Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-13171 Change AccessControlClient methods to accept connection object to reduce setup time (Srikanth Srungarapu)

This commit is contained in:
tedyu 2015-03-11 18:24:12 -07:00
parent 9c83fa7b52
commit 7a3ea23704
6 changed files with 105 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
View File

@ -22,7 +22,6 @@ import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.MasterNotRunningException;
@ -33,7 +32,6 @@ import org.apache.hadoop.hbase.classification.InterfaceAudience;
import org.apache.hadoop.hbase.classification.InterfaceStability;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Table;
import org.apache.hadoop.hbase.ipc.CoprocessorRpcChannel;
import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
@ -60,7 +58,7 @@ public class AccessControlClient {
/**
* Grants permission on the specified table for the specified user
* @param conf
* @param connection The Connection instance to use
* @param tableName
* @param userName
* @param family
@ -68,66 +66,51 @@ public class AccessControlClient {
* @param actions
* @throws Throwable
*/
public static void grant(Configuration conf, final TableName tableName,
public static void grant(Connection connection, final TableName tableName,
final String userName, final byte[] family, final byte[] qual,
final Permission.Action... actions) throws Throwable {
// TODO: Make it so caller passes in a Connection rather than have us do this expensive
// setup each time. This class only used in test and shell at moment though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table table = connection.getTable(ACL_TABLE_NAME)) {
ProtobufUtil.grant(getAccessControlServiceStub(table), userName, tableName, family, qual,
try (Table table = connection.getTable(ACL_TABLE_NAME)) {
ProtobufUtil.grant(getAccessControlServiceStub(table), userName, tableName, family, qual,
actions);
}
}
}
/**
* Grants permission on the specified namespace for the specified user.
* @param conf
* @param connection The Connection instance to use
* @param namespace
* @param userName
* @param actions
* @throws Throwable
*/
public static void grant(Configuration conf, final String namespace,
public static void grant(Connection connection, final String namespace,
final String userName, final Permission.Action... actions) throws Throwable {
// TODO: Make it so caller passes in a Connection rather than have us do this expensive
// setup each time. This class only used in test and shell at moment though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table table = connection.getTable(ACL_TABLE_NAME)) {
ProtobufUtil.grant(getAccessControlServiceStub(table), userName, namespace, actions);
}
try (Table table = connection.getTable(ACL_TABLE_NAME)) {
ProtobufUtil.grant(getAccessControlServiceStub(table), userName, namespace, actions);
}
}
/**
* @param connection The Connection instance to use
* Grant global permissions for the specified user.
*/
public static void grant(Configuration conf, final String userName,
public static void grant(Connection connection, final String userName,
final Permission.Action... actions) throws Throwable {
// TODO: Make it so caller passes in a Connection rather than have us do this expensive
// setup each time. This class only used in test and shell at moment though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table table = connection.getTable(ACL_TABLE_NAME)) {
ProtobufUtil.grant(getAccessControlServiceStub(table), userName, actions);
}
try (Table table = connection.getTable(ACL_TABLE_NAME)) {
ProtobufUtil.grant(getAccessControlServiceStub(table), userName, actions);
}
}
public static boolean isAccessControllerRunning(Configuration conf)
public static boolean isAccessControllerRunning(Connection connection)
throws MasterNotRunningException, ZooKeeperConnectionException, IOException {
// TODO: Make it so caller passes in a Connection rather than have us do this expensive
// setup each time. This class only used in test and shell at moment though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Admin admin = connection.getAdmin()) {
return admin.isTableAvailable(ACL_TABLE_NAME);
}
try (Admin admin = connection.getAdmin()) {
return admin.isTableAvailable(ACL_TABLE_NAME);
}
}
/**
* Revokes the permission on the table
* @param conf
* @param connection The Connection instance to use
* @param tableName
* @param username
* @param family
@ -135,81 +118,67 @@ public class AccessControlClient {
* @param actions
* @throws Throwable
*/
public static void revoke(Configuration conf, final TableName tableName,
public static void revoke(Connection connection, final TableName tableName,
final String username, final byte[] family, final byte[] qualifier,
final Permission.Action... actions) throws Throwable {
// TODO: Make it so caller passes in a Connection rather than have us do this expensive
// setup each time. This class only used in test and shell at moment though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table table = connection.getTable(ACL_TABLE_NAME)) {
ProtobufUtil.revoke(getAccessControlServiceStub(table), username, tableName, family,
try (Table table = connection.getTable(ACL_TABLE_NAME)) {
ProtobufUtil.revoke(getAccessControlServiceStub(table), username, tableName, family,
qualifier, actions);
}
}
}
/**
* Revokes the permission on the table for the specified user.
* @param conf
* @param connection The Connection instance to use
* @param namespace
* @param userName
* @param actions
* @throws Throwable
*/
public static void revoke(Configuration conf, final String namespace,
final String userName, final Permission.Action... actions) throws Throwable {
// TODO: Make it so caller passes in a Connection rather than have us do this expensive
// setup each time. This class only used in test and shell at moment though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table table = connection.getTable(ACL_TABLE_NAME)) {
ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, namespace, actions);
}
public static void revoke(Connection connection, final String namespace,
final String userName, final Permission.Action... actions) throws Throwable {
try (Table table = connection.getTable(ACL_TABLE_NAME)) {
ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, namespace, actions);
}
}
/**
* Revoke global permissions for the specified user.
* @param connection The Connection instance to use
*/
public static void revoke(Configuration conf, final String userName,
public static void revoke(Connection connection, final String userName,
final Permission.Action... actions) throws Throwable {
// TODO: Make it so caller passes in a Connection rather than have us do this expensive
// setup each time. This class only used in test and shell at moment though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table table = connection.getTable(ACL_TABLE_NAME)) {
ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, actions);
}
try (Table table = connection.getTable(ACL_TABLE_NAME)) {
ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, actions);
}
}
/**
* List all the userPermissions matching the given pattern.
* @param conf
* @param connection The Connection instance to use
* @param tableRegex The regular expression string to match against
* @return - returns an array of UserPermissions
* @throws Throwable
*/
public static List<UserPermission> getUserPermissions(Configuration conf, String tableRegex)
public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex)
throws Throwable {
List<UserPermission> permList = new ArrayList<UserPermission>();
// TODO: Make it so caller passes in a Connection rather than have us do this expensive
// setup each time. This class only used in test and shell at moment though.
try (Connection connection = ConnectionFactory.createConnection(conf)) {
try (Table table = connection.getTable(ACL_TABLE_NAME)) {
try (Admin admin = connection.getAdmin()) {
CoprocessorRpcChannel service = table.coprocessorService(HConstants.EMPTY_START_ROW);
BlockingInterface protocol =
try (Table table = connection.getTable(ACL_TABLE_NAME)) {
try (Admin admin = connection.getAdmin()) {
CoprocessorRpcChannel service = table.coprocessorService(HConstants.EMPTY_START_ROW);
BlockingInterface protocol =
AccessControlProtos.AccessControlService.newBlockingStub(service);
HTableDescriptor[] htds = null;
if (tableRegex == null || tableRegex.isEmpty()) {
permList = ProtobufUtil.getUserPermissions(protocol);
} else if (tableRegex.charAt(0) == '@') {
String namespace = tableRegex.substring(1);
permList = ProtobufUtil.getUserPermissions(protocol, Bytes.toBytes(namespace));
} else {
htds = admin.listTables(Pattern.compile(tableRegex), true);
for (HTableDescriptor hd : htds) {
permList.addAll(ProtobufUtil.getUserPermissions(protocol, hd.getTableName()));
}
HTableDescriptor[] htds = null;
if (tableRegex == null || tableRegex.isEmpty()) {
permList = ProtobufUtil.getUserPermissions(protocol);
} else if (tableRegex.charAt(0) == '@') {
String namespace = tableRegex.substring(1);
permList = ProtobufUtil.getUserPermissions(protocol, Bytes.toBytes(namespace));
} else {
htds = admin.listTables(Pattern.compile(tableRegex), true);
for (HTableDescriptor hd : htds) {
permList.addAll(ProtobufUtil.getUserPermissions(protocol, hd.getTableName()));
}
}
}

