hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jerry...@apache.org
Subject hbase git commit: HBASE-14818 user_permission does not list namespace permissions (li xiang)
Date Sun, 22 May 2016 03:42:25 GMT
Repository: hbase
Updated Branches:
  refs/heads/branch-1.3 df7e5b4f9 -> c218c4eb8


HBASE-14818 user_permission does not list namespace permissions (li xiang)


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/c218c4eb
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/c218c4eb
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/c218c4eb

Branch: refs/heads/branch-1.3
Commit: c218c4eb839680f1993a7acfc3bb94fc50507db3
Parents: df7e5b4
Author: Jerry He <jerryjch@apache.org>
Authored: Sat May 21 20:32:20 2016 -0700
Committer: Jerry He <jerryjch@apache.org>
Committed: Sat May 21 20:38:21 2016 -0700

----------------------------------------------------------------------
 .../security/access/AccessControlClient.java    | 15 ++++++----
 .../security/access/TestAccessController.java   | 30 +++++++++++++++++---
 hbase-shell/src/main/ruby/hbase/security.rb     |  4 +--
 .../main/ruby/shell/commands/user_permission.rb |  2 ++
 4 files changed, 40 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/c218c4eb/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
index 14a82a9..81dfae0 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
@@ -217,11 +217,16 @@ public class AccessControlClient {
         HTableDescriptor[] htds = null;
         if (tableRegex == null || tableRegex.isEmpty()) {
           permList = ProtobufUtil.getUserPermissions(controller, protocol);
-        } else if (tableRegex.charAt(0) == '@') {
-          String namespace = tableRegex.substring(1);
-          permList = ProtobufUtil.getUserPermissions(controller, protocol,
-            Bytes.toBytes(namespace));
-        } else {
+        } else if (tableRegex.charAt(0) == '@') {  // Namespaces
+          String namespaceRegex = tableRegex.substring(1);
+          for (NamespaceDescriptor nsds : admin.listNamespaceDescriptors()) {  // Read out
all namespaces
+            String namespace = nsds.getName();
+            if (namespace.matches(namespaceRegex)) {  // Match the given namespace regex?
+              permList.addAll(ProtobufUtil.getUserPermissions(controller, protocol,
+                Bytes.toBytes(namespace)));
+            }
+          }
+        } else {  // Tables
           htds = admin.listTables(Pattern.compile(tableRegex), true);
           for (HTableDescriptor hd : htds) {
             permList.addAll(ProtobufUtil.getUserPermissions(controller, protocol,

http://git-wip-us.apache.org/repos/asf/hbase/blob/c218c4eb/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
index a588a6c..dd554a1 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
@@ -2594,19 +2594,41 @@ public class TestAccessController extends SecureTestUtil {
     NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build();
     createNamespace(TEST_UTIL, desc);
     grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ);
+
+    // Test 1: A specific namespace
+    getNamespacePermissionsAndVerify(namespace, 1, namespace);
+
+    // Test 2: '@.*'
+    getNamespacePermissionsAndVerify(".*", 1, namespace);
+
+    // Test 3: A more complex regex
+    getNamespacePermissionsAndVerify("^test[a-zA-Z]*", 1, namespace);
+
+    deleteNamespace(TEST_UTIL, namespace);
+  }
+
+  /**
+   * List all user permissions match the given regular expression for namespace
+   * and verify each of them.
+   * @param namespaceRegexWithoutPrefix the regualar expression for namespace, without NAMESPACE_PREFIX
+   * @param expectedAmount the expected amount of user permissions returned
+   * @param expectedNamespace the expected namespace of each user permission returned
+   * @throws HBaseException in the case of any HBase exception when accessing hbase:acl table
+   */
+  private void getNamespacePermissionsAndVerify(String namespaceRegexWithoutPrefix,
+      int expectedAmount, String expectedNamespace) throws HBaseException {
     try {
       List<UserPermission> namespacePermissions = AccessControlClient.getUserPermissions(
-          systemUserConnection, AccessControlLists.toNamespaceEntry(namespace));
+        systemUserConnection, AccessControlLists.toNamespaceEntry(namespaceRegexWithoutPrefix));
       assertTrue(namespacePermissions != null);
-      assertTrue(namespacePermissions.size() == 1);
+      assertEquals(expectedAmount, namespacePermissions.size());
       for (UserPermission namespacePermission : namespacePermissions) {
         assertFalse(namespacePermission.isGlobal());  // Verify it is not a global user permission
-        assertEquals(namespace, namespacePermission.getNamespace());  // Verify namespace
is set
+        assertEquals(expectedNamespace, namespacePermission.getNamespace());  // Verify namespace
is set
       }
     } catch (Throwable thw) {
       throw new HBaseException(thw);
     }
-    deleteNamespace(TEST_UTIL, namespace);
   }
 
   @Test (timeout=180000)

http://git-wip-us.apache.org/repos/asf/hbase/blob/c218c4eb/hbase-shell/src/main/ruby/hbase/security.rb
----------------------------------------------------------------------
diff --git a/hbase-shell/src/main/ruby/hbase/security.rb b/hbase-shell/src/main/ruby/hbase/security.rb
index c7b94e8..f061e8c 100644
--- a/hbase-shell/src/main/ruby/hbase/security.rb
+++ b/hbase-shell/src/main/ruby/hbase/security.rb
@@ -137,9 +137,9 @@ module Hbase
       all_perms.each do |value|
           user_name = String.from_java_bytes(value.getUser)
           if (table_regex != nil && isNamespace?(table_regex))
-            namespace = table_regex[1...table_regex.length]
+            namespace = value.getNamespace()
           else
-            namespace = (value.getTableName != nil) ? value.getTableName.getNamespaceAsString()
: ''
+            namespace = (value.getTableName != nil) ? value.getTableName.getNamespaceAsString()
: value.getNamespace()
           end
           table = (value.getTableName != nil) ? value.getTableName.getNameAsString() : ''
           family = (value.getFamily != nil) ?

http://git-wip-us.apache.org/repos/asf/hbase/blob/c218c4eb/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
----------------------------------------------------------------------
diff --git a/hbase-shell/src/main/ruby/shell/commands/user_permission.rb b/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
index e4673fc..71b98f3 100644
--- a/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
+++ b/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
@@ -30,6 +30,8 @@ For example:
 
     hbase> user_permission
     hbase> user_permission '@ns1'
+    hbase> user_permission '@.*'
+    hbase> user_permission '@^[a-c].*'
     hbase> user_permission 'table1'
     hbase> user_permission 'namespace1:table1'
     hbase> user_permission '.*'


Mime
View raw message