hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From te...@apache.org
Subject hbase git commit: HBASE-13171 Change AccessControlClient methods to accept connection object to reduce setup time (Srikanth Srungarapu)
Date Thu, 12 Mar 2015 01:24:26 GMT
Repository: hbase
Updated Branches:
  refs/heads/master 9c83fa7b5 -> 7a3ea2370


HBASE-13171 Change AccessControlClient methods to accept connection object to reduce setup
time (Srikanth Srungarapu)


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/7a3ea237
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/7a3ea237
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/7a3ea237

Branch: refs/heads/master
Commit: 7a3ea23704047e5b289540d84834c9c3a67110bf
Parents: 9c83fa7
Author: tedyu <yuzhihong@gmail.com>
Authored: Wed Mar 11 18:24:12 2015 -0700
Committer: tedyu <yuzhihong@gmail.com>
Committed: Wed Mar 11 18:24:12 2015 -0700

----------------------------------------------------------------------
 .../security/access/AccessControlClient.java    | 121 +++++++------------
 ...egrationTestBigLinkedListWithVisibility.java |   8 +-
 .../hbase/security/access/SecureTestUtil.java   |  24 ++--
 .../security/access/TestAccessController.java   |  48 +++++---
 .../apache/hadoop/hbase/util/LoadTestTool.java  |   4 +-
 hbase-shell/src/main/ruby/hbase/security.rb     |  17 +--
 6 files changed, 105 insertions(+), 117 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/7a3ea237/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
index d0eb40d..9a0d104 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
@@ -22,7 +22,6 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.regex.Pattern;
 
-import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.HConstants;
 import org.apache.hadoop.hbase.HTableDescriptor;
 import org.apache.hadoop.hbase.MasterNotRunningException;
@@ -33,7 +32,6 @@ import org.apache.hadoop.hbase.classification.InterfaceAudience;
 import org.apache.hadoop.hbase.classification.InterfaceStability;
 import org.apache.hadoop.hbase.client.Admin;
 import org.apache.hadoop.hbase.client.Connection;
-import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Table;
 import org.apache.hadoop.hbase.ipc.CoprocessorRpcChannel;
 import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
@@ -60,7 +58,7 @@ public class AccessControlClient {
 
   /**
    * Grants permission on the specified table for the specified user
-   * @param conf
+   * @param connection The Connection instance to use
    * @param tableName
    * @param userName
    * @param family
@@ -68,66 +66,51 @@ public class AccessControlClient {
    * @param actions
    * @throws Throwable
    */
-  public static void grant(Configuration conf, final TableName tableName,
+  public static void grant(Connection connection, final TableName tableName,
       final String userName, final byte[] family, final byte[] qual,
       final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.grant(getAccessControlServiceStub(table), userName, tableName, family,
qual,
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+      ProtobufUtil.grant(getAccessControlServiceStub(table), userName, tableName, family,
qual,
           actions);
-      }
     }
   }
 
   /**
    * Grants permission on the specified namespace for the specified user.
-   * @param conf
+   * @param connection The Connection instance to use
    * @param namespace
    * @param userName
    * @param actions
    * @throws Throwable
    */
-  public static void grant(Configuration conf, final String namespace,
+  public static void grant(Connection connection, final String namespace,
       final String userName, final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.grant(getAccessControlServiceStub(table), userName, namespace, actions);
-      }
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+      ProtobufUtil.grant(getAccessControlServiceStub(table), userName, namespace, actions);
     }
   }
 
   /**
+   * @param connection The Connection instance to use
    * Grant global permissions for the specified user.
    */
-  public static void grant(Configuration conf, final String userName,
+  public static void grant(Connection connection, final String userName,
        final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.grant(getAccessControlServiceStub(table), userName, actions);
-      }
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+      ProtobufUtil.grant(getAccessControlServiceStub(table), userName, actions);
     }
   }
 