8
hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java
View File

@ -40,6 +40,7 @@ import org.apache.hadoop.hbase.chaos.factories.MonkeyFactory;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.BufferedMutator;
import org.apache.hadoop.hbase.client.BufferedMutatorParams;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Delete;
import org.apache.hadoop.hbase.client.HBaseAdmin;
import org.apache.hadoop.hbase.client.HConnection;
@ -128,7 +129,8 @@ public class IntegrationTestBigLinkedListWithVisibility extends IntegrationTestB
protected void createSchema() throws IOException {
LOG.info("Creating tables");
// Create three tables
boolean acl = AccessControlClient.isAccessControllerRunning(getConf());
boolean acl = AccessControlClient.isAccessControllerRunning(ConnectionFactory
.createConnection(getConf()));
if(!acl) {
LOG.info("No ACL available.");
}
@ -156,8 +158,8 @@ public class IntegrationTestBigLinkedListWithVisibility extends IntegrationTestB
LOG.info("Granting permissions for user " + USER.getShortName());
Permission.Action[] actions = { Permission.Action.READ };
try {
AccessControlClient.grant(getConf(), tableName, USER.getShortName(), null, null,
actions);
AccessControlClient.grant(ConnectionFactory.createConnection(getConf()), tableName,
USER.getShortName(), null, null, actions);
} catch (Throwable e) {
LOG.fatal("Error in granting permission for the user " + USER.getShortName(), e);
throw new IOException(e);

