From 98d1637bcd1954f73817d77b6aba7ebb6fc24890 Mon Sep 17 00:00:00 2001 From: zhangduo Date: Mon, 2 Oct 2017 19:03:19 -0700 Subject: [PATCH] HBASE-18878 Use Optional in return types. These functions have been changed to return Optional instead of T, where T = old return type. - ObserverContext#getCaller - RpcCallContext#getRequestUser - RpcCallContext#getRequestUserName - RpcServer#getCurrentCall - RpcServer#getRequestUser - RpcServer#getRequestUserName - RpcServer#getRemoteAddress - ServerCall#getRequestUser Change-Id: Ib7b4e6be637283755f55755dd4c5124729f7052e Signed-off-by: Apekshit Sharma --- .../org/apache/hadoop/hbase/util/Classes.java | 12 +- .../hadoop/hbase/coprocessor/Export.java | 5 +- .../ProtobufCoprocessorService.java | 4 +- .../hadoop/hbase/client/VersionInfoUtil.java | 3 +- .../hbase/coprocessor/CoprocessorHost.java | 2 +- .../hbase/coprocessor/ObserverContext.java | 74 ++++------- .../apache/hadoop/hbase/ipc/CallRunner.java | 5 +- .../hadoop/hbase/ipc/RpcCallContext.java | 13 +- .../apache/hadoop/hbase/ipc/RpcServer.java | 51 ++++--- .../apache/hadoop/hbase/ipc/ServerCall.java | 23 ++-- .../hadoop/hbase/ipc/SimpleRpcScheduler.java | 3 +- .../master/procedure/MasterProcedureEnv.java | 6 +- .../master/snapshot/SnapshotManager.java | 24 ++-- .../quotas/RegionServerRpcQuotaManager.java | 8 +- .../hadoop/hbase/regionserver/HRegion.java | 23 ++-- .../hbase/regionserver/HRegionServer.java | 2 +- .../hbase/regionserver/RSRpcServices.java | 24 ++-- .../regionserver/SecureBulkLoadManager.java | 58 ++++---- .../security/access/AccessController.java | 59 ++++----- .../hbase/security/token/TokenProvider.java | 33 ++--- .../visibility/VisibilityController.java | 27 ++-- .../security/visibility/VisibilityUtils.java | 11 +- .../hbase/ipc/TestProtobufRpcServiceImpl.java | 4 +- .../hbase/ipc/TestSimpleRpcScheduler.java | 11 +- .../security/access/TestAccessController.java | 124 +++++++++--------- .../access/TestAccessController3.java | 3 +- .../access/TestNamespaceCommands.java | 10 +- .../access/TestWithDisabledAuthorization.java | 93 +++++++------ 28 files changed, 335 insertions(+), 380 deletions(-) diff --git a/hbase-common/src/main/java/org/apache/hadoop/hbase/util/Classes.java b/hbase-common/src/main/java/org/apache/hadoop/hbase/util/Classes.java index 2366dafc17b..c52a09c8a6f 100644 --- a/hbase-common/src/main/java/org/apache/hadoop/hbase/util/Classes.java +++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/util/Classes.java @@ -17,7 +17,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.apache.hadoop.hbase.util; import org.apache.yetus.audience.InterfaceAudience; @@ -31,7 +30,7 @@ public class Classes { /** * Equivalent of {@link Class#forName(String)} which also returns classes for * primitives like boolean, etc. - * + * * @param className * The name of the class to retrieve. Can be either a normal class or * a primitive class. @@ -64,10 +63,10 @@ public class Classes { return valueType; } - public static String stringify(Class[] classes) { + public static String stringify(Class[] classes) { StringBuilder buf = new StringBuilder(); if (classes != null) { - for (Class c : classes) { + for (Class c : classes) { if (buf.length() > 0) { buf.append(","); } @@ -78,4 +77,9 @@ public class Classes { } return buf.toString(); } + + @SuppressWarnings("unchecked") + public static Class cast(Class clazz) { + return (Class) clazz; + } } diff --git a/hbase-endpoint/src/main/java/org/apache/hadoop/hbase/coprocessor/Export.java b/hbase-endpoint/src/main/java/org/apache/hadoop/hbase/coprocessor/Export.java index 667f7a3dfa3..a00af0f9a17 100644 --- a/hbase-endpoint/src/main/java/org/apache/hadoop/hbase/coprocessor/Export.java +++ b/hbase-endpoint/src/main/java/org/apache/hadoop/hbase/coprocessor/Export.java @@ -453,10 +453,7 @@ public class Export extends ExportProtos.ExportService implements RegionCoproces } private static User getActiveUser(final UserProvider userProvider, final Token userToken) throws IOException { - User user = RpcServer.getRequestUser(); - if (user == null) { - user = userProvider.getCurrent(); - } + User user = RpcServer.getRequestUser().orElse(userProvider.getCurrent()); if (user == null && userToken != null) { LOG.warn("No found of user credentials, but a token was got from user request"); } else if (user != null && userToken != null) { diff --git a/hbase-endpoint/src/test/java/org/apache/hadoop/hbase/coprocessor/ProtobufCoprocessorService.java b/hbase-endpoint/src/test/java/org/apache/hadoop/hbase/coprocessor/ProtobufCoprocessorService.java index c69baeeef18..6fc4eb9886a 100644 --- a/hbase-endpoint/src/test/java/org/apache/hadoop/hbase/coprocessor/ProtobufCoprocessorService.java +++ b/hbase-endpoint/src/test/java/org/apache/hadoop/hbase/coprocessor/ProtobufCoprocessorService.java @@ -79,8 +79,8 @@ public class ProtobufCoprocessorService extends TestRpcServiceProtos.TestProtobu @Override public void addr(RpcController controller, EmptyRequestProto request, RpcCallback done) { - done.run(AddrResponseProto.newBuilder().setAddr(RpcServer.getRemoteAddress().getHostAddress()) - .build()); + done.run(AddrResponseProto.newBuilder() + .setAddr(RpcServer.getRemoteAddress().get().getHostAddress()).build()); } @Override diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/client/VersionInfoUtil.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/client/VersionInfoUtil.java index 1866c209e85..95984de1845 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/client/VersionInfoUtil.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/client/VersionInfoUtil.java @@ -71,8 +71,7 @@ public final class VersionInfoUtil { * @return the versionInfo extracted from the current RpcCallContext */ private static HBaseProtos.VersionInfo getCurrentClientVersionInfo() { - RpcCallContext call = RpcServer.getCurrentCall(); - return call != null ? call.getClientVersionInfo() : null; + return RpcServer.getCurrentCall().map(RpcCallContext::getClientVersionInfo).orElse(null); } /** diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/CoprocessorHost.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/CoprocessorHost.java index da07c40a698..07e5a3a0ccc 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/CoprocessorHost.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/CoprocessorHost.java @@ -549,7 +549,7 @@ public abstract class CoprocessorHost observerGetter; ObserverOperation(ObserverGetter observerGetter) { - this(observerGetter, RpcServer.getRequestUser()); + this(observerGetter, RpcServer.getRequestUser().orElse(null)); } ObserverOperation(ObserverGetter observerGetter, User user) { diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/ObserverContext.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/ObserverContext.java index 0192ea37680..3110abc7360 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/ObserverContext.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/ObserverContext.java @@ -1,5 +1,4 @@ /* - * * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information @@ -16,16 +15,17 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.apache.hadoop.hbase.coprocessor; -import edu.umd.cs.findbugs.annotations.Nullable; -import org.apache.yetus.audience.InterfaceAudience; -import org.apache.yetus.audience.InterfaceStability; +import java.util.Optional; + +import com.google.common.annotations.VisibleForTesting; import org.apache.hadoop.hbase.CoprocessorEnvironment; import org.apache.hadoop.hbase.HBaseInterfaceAudience; import org.apache.hadoop.hbase.ipc.RpcServer; import org.apache.hadoop.hbase.security.User; +import org.apache.yetus.audience.InterfaceAudience; +import org.apache.yetus.audience.InterfaceStability; /** * Carries the execution state for a given invocation of an Observer coprocessor @@ -43,8 +43,9 @@ public class ObserverContext { private E env; private boolean bypass; private boolean complete; - private User caller; + private final User caller; + @InterfaceAudience.Private public ObserverContext(User caller) { this.caller = caller; } @@ -53,6 +54,7 @@ public class ObserverContext { return env; } + @InterfaceAudience.Private public void prepare(E env) { this.env = env; } @@ -97,58 +99,30 @@ public class ObserverContext { } /** - * Returns the active user for the coprocessor call. - * If an explicit {@code User} instance was provided to the constructor, that will be returned, - * otherwise if we are in the context of an RPC call, the remote user is used. May return null - * if the execution is outside of an RPC context. + * Returns the active user for the coprocessor call. If an explicit {@code User} instance was + * provided to the constructor, that will be returned, otherwise if we are in the context of an + * RPC call, the remote user is used. May not be present if the execution is outside of an RPC + * context. */ - @Nullable - public User getCaller() { - return caller; + public Optional getCaller() { + return Optional.ofNullable(caller); } /** - * Instantiates a new ObserverContext instance if the passed reference is - * null and sets the environment in the new or existing instance. - * This allows deferring the instantiation of a ObserverContext until it is - * actually needed. - * - * @param env The coprocessor environment to set - * @param context An existing ObserverContext instance to use, or null - * to create a new instance + * Instantiates a new ObserverContext instance if the passed reference is null and + * sets the environment in the new or existing instance. This allows deferring the instantiation + * of a ObserverContext until it is actually needed. * @param The environment type for the context + * @param env The coprocessor environment