HBASE-14818 user_permission does not list namespace permissions (li xiang)
This commit is contained in:
parent
0671cba65f
commit
56e4b85d06
|
@ -217,11 +217,16 @@ public class AccessControlClient {
|
|||
HTableDescriptor[] htds = null;
|
||||
if (tableRegex == null || tableRegex.isEmpty()) {
|
||||
permList = ProtobufUtil.getUserPermissions(controller, protocol);
|
||||
} else if (tableRegex.charAt(0) == '@') {
|
||||
String namespace = tableRegex.substring(1);
|
||||
permList = ProtobufUtil.getUserPermissions(controller, protocol,
|
||||
Bytes.toBytes(namespace));
|
||||
} else {
|
||||
} else if (tableRegex.charAt(0) == '@') { // Namespaces
|
||||
String namespaceRegex = tableRegex.substring(1);
|
||||
for (NamespaceDescriptor nsds : admin.listNamespaceDescriptors()) { // Read out all namespaces
|
||||
String namespace = nsds.getName();
|
||||
if (namespace.matches(namespaceRegex)) { // Match the given namespace regex?
|
||||
permList.addAll(ProtobufUtil.getUserPermissions(controller, protocol,
|
||||
Bytes.toBytes(namespace)));
|
||||
}
|
||||
}
|
||||
} else { // Tables
|
||||
htds = admin.listTables(Pattern.compile(tableRegex), true);
|
||||
for (HTableDescriptor hd : htds) {
|
||||
permList.addAll(ProtobufUtil.getUserPermissions(controller, protocol,
|
||||
|
|
|
@ -2596,19 +2596,41 @@ public class TestAccessController extends SecureTestUtil {
|
|||
NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build();
|
||||
createNamespace(TEST_UTIL, desc);
|
||||
grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ);
|
||||
|
||||
// Test 1: A specific namespace
|
||||
getNamespacePermissionsAndVerify(namespace, 1, namespace);
|
||||
|
||||
// Test 2: '@.*'
|
||||
getNamespacePermissionsAndVerify(".*", 1, namespace);
|
||||
|
||||
// Test 3: A more complex regex
|
||||
getNamespacePermissionsAndVerify("^test[a-zA-Z]*", 1, namespace);
|
||||
|
||||
deleteNamespace(TEST_UTIL, namespace);
|
||||
}
|
||||
|
||||
/**
|
||||
* List all user permissions match the given regular expression for namespace
|
||||
* and verify each of them.
|
||||
* @param namespaceRegexWithoutPrefix the regualar expression for namespace, without NAMESPACE_PREFIX
|
||||
* @param expectedAmount the expected amount of user permissions returned
|
||||
* @param expectedNamespace the expected namespace of each user permission returned
|
||||
* @throws HBaseException in the case of any HBase exception when accessing hbase:acl table
|
||||
*/
|
||||
private void getNamespacePermissionsAndVerify(String namespaceRegexWithoutPrefix,
|
||||
int expectedAmount, String expectedNamespace) throws HBaseException {
|
||||
try {
|
||||
List<UserPermission> namespacePermissions = AccessControlClient.getUserPermissions(
|
||||
systemUserConnection, AccessControlLists.toNamespaceEntry(namespace));
|
||||
systemUserConnection, AccessControlLists.toNamespaceEntry(namespaceRegexWithoutPrefix));
|
||||
assertTrue(namespacePermissions != null);
|
||||
assertTrue(namespacePermissions.size() == 1);
|
||||
assertEquals(expectedAmount, namespacePermissions.size());
|
||||
for (UserPermission namespacePermission : namespacePermissions) {
|
||||
assertFalse(namespacePermission.isGlobal()); // Verify it is not a global user permission
|
||||
assertEquals(namespace, namespacePermission.getNamespace()); // Verify namespace is set
|
||||
assertEquals(expectedNamespace, namespacePermission.getNamespace()); // Verify namespace is set
|
||||
}
|
||||
} catch (Throwable thw) {
|
||||
throw new HBaseException(thw);
|
||||
}
|
||||
deleteNamespace(TEST_UTIL, namespace);
|
||||
}
|
||||
|
||||
@Test (timeout=180000)
|
||||
|
|
|
@ -137,9 +137,9 @@ module Hbase
|
|||
all_perms.each do |value|
|
||||
user_name = String.from_java_bytes(value.getUser)
|
||||
if (table_regex != nil && isNamespace?(table_regex))
|
||||
namespace = table_regex[1...table_regex.length]
|
||||
namespace = value.getNamespace()
|
||||
else
|
||||
namespace = (value.getTableName != nil) ? value.getTableName.getNamespaceAsString() : ''
|
||||
namespace = (value.getTableName != nil) ? value.getTableName.getNamespaceAsString() : value.getNamespace()
|
||||
end
|
||||
table = (value.getTableName != nil) ? value.getTableName.getNameAsString() : ''
|
||||
family = (value.getFamily != nil) ?
|
||||
|
|
|
@ -30,6 +30,8 @@ For example:
|
|||
|
||||
hbase> user_permission
|
||||
hbase> user_permission '@ns1'
|
||||
hbase> user_permission '@.*'
|
||||
hbase> user_permission '@^[a-c].*'
|
||||
hbase> user_permission 'table1'
|
||||
hbase> user_permission 'namespace1:table1'
|
||||
hbase> user_permission '.*'
|
||||
|
|
Loading…
Reference in New Issue