HBASE-27422: Support replication for hbase:acl (#4827)

Signed-off-by: Ankit Singhal <ankit@apache.org>
Signed-off-by: Duo Zhang <zhangduo@apache.org>
Signed-off-by: Tak Lon (Stephen) Wu <taklwu@apache.org>
Signed-off-by: Wellington Chevreuil <wchevreuil@apache.org>

(cherry picked from commit 856fa14537)
This commit is contained in:
Kota-SH 2023-04-14 04:19:29 -05:00 committed by Wellington Ramos Chevreuil
parent 1e97fbfc9f
commit 3dda428417
2 changed files with 27 additions and 1 deletions

View File

@ -17,16 +17,28 @@
*/ */
package org.apache.hadoop.hbase.replication; package org.apache.hadoop.hbase.replication;
import org.apache.hadoop.hbase.security.access.PermissionStorage;
import org.apache.hadoop.hbase.security.visibility.VisibilityConstants;
import org.apache.hadoop.hbase.wal.WAL.Entry; import org.apache.hadoop.hbase.wal.WAL.Entry;
import org.apache.yetus.audience.InterfaceAudience; import org.apache.yetus.audience.InterfaceAudience;
/** /**
* Skips WAL edits for all System tables including hbase:meta. * Skips WAL edits for all System tables including hbase:meta except hbase:acl. As of now, only 2
* tables can be allowed for replication - hbase:acl and hbase:labels. Other tables which not be
* replicated are 1. hbase:meta - not to be replicated 2. hbase:canary - for current cluster 3.
* hbase:namespace - Deprecated and moved to meta 4. hbase:quota - related to namespace, quota for
* the current cluster usage 5. hbase:rsgroup - contains hostnames
*/ */
@InterfaceAudience.Private @InterfaceAudience.Private
public class SystemTableWALEntryFilter implements WALEntryFilter { public class SystemTableWALEntryFilter implements WALEntryFilter {
@Override @Override
public Entry filter(Entry entry) { public Entry filter(Entry entry) {
if (
entry.getKey().getTableName().equals(PermissionStorage.ACL_TABLE_NAME)
|| entry.getKey().getTableName().equals(VisibilityConstants.LABELS_TABLE_NAME)
) {
return entry;
}
return entry.getKey().getTableName().isSystemTable() ? null : entry; return entry.getKey().getTableName().isSystemTable() ? null : entry;
} }
} }

View File

@ -36,6 +36,8 @@ import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.KeyValue; import org.apache.hadoop.hbase.KeyValue;
import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.RegionInfoBuilder; import org.apache.hadoop.hbase.client.RegionInfoBuilder;
import org.apache.hadoop.hbase.security.access.PermissionStorage;
import org.apache.hadoop.hbase.security.visibility.VisibilityConstants;
import org.apache.hadoop.hbase.testclassification.ReplicationTests; import org.apache.hadoop.hbase.testclassification.ReplicationTests;
import org.apache.hadoop.hbase.testclassification.SmallTests; import org.apache.hadoop.hbase.testclassification.SmallTests;
import org.apache.hadoop.hbase.util.Bytes; import org.apache.hadoop.hbase.util.Bytes;
@ -87,6 +89,18 @@ public class TestReplicationWALEntryFilters {
Entry userEntry = new Entry(key3, null); Entry userEntry = new Entry(key3, null);
assertEquals(userEntry, filter.filter(userEntry)); assertEquals(userEntry, filter.filter(userEntry));
// hbase:acl should be allowed through the filter
WALKeyImpl key4 =
new WALKeyImpl(new byte[0], PermissionStorage.ACL_TABLE_NAME, System.currentTimeMillis());
Entry aclEntry = new Entry(key4, null);
assertEquals(aclEntry, filter.filter(aclEntry));
// hbase:labels should be allowed through the filter
WALKeyImpl key5 = new WALKeyImpl(new byte[0], VisibilityConstants.LABELS_TABLE_NAME,
System.currentTimeMillis());
Entry labelsEntry = new Entry(key5, null);
assertEquals(labelsEntry, filter.filter(labelsEntry));
} }
@Test @Test