to set * @return An instance of ObserverContext with the environment set */ @Deprecated + @InterfaceAudience.Private + @VisibleForTesting // TODO: Remove this method, ObserverContext should not depend on RpcServer - public static ObserverContext createAndPrepare( - E env, ObserverContext< E> context) { - if (context == null) { - context = new ObserverContext<>(RpcServer.getRequestUser()); - } - context.prepare(env); - return context; - } - - /** - * Instantiates a new ObserverContext instance if the passed reference is - * null and sets the environment in the new or existing instance. - * This allows deferring the instantiation of a ObserverContext until it is - * actually needed. - * - * @param env The coprocessor environment to set - * @param context An existing ObserverContext instance to use, or null - * to create a new instance - * @param user The requesting caller for the execution context - * @param The environment type for the context - * @return An instance of ObserverContext with the environment set - */ - public static ObserverContext createAndPrepare( - E env, ObserverContext context, User user) { - if (context == null) { - context = new ObserverContext<>(user); - } - context.prepare(env); - return context; + public static ObserverContext createAndPrepare(E env) { + ObserverContext ctx = new ObserverContext<>(RpcServer.getRequestUser().orElse(null)); + ctx.prepare(env); + return ctx; } } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/CallRunner.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/CallRunner.java index a8d220802b8..d4fc70624ed 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/CallRunner.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/CallRunner.java @@ -19,6 +19,7 @@ package org.apache.hadoop.hbase.ipc; import java.net.InetSocketAddress; import java.nio.channels.ClosedChannelException; +import java.util.Optional; import org.apache.hadoop.hbase.CallDroppedException; import org.apache.hadoop.hbase.CellScanner; @@ -107,9 +108,9 @@ public class CallRunner { this.status.setStatus("Setting up call"); this.status.setConnection(call.getRemoteAddress().getHostAddress(), call.getRemotePort()); if (RpcServer.LOG.isTraceEnabled()) { - User remoteUser = call.getRequestUser(); + Optional remoteUser = call.getRequestUser(); RpcServer.LOG.trace(call.toShortString() + " executing as " + - ((remoteUser == null) ? "NULL principal" : remoteUser.getName())); + (remoteUser.isPresent() ? "NULL principal" : remoteUser.get().getName())); } Throwable errorThrowable = null; String error = null; diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcCallContext.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcCallContext.java index df3befdac60..6a4d3a29a52 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcCallContext.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcCallContext.java @@ -18,6 +18,7 @@ package org.apache.hadoop.hbase.ipc; import java.net.InetAddress; +import java.util.Optional; import org.apache.yetus.audience.InterfaceAudience; import org.apache.hadoop.hbase.shaded.protobuf.generated.HBaseProtos.VersionInfo; @@ -48,16 +49,18 @@ public interface RpcCallContext { boolean isClientCellBlockSupported(); /** - * Returns the user credentials associated with the current RPC request or - * null if no credentials were provided. + * Returns the user credentials associated with the current RPC request or not present if no + * credentials were provided. * @return A User */ - User getRequestUser(); + Optional getRequestUser(); /** - * @return Current request's user name or null if none ongoing. + * @return Current request's user name or not present if none ongoing. */ - String getRequestUserName(); + default Optional getRequestUserName() { + return getRequestUser().map(User::getShortName); + } /** * @return Address of remote client in this call diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java index 22a0cf2a514..36d383a3e4f 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java @@ -20,8 +20,6 @@ package org.apache.hadoop.hbase.ipc; import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION; -import org.apache.hadoop.hbase.shaded.com.google.common.annotations.VisibleForTesting; - import java.io.IOException; import java.net.InetAddress; import java.net.InetSocketAddress; @@ -35,6 +33,7 @@ import java.util.HashMap; import java.util.List; import java.util.Locale; import java.util.Map; +import java.util.Optional; import java.util.concurrent.atomic.LongAdder; import org.apache.commons.logging.Log; @@ -46,8 +45,6 @@ import org.apache.hadoop.hbase.DoNotRetryIOException; import org.apache.hadoop.hbase.HBaseInterfaceAudience; import org.apache.hadoop.hbase.HConstants; import org.apache.hadoop.hbase.Server; -import org.apache.yetus.audience.InterfaceAudience; -import org.apache.yetus.audience.InterfaceStability; import org.apache.hadoop.hbase.conf.ConfigurationObserver; import org.apache.hadoop.hbase.exceptions.RequestTooBigException; import org.apache.hadoop.hbase.io.ByteBufferPool; @@ -62,6 +59,18 @@ import org.apache.hadoop.hbase.security.SaslUtil.QualityOfProtection; import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.security.UserProvider; import org.apache.hadoop.hbase.security.token.AuthenticationTokenSecretManager; +import org.apache.hadoop.hbase.util.Pair; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.authorize.AuthorizationException; +import org.apache.hadoop.security.authorize.PolicyProvider; +import org.apache.hadoop.security.authorize.ServiceAuthorizationManager; +import org.apache.hadoop.security.token.SecretManager; +import org.apache.hadoop.security.token.TokenIdentifier; +import org.apache.yetus.audience.InterfaceAudience; +import org.apache.yetus.audience.InterfaceStability; +import org.codehaus.jackson.map.ObjectMapper; + +import org.apache.hadoop.hbase.shaded.com.google.common.annotations.VisibleForTesting; import org.apache.hadoop.hbase.shaded.com.google.protobuf.BlockingService; import org.apache.hadoop.hbase.shaded.com.google.protobuf.Descriptors.MethodDescriptor; import org.apache.hadoop.hbase.shaded.com.google.protobuf.Message; @@ -70,14 +79,6 @@ import org.apache.hadoop.hbase.shaded.com.google.protobuf.TextFormat; import org.apache.hadoop.hbase.shaded.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos; import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.ConnectionHeader; -import org.apache.hadoop.hbase.util.Pair; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.hadoop.security.authorize.AuthorizationException; -import org.apache.hadoop.security.authorize.PolicyProvider; -import org.apache.hadoop.security.authorize.ServiceAuthorizationManager; -import org.apache.hadoop.security.token.SecretManager; -import org.apache.hadoop.security.token.TokenIdentifier; -import org.codehaus.jackson.map.ObjectMapper; /** * An RPC server that hosts protobuf described Services. @@ -678,8 +679,8 @@ public abstract class RpcServer implements RpcServerInterface, * call. * @return An RpcCallContext backed by the currently ongoing call (gotten from a thread local) */ - public static RpcCall getCurrentCall() { - return CurCall.get(); + public static Optional getCurrentCall() { + return Optional.ofNullable(CurCall.get()); } public static boolean isInRpcCallContext() { @@ -687,13 +688,13 @@ public abstract class RpcServer implements RpcServerInterface, } /** - * Returns the user credentials associated with the current RPC request or - * null if no credentials were provided. + * Returns the user credentials associated with the current RPC request or not present if no + * credentials were provided. * @return A User */ - public static User getRequestUser() { - RpcCallContext ctx = getCurrentCall(); - return ctx == null? null: ctx.getRequestUser(); + public static Optional getRequestUser() { + Optional ctx = getCurrentCall(); + return ctx.isPresent() ? ctx.get().getRequestUser() : Optional.empty(); } /** @@ -704,19 +705,17 @@ public abstract class RpcServer implements RpcServerInterface, /** * Returns the username for any user associated with the current RPC - * request or null if no user is set. + * request or not present if no user is set. */ - public static String getRequestUserName() { - User user = getRequestUser(); - return user == null? null: user.getShortName(); + public static Optional getRequestUserName() { + return getRequestUser().map(User::getShortName); } /** * @return Address of remote client if a request is ongoing, else null */ - public static InetAddress getRemoteAddress() { - RpcCallContext ctx = getCurrentCall(); - return ctx == null? null: ctx.getRemoteAddress(); + public static Optional getRemoteAddress() { + return getCurrentCall().map(RpcCall::getRemoteAddress); } /** diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerCall.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerCall.java index 2baba9ff606..60fe30e954b 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerCall.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerCall.java @@ -22,6 +22,7 @@ import java.net.InetAddress; import java.nio.ByteBuffer; import java.util.ArrayList; import java.util.List; +import java.util.Optional; import org.apache.hadoop.hbase.CellScanner; import org.apache.hadoop.hbase.DoNotRetryIOException; @@ -82,7 +83,7 @@ abstract class ServerCall implements RpcCall, Rpc protected ByteBufferListOutputStream cellBlockStream = null; protected CallCleanup reqCleanup = null; - protected User user; + protected final User user; protected final InetAddress remoteAddress; protected RpcCallback rpcCallback; @@ -110,10 +111,14 @@ abstract class ServerCall implements RpcCall, Rpc this.isError = false; this.size = size; this.tinfo = tinfo; - this.user = connection == null ? null : connection.user; // FindBugs: NP_NULL_ON_SOME_PATH + if (connection != null) { + this.user = connection.user; + this.retryImmediatelySupported = connection.retryImmediatelySupported; + } else { + this.user = null; + this.retryImmediatelySupported = false; + } this.remoteAddress = remoteAddress; - this.retryImmediatelySupported = - connection == null ? false : connection.retryImmediatelySupported; this.timeout = timeout; this.deadline = this.timeout > 0 ? this.receiveTime + this.timeout : Long.MAX_VALUE; this.reservoir = reservoir; @@ -432,14 +437,8 @@ abstract class ServerCall implements RpcCall, Rpc } @Override - public User getRequestUser() { - return user; - } - - @Override - public String getRequestUserName() { - User user = getRequestUser(); - return user == null? null: user.getShortName(); + public Optional getRequestUser() { + return Optional.ofNullable(user); } @Override diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/SimpleRpcScheduler.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/SimpleRpcScheduler.java index 2c5d4b2acfd..f40959ae591 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/SimpleRpcScheduler.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/SimpleRpcScheduler.java @@ -154,7 +154,8 @@ public class SimpleRpcScheduler extends RpcScheduler implements ConfigurationObs @Override public boolean dispatch(CallRunner callTask) throws InterruptedException { RpcCall call = callTask.getRpcCall(); - int level = priority.getPriority(call.getHeader(), call.getParam(), call.getRequestUser()); + int level = priority.getPriority(call.getHeader(), call.getParam(), + call.getRequestUser().orElse(null)); if (level == HConstants.PRIORITY_UNSET) { level = HConstants.NORMAL_QOS; } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/MasterProcedureEnv.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/MasterProcedureEnv.java index fe3b9b403d5..f294f57b621 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/MasterProcedureEnv.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/MasterProcedureEnv.java @@ -110,11 +110,7 @@ public class MasterProcedureEnv implements ConfigurationObserver { } public User getRequestUser() { - User user = RpcServer.getRequestUser(); - if (user == null) { - user = Superusers.getSystemUser(); - } - return user; + return RpcServer.getRequestUser().orElse(Superusers.getSystemUser()); } public MasterServices getMasterServices() { diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java index 7bd069ba64a..20a4f39935e 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java @@ -41,8 +41,6 @@ import org.apache.hadoop.hbase.HConstants; import org.apache.hadoop.hbase.MetaTableAccessor; import org.apache.hadoop.hbase.Stoppable; import org.apache.hadoop.hbase.TableName; -import org.apache.yetus.audience.InterfaceAudience; -import org.apache.yetus.audience.InterfaceStability; import org.apache.hadoop.hbase.client.TableDescriptor; import org.apache.hadoop.hbase.client.TableDescriptorBuilder; import org.apache.hadoop.hbase.client.TableState; @@ -65,13 +63,8 @@ import org.apache.hadoop.hbase.procedure.ProcedureCoordinator; import org.apache.hadoop.hbase.procedure.ProcedureCoordinatorRpcs; import org.apache.hadoop.hbase.procedure.ZKProcedureCoordinator; import org.apache.hadoop.hbase.procedure2.ProcedureExecutor; -import org.apache.hadoop.hbase.shaded.protobuf.ProtobufUtil; -import org.apache.hadoop.hbase.shaded.protobuf.generated.HBaseProtos.NameStringPair; -import org.apache.hadoop.hbase.shaded.protobuf.generated.HBaseProtos.ProcedureDescription; import org.apache.hadoop.hbase.security.AccessDeniedException; import org.apache.hadoop.hbase.security.User; -import org.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotDescription; -import org.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotDescription.Type; import org.apache.hadoop.hbase.snapshot.ClientSnapshotDescriptionUtils; import org.apache.hadoop.hbase.snapshot.HBaseSnapshotException; import org.apache.hadoop.hbase.snapshot.RestoreSnapshotException; @@ -87,8 +80,16 @@ import org.apache.hadoop.hbase.util.EnvironmentEdgeManager; import org.apache.hadoop.hbase.util.FSUtils; import org.apache.hadoop.hbase.util.KeyLocker; import org.apache.hadoop.hbase.util.NonceKey; +import org.apache.yetus.audience.InterfaceAudience; +import org.apache.yetus.audience.InterfaceStability; import org.apache.zookeeper.KeeperException; +import org.apache.hadoop.hbase.shaded.protobuf.ProtobufUtil; +import org.apache.hadoop.hbase.shaded.protobuf.generated.HBaseProtos.NameStringPair; +import org.apache.hadoop.hbase.shaded.protobuf.generated.HBaseProtos.ProcedureDescription; +import org.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotDescription; +import org.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotDescription.Type; + /** * This class manages the procedure of taking and restoring snapshots. There is only one * SnapshotManager for the master. @@ -586,10 +587,11 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable if (!snapshot.hasVersion()) { builder.setVersion(SnapshotDescriptionUtils.SNAPSHOT_LAYOUT_VERSION); } - User user = RpcServer.getRequestUser(); - if (User.isHBaseSecurityEnabled(master.getConfiguration()) && user != null) { - builder.setOwner(user.getShortName()); - } + RpcServer.getRequestUser().ifPresent(user -> { + if (User.isHBaseSecurityEnabled(master.getConfiguration())) { + builder.setOwner(user.getShortName()); + } + }); snapshot = builder.build(); // call pre coproc hook diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/RegionServerRpcQuotaManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/RegionServerRpcQuotaManager.java index f51e605d260..69253d7306d 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/RegionServerRpcQuotaManager.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/RegionServerRpcQuotaManager.java @@ -176,13 +176,7 @@ public class RegionServerRpcQuotaManager { private OperationQuota checkQuota(final Region region, final int numWrites, final int numReads, final int numScans) throws IOException, ThrottlingException { - User user = RpcServer.getRequestUser(); - UserGroupInformation ugi; - if (user != null) { - ugi = user.getUGI(); - } else { - ugi = User.getCurrent().getUGI(); - } + UserGroupInformation ugi = RpcServer.getRequestUser().orElse(User.getCurrent()).getUGI(); TableName table = region.getTableDescriptor().getTableName(); OperationQuota quota = getQuota(ugi, table); diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegion.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegion.java index 80c043379f0..2d35fb96a72 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegion.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegion.java @@ -135,7 +135,6 @@ import org.apache.hadoop.hbase.io.hfile.HFile; import org.apache.hadoop.hbase.ipc.CallerDisconnectedException; import org.apache.hadoop.hbase.ipc.CoprocessorRpcUtils; import org.apache.hadoop.hbase.ipc.RpcCall; -import org.apache.hadoop.hbase.ipc.RpcCallContext; import org.apache.hadoop.hbase.ipc.RpcServer; import org.apache.hadoop.hbase.monitoring.MonitoredTask; import org.apache.hadoop.hbase.monitoring.TaskMonitor; @@ -5375,12 +5374,15 @@ public class HRegion implements HeapSize, PropagatingConfigurationObserver, Regi int timeout = rowLockWaitDuration; boolean reachDeadlineFirst = false; - RpcCall call = RpcServer.getCurrentCall(); - if (call != null && call.getDeadline() < Long.MAX_VALUE) { - int timeToDeadline = (int)(call.getDeadline() - System.currentTimeMillis()); - if (timeToDeadline <= this.rowLockWaitDuration) { - reachDeadlineFirst = true; - timeout = timeToDeadline; + Optional call = RpcServer.getCurrentCall(); + if (call.isPresent()) { + long deadline = call.get().getDeadline(); + if (deadline < Long.MAX_VALUE) { + int timeToDeadline = (int) (deadline - System.currentTimeMillis()); + if (timeToDeadline <= this.rowLockWaitDuration) { + reachDeadlineFirst = true; + timeout = timeToDeadline; + } } } @@ -6085,7 +6087,7 @@ public class HRegion implements HeapSize, PropagatingConfigurationObserver, Regi if (scannerContext == null) { throw new IllegalArgumentException("Scanner context cannot be null"); } - RpcCallContext rpcCall = RpcServer.getCurrentCall(); + Optional rpcCall = RpcServer.getCurrentCall(); // Save the initial progress from the Scanner context in these local variables. The progress // may need to be reset a few times if rows are being filtered out so we save the initial @@ -6110,13 +6112,12 @@ public class HRegion implements HeapSize, PropagatingConfigurationObserver, Regi } else { scannerContext.clearProgress(); } - - if (rpcCall != null) { + if (rpcCall.isPresent()) { // If a user specifies a too-restrictive or too-slow scanner, the // client might time out and disconnect while the server side // is still processing the request. We should abort aggressively // in that case. - long afterTime = rpcCall.disconnectSince(); + long afterTime = rpcCall.get().disconnectSince(); if (afterTime >= 0) { throw new CallerDisconnectedException( "Aborting on region " + getRegionInfo().getRegionNameAsString() + ", call " + diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java index f69695aa0d3..16895bf96ce 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java @@ -2112,7 +2112,7 @@ public class HRegionServer extends HasThread implements @Override public void stop(final String msg) { - stop(msg, false, RpcServer.getRequestUser()); + stop(msg, false, RpcServer.getRequestUser().orElse(null)); } /** diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java index dba314dc4f9..70b34751785 