HBASE-12142 Truncate command does not preserve ACLs table (Vandana Ayyalasomayajula)

Conflicts:
	hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java

hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java

@@ -175,6 +175,8 @@ public class AccessController extends BaseMasterAndRegionObserver
   private Map<InternalScanner,String> scannerOwners =
       new MapMaker().weakKeys().makeMap();
 
+  private Map<TableName, List<UserPermission>> tableAcls;
+
   // Provider for mapping principal names to Users
   private UserProvider userProvider;
 
@@ -857,6 +859,8 @@ public class AccessController extends BaseMasterAndRegionObserver
     } else {
       throw new RuntimeException("Error obtaining TableAuthManager, zk found null.");
     }
+
+    tableAcls = new MapMaker().weakValues().makeMap();
   }
 
   public void stop(CoprocessorEnvironment env) {
@@ -934,7 +938,24 @@ public class AccessController extends BaseMasterAndRegionObserver
   @Override
   public void preTruncateTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName)
       throws IOException {
-    requirePermission("truncateTable", tableName, null, null, Action.ADMIN, Action.CREATE);
+    requirePermission("truncateTable", tableName, null, null, Action.ADMIN);
+    List<UserPermission> acls = AccessControlLists.getUserTablePermissions(c.getEnvironment()
+        .getConfiguration(), tableName);
+    if (acls != null) {
+      tableAcls.put(tableName, acls);
+    }
+  }
+
+  @Override
+  public void postTruncateTable(ObserverContext<MasterCoprocessorEnvironment> ctx,
+      TableName tableName) throws IOException {
+    List<UserPermission> perms = tableAcls.get(tableName);
+    if (perms != null) {
+      for (UserPermission perm : perms) {
+        AccessControlLists.addUserPermission(ctx.getEnvironment().getConfiguration(), perm);
+      }
+    }
+    tableAcls.remove(tableName);
   }
 
   @Override

hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java

@@ -37,6 +37,7 @@ import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.fs.permission.FsPermission;
 import org.apache.hadoop.hbase.Coprocessor;
 import org.apache.hadoop.hbase.CoprocessorEnvironment;
+import org.apache.hadoop.hbase.HBaseIOException;
 import org.apache.hadoop.hbase.HBaseTestingUtility;
 import org.apache.hadoop.hbase.HColumnDescriptor;
 import org.apache.hadoop.hbase.HConstants;
@@ -335,8 +336,8 @@ public class TestAccessController extends SecureTestUtil {
       }
     };
 
-    verifyAllowed(truncateTable, SUPERUSER, USER_ADMIN, USER_CREATE, USER_OWNER);
-    verifyDenied(truncateTable, USER_RW, USER_RO, USER_NONE);
+    verifyAllowed(truncateTable, SUPERUSER, USER_ADMIN);
+    verifyDenied(truncateTable, USER_RW, USER_RO, USER_NONE,USER_CREATE, USER_OWNER);
   }
 
   @Test
@@ -2280,4 +2281,23 @@ public class TestAccessController extends SecureTestUtil {
      }
      TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(namespace);
    }
+
+  @Test
+  public void testTruncatePerms() throws Exception {
+    try {
+      List<UserPermission> existingPerms = AccessControlClient.getUserPermissions(conf, TEST_TABLE
+          .getTableName().getNameAsString());
+      assertTrue(existingPerms != null);
+      assertTrue(existingPerms.size() > 1);
+      TEST_UTIL.getHBaseAdmin().disableTable(TEST_TABLE.getTableName());
+      TEST_UTIL.getHBaseAdmin().truncateTable(TEST_TABLE.getTableName(), true);
+      List<UserPermission> perms = AccessControlClient.getUserPermissions(conf, TEST_TABLE
+          .getTableName().getNameAsString());
+      assertTrue(perms != null);
+      assertEquals(existingPerms.size(), perms.size());
+    } catch (Throwable e) {
+      throw new HBaseException(e);
+    }
+  }
+
 }