24
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
View File

@ -403,13 +403,13 @@ public class SecureTestUtil {
* or will throw an exception upon timeout (10 seconds).
*/
public static void grantOnNamespaceUsingAccessControlClient(final HBaseTestingUtility util,
final Configuration conf, final String user, final String namespace,
final Connection connection, final String user, final String namespace,
final Permission.Action... actions) throws Exception {
SecureTestUtil.updateACLs(util, new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
AccessControlClient.grant(conf, namespace, user, actions);
AccessControlClient.grant(connection, namespace, user, actions);
} catch (Throwable t) {
t.printStackTrace();
}
@ -424,13 +424,13 @@ public class SecureTestUtil {
* or will throw an exception upon timeout (10 seconds).
*/
public static void revokeFromNamespaceUsingAccessControlClient(final HBaseTestingUtility util,
final Configuration conf, final String user, final String namespace,
final Connection connection, final String user, final String namespace,
final Permission.Action... actions) throws Exception {
SecureTestUtil.updateACLs(util, new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
AccessControlClient.revoke(conf, namespace, user, actions);
AccessControlClient.revoke(connection, namespace, user, actions);
} catch (Throwable t) {
t.printStackTrace();
}
@ -492,13 +492,13 @@ public class SecureTestUtil {
* throw an exception upon timeout (10 seconds).
*/
public static void grantOnTableUsingAccessControlClient(final HBaseTestingUtility util,
final Configuration conf, final String user, final TableName table, final byte[] family,
final Connection connection, final String user, final TableName table, final byte[] family,
final byte[] qualifier, final Permission.Action... actions) throws Exception {
SecureTestUtil.updateACLs(util, new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
AccessControlClient.grant(conf, table, user, family, qualifier, actions);
AccessControlClient.grant(connection, table, user, family, qualifier, actions);
} catch (Throwable t) {
t.printStackTrace();
}
@ -513,13 +513,13 @@ public class SecureTestUtil {
* throw an exception upon timeout (10 seconds).
*/
public static void grantGlobalUsingAccessControlClient(final HBaseTestingUtility util,
final Configuration conf, final String user, final Permission.Action... actions)
final Connection connection, final String user, final Permission.Action... actions)
throws Exception {
SecureTestUtil.updateACLs(util, new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
AccessControlClient.grant(conf, user, actions);
AccessControlClient.grant(connection, user, actions);
} catch (Throwable t) {
t.printStackTrace();
}
@ -558,13 +558,13 @@ public class SecureTestUtil {
* throw an exception upon timeout (10 seconds).
*/
public static void revokeFromTableUsingAccessControlClient(final HBaseTestingUtility util,
final Configuration conf, final String user, final TableName table, final byte[] family,
final Connection connection, final String user, final TableName table, final byte[] family,
final byte[] qualifier, final Permission.Action... actions) throws Exception {
SecureTestUtil.updateACLs(util, new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
AccessControlClient.revoke(conf, table, user, family, qualifier, actions);
AccessControlClient.revoke(connection, table, user, family, qualifier, actions);
} catch (Throwable t) {
t.printStackTrace();
}
@ -579,13 +579,13 @@ public class SecureTestUtil {
* throw an exception upon timeout (10 seconds).
*/
public static void revokeGlobalUsingAccessControlClient(final HBaseTestingUtility util,
final Configuration conf, final String user,final Permission.Action... actions)
final Connection connection, final String user,final Permission.Action... actions)
throws Exception {
SecureTestUtil.updateACLs(util, new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
AccessControlClient.revoke(conf, user, actions);
AccessControlClient.revoke(connection, user, actions);
} catch (Throwable t) {
t.printStackTrace();
}

48
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
View File

@ -140,6 +140,8 @@ public class TestAccessController extends SecureTestUtil {
@Rule public TestTableName TEST_TABLE = new TestTableName();
private static HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
private static Configuration conf;
private static Connection connection;
// user with all permissions
private static User SUPERUSER;
@ -211,10 +213,13 @@ public class TestAccessController extends SecureTestUtil {
USER_CREATE = User.createUserForTesting(conf, "tbl_create", new String[0]);
USER_NONE = User.createUserForTesting(conf, "nouser", new String[0]);
USER_ADMIN_CF = User.createUserForTesting(conf, "col_family_admin", new String[0]);
connection = ConnectionFactory.createConnection(conf);
}
@AfterClass
public static void tearDownAfterClass() throws Exception {
connection.close();
TEST_UTIL.shutdownMiniCluster();
}
@ -265,7 +270,8 @@ public class TestAccessController extends SecureTestUtil {
assertEquals(5, AccessControlLists.getTablePermissions(conf, TEST_TABLE.getTableName()).size());
try {
assertEquals(5, AccessControlClient.getUserPermissions(conf, TEST_TABLE.toString()).size());
assertEquals(5, AccessControlClient.getUserPermissions(connection,
TEST_TABLE.toString()).size());
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.getUserPermissions. ", e);
}
@ -2191,7 +2197,7 @@ public class TestAccessController extends SecureTestUtil {
// Grant table READ permissions to testGrantRevoke.
try {
grantOnTableUsingAccessControlClient(TEST_UTIL, conf, testGrantRevoke.getShortName(),
grantOnTableUsingAccessControlClient(TEST_UTIL, connection, testGrantRevoke.getShortName(),
TEST_TABLE.getTableName(), null, null, Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.grant. ", e);
@ -2202,7 +2208,7 @@ public class TestAccessController extends SecureTestUtil {
// Revoke table READ permission to testGrantRevoke.
try {
revokeFromTableUsingAccessControlClient(TEST_UTIL, conf, testGrantRevoke.getShortName(),
revokeFromTableUsingAccessControlClient(TEST_UTIL, connection, testGrantRevoke.getShortName(),
TEST_TABLE.getTableName(), null, null, Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.revoke ", e);
@ -2233,8 +2239,8 @@ public class TestAccessController extends SecureTestUtil {
// Grant table READ permissions to testGlobalGrantRevoke.
try {
grantGlobalUsingAccessControlClient(TEST_UTIL, conf, testGlobalGrantRevoke.getShortName(),
Permission.Action.READ);
grantGlobalUsingAccessControlClient(TEST_UTIL, connection,
testGlobalGrantRevoke.getShortName(), Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.grant. ", e);
}
@ -2244,8 +2250,8 @@ public class TestAccessController extends SecureTestUtil {
// Revoke table READ permission to testGlobalGrantRevoke.
try {
revokeGlobalUsingAccessControlClient(TEST_UTIL, conf, testGlobalGrantRevoke.getShortName(),
Permission.Action.READ);
revokeGlobalUsingAccessControlClient(TEST_UTIL, connection,
testGlobalGrantRevoke.getShortName(), Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.revoke ", e);
}
@ -2274,7 +2280,7 @@ public class TestAccessController extends SecureTestUtil {
// Grant namespace READ to testNS, this should supersede any table permissions
try {
grantOnNamespaceUsingAccessControlClient(TEST_UTIL, conf, testNS.getShortName(),
grantOnNamespaceUsingAccessControlClient(TEST_UTIL, connection, testNS.getShortName(),
TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.grant. ", e);
@ -2285,7 +2291,7 @@ public class TestAccessController extends SecureTestUtil {
// Revoke namespace READ to testNS, this should supersede any table permissions
try {
revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, conf, testNS.getShortName(),
revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, connection, testNS.getShortName(),
TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.revoke ", e);
@ -2481,13 +2487,13 @@ public class TestAccessController extends SecureTestUtil {
@Test
public void testGetNamespacePermission() throws Exception {
String namespace = "testNamespace";
String namespace = "testGetNamespacePermission";
NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build();
TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc);
grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ);
try {
List<UserPermission> namespacePermissions = AccessControlClient.getUserPermissions(conf,
AccessControlLists.toNamespaceEntry(namespace));
List<UserPermission> namespacePermissions = AccessControlClient.getUserPermissions(
connection, AccessControlLists.toNamespaceEntry(namespace));
assertTrue(namespacePermissions != null);
assertTrue(namespacePermissions.size() == 1);
} catch (Throwable thw) {
@ -2499,15 +2505,15 @@ public class TestAccessController extends SecureTestUtil {
@Test
public void testTruncatePerms() throws Exception {
try {
List<UserPermission> existingPerms = AccessControlClient.getUserPermissions(conf,
TEST_TABLE.getTableName().getNameAsString());
List<UserPermission> existingPerms = AccessControlClient.getUserPermissions(
connection, TEST_TABLE.getTableName().getNameAsString());
assertTrue(existingPerms != null);
assertTrue(existingPerms.size() > 1);
TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE.getTableName());
TEST_UTIL.truncateTable(TEST_TABLE.getTableName());
TEST_UTIL.waitTableAvailable(TEST_TABLE.getTableName());
List<UserPermission> perms = AccessControlClient.getUserPermissions(conf,
TEST_TABLE.getTableName().getNameAsString());
List<UserPermission> perms = AccessControlClient.getUserPermissions(
connection, TEST_TABLE.getTableName().getNameAsString());
assertTrue(perms != null);
assertEquals(existingPerms.size(), perms.size());
} catch (Throwable e) {
@ -2519,11 +2525,19 @@ public class TestAccessController extends SecureTestUtil {
return new PrivilegedAction<List<UserPermission>>() {
@Override
public List<UserPermission> run() {
Connection connection = null;
try {
return AccessControlClient.getUserPermissions(conf, regex);
connection = ConnectionFactory.createConnection(conf);
return AccessControlClient.getUserPermissions(connection, regex);
} catch (Throwable e) {
LOG.error("error during call of AccessControlClient.getUserPermissions.", e);
return null;
} finally {
try {
connection.close();
} catch (IOException e) {
LOG.error("Error during close of connection.", e);
}
}
}
};

4
hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java
View File

@ -43,6 +43,7 @@ import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.classification.InterfaceAudience;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Durability;
import org.apache.hadoop.hbase.client.HBaseAdmin;
import org.apache.hadoop.hbase.io.compress.Compression;
@ -606,7 +607,8 @@ public class LoadTestTool extends AbstractHBaseTool {
Permission.Action.ADMIN, Permission.Action.CREATE,
Permission.Action.READ, Permission.Action.WRITE };
try {
AccessControlClient.grant(conf, tableName, userOwner.getShortName(), null, null, actions);
AccessControlClient.grant(ConnectionFactory.createConnection(conf),
tableName, userOwner.getShortName(), null, null, actions);
} catch (Throwable e) {
LOG.fatal("Error in granting permission for the user " + userOwner.getShortName(), e);
return EXIT_FAILURE;

17
hbase-shell/src/main/ruby/hbase/security.rb
View File

@ -26,7 +26,7 @@ module Hbase
def initialize(admin, formatter)
@admin = admin
@config = @admin.getConfiguration()
@connection = @admin.getConnection()
@formatter = formatter
end
@ -59,7 +59,7 @@ module Hbase
namespace_exists?(namespace_name)
org.apache.hadoop.hbase.security.access.AccessControlClient.grant(
@config, namespace_name, user, perm.getActions())
@connection, namespace_name, user, perm.getActions())
else
# Table should exist
raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name)
@ -75,12 +75,12 @@ module Hbase
qualbytes = qualifier.to_java_bytes if (qualifier != nil)
org.apache.hadoop.hbase.security.access.AccessControlClient.grant(
@config, tableName, user, fambytes, qualbytes, perm.getActions())
@connection, tableName, user, fambytes, qualbytes, perm.getActions())
end
else
# invoke cp endpoint to perform access controls
org.apache.hadoop.hbase.security.access.AccessControlClient.grant(
@config, user, perm.getActions())
@connection, user, perm.getActions())
end
end
end
@ -101,7 +101,7 @@ module Hbase
tablebytes=table_name.to_java_bytes
org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
@config, namespace_name, user)
@connection, namespace_name, user)
else
# Table should exist
raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name)
@ -117,12 +117,12 @@ module Hbase
qualbytes = qualifier.to_java_bytes if (qualifier != nil)
org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
@config, tableName, user, fambytes, qualbytes)
@connection, tableName, user, fambytes, qualbytes)
end
else
perm = org.apache.hadoop.hbase.security.access.Permission.new(''.to_java_bytes)
org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
@config, user, perm.getActions())
@connection, user, perm.getActions())
end
end
end
@ -130,7 +130,8 @@ module Hbase
#----------------------------------------------------------------------------------------------
def user_permission(table_regex=nil)
security_available?
all_perms = org.apache.hadoop.hbase.security.access.AccessControlClient.getUserPermissions(@config,table_regex)
all_perms = org.apache.hadoop.hbase.security.access.AccessControlClient.getUserPermissions(
@connection,table_regex)
res = {}
count = 0
all_perms.each do |value|