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java @@ -1547,11 +1547,11 @@ public class RSRpcServices implements HBaseRPCErrorHandler, // Quota support is enabled, the requesting user is not system/super user // and a quota policy is enforced that disables compactions. if (QuotaUtil.isQuotaEnabled(getConfiguration()) && - !Superusers.isSuperUser(RpcServer.getRequestUser()) && - this.regionServer.getRegionServerSpaceQuotaManager().areCompactionsDisabled( - region.getTableDescriptor().getTableName())) { - throw new DoNotRetryIOException("Compactions on this region are " - + "disabled due to a space quota violation."); + !Superusers.isSuperUser(RpcServer.getRequestUser().orElse(null)) && + this.regionServer.getRegionServerSpaceQuotaManager() + .areCompactionsDisabled(region.getTableDescriptor().getTableName())) { + throw new DoNotRetryIOException( + "Compactions on this region are " + "disabled due to a space quota violation."); } region.startRegionOperation(Operation.COMPACT_REGION); LOG.info("Compacting " + region.getRegionInfo().getRegionNameAsString()); @@ -1586,10 +1586,10 @@ public class RSRpcServices implements HBaseRPCErrorHandler, String log = "User-triggered " + (major ? "major " : "") + "compaction" + familyLogMsg; if (family != null) { regionServer.compactSplitThread.requestCompaction(region, store, log, Store.PRIORITY_USER, - CompactionLifeCycleTracker.DUMMY, RpcServer.getRequestUser()); + CompactionLifeCycleTracker.DUMMY, RpcServer.getRequestUser().orElse(null)); } else { regionServer.compactSplitThread.requestCompaction(region, log, Store.PRIORITY_USER, - CompactionLifeCycleTracker.DUMMY, RpcServer.getRequestUser()); + CompactionLifeCycleTracker.DUMMY, RpcServer.getRequestUser().orElse(null)); } return CompactRegionResponse.newBuilder().build(); } catch (IOException ie) { @@ -2407,7 +2407,7 @@ public class RSRpcServices implements HBaseRPCErrorHandler, ClientProtos.Get get = request.getGet(); Boolean existence = null; Result r = null; - RpcCallContext context = RpcServer.getCurrentCall(); + RpcCallContext context = RpcServer.getCurrentCall().orElse(null); quota = getRpcQuotaManager().checkQuota(region, OperationQuota.OperationType.GET); Get clientGet = ProtobufUtil.toGet(get); @@ -2558,7 +2558,7 @@ public class RSRpcServices implements HBaseRPCErrorHandler, RegionActionResult.Builder regionActionResultBuilder = RegionActionResult.newBuilder(); Boolean processed = null; RegionScannersCloseCallBack closeCallBack = null; - RpcCallContext context = RpcServer.getCurrentCall(); + RpcCallContext context = RpcServer.getCurrentCall().orElse(null); this.rpcMultiRequestCount.increment(); this.requestCount.increment(); Map regionStats = new HashMap<>(request @@ -2689,7 +2689,7 @@ public class RSRpcServices implements HBaseRPCErrorHandler, HBaseRpcController controller = (HBaseRpcController)rpcc; CellScanner cellScanner = controller != null ? controller.cellScanner() : null; OperationQuota quota = null; - RpcCallContext context = RpcServer.getCurrentCall(); + RpcCallContext context = RpcServer.getCurrentCall().orElse(null); ActivePolicyEnforcement spaceQuotaEnforcement = null; MutationType type = null; long before = EnvironmentEdgeManager.currentTime(); @@ -3269,7 +3269,7 @@ public class RSRpcServices implements HBaseRPCErrorHandler, } else { rows = closeScanner ? 0 : 1; } - RpcCallContext context = RpcServer.getCurrentCall(); + RpcCallContext context = RpcServer.getCurrentCall().orElse(null); // now let's do the real scan. long maxQuotaResultSize = Math.min(maxScannerResultSize, quota.getReadAvailable()); RegionScanner scanner = rsh.s; @@ -3281,7 +3281,7 @@ public class RSRpcServices implements HBaseRPCErrorHandler, } else { limitOfRows = -1; } - MutableObject lastBlock = new MutableObject(); + MutableObject lastBlock = new MutableObject<>(); boolean scannerClosed = false; try { List results = new ArrayList<>(); diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager.java index c7d0eadd9ed..296e98c6b8a 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager.java @@ -15,9 +15,17 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.apache.hadoop.hbase.regionserver; +import java.io.IOException; +import java.math.BigInteger; +import java.security.PrivilegedAction; +import java.security.SecureRandom; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; @@ -29,19 +37,8 @@ import org.apache.hadoop.fs.permission.FsPermission; import org.apache.hadoop.hbase.DoNotRetryIOException; import org.apache.hadoop.hbase.HConstants; import org.apache.hadoop.hbase.TableName; -import org.apache.hadoop.hbase.shaded.protobuf.ProtobufUtil; -import org.apache.yetus.audience.InterfaceAudience; import org.apache.hadoop.hbase.client.Connection; -import org.apache.hadoop.hbase.coprocessor.BulkLoadObserver; -import org.apache.hadoop.hbase.coprocessor.CoprocessorHost; -import org.apache.hadoop.hbase.coprocessor.ObserverContext; -import org.apache.hadoop.hbase.coprocessor.RegionCoprocessor; -import org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment; import org.apache.hadoop.hbase.ipc.RpcServer; -import org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos; -import org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.BulkLoadHFileRequest; -import org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.CleanupBulkLoadRequest; -import org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.PrepareBulkLoadRequest; import org.apache.hadoop.hbase.regionserver.Region.BulkLoadListener; import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.security.UserProvider; @@ -55,15 +52,12 @@ import org.apache.hadoop.hbase.util.Pair; import org.apache.hadoop.io.Text; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.token.Token; +import org.apache.yetus.audience.InterfaceAudience; -import java.io.IOException; -import java.math.BigInteger; -import java.security.PrivilegedAction; -import java.security.SecureRandom; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; +import org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos; +import org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.BulkLoadHFileRequest; +import org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.CleanupBulkLoadRequest; +import org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.PrepareBulkLoadRequest; /** * Bulk loads in secure mode. @@ -140,10 +134,12 @@ public class SecureBulkLoadManager { public String prepareBulkLoad(final Region region, final PrepareBulkLoadRequest request) throws IOException { - region.getCoprocessorHost().prePrepareBulkLoad(getActiveUser()); + User user = getActiveUser(); + region.getCoprocessorHost().prePrepareBulkLoad(user); - String bulkToken = createStagingDir(baseStagingDir, getActiveUser(), - region.getTableDescriptor().getTableName()).toString(); + String bulkToken = + createStagingDir(baseStagingDir, user, region.getTableDescriptor().getTableName()) + .toString(); return bulkToken; } @@ -275,16 +271,12 @@ public class SecureBulkLoadManager { } private User getActiveUser() throws IOException { - User user = RpcServer.getRequestUser(); - if (user == null) { - // for non-rpc handling, fallback to system user - user = userProvider.getCurrent(); - } - - //this is for testing - if (userProvider.isHadoopSecurityEnabled() - && "simple".equalsIgnoreCase(conf.get(User.HBASE_SECURITY_CONF_KEY))) { - return User.createUserForTesting(conf, user.getShortName(), new String[]{}); + // for non-rpc handling, fallback to system user + User user = RpcServer.getRequestUser().orElse(userProvider.getCurrent()); + // this is for testing + if (userProvider.isHadoopSecurityEnabled() && + "simple".equalsIgnoreCase(conf.get(User.HBASE_SECURITY_CONF_KEY))) { + return User.createUserForTesting(conf, user.getShortName(), new String[] {}); } return user; diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java index 83f8b3b37da..6da09cd7157 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java @@ -18,6 +18,11 @@ */ package org.apache.hadoop.hbase.security.access; +import com.google.protobuf.Message; +import com.google.protobuf.RpcCallback; +import com.google.protobuf.RpcController; +import com.google.protobuf.Service; + import java.io.IOException; import java.net.InetAddress; import java.security.PrivilegedExceptionAction; @@ -34,10 +39,6 @@ import java.util.Set; import java.util.TreeMap; import java.util.TreeSet; -import com.google.protobuf.Message; -import com.google.protobuf.RpcCallback; -import com.google.protobuf.RpcController; -import com.google.protobuf.Service; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; @@ -121,13 +122,6 @@ import org.apache.hadoop.hbase.security.Superusers; import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.security.UserProvider; import org.apache.hadoop.hbase.security.access.Permission.Action; -import org.apache.hadoop.hbase.shaded.com.google.common.collect.ArrayListMultimap; -import org.apache.hadoop.hbase.shaded.com.google.common.collect.ImmutableSet; -import org.apache.hadoop.hbase.shaded.com.google.common.collect.ListMultimap; -import org.apache.hadoop.hbase.shaded.com.google.common.collect.Lists; -import org.apache.hadoop.hbase.shaded.com.google.common.collect.MapMaker; -import org.apache.hadoop.hbase.shaded.com.google.common.collect.Maps; -import org.apache.hadoop.hbase.shaded.com.google.common.collect.Sets; import org.apache.hadoop.hbase.snapshot.SnapshotDescriptionUtils; import org.apache.hadoop.hbase.util.ByteRange; import org.apache.hadoop.hbase.util.Bytes; @@ -138,6 +132,14 @@ import org.apache.hadoop.hbase.wal.WALEdit; import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher; import org.apache.yetus.audience.InterfaceAudience; +import org.apache.hadoop.hbase.shaded.com.google.common.collect.ArrayListMultimap; +import org.apache.hadoop.hbase.shaded.com.google.common.collect.ImmutableSet; +import org.apache.hadoop.hbase.shaded.com.google.common.collect.ListMultimap; +import org.apache.hadoop.hbase.shaded.com.google.common.collect.Lists; +import org.apache.hadoop.hbase.shaded.com.google.common.collect.MapMaker; +import org.apache.hadoop.hbase.shaded.com.google.common.collect.Maps; +import org.apache.hadoop.hbase.shaded.com.google.common.collect.Sets; + /** * Provides basic authorization checks for data access and administrative * operations. @@ -404,13 +406,11 @@ public class AccessController implements MasterCoprocessor, RegionCoprocessor, private void logResult(AuthResult result) { if (AUDITLOG.isTraceEnabled()) { - InetAddress remoteAddr = RpcServer.getRemoteAddress(); - AUDITLOG.trace("Access " + (result.isAllowed() ? "allowed" : "denied") + - " for user " + (result.getUser() != null ? result.getUser().getShortName() : "UNKNOWN") + - "; reason: " + result.getReason() + - "; remote address: " + (remoteAddr != null ? remoteAddr : "") + - "; request: " + result.getRequest() + - "; context: " + result.toContextString()); + AUDITLOG.trace("Access " + (result.isAllowed() ? "allowed" : "denied") + " for user " + + (result.getUser() != null ? result.getUser().getShortName() : "UNKNOWN") + "; reason: " + + result.getReason() + "; remote address: " + + RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("") + "; request: " + + result.getRequest() + "; context: " + result.toContextString()); } } @@ -419,13 +419,9 @@ public class AccessController implements MasterCoprocessor, RegionCoprocessor, * If we are in the context of an RPC call, the remote user is used, * otherwise the currently logged in user is used. */ - private User getActiveUser(ObserverContext ctx) throws IOException { - User user = ctx.getCaller(); - if (user == null) { - // for non-rpc handling, fallback to system user - user = userProvider.getCurrent(); - } - return user; + private User getActiveUser(ObserverContext ctx) throws IOException { + // for non-rpc handling, fallback to system user + return ctx.getCaller().orElse(userProvider.getCurrent()); } /** @@ -2165,9 +2161,10 @@ public class AccessController implements MasterCoprocessor, RegionCoprocessor, * the checks performed in preScannerOpen() */ private void requireScannerOwner(InternalScanner s) throws AccessDeniedException { - if (!RpcServer.isInRpcCallContext()) + if (!RpcServer.isInRpcCallContext()) { return; - String requestUserName = RpcServer.getRequestUserName(); + } + String requestUserName = RpcServer.getRequestUserName().orElse(null); String owner = scannerOwners.get(s); if (authorizationEnabled && owner != null && !owner.equals(requestUserName)) { throw new AccessDeniedException("User '"+ requestUserName +"' is not the scanner owner!"); @@ -2257,7 +2254,7 @@ public class AccessController implements MasterCoprocessor, RegionCoprocessor, if (LOG.isDebugEnabled()) { LOG.debug("Received request to grant access permission " + perm.toString()); } - User caller = RpcServer.getRequestUser(); + User caller = RpcServer.getRequestUser().orElse(null); switch(request.getUserPermission().getPermission().getType()) { case Global : @@ -2310,7 +2307,7 @@ public class AccessController implements MasterCoprocessor, RegionCoprocessor, if (LOG.isDebugEnabled()) { LOG.debug("Received request to revoke access permission " + perm.toString()); } - User caller = RpcServer.getRequestUser(); + User caller = RpcServer.getRequestUser().orElse(null); switch(request.getUserPermission().getPermission().getType()) { case Global : @@ -2359,7 +2356,7 @@ public class AccessController implements MasterCoprocessor, RegionCoprocessor, if (!initialized) { throw new CoprocessorException("AccessController not yet initialized"); } - User caller = RpcServer.getRequestUser(); + User caller = RpcServer.getRequestUser().orElse(null); List perms = null; if (request.getType() == AccessControlProtos.Permission.Type.Table) { @@ -2420,7 +2417,7 @@ public class AccessController implements MasterCoprocessor, RegionCoprocessor, } AccessControlProtos.CheckPermissionsResponse response = null; try { - User user = RpcServer.getRequestUser(); + User user = RpcServer.getRequestUser().orElse(null); TableName tableName = regionEnv.getRegion().getTableDescriptor().getTableName(); for (Permission permission : permissions) { if (permission instanceof TablePermission) { diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java index e1b0f84a708..0588138bf22 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java @@ -15,9 +15,12 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.apache.hadoop.hbase.security.token; +import com.google.protobuf.RpcCallback; +import com.google.protobuf.RpcController; +import com.google.protobuf.Service; + import java.io.IOException; import java.util.Collections; @@ -37,10 +40,6 @@ import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod; import org.apache.hadoop.security.token.SecretManager; import org.apache.hadoop.security.token.Token; - -import com.google.protobuf.RpcCallback; -import com.google.protobuf.RpcController; -import com.google.protobuf.Service; import org.apache.yetus.audience.InterfaceAudience; /** @@ -113,17 +112,12 @@ public class TokenProvider implements AuthenticationProtos.AuthenticationService throw new IOException( "No secret manager configured for token authentication"); } - - User currentUser = RpcServer.getRequestUser(); - UserGroupInformation ugi = null; - if (currentUser != null) { - ugi = currentUser.getUGI(); - } - if (currentUser == null) { - throw new AccessDeniedException("No authenticated user for request!"); - } else if (!isAllowedDelegationTokenOp(ugi)) { - LOG.warn("Token generation denied for user="+currentUser.getName() - +", authMethod="+ugi.getAuthenticationMethod()); + User currentUser = RpcServer.getRequestUser() + .orElseThrow(() -> new AccessDeniedException("No authenticated user for request!")); + UserGroupInformation ugi = currentUser.getUGI(); + if (!isAllowedDelegationTokenOp(ugi)) { + LOG.warn("Token generation denied for user=" + currentUser.getName() + ", authMethod=" + + ugi.getAuthenticationMethod()); throw new AccessDeniedException( "Token generation only allowed for Kerberos authenticated clients"); } @@ -139,17 +133,16 @@ public class TokenProvider implements AuthenticationProtos.AuthenticationService @Override public void whoAmI(RpcController controller, AuthenticationProtos.WhoAmIRequest request, - RpcCallback done) { - User requestUser = RpcServer.getRequestUser(); + RpcCallback done) { AuthenticationProtos.WhoAmIResponse.Builder response = AuthenticationProtos.WhoAmIResponse.newBuilder(); - if (requestUser != null) { + RpcServer.getRequestUser().ifPresent(requestUser -> { response.setUsername(requestUser.getShortName()); AuthenticationMethod method = requestUser.getUGI().getAuthenticationMethod(); if (method != null) { response.setAuthMethod(method.name()); } - } + }); done.run(response.build()); } } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java index 57b79a4c9ee..be04b18ef50 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java @@ -23,6 +23,11 @@ import static org.apache.hadoop.hbase.HConstants.OperationStatusCode.SUCCESS; import static org.apache.hadoop.hbase.security.visibility.VisibilityConstants.LABELS_TABLE_FAMILY; import static org.apache.hadoop.hbase.security.visibility.VisibilityConstants.LABELS_TABLE_NAME; +import com.google.protobuf.ByteString; +import com.google.protobuf.RpcCallback; +import com.google.protobuf.RpcController; +import com.google.protobuf.Service; + import java.io.IOException; import java.net.InetAddress; import java.util.ArrayList; @@ -51,7 +56,6 @@ import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.Tag; import org.apache.hadoop.hbase.TagType; import org.apache.hadoop.hbase.TagUtil; -import org.apache.yetus.audience.InterfaceAudience; import org.apache.hadoop.hbase.client.Append; import org.apache.hadoop.hbase.client.ColumnFamilyDescriptor; import org.apache.hadoop.hbase.client.Delete; @@ -82,8 +86,8 @@ import org.apache.hadoop.hbase.io.hfile.HFile; import org.apache.hadoop.hbase.ipc.CoprocessorRpcUtils; import org.apache.hadoop.hbase.ipc.RpcServer; import org.apache.hadoop.hbase.master.MasterServices; -import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.NameBytesPair; import org.apache.hadoop.hbase.protobuf.generated.ClientProtos.RegionActionResult; +import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.NameBytesPair; import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos; import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsRequest; import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.GetAuthsResponse; @@ -109,13 +113,10 @@ import org.apache.hadoop.hbase.security.access.AccessController; import org.apache.hadoop.hbase.util.Bytes; import org.apache.hadoop.hbase.util.Pair; import org.apache.hadoop.util.StringUtils; +import org.apache.yetus.audience.InterfaceAudience; import org.apache.hadoop.hbase.shaded.com.google.common.collect.Lists; import org.apache.hadoop.hbase.shaded.com.google.common.collect.MapMaker; -import com.google.protobuf.ByteString; -import com.google.protobuf.RpcCallback; -import com.google.protobuf.RpcController; -import com.google.protobuf.Service; /** * Coprocessor that has both the MasterObserver and RegionObserver implemented that supports in @@ -663,7 +664,7 @@ public class VisibilityController implements MasterCoprocessor, RegionCoprocesso private void requireScannerOwner(InternalScanner s) throws AccessDeniedException { if (!RpcServer.isInRpcCallContext()) return; - String requestUName = RpcServer.getRequestUserName(); + String requestUName = RpcServer.getRequestUserName().orElse(null); String owner = scannerOwners.get(s); if (authorizationEnabled && owner != null && !owner.equals(requestUName)) { throw new AccessDeniedException("User '" + requestUName + "' is not the scanner owner!"); @@ -892,7 +893,6 @@ public class VisibilityController implements MasterCoprocessor, RegionCoprocesso List labelAuths, String regex) { if (AUDITLOG.isTraceEnabled()) { // This is more duplicated code! - InetAddress remoteAddr = RpcServer.getRemoteAddress(); List labelAuthsStr = new ArrayList<>(); if (labelAuths != null) { int labelAuthsSize = labelAuths.size(); @@ -909,11 +909,12 @@ public class VisibilityController implements MasterCoprocessor, RegionCoprocesso LOG.warn("Failed to get active system user."); LOG.debug("Details on failure to get active system user.", e); } - AUDITLOG.trace("Access " + (isAllowed ? "allowed" : "denied") + " for user " - + (requestingUser != null ? requestingUser.getShortName() : "UNKNOWN") + "; reason: " - + reason + "; remote address: " + (remoteAddr != null ? remoteAddr : "") + "; request: " - + request + "; user: " + (user != null ? Bytes.toShort(user) : "null") + "; labels: " - + labelAuthsStr + "; regex: " + regex); + AUDITLOG.trace("Access " + (isAllowed ? "allowed" : "denied") + " for user " + + (requestingUser != null ? requestingUser.getShortName() : "UNKNOWN") + "; reason: " + + reason + "; remote address: " + + RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("") + "; request: " + + request + "; user: " + (user != null ? Bytes.toShort(user) : "null") + "; labels: " + + labelAuthsStr + "; regex: " + regex); } } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java index 0d83b644605..964c0f78fab 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java @@ -19,6 +19,8 @@ package org.apache.hadoop.hbase.security.visibility; import static org.apache.hadoop.hbase.TagType.VISIBILITY_TAG_TYPE; +import com.google.protobuf.ByteString; + import java.io.ByteArrayOutputStream; import java.io.DataOutputStream; import java.io.IOException; @@ -38,11 +40,9 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hbase.ArrayBackedTag; import org.apache.hadoop.hbase.Cell; import org.apache.hadoop.hbase.CellUtil; -import org.apache.hadoop.hbase.HColumnDescriptor; import org.apache.hadoop.hbase.Tag; import org.apache.hadoop.hbase.TagType; import org.apache.hadoop.hbase.TagUtil; -import org.apache.yetus.audience.InterfaceAudience; import org.apache.hadoop.hbase.client.ColumnFamilyDescriptor; import org.apache.hadoop.hbase.exceptions.DeserializationException; import org.apache.hadoop.hbase.filter.Filter; @@ -60,11 +60,11 @@ import org.apache.hadoop.hbase.security.visibility.expression.ExpressionNode; import org.apache.hadoop.hbase.security.visibility.expression.LeafExpressionNode; import org.apache.hadoop.hbase.security.visibility.expression.NonLeafExpressionNode; import org.apache.hadoop.hbase.security.visibility.expression.Operator; -import com.google.protobuf.ByteString; import org.apache.hadoop.hbase.util.ByteRange; import org.apache.hadoop.hbase.util.Bytes; import org.apache.hadoop.hbase.util.SimpleMutableByteRange; import org.apache.hadoop.util.ReflectionUtils; +import org.apache.yetus.audience.InterfaceAudience; /** * Utility method to support visibility @@ -283,10 +283,7 @@ public class VisibilityUtils { * @throws IOException When there is IOE in getting the system user (During non-RPC handling). */ public static User getActiveUser() throws IOException { - User user = RpcServer.getRequestUser(); - if (user == null) { - user = User.getCurrent(); - } + User user = RpcServer.getRequestUser().orElse(User.getCurrent()); if (LOG.isTraceEnabled()) { LOG.trace("Current active user name is " + user.getShortName()); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestProtobufRpcServiceImpl.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestProtobufRpcServiceImpl.java index aaffbfa3097..033ff6712af 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestProtobufRpcServiceImpl.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestProtobufRpcServiceImpl.java @@ -114,7 +114,7 @@ public class TestProtobufRpcServiceImpl implements BlockingInterface { @Override public AddrResponseProto addr(RpcController controller, EmptyRequestProto request) throws ServiceException { - return AddrResponseProto.newBuilder().setAddr(RpcServer.getRemoteAddress().getHostAddress()) - .build(); + return AddrResponseProto.newBuilder() + .setAddr(RpcServer.getRemoteAddress().get().getHostAddress()).build(); } } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestSimpleRpcScheduler.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestSimpleRpcScheduler.java index b4f93c5a9ad..18ab73f5ec0 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestSimpleRpcScheduler.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestSimpleRpcScheduler.java @@ -41,6 +41,7 @@ import java.util.ArrayList; import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.Set; import java.util.concurrent.BlockingQueue; import java.util.concurrent.CountDownLatch; @@ -169,6 +170,7 @@ public class TestSimpleRpcScheduler { ServerCall call = mock(ServerCall.class); CallRunner task = mock(CallRunner.class); when(task.getRpcCall()).thenReturn(call); + when(call.getRequestUser()).thenReturn(Optional.empty()); return task; } @@ -198,18 +200,21 @@ public class TestSimpleRpcScheduler { RequestHeader smallHead = RequestHeader.newBuilder().setCallId(1).build(); when(smallCallTask.getRpcCall()).thenReturn(smallCall); when(smallCall.getHeader()).thenReturn(smallHead); + when(smallCall.getRequestUser()).thenReturn(Optional.empty()); CallRunner largeCallTask = mock(CallRunner.class); ServerCall largeCall = mock(ServerCall.class); RequestHeader largeHead = RequestHeader.newBuilder().setCallId(50).build(); when(largeCallTask.getRpcCall()).thenReturn(largeCall); when(largeCall.getHeader()).thenReturn(largeHead); + when(largeCall.getRequestUser()).thenReturn(Optional.empty()); CallRunner hugeCallTask = mock(CallRunner.class); ServerCall hugeCall = mock(ServerCall.class); RequestHeader hugeHead = RequestHeader.newBuilder().setCallId(100).build(); when(hugeCallTask.getRpcCall()).thenReturn(hugeCall); when(hugeCall.getHeader()).thenReturn(hugeHead); + when(hugeCall.getRequestUser()).thenReturn(Optional.empty()); when(priority.getDeadline(eq(smallHead), any(Message.class))).thenReturn(0L); when(priority.getDeadline(eq(largeHead), any(Message.class))).thenReturn(50L); @@ -296,12 +301,14 @@ public class TestSimpleRpcScheduler { when(putCallTask.getRpcCall()).thenReturn(putCall); when(putCall.getHeader()).thenReturn(putHead); when(putCall.getParam()).thenReturn(putCall.param); + when(putCall.getRequestUser()).thenReturn(Optional.empty()); CallRunner getCallTask = mock(CallRunner.class); ServerCall getCall = mock(ServerCall.class); RequestHeader getHead = RequestHeader.newBuilder().setMethodName("get").build(); when(getCallTask.getRpcCall()).thenReturn(getCall); when(getCall.getHeader()).thenReturn(getHead); + when(getCall.getRequestUser()).thenReturn(Optional.empty()); CallRunner scanCallTask = mock(CallRunner.class); ServerCall scanCall = mock(ServerCall.class); @@ -310,6 +317,7 @@ public class TestSimpleRpcScheduler { when(scanCallTask.getRpcCall()).thenReturn(scanCall); when(scanCall.getHeader()).thenReturn(scanHead); when(scanCall.getParam()).thenReturn(scanCall.param); + when(scanCall.getRequestUser()).thenReturn(Optional.empty()); ArrayList work = new ArrayList<>(); doAnswerTaskExecution(putCallTask, work, 1, 1000); @@ -387,6 +395,7 @@ public class TestSimpleRpcScheduler { RequestHeader putHead = RequestHeader.newBuilder().setMethodName("mutate").build(); when(putCallTask.getRpcCall()).thenReturn(putCall); when(putCall.getHeader()).thenReturn(putHead); + when(putCall.getRequestUser()).thenReturn(Optional.empty()); assertTrue(scheduler.dispatch(putCallTask)); @@ -415,7 +424,7 @@ public class TestSimpleRpcScheduler { for (String threadNamePrefix : threadNamePrefixs) { String threadName = Thread.currentThread().getName(); if (threadName.startsWith(threadNamePrefix)) { - return timeQ.poll().longValue() + offset; + return timeQ.poll().longValue() + offset; } } return System.currentTimeMillis(); diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index 0fe5b2e2f48..871f0b474fc 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -381,7 +381,7 @@ public class TestAccessController extends SecureTestUtil { public Object run() throws Exception { HTableDescriptor htd = new HTableDescriptor(TableName.valueOf(name.getMethodName())); htd.addFamily(new HColumnDescriptor(TEST_FAMILY)); - ACCESS_CONTROLLER.preCreateTable(ObserverContext.createAndPrepare(CP_ENV, null), htd, null); + ACCESS_CONTROLLER.preCreateTable(ObserverContext.createAndPrepare(CP_ENV), htd, null); return null; } }; @@ -402,7 +402,7 @@ public class TestAccessController extends SecureTestUtil { HTableDescriptor htd = new HTableDescriptor(TEST_TABLE); htd.addFamily(new HColumnDescriptor(TEST_FAMILY)); htd.addFamily(new HColumnDescriptor("fam_" + User.getCurrent().getShortName())); - ACCESS_CONTROLLER.preModifyTable(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preModifyTable(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE, htd); return null; } @@ -419,7 +419,7 @@ public class TestAccessController extends SecureTestUtil { @Override public Object run() throws Exception { ACCESS_CONTROLLER - .preDeleteTable(ObserverContext.createAndPrepare(CP_ENV, null), TEST_TABLE); + .preDeleteTable(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE); return null; } }; @@ -435,7 +435,7 @@ public class TestAccessController extends SecureTestUtil { @Override public Object run() throws Exception { ACCESS_CONTROLLER - .preTruncateTable(ObserverContext.createAndPrepare(CP_ENV, null), + .preTruncateTable(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE); return null; } @@ -452,7 +452,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preAddColumnFamily(ObserverContext.createAndPrepare(CP_ENV, null), TEST_TABLE, + ACCESS_CONTROLLER.preAddColumnFamily(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE, hcd); return null; } @@ -470,7 +470,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preModifyColumnFamily(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preModifyColumnFamily(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE, hcd); return null; } @@ -486,7 +486,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preDeleteColumnFamily(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preDeleteColumnFamily(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE, TEST_FAMILY); return null; } @@ -502,7 +502,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction disableTable = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preDisableTable(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preDisableTable(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE); return null; } @@ -511,7 +511,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction disableAclTable = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preDisableTable(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preDisableTable(ObserverContext.createAndPrepare(CP_ENV), AccessControlLists.ACL_TABLE_NAME); return null; } @@ -532,7 +532,7 @@ public class TestAccessController extends SecureTestUtil { @Override public Object run() throws Exception { ACCESS_CONTROLLER - .preEnableTable(ObserverContext.createAndPrepare(CP_ENV, null), TEST_TABLE); + .preEnableTable(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE); return null; } }; @@ -614,7 +614,7 @@ public class TestAccessController extends SecureTestUtil { @Override public Object run() throws Exception { ACCESS_CONTROLLER - .preAbortProcedure(ObserverContext.createAndPrepare(CP_ENV, null), procExec, procId); + .preAbortProcedure(ObserverContext.createAndPrepare(CP_ENV), procExec, procId); return null; } }; @@ -639,7 +639,7 @@ public class TestAccessController extends SecureTestUtil { @Override public Object run() throws Exception { ACCESS_CONTROLLER - .postGetProcedures(ObserverContext.createAndPrepare(CP_ENV, null), procList); + .postGetProcedures(ObserverContext.createAndPrepare(CP_ENV), procList); return null; } }; @@ -655,7 +655,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preGetLocks(ObserverContext.createAndPrepare(CP_ENV, null)); + ACCESS_CONTROLLER.preGetLocks(ObserverContext.createAndPrepare(CP_ENV)); return null; } }; @@ -677,7 +677,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preMove(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preMove(ObserverContext.createAndPrepare(CP_ENV), hri, server, server); return null; } @@ -699,7 +699,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preAssign(ObserverContext.createAndPrepare(CP_ENV, null), hri); + ACCESS_CONTROLLER.preAssign(ObserverContext.createAndPrepare(CP_ENV), hri); return null; } }; @@ -720,7 +720,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preUnassign(ObserverContext.createAndPrepare(CP_ENV, null), hri, false); + ACCESS_CONTROLLER.preUnassign(ObserverContext.createAndPrepare(CP_ENV), hri, false); return null; } }; @@ -741,7 +741,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preRegionOffline(ObserverContext.createAndPrepare(CP_ENV, null), hri); + ACCESS_CONTROLLER.preRegionOffline(ObserverContext.createAndPrepare(CP_ENV), hri); return null; } }; @@ -756,7 +756,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preSetSplitOrMergeEnabled(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preSetSplitOrMergeEnabled(ObserverContext.createAndPrepare(CP_ENV), true, MasterSwitchType.MERGE); return null; } @@ -772,7 +772,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preBalance(ObserverContext.createAndPrepare(CP_ENV, null)); + ACCESS_CONTROLLER.preBalance(ObserverContext.createAndPrepare(CP_ENV)); return null; } }; @@ -787,7 +787,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preBalanceSwitch(ObserverContext.createAndPrepare(CP_ENV, null), true); + ACCESS_CONTROLLER.preBalanceSwitch(ObserverContext.createAndPrepare(CP_ENV), true); return null; } }; @@ -802,7 +802,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preShutdown(ObserverContext.createAndPrepare(CP_ENV, null)); + ACCESS_CONTROLLER.preShutdown(ObserverContext.createAndPrepare(CP_ENV)); return null; } }; @@ -817,7 +817,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preStopMaster(ObserverContext.createAndPrepare(CP_ENV, null)); + ACCESS_CONTROLLER.preStopMaster(ObserverContext.createAndPrepare(CP_ENV)); return null; } }; @@ -841,7 +841,7 @@ public class TestAccessController extends SecureTestUtil { @Override public Object run() throws Exception { ACCESS_CONTROLLER.preSplitRegion( - ObserverContext.createAndPrepare(CP_ENV, null), + ObserverContext.createAndPrepare(CP_ENV), tableName, TEST_ROW); return null; @@ -858,7 +858,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preFlush(ObserverContext.createAndPrepare(RCP_ENV, null)); + ACCESS_CONTROLLER.preFlush(ObserverContext.createAndPrepare(RCP_ENV)); return null; } }; @@ -873,7 +873,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preCompact(ObserverContext.createAndPrepare(RCP_ENV, null), null, null, + ACCESS_CONTROLLER.preCompact(ObserverContext.createAndPrepare(RCP_ENV), null, null, ScanType.COMPACT_RETAIN_DELETES, null, null); return null; } @@ -1939,7 +1939,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preStopRegionServer(ObserverContext.createAndPrepare(RSCP_ENV, null)); + ACCESS_CONTROLLER.preStopRegionServer(ObserverContext.createAndPrepare(RSCP_ENV)); return null; } }; @@ -1954,7 +1954,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preRollWALWriterRequest(ObserverContext.createAndPrepare(RSCP_ENV, null)); + ACCESS_CONTROLLER.preRollWALWriterRequest(ObserverContext.createAndPrepare(RSCP_ENV)); return null; } }; @@ -1969,7 +1969,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preOpen(ObserverContext.createAndPrepare(RCP_ENV, null)); + ACCESS_CONTROLLER.preOpen(ObserverContext.createAndPrepare(RCP_ENV)); return null; } }; @@ -1984,7 +1984,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preClose(ObserverContext.createAndPrepare(RCP_ENV, null), false); + ACCESS_CONTROLLER.preClose(ObserverContext.createAndPrepare(RCP_ENV), false); return null; } }; @@ -2003,7 +2003,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction snapshotAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preSnapshot(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preSnapshot(ObserverContext.createAndPrepare(CP_ENV), snapshot, htd); return null; } @@ -2012,7 +2012,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction deleteAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preDeleteSnapshot(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preDeleteSnapshot(ObserverContext.createAndPrepare(CP_ENV), snapshot); return null; } @@ -2021,7 +2021,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction restoreAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preRestoreSnapshot(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preRestoreSnapshot(ObserverContext.createAndPrepare(CP_ENV), snapshot, htd); return null; } @@ -2030,7 +2030,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction cloneAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preCloneSnapshot(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preCloneSnapshot(ObserverContext.createAndPrepare(CP_ENV), snapshot, null); return null; } @@ -2063,7 +2063,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction snapshotAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preSnapshot(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preSnapshot(ObserverContext.createAndPrepare(CP_ENV), snapshot, htd); return null; } @@ -2075,7 +2075,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction deleteAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preDeleteSnapshot(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preDeleteSnapshot(ObserverContext.createAndPrepare(CP_ENV), snapshot); return null; } @@ -2087,7 +2087,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction restoreAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preRestoreSnapshot(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preRestoreSnapshot(ObserverContext.createAndPrepare(CP_ENV), snapshot, htd); return null; } @@ -2099,7 +2099,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction cloneAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preCloneSnapshot(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preCloneSnapshot(ObserverContext.createAndPrepare(CP_ENV), snapshot, htd); return null; } @@ -2655,7 +2655,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction setUserQuotaAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preSetUserQuota(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preSetUserQuota(ObserverContext.createAndPrepare(CP_ENV), null, null); return null; } @@ -2664,7 +2664,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction setUserTableQuotaAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preSetUserQuota(ObserverContext.createAndPrepare(CP_ENV, null), null, + ACCESS_CONTROLLER.preSetUserQuota(ObserverContext.createAndPrepare(CP_ENV), null, TEST_TABLE, null); return null; } @@ -2673,7 +2673,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction setUserNamespaceQuotaAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preSetUserQuota(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preSetUserQuota(ObserverContext.createAndPrepare(CP_ENV), null, (String)null, null); return null; } @@ -2682,7 +2682,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction setTableQuotaAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preSetTableQuota(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preSetTableQuota(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE, null); return null; } @@ -2691,7 +2691,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction setNamespaceQuotaAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preSetNamespaceQuota(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preSetNamespaceQuota(ObserverContext.createAndPrepare(CP_ENV), null, null); return null; } @@ -2874,14 +2874,14 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction prepareBulkLoadAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.prePrepareBulkLoad(ObserverContext.createAndPrepare(RCP_ENV, null)); + ACCESS_CONTROLLER.prePrepareBulkLoad(ObserverContext.createAndPrepare(RCP_ENV)); return null; } }; AccessTestAction cleanupBulkLoadAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preCleanupBulkLoad(ObserverContext.createAndPrepare(RCP_ENV, null)); + ACCESS_CONTROLLER.preCleanupBulkLoad(ObserverContext.createAndPrepare(RCP_ENV)); return null; } }; @@ -2894,8 +2894,8 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction replicateLogEntriesAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preReplicateLogEntries(ObserverContext.createAndPrepare(RSCP_ENV, null)); - ACCESS_CONTROLLER.postReplicateLogEntries(ObserverContext.createAndPrepare(RSCP_ENV, null)); + ACCESS_CONTROLLER.preReplicateLogEntries(ObserverContext.createAndPrepare(RSCP_ENV)); + ACCESS_CONTROLLER.postReplicateLogEntries(ObserverContext.createAndPrepare(RSCP_ENV)); return null; } }; @@ -2910,7 +2910,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action1 = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preMoveServers(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preMoveServers(ObserverContext.createAndPrepare(CP_ENV), null, null); return null; } @@ -2925,7 +2925,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action1 = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preMoveTables(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preMoveTables(ObserverContext.createAndPrepare(CP_ENV), null, null); return null; } @@ -2940,7 +2940,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action1 = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preAddRSGroup(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preAddRSGroup(ObserverContext.createAndPrepare(CP_ENV), null); return null; } @@ -2955,7 +2955,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action1 = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preRemoveRSGroup(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preRemoveRSGroup(ObserverContext.createAndPrepare(CP_ENV), null); return null; } @@ -2970,7 +2970,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action1 = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preBalanceRSGroup(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preBalanceRSGroup(ObserverContext.createAndPrepare(CP_ENV), null); return null; } @@ -2985,7 +2985,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preAddReplicationPeer(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preAddReplicationPeer(ObserverContext.createAndPrepare(CP_ENV), "test", null); return null; } @@ -3000,7 +3000,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preRemoveReplicationPeer(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preRemoveReplicationPeer(ObserverContext.createAndPrepare(CP_ENV), "test"); return null; } @@ -3015,7 +3015,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preEnableReplicationPeer(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preEnableReplicationPeer(ObserverContext.createAndPrepare(CP_ENV), "test"); return null; } @@ -3030,7 +3030,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preDisableReplicationPeer(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preDisableReplicationPeer(ObserverContext.createAndPrepare(CP_ENV), "test"); return null; } @@ -3046,7 +3046,7 @@ public class TestAccessController extends SecureTestUtil { @Override public Object run() throws Exception { ACCESS_CONTROLLER.preGetReplicationPeerConfig( - ObserverContext.createAndPrepare(CP_ENV, null), "test"); + ObserverContext.createAndPrepare(CP_ENV), "test"); return null; } }; @@ -3061,7 +3061,7 @@ public class TestAccessController extends SecureTestUtil { @Override public Object run() throws Exception { ACCESS_CONTROLLER.preUpdateReplicationPeerConfig( - ObserverContext.createAndPrepare(CP_ENV, null), "test", new ReplicationPeerConfig()); + ObserverContext.createAndPrepare(CP_ENV), "test", new ReplicationPeerConfig()); return null; } }; @@ -3075,7 +3075,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction action = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preListReplicationPeers(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preListReplicationPeers(ObserverContext.createAndPrepare(CP_ENV), "test"); return null; } @@ -3106,7 +3106,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction namespaceLockAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preRequestLock(ObserverContext.createAndPrepare(CP_ENV, null), namespace, + ACCESS_CONTROLLER.preRequestLock(ObserverContext.createAndPrepare(CP_ENV), namespace, null, null, LockType.EXCLUSIVE, null); return null; } @@ -3118,7 +3118,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction tableLockAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preRequestLock(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preRequestLock(ObserverContext.createAndPrepare(CP_ENV), null, tableName, null, LockType.EXCLUSIVE, null); return null; } @@ -3131,7 +3131,7 @@ public class TestAccessController extends SecureTestUtil { AccessTestAction regionsLockAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preRequestLock(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preRequestLock(ObserverContext.createAndPrepare(CP_ENV), null, null, regionInfos, LockType.EXCLUSIVE, null); return null; } @@ -3145,7 +3145,7 @@ public class TestAccessController extends SecureTestUtil { LockProcedure proc = new LockProcedure(conf, tableName, LockType.EXCLUSIVE, "test", null); AccessTestAction regionLockHeartbeatAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preLockHeartbeat(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preLockHeartbeat(ObserverContext.createAndPrepare(CP_ENV), proc, false); return null; } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController3.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController3.java index 40865ab20e5..da411d543f2 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController3.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController3.java @@ -30,7 +30,6 @@ import org.apache.hadoop.hbase.HBaseTestingUtility; import org.apache.hadoop.hbase.HColumnDescriptor; import org.apache.hadoop.hbase.HTableDescriptor; import org.apache.hadoop.hbase.TableName; -import org.apache.hadoop.hbase.TableNotFoundException; import org.apache.hadoop.hbase.client.Connection; import org.apache.hadoop.hbase.coprocessor.CoprocessorHost; import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment; @@ -288,7 +287,7 @@ public class TestAccessController3 extends SecureTestUtil { public Object run() throws Exception { HTableDescriptor htd = new HTableDescriptor(TableName.valueOf(name.getMethodName())); htd.addFamily(new HColumnDescriptor(TEST_FAMILY)); - ACCESS_CONTROLLER.preCreateTable(ObserverContext.createAndPrepare(CP_ENV, null), htd, null); + ACCESS_CONTROLLER.preCreateTable(ObserverContext.createAndPrepare(CP_ENV), htd, null); return null; } }; diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.java index f15d6a03782..6a369558ea8 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.java @@ -242,7 +242,7 @@ public class TestNamespaceCommands extends SecureTestUtil { AccessTestAction modifyNamespace = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preModifyNamespace(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preModifyNamespace(ObserverContext.createAndPrepare(CP_ENV), NamespaceDescriptor.create(TEST_NAMESPACE).addConfiguration("abc", "156").build()); return null; } @@ -260,7 +260,7 @@ public class TestNamespaceCommands extends SecureTestUtil { AccessTestAction createNamespace = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preCreateNamespace(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preCreateNamespace(ObserverContext.createAndPrepare(CP_ENV), NamespaceDescriptor.create(TEST_NAMESPACE2).build()); return null; } @@ -269,7 +269,7 @@ public class TestNamespaceCommands extends SecureTestUtil { AccessTestAction deleteNamespace = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preDeleteNamespace(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preDeleteNamespace(ObserverContext.createAndPrepare(CP_ENV), TEST_NAMESPACE2); return null; } @@ -294,7 +294,7 @@ public class TestNamespaceCommands extends SecureTestUtil { AccessTestAction getNamespaceAction = new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preGetNamespaceDescriptor(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preGetNamespaceDescriptor(ObserverContext.createAