HBASE-12142 Truncate command does not preserve ACLs table (Vandana Ayyalasomayajula)

This commit is contained in:
stack 2014-10-09 15:35:36 -07:00
parent d5be58dfd2
commit 5420b4c78b
2 changed files with 44 additions and 3 deletions

View File

@ -173,6 +173,8 @@ public class AccessController extends BaseMasterAndRegionObserver
private Map<InternalScanner,String> scannerOwners =
new MapMaker().weakKeys().makeMap();
private Map<TableName, List<UserPermission>> tableAcls;
// Provider for mapping principal names to Users
private UserProvider userProvider;
@ -861,6 +863,8 @@ public class AccessController extends BaseMasterAndRegionObserver
} else {
throw new RuntimeException("Error obtaining TableAuthManager, zk found null.");
}
tableAcls = new MapMaker().weakValues().makeMap();
}
public void stop(CoprocessorEnvironment env) {
@ -938,7 +942,24 @@ public class AccessController extends BaseMasterAndRegionObserver
@Override
public void preTruncateTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName)
throws IOException {
requirePermission("truncateTable", tableName, null, null, Action.ADMIN, Action.CREATE);
requirePermission("truncateTable", tableName, null, null, Action.ADMIN);
List<UserPermission> acls = AccessControlLists.getUserTablePermissions(c.getEnvironment()
.getConfiguration(), tableName);
if (acls != null) {
tableAcls.put(tableName, acls);
}
}
@Override
public void postTruncateTable(ObserverContext<MasterCoprocessorEnvironment> ctx,
TableName tableName) throws IOException {
List<UserPermission> perms = tableAcls.get(tableName);
if (perms != null) {
for (UserPermission perm : perms) {
AccessControlLists.addUserPermission(ctx.getEnvironment().getConfiguration(), perm);
}
}
tableAcls.remove(tableName);
}
@Override

View File

@ -36,6 +36,7 @@ import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hbase.Coprocessor;
import org.apache.hadoop.hbase.CoprocessorEnvironment;
import org.apache.hadoop.hbase.HBaseIOException;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HConstants;
@ -337,8 +338,8 @@ public class TestAccessController extends SecureTestUtil {
}
};
verifyAllowed(truncateTable, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER);
verifyDenied(truncateTable, USER_RW, USER_RO, USER_NONE);
verifyAllowed(truncateTable, SUPERUSER, USER_ADMIN);
verifyDenied(truncateTable, USER_RW, USER_RO, USER_NONE,USER_CREATE, USER_OWNER);
}
@Test
@ -2324,4 +2325,23 @@ public class TestAccessController extends SecureTestUtil {
}
TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(namespace);
}
@Test
public void testTruncatePerms() throws Exception {
try {
List<UserPermission> existingPerms = AccessControlClient.getUserPermissions(conf,
TEST_TABLE.getTableName().getNameAsString());
assertTrue(existingPerms != null);
assertTrue(existingPerms.size() > 1);
TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE.getTableName());
TEST_UTIL.truncateTable(TEST_TABLE.getTableName());
List<UserPermission> perms = AccessControlClient.getUserPermissions(conf,
TEST_TABLE.getTableName().getNameAsString());
assertTrue(perms != null);
assertEquals(existingPerms.size(), perms.size());
} catch (Throwable e) {
throw new HBaseIOException(e);
}
}
}