HBASE-12142 Truncate command does not preserve ACLs table (Vandana Ayyalasomayajula)
This commit is contained in:
stack
parent
d5be58dfd2
commit
5420b4c78b
|
|
@ -173,6 +173,8 @@ public class AccessController extends BaseMasterAndRegionObserver
|
|||
private Map<InternalScanner,String> scannerOwners =
|
||||
new MapMaker().weakKeys().makeMap();
|
||||
|
||||
private Map<TableName, List<UserPermission>> tableAcls;
|
||||
|
||||
// Provider for mapping principal names to Users
|
||||
private UserProvider userProvider;
|
||||
|
||||
|
|
@ -861,6 +863,8 @@ public class AccessController extends BaseMasterAndRegionObserver
|
|||
} else {
|
||||
throw new RuntimeException("Error obtaining TableAuthManager, zk found null.");
|
||||
}
|
||||
|
||||
tableAcls = new MapMaker().weakValues().makeMap();
|
||||
}
|
||||
|
||||
public void stop(CoprocessorEnvironment env) {
|
||||
|
|
@ -938,7 +942,24 @@ public class AccessController extends BaseMasterAndRegionObserver
|
|||
@Override
|
||||
public void preTruncateTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName)
|
||||
throws IOException {
|
||||
requirePermission("truncateTable", tableName, null, null, Action.ADMIN, Action.CREATE);
|
||||
requirePermission("truncateTable", tableName, null, null, Action.ADMIN);
|
||||
List<UserPermission> acls = AccessControlLists.getUserTablePermissions(c.getEnvironment()
|
||||
.getConfiguration(), tableName);
|
||||
if (acls != null) {
|
||||
tableAcls.put(tableName, acls);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void postTruncateTable(ObserverContext<MasterCoprocessorEnvironment> ctx,
|
||||
TableName tableName) throws IOException {
|
||||
List<UserPermission> perms = tableAcls.get(tableName);
|
||||
if (perms != null) {
|
||||
for (UserPermission perm : perms) {
|
||||
AccessControlLists.addUserPermission(ctx.getEnvironment().getConfiguration(), perm);
|
||||
}
|
||||
}
|
||||
tableAcls.remove(tableName);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ import org.apache.hadoop.fs.Path;
|
|||
import org.apache.hadoop.fs.permission.FsPermission;
|
||||
import org.apache.hadoop.hbase.Coprocessor;
|
||||
import org.apache.hadoop.hbase.CoprocessorEnvironment;
|
||||
import org.apache.hadoop.hbase.HBaseIOException;
|
||||
import org.apache.hadoop.hbase.HBaseTestingUtility;
|
||||
import org.apache.hadoop.hbase.HColumnDescriptor;
|
||||
import org.apache.hadoop.hbase.HConstants;
|
||||
|
|
@ -337,8 +338,8 @@ public class TestAccessController extends SecureTestUtil {
|
|||
}
|
||||
};
|
||||
|
||||
verifyAllowed(truncateTable, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER);
|
||||
verifyDenied(truncateTable, USER_RW, USER_RO, USER_NONE);
|
||||
verifyAllowed(truncateTable, SUPERUSER, USER_ADMIN);
|
||||
verifyDenied(truncateTable, USER_RW, USER_RO, USER_NONE,USER_CREATE, USER_OWNER);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -2324,4 +2325,23 @@ public class TestAccessController extends SecureTestUtil {
|
|||
}
|
||||
TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(namespace);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testTruncatePerms() throws Exception {
|
||||
try {
|
||||
List<UserPermission> existingPerms = AccessControlClient.getUserPermissions(conf,
|
||||
TEST_TABLE.getTableName().getNameAsString());
|
||||
assertTrue(existingPerms != null);
|
||||
assertTrue(existingPerms.size() > 1);
|
||||
TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE.getTableName());
|
||||
TEST_UTIL.truncateTable(TEST_TABLE.getTableName());
|
||||
List<UserPermission> perms = AccessControlClient.getUserPermissions(conf,
|
||||
TEST_TABLE.getTableName().getNameAsString());
|
||||
assertTrue(perms != null);
|
||||
assertEquals(existingPerms.size(), perms.size());
|
||||
} catch (Throwable e) {
|
||||
throw new HBaseIOException(e);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue