diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/MasterObserver.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/MasterObserver.java index a1e9be5b8fd..2bb778beeaf 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/MasterObserver.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/MasterObserver.java @@ -239,10 +239,10 @@ public interface MasterObserver { * @param currentDescriptor current TableDescriptor of the table * @param newDescriptor after modify operation, table will have this descriptor */ - default void preModifyTable(final ObserverContext ctx, + default TableDescriptor preModifyTable(final ObserverContext ctx, final TableName tableName, TableDescriptor currentDescriptor, TableDescriptor newDescriptor) - throws IOException { - preModifyTable(ctx, tableName, newDescriptor); + throws IOException { + return newDescriptor; } /** diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java index a023a4f7d0b..bd5e67a7281 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java @@ -2610,13 +2610,12 @@ public class HMaster extends HRegionServer implements MasterServices { .submitProcedure(new MasterProcedureUtil.NonceProcedureRunnable(this, nonceGroup, nonce) { @Override protected void run() throws IOException { - TableDescriptor newDescriptor = newDescriptorGetter.get(); - sanityCheckTableDescriptor(newDescriptor); TableDescriptor oldDescriptor = getMaster().getTableDescriptors().get(tableName); - getMaster().getMasterCoprocessorHost().preModifyTable(tableName, oldDescriptor, - newDescriptor); - - LOG.info(getClientIdAuditPrefix() + " modify " + tableName); + TableDescriptor newDescriptor = getMaster().getMasterCoprocessorHost() + .preModifyTable(tableName, oldDescriptor, newDescriptorGetter.get()); + sanityCheckTableDescriptor(newDescriptor); + LOG.info("{} modify table {} from {} to {}", getClientIdAuditPrefix(), tableName, + oldDescriptor, newDescriptor); // Execute the operation synchronously - wait for the operation completes before // continuing. diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterCoprocessorHost.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterCoprocessorHost.java index 2471b54afad..03ab2e1c538 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterCoprocessorHost.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterCoprocessorHost.java @@ -445,12 +445,17 @@ public class MasterCoprocessorHost }); } - public void preModifyTable(final TableName tableName, final TableDescriptor currentDescriptor, - final TableDescriptor newDescriptor) throws IOException { - execOperation(coprocEnvironments.isEmpty() ? null : new MasterObserverOperation() { + public TableDescriptor preModifyTable(final TableName tableName, + final TableDescriptor currentDescriptor, final TableDescriptor newDescriptor) + throws IOException { + if (coprocEnvironments.isEmpty()) { + return newDescriptor; + } + return execOperationWithResult(new ObserverOperationWithResult( + masterObserverGetter, newDescriptor) { @Override - public void call(MasterObserver observer) throws IOException { - observer.preModifyTable(this, tableName, currentDescriptor, newDescriptor); + protected TableDescriptor call(MasterObserver observer) throws IOException { + return observer.preModifyTable(this, tableName, currentDescriptor, getResult()); } }); } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java index 7ea436a51ef..ade864577ed 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java @@ -969,11 +969,12 @@ public class AccessController implements MasterCoprocessor, RegionCoprocessor, } @Override - public void preModifyTable(ObserverContext c, TableName tableName, - TableDescriptor htd) throws IOException { + public TableDescriptor preModifyTable(ObserverContext c, + TableName tableName, TableDescriptor currentDesc, TableDescriptor newDesc) + throws IOException { // TODO: potentially check if this is a add/modify/delete column operation - requirePermission(c, "modifyTable", - tableName, null, null, Action.ADMIN, Action.CREATE); + requirePermission(c, "modifyTable", tableName, null, null, Action.ADMIN, Action.CREATE); + return newDesc; } @Override diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/CoprocessorWhitelistMasterObserver.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/CoprocessorWhitelistMasterObserver.java index 44f736b2e97..1e83e966102 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/CoprocessorWhitelistMasterObserver.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/CoprocessorWhitelistMasterObserver.java @@ -54,9 +54,11 @@ public class CoprocessorWhitelistMasterObserver implements MasterCoprocessor, Ma } @Override - public void preModifyTable(ObserverContext ctx, - TableName tableName, TableDescriptor htd) throws IOException { - verifyCoprocessors(ctx, htd); + public TableDescriptor preModifyTable(ObserverContext ctx, + TableName tableName, TableDescriptor currentDesc, TableDescriptor newDesc) + throws IOException { + verifyCoprocessors(ctx, newDesc); + return newDesc; } @Override diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java index a4cad65695c..c4f3b954883 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java @@ -226,14 +226,15 @@ public class VisibilityController implements MasterCoprocessor, RegionCoprocesso } @Override - public void preModifyTable(ObserverContext ctx, - TableName tableName, TableDescriptor htd) throws IOException { - if (!authorizationEnabled) { - return; - } - if (LABELS_TABLE_NAME.equals(tableName)) { - throw new ConstraintException("Cannot alter " + LABELS_TABLE_NAME); + public TableDescriptor preModifyTable(ObserverContext ctx, + TableName tableName, TableDescriptor currentDescriptor, TableDescriptor newDescriptor) + throws IOException { + if (authorizationEnabled) { + if (LABELS_TABLE_NAME.equals(tableName)) { + throw new ConstraintException("Cannot alter " + LABELS_TABLE_NAME); + } } + return newDescriptor; } @Override diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/coprocessor/TestMasterObserver.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/coprocessor/TestMasterObserver.java index 42e8424e6b8..823b03e492a 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/coprocessor/TestMasterObserver.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/coprocessor/TestMasterObserver.java @@ -373,9 +373,11 @@ public class TestMasterObserver { } @Override - public void preModifyTable(ObserverContext env, - TableName tableName, TableDescriptor htd) throws IOException { + public TableDescriptor preModifyTable(ObserverContext env, + TableName tableName, TableDescriptor currentDescriptor, TableDescriptor newDescriptor) + throws IOException { preModifyTableCalled = true; + return newDescriptor; } @Override diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/coprocessor/TestMasterObserverToModifyTableSchema.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/coprocessor/TestMasterObserverToModifyTableSchema.java new file mode 100644 index 00000000000..d23a4a8cd50 --- /dev/null +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/coprocessor/TestMasterObserverToModifyTableSchema.java @@ -0,0 +1,128 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.hbase.coprocessor; + +import static org.junit.Assert.assertEquals; + +import java.io.IOException; +import java.util.Optional; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.hbase.HBaseClassTestRule; +import org.apache.hadoop.hbase.HBaseTestingUtility; +import org.apache.hadoop.hbase.TableName; +import org.apache.hadoop.hbase.client.Admin; +import org.apache.hadoop.hbase.client.ColumnFamilyDescriptor; +import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder; +import org.apache.hadoop.hbase.client.TableDescriptor; +import org.apache.hadoop.hbase.client.TableDescriptorBuilder; +import org.apache.hadoop.hbase.testclassification.CoprocessorTests; +import org.apache.hadoop.hbase.testclassification.MediumTests; +import org.apache.hadoop.hbase.util.Bytes; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; +import org.junit.rules.TestName; + +@Category({ CoprocessorTests.class, MediumTests.class }) +public class TestMasterObserverToModifyTableSchema { + + @ClassRule + public static final HBaseClassTestRule CLASS_RULE = + HBaseClassTestRule.forClass(TestMasterObserverToModifyTableSchema.class); + + private static HBaseTestingUtility UTIL = new HBaseTestingUtility(); + private static TableName TABLENAME = TableName.valueOf("TestTable"); + + @Rule + public TestName name = new TestName(); + + @BeforeClass + public static void setupBeforeClass() throws Exception { + Configuration conf = UTIL.getConfiguration(); + conf.set(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY, + OnlyOneVersionAllowedMasterObserver.class.getName()); + UTIL.startMiniCluster(1); + } + + @AfterClass + public static void tearDownAfterClass() throws Exception { + UTIL.shutdownMiniCluster(); + } + + @Test + public void testMasterObserverToModifyTableSchema() throws IOException { + TableDescriptorBuilder builder = TableDescriptorBuilder.newBuilder(TABLENAME); + for (int i = 1; i <= 3; i++) { + builder.setColumnFamily( + ColumnFamilyDescriptorBuilder.newBuilder(Bytes.toBytes("cf" + i)).setMaxVersions(i) + .build()); + } + try (Admin admin = UTIL.getAdmin()) { + admin.createTable(builder.build()); + assertOneVersion(admin.getDescriptor(TABLENAME)); + + builder.modifyColumnFamily(ColumnFamilyDescriptorBuilder.newBuilder(Bytes.toBytes("cf1")) + .setMaxVersions(Integer.MAX_VALUE).build()); + admin.modifyTable(builder.build()); + assertOneVersion(admin.getDescriptor(TABLENAME)); + } + } + + private void assertOneVersion(TableDescriptor td) { + for (ColumnFamilyDescriptor cfd : td.getColumnFamilies()) { + assertEquals(1, cfd.getMaxVersions()); + } + } + + public static class OnlyOneVersionAllowedMasterObserver + implements MasterCoprocessor, MasterObserver { + + @Override + public Optional getMasterObserver() { + return Optional.of(this); + } + + @Override + public TableDescriptor preCreateTableRegionsInfos( + ObserverContext ctx, TableDescriptor desc) + throws IOException { + TableDescriptorBuilder builder = TableDescriptorBuilder.newBuilder(desc); + for (ColumnFamilyDescriptor cfd : desc.getColumnFamilies()) { + builder.modifyColumnFamily( + ColumnFamilyDescriptorBuilder.newBuilder(cfd).setMaxVersions(1).build()); + } + return builder.build(); + } + + @Override + public TableDescriptor preModifyTable(ObserverContext env, + TableName tableName, final TableDescriptor currentDescriptor, + final TableDescriptor newDescriptor) throws IOException { + TableDescriptorBuilder builder = TableDescriptorBuilder.newBuilder(newDescriptor); + for (ColumnFamilyDescriptor cfd : newDescriptor.getColumnFamilies()) { + builder.modifyColumnFamily( + ColumnFamilyDescriptorBuilder.newBuilder(cfd).setMaxVersions(1).build()); + } + return builder.build(); + } + } +} diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index bcdde7d0cbf..cd590270299 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -415,8 +415,8 @@ public class TestAccessController extends SecureTestUtil { HTableDescriptor htd = new HTableDescriptor(TEST_TABLE); htd.addFamily(new HColumnDescriptor(TEST_FAMILY)); htd.addFamily(new HColumnDescriptor("fam_" + User.getCurrent().getShortName())); - ACCESS_CONTROLLER.preModifyTable(ObserverContextImpl.createAndPrepare(CP_ENV), - TEST_TABLE, htd); + ACCESS_CONTROLLER.preModifyTable(ObserverContextImpl.createAndPrepare(CP_ENV), TEST_TABLE, + null, htd); return null; } };