-  public static boolean isAccessControllerRunning(Configuration conf)
+  public static boolean isAccessControllerRunning(Connection connection)
       throws MasterNotRunningException, ZooKeeperConnectionException, IOException {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Admin admin = connection.getAdmin()) {
-        return admin.isTableAvailable(ACL_TABLE_NAME);
-      }
+    try (Admin admin = connection.getAdmin()) {
+      return admin.isTableAvailable(ACL_TABLE_NAME);
     }
   }
 
   /**
    * Revokes the permission on the table
-   * @param conf
+   * @param connection The Connection instance to use
    * @param tableName
    * @param username
    * @param family
@@ -135,81 +118,67 @@ public class AccessControlClient {
    * @param actions
    * @throws Throwable
    */
-  public static void revoke(Configuration conf, final TableName tableName,
+  public static void revoke(Connection connection, final TableName tableName,
       final String username, final byte[] family, final byte[] qualifier,
       final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.revoke(getAccessControlServiceStub(table), username, tableName, family,
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+      ProtobufUtil.revoke(getAccessControlServiceStub(table), username, tableName, family,
           qualifier, actions);
-      }
     }
   }
 
   /**
    * Revokes the permission on the table for the specified user.
-   * @param conf
+   * @param connection The Connection instance to use
    * @param namespace
    * @param userName
    * @param actions
    * @throws Throwable
    */
-  public static void revoke(Configuration conf, final String namespace,
-    final String userName, final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, namespace, actions);
-      }
+  public static void revoke(Connection connection, final String namespace,
+      final String userName, final Permission.Action... actions) throws Throwable {
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+      ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, namespace, actions);
     }
   }
 
   /**
    * Revoke global permissions for the specified user.
+   * @param connection The Connection instance to use
    */
-  public static void revoke(Configuration conf, final String userName,
+  public static void revoke(Connection connection, final String userName,
       final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, actions);
-      }
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+      ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, actions);
     }
+
   }
 
   /**
    * List all the userPermissions matching the given pattern.
-   * @param conf
+   * @param connection The Connection instance to use
    * @param tableRegex The regular expression string to match against
    * @return - returns an array of UserPermissions
    * @throws Throwable
    */
-  public static List<UserPermission> getUserPermissions(Configuration conf, String
tableRegex)
+  public static List<UserPermission> getUserPermissions(Connection connection, String
tableRegex)
       throws Throwable {
     List<UserPermission> permList = new ArrayList<UserPermission>();
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        try (Admin admin = connection.getAdmin()) {
-          CoprocessorRpcChannel service = table.coprocessorService(HConstants.EMPTY_START_ROW);
-          BlockingInterface protocol =
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+      try (Admin admin = connection.getAdmin()) {
+        CoprocessorRpcChannel service = table.coprocessorService(HConstants.EMPTY_START_ROW);
+        BlockingInterface protocol =
             AccessControlProtos.AccessControlService.newBlockingStub(service);
-          HTableDescriptor[] htds = null;
-          if (tableRegex == null || tableRegex.isEmpty()) {
-            permList = ProtobufUtil.getUserPermissions(protocol);
-          } else if (tableRegex.charAt(0) == '@') {
-            String namespace = tableRegex.substring(1);
-            permList = ProtobufUtil.getUserPermissions(protocol, Bytes.toBytes(namespace));
-          } else {
-            htds = admin.listTables(Pattern.compile(tableRegex), true);
-            for (HTableDescriptor hd : htds) {
-              permList.addAll(ProtobufUtil.getUserPermissions(protocol, hd.getTableName()));
-            }
+        HTableDescriptor[] htds = null;
+        if (tableRegex == null || tableRegex.isEmpty()) {
+          permList = ProtobufUtil.getUserPermissions(protocol);
+        } else if (tableRegex.charAt(0) == '@') {
+          String namespace = tableRegex.substring(1);
+          permList = ProtobufUtil.getUserPermissions(protocol, Bytes.toBytes(namespace));
+        } else {
+          htds = admin.listTables(Pattern.compile(tableRegex), true);
+          for (HTableDescriptor hd : htds) {
+            permList.addAll(ProtobufUtil.getUserPermissions(protocol, hd.getTableName()));
           }
         }
       }

http://git-wip-us.apache.org/repos/asf/hbase/blob/7a3ea237/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java
----------------------------------------------------------------------
diff --git a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java
b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java
index 99ad36a..9d07479 100644
--- a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java
+++ b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java
@@ -40,6 +40,7 @@ import org.apache.hadoop.hbase.chaos.factories.MonkeyFactory;
 import org.apache.hadoop.hbase.client.Admin;
 import org.apache.hadoop.hbase.client.BufferedMutator;
 import org.apache.hadoop.hbase.client.BufferedMutatorParams;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Delete;
 import org.apache.hadoop.hbase.client.HBaseAdmin;
 import org.apache.hadoop.hbase.client.HConnection;
@@ -128,7 +129,8 @@ public class IntegrationTestBigLinkedListWithVisibility extends IntegrationTestB
     protected void createSchema() throws IOException {
       LOG.info("Creating tables");
       // Create three tables
-      boolean acl = AccessControlClient.isAccessControllerRunning(getConf());
+      boolean acl = AccessControlClient.isAccessControllerRunning(ConnectionFactory
+          .createConnection(getConf()));
       if(!acl) {
         LOG.info("No ACL available.");
       }
@@ -156,8 +158,8 @@ public class IntegrationTestBigLinkedListWithVisibility extends IntegrationTestB
           LOG.info("Granting permissions for user " + USER.getShortName());
           Permission.Action[] actions = { Permission.Action.READ };
           try {
-            AccessControlClient.grant(getConf(), tableName, USER.getShortName(), null, null,
-                actions);
+            AccessControlClient.grant(ConnectionFactory.createConnection(getConf()), tableName,
+                USER.getShortName(), null, null, actions);
           } catch (Throwable e) {
             LOG.fatal("Error in granting permission for the user " + USER.getShortName(),
e);
             throw new IOException(e);

http://git-wip-us.apache.org/repos/asf/hbase/blob/7a3ea237/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
index fa52de3..f77bb85 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
@@ -403,13 +403,13 @@ public class SecureTestUtil {
    * or will throw an exception upon timeout (10 seconds).
    */
   public static void grantOnNamespaceUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final String namespace,
+      final Connection connection, final String user, final String namespace,
       final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.grant(conf, namespace, user, actions);
+          AccessControlClient.grant(connection, namespace, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -424,13 +424,13 @@ public class SecureTestUtil {
    * or will throw an exception upon timeout (10 seconds).
    */
   public static void revokeFromNamespaceUsingAccessControlClient(final HBaseTestingUtility
util,
-      final Configuration conf, final String user, final String namespace,
+      final Connection connection, final String user, final String namespace,
       final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.revoke(conf, namespace, user, actions);
+          AccessControlClient.revoke(connection, namespace, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -492,13 +492,13 @@ public class SecureTestUtil {
    * throw an exception upon timeout (10 seconds).
    */
   public static void grantOnTableUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final TableName table, final byte[] family,
+      final Connection connection, final String user, final TableName table, final byte[]
family,
       final byte[] qualifier, final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.grant(conf, table, user, family, qualifier, actions);
+          AccessControlClient.grant(connection, table, user, family, qualifier, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -513,13 +513,13 @@ public class SecureTestUtil {
    * throw an exception upon timeout (10 seconds).
    */
   public static void grantGlobalUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final Permission.Action... actions)
+      final Connection connection, final String user, final Permission.Action... actions)
       throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.grant(conf, user, actions);
+          AccessControlClient.grant(connection, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -558,13 +558,13 @@ public class SecureTestUtil {
    * throw an exception upon timeout (10 seconds).
    */
   public static void revokeFromTableUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final TableName table, final byte[] family,
+      final Connection connection, final String user, final TableName table, final byte[]
family,
       final byte[] qualifier, final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.revoke(conf, table, user, family, qualifier, actions);
+          AccessControlClient.revoke(connection, table, user, family, qualifier, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -579,13 +579,13 @@ public class SecureTestUtil {
    * throw an exception upon timeout (10 seconds).
    */
   public static void revokeGlobalUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user,final Permission.Action... actions)
+      final Connection connection, final String user,final Permission.Action... actions)
       throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.revoke(conf, user, actions);
+          AccessControlClient.revoke(connection, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }

http://git-wip-us.apache.org/repos/asf/hbase/blob/7a3ea237/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
index ddc8c22..ffabe34 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
@@ -140,6 +140,8 @@ public class TestAccessController extends SecureTestUtil {
   @Rule public TestTableName TEST_TABLE = new TestTableName();
   private static HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
   private static Configuration conf;
+  private static Connection connection;
+
 
   // user with all permissions
   private static User SUPERUSER;
@@ -211,10 +213,13 @@ public class TestAccessController extends SecureTestUtil {
     USER_CREATE = User.createUserForTesting(conf, "tbl_create", new String[0]);
     USER_NONE = User.createUserForTesting(conf, "nouser", new String[0]);
     USER_ADMIN_CF = User.createUserForTesting(conf, "col_family_admin", new String[0]);
+
+    connection = ConnectionFactory.createConnection(conf);
   }
 
   @AfterClass
   public static void tearDownAfterClass() throws Exception {
+    connection.close();
     TEST_UTIL.shutdownMiniCluster();
   }
 
@@ -265,7 +270,8 @@ public class TestAccessController extends SecureTestUtil {
 
     assertEquals(5, AccessControlLists.getTablePermissions(conf, TEST_TABLE.getTableName()).size());
     try {
-      assertEquals(5, AccessControlClient.getUserPermissions(conf, TEST_TABLE.toString()).size());
+      assertEquals(5, AccessControlClient.getUserPermissions(connection,
+          TEST_TABLE.toString()).size());
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.getUserPermissions. ", e);
     }
@@ -2191,7 +2197,7 @@ public class TestAccessController extends SecureTestUtil {
 
     // Grant table READ permissions to testGrantRevoke.
     try {
-      grantOnTableUsingAccessControlClient(TEST_UTIL, conf, testGrantRevoke.getShortName(),
+      grantOnTableUsingAccessControlClient(TEST_UTIL, connection, testGrantRevoke.getShortName(),
           TEST_TABLE.getTableName(), null, null, Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.grant. ", e);
@@ -2202,7 +2208,7 @@ public class TestAccessController extends SecureTestUtil {
 
     // Revoke table READ permission to testGrantRevoke.
     try {
-      revokeFromTableUsingAccessControlClient(TEST_UTIL, conf, testGrantRevoke.getShortName(),
+      revokeFromTableUsingAccessControlClient(TEST_UTIL, connection, testGrantRevoke.getShortName(),
           TEST_TABLE.getTableName(), null, null, Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.revoke ", e);
@@ -2233,8 +2239,8 @@ public class TestAccessController extends SecureTestUtil {
 
     // Grant table READ permissions to testGlobalGrantRevoke.
     try {
-      grantGlobalUsingAccessControlClient(TEST_UTIL, conf, testGlobalGrantRevoke.getShortName(),
-        Permission.Action.READ);
+      grantGlobalUsingAccessControlClient(TEST_UTIL, connection,
+          testGlobalGrantRevoke.getShortName(), Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.grant. ", e);
     }
@@ -2244,8 +2250,8 @@ public class TestAccessController extends SecureTestUtil {
 
     // Revoke table READ permission to testGlobalGrantRevoke.
     try {
-      revokeGlobalUsingAccessControlClient(TEST_UTIL, conf, testGlobalGrantRevoke.getShortName(),
-        Permission.Action.READ);
+      revokeGlobalUsingAccessControlClient(TEST_UTIL, connection,
+          testGlobalGrantRevoke.getShortName(), Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.revoke ", e);
     }
@@ -2274,7 +2280,7 @@ public class TestAccessController extends SecureTestUtil {
 
     // Grant namespace READ to testNS, this should supersede any table permissions
     try {
-      grantOnNamespaceUsingAccessControlClient(TEST_UTIL, conf, testNS.getShortName(),
+      grantOnNamespaceUsingAccessControlClient(TEST_UTIL, connection, testNS.getShortName(),
           TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.grant. ", e);
@@ -2285,7 +2291,7 @@ public class TestAccessController extends SecureTestUtil {
 
     // Revoke namespace READ to testNS, this should supersede any table permissions
     try {
-      revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, conf, testNS.getShortName(),
+      revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, connection, testNS.getShortName(),
           TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.revoke ", e);
@@ -2481,13 +2487,13 @@ public class TestAccessController extends SecureTestUtil {
 
   @Test
   public void testGetNamespacePermission() throws Exception {
-    String namespace = "testNamespace";
+    String namespace = "testGetNamespacePermission";
     NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build();
     TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc);
     grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ);
     try {
-      List<UserPermission> namespacePermissions = AccessControlClient.getUserPermissions(conf,
-      AccessControlLists.toNamespaceEntry(namespace));
+      List<UserPermission> namespacePermissions = AccessControlClient.getUserPermissions(
+          connection, AccessControlLists.toNamespaceEntry(namespace));
       assertTrue(namespacePermissions != null);
       assertTrue(namespacePermissions.size() == 1);
     } catch (Throwable thw) {
@@ -2499,15 +2505,15 @@ public class TestAccessController extends SecureTestUtil {
   @Test
   public void testTruncatePerms() throws Exception {
     try {
-      List<UserPermission> existingPerms = AccessControlClient.getUserPermissions(conf,
-        TEST_TABLE.getTableName().getNameAsString());
+      List<UserPermission> existingPerms = AccessControlClient.getUserPermissions(
+          connection, TEST_TABLE.getTableName().getNameAsString());
       assertTrue(existingPerms != null);
       assertTrue(existingPerms.size() > 1);
       TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE.getTableName());
       TEST_UTIL.truncateTable(TEST_TABLE.getTableName());
       TEST_UTIL.waitTableAvailable(TEST_TABLE.getTableName());
-      List<UserPermission> perms = AccessControlClient.getUserPermissions(conf,
-        TEST_TABLE.getTableName().getNameAsString());
+      List<UserPermission> perms = AccessControlClient.getUserPermissions(
+          connection, TEST_TABLE.getTableName().getNameAsString());
       assertTrue(perms != null);
       assertEquals(existingPerms.size(), perms.size());
     } catch (Throwable e) {
@@ -2519,11 +2525,19 @@ public class TestAccessController extends SecureTestUtil {
     return new PrivilegedAction<List<UserPermission>>() {
       @Override
       public List<UserPermission> run() {
+        Connection connection = null;
         try {
-          return AccessControlClient.getUserPermissions(conf, regex);
+          connection = ConnectionFactory.createConnection(conf);
+          return AccessControlClient.getUserPermissions(connection, regex);
         } catch (Throwable e) {
           LOG.error("error during call of AccessControlClient.getUserPermissions.", e);
           return null;
+        } finally {
+          try {
+            connection.close();
+          } catch (IOException e) {
+            LOG.error("Error during close of connection.", e);
+          }
         }
       }
     };

