Exception {
-     String namespace = "testNamespace";
+     String namespace = "testGetNamespacePermission";
      NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build();
      TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc);
      grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ);
      try {
-       List<UserPermission> namespacePermissions = AccessControlClient.getUserPermissions(conf,
-       AccessControlLists.toNamespaceEntry(namespace));
+       List<UserPermission> namespacePermissions = AccessControlClient.getUserPermissions(
+           connection, AccessControlLists.toNamespaceEntry(namespace));
        assertTrue(namespacePermissions != null);
        assertTrue(namespacePermissions.size() == 1);
      } catch (Throwable thw) {
@@ -2362,32 +2368,38 @@ public class TestAccessController extends SecureTestUtil {
 
   @Test
   public void testTruncatePerms() throws Throwable {
-    try (Connection connection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration()))
{
-      List<UserPermission> existingPerms =
-          AccessControlClient.getUserPermissions(connection,
-              TEST_TABLE.getTableName().getNameAsString());
-      assertTrue(existingPerms != null);
-      assertTrue(existingPerms.size() > 1);
-      try (Admin admin = connection.getAdmin()) {
-        admin.disableTable(TEST_TABLE.getTableName());
-        admin.truncateTable(TEST_TABLE.getTableName(), true);
-      }
-      List<UserPermission> perms = AccessControlClient.getUserPermissions(connection,
-        TEST_TABLE.getTableName().getNameAsString());
-      assertTrue(perms != null);
-      assertEquals(existingPerms.size(), perms.size());
+    List<UserPermission> existingPerms =
+        AccessControlClient.getUserPermissions(connection,
+            TEST_TABLE.getTableName().getNameAsString());
+    assertTrue(existingPerms != null);
+    assertTrue(existingPerms.size() > 1);
+    try (Admin admin = connection.getAdmin()) {
+      admin.disableTable(TEST_TABLE.getTableName());
+      admin.truncateTable(TEST_TABLE.getTableName(), true);
     }
+    List<UserPermission> perms = AccessControlClient.getUserPermissions(connection,
+        TEST_TABLE.getTableName().getNameAsString());
+    assertTrue(perms != null);
+    assertEquals(existingPerms.size(), perms.size());
   }
 
   private PrivilegedAction<List<UserPermission>> getPrivilegedAction(final String
regex) {
     return new PrivilegedAction<List<UserPermission>>() {
       @Override
       public List<UserPermission> run() {
+        Connection connection = null;
         try {
-          return AccessControlClient.getUserPermissions(conf, regex);
+          connection = ConnectionFactory.createConnection(conf);
+          return AccessControlClient.getUserPermissions(connection, regex);
         } catch (Throwable e) {
           LOG.error("error during call of AccessControlClient.getUserPermissions.", e);
           return null;
+        } finally {
+          try {
+            connection.close();
+          } catch (IOException e) {
+            LOG.error("Error during close of connection.", e);
+          }
         }
       }
     };

http://git-wip-us.apache.org/repos/asf/hbase/blob/da9c5ac1/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
index 6d64bc6..0f077ed 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
@@ -43,6 +43,7 @@ import org.apache.hadoop.hbase.HTableDescriptor;
 import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.classification.InterfaceAudience;
 import org.apache.hadoop.hbase.client.Admin;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Durability;
 import org.apache.hadoop.hbase.client.HBaseAdmin;
 import org.apache.hadoop.hbase.io.compress.Compression;
@@ -606,7 +607,8 @@ public class LoadTestTool extends AbstractHBaseTool {
         Permission.Action.ADMIN, Permission.Action.CREATE,
         Permission.Action.READ, Permission.Action.WRITE };
       try {
-        AccessControlClient.grant(conf, tableName, userOwner.getShortName(), null, null,
actions);
+        AccessControlClient.grant(ConnectionFactory.createConnection(conf),
+            tableName, userOwner.getShortName(), null, null, actions);
       } catch (Throwable e) {
         LOG.fatal("Error in granting permission for the user " + userOwner.getShortName(),
e);
         return EXIT_FAILURE;

http://git-wip-us.apache.org/repos/asf/hbase/blob/da9c5ac1/hbase-shell/src/main/ruby/hbase/security.rb
----------------------------------------------------------------------
diff --git a/hbase-shell/src/main/ruby/hbase/security.rb b/hbase-shell/src/main/ruby/hbase/security.rb
index bfdd733..2aaef02 100644
--- a/hbase-shell/src/main/ruby/hbase/security.rb
+++ b/hbase-shell/src/main/ruby/hbase/security.rb
@@ -26,7 +26,7 @@ module Hbase
 
     def initialize(admin, formatter)
       @admin = admin
-      @config = @admin.getConfiguration()
+      @connection = @admin.getConnection()
       @formatter = formatter
     end
 
@@ -59,7 +59,7 @@ module Hbase
               namespace_exists?(namespace_name)
 
             org.apache.hadoop.hbase.security.access.AccessControlClient.grant(
-              @config, namespace_name, user, perm.getActions())
+              @connection, namespace_name, user, perm.getActions())
           else
             # Table should exist
             raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name)
@@ -75,12 +75,12 @@ module Hbase
             qualbytes = qualifier.to_java_bytes if (qualifier != nil)
 
             org.apache.hadoop.hbase.security.access.AccessControlClient.grant(
-              @config, tableName, user, fambytes, qualbytes, perm.getActions())
+              @connection, tableName, user, fambytes, qualbytes, perm.getActions())
           end
         else
           # invoke cp endpoint to perform access controls
           org.apache.hadoop.hbase.security.access.AccessControlClient.grant(
-            @config, user, perm.getActions())
+            @connection, user, perm.getActions())
         end
       end
     end
@@ -101,7 +101,7 @@ module Hbase
 
             tablebytes=table_name.to_java_bytes
             org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
-              @config, namespace_name, user)
+              @connection, namespace_name, user)
           else
              # Table should exist
              raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name)
@@ -117,12 +117,12 @@ module Hbase
              qualbytes = qualifier.to_java_bytes if (qualifier != nil)
 
             org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
-              @config, tableName, user, fambytes, qualbytes)
+              @connection, tableName, user, fambytes, qualbytes)
           end
         else
           perm = org.apache.hadoop.hbase.security.access.Permission.new(''.to_java_bytes)
           org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
-            @config, user, perm.getActions())
+            @connection, user, perm.getActions())
         end
       end
     end
@@ -130,7 +130,8 @@ module Hbase
     #----------------------------------------------------------------------------------------------
     def user_permission(table_regex=nil)
       security_available?
-      all_perms = org.apache.hadoop.hbase.security.access.AccessControlClient.getUserPermissions(@config,table_regex)
+      all_perms = org.apache.hadoop.hbase.security.access.AccessControlClient.getUserPermissions(
+        @connection,table_regex)
       res = {}
       count  = 0
       all_perms.each do |value|


Mime
View raw message