http://git-wip-us.apache.org/repos/asf/hbase/blob/7a3ea237/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
index 6d64bc6..0f077ed 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
@@ -43,6 +43,7 @@ import org.apache.hadoop.hbase.HTableDescriptor;
 import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.classification.InterfaceAudience;
 import org.apache.hadoop.hbase.client.Admin;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Durability;
 import org.apache.hadoop.hbase.client.HBaseAdmin;
 import org.apache.hadoop.hbase.io.compress.Compression;
@@ -606,7 +607,8 @@ public class LoadTestTool extends AbstractHBaseTool {
         Permission.Action.ADMIN, Permission.Action.CREATE,
         Permission.Action.READ, Permission.Action.WRITE };
       try {
-        AccessControlClient.grant(conf, tableName, userOwner.getShortName(), null, null,
actions);
+        AccessControlClient.grant(ConnectionFactory.createConnection(conf),
+            tableName, userOwner.getShortName(), null, null, actions);
       } catch (Throwable e) {
         LOG.fatal("Error in granting permission for the user " + userOwner.getShortName(),
e);
         return EXIT_FAILURE;

http://git-wip-us.apache.org/repos/asf/hbase/blob/7a3ea237/hbase-shell/src/main/ruby/hbase/security.rb
----------------------------------------------------------------------
diff --git a/hbase-shell/src/main/ruby/hbase/security.rb b/hbase-shell/src/main/ruby/hbase/security.rb
index bfdd733..2aaef02 100644
--- a/hbase-shell/src/main/ruby/hbase/security.rb
+++ b/hbase-shell/src/main/ruby/hbase/security.rb
@@ -26,7 +26,7 @@ module Hbase
 
     def initialize(admin, formatter)
       @admin = admin
-      @config = @admin.getConfiguration()
+      @connection = @admin.getConnection()
       @formatter = formatter
     end
 
@@ -59,7 +59,7 @@ module Hbase
               namespace_exists?(namespace_name)
 
             org.apache.hadoop.hbase.security.access.AccessControlClient.grant(
-              @config, namespace_name, user, perm.getActions())
+              @connection, namespace_name, user, perm.getActions())
           else
             # Table should exist
             raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name)
@@ -75,12 +75,12 @@ module Hbase
             qualbytes = qualifier.to_java_bytes if (qualifier != nil)
 
             org.apache.hadoop.hbase.security.access.AccessControlClient.grant(
-              @config, tableName, user, fambytes, qualbytes, perm.getActions())
+              @connection, tableName, user, fambytes, qualbytes, perm.getActions())
           end
         else
           # invoke cp endpoint to perform access controls
           org.apache.hadoop.hbase.security.access.AccessControlClient.grant(
-            @config, user, perm.getActions())
+            @connection, user, perm.getActions())
         end
       end
     end
@@ -101,7 +101,7 @@ module Hbase
 
             tablebytes=table_name.to_java_bytes
             org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
-              @config, namespace_name, user)
+              @connection, namespace_name, user)
           else
              # Table should exist
              raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name)
@@ -117,12 +117,12 @@ module Hbase
              qualbytes = qualifier.to_java_bytes if (qualifier != nil)
 
             org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
-              @config, tableName, user, fambytes, qualbytes)
+              @connection, tableName, user, fambytes, qualbytes)
           end
         else
           perm = org.apache.hadoop.hbase.security.access.Permission.new(''.to_java_bytes)
           org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
-            @config, user, perm.getActions())
+            @connection, user, perm.getActions())
         end
       end
     end
@@ -130,7 +130,8 @@ module Hbase
     #----------------------------------------------------------------------------------------------
     def user_permission(table_regex=nil)
       security_available?
-      all_perms = org.apache.hadoop.hbase.security.access.AccessControlClient.getUserPermissions(@config,table_regex)
+      all_perms = org.apache.hadoop.hbase.security.access.AccessControlClient.getUserPermissions(
+        @connection,table_regex)
       res = {}
       count  = 0
       all_perms.each do |value|


Mime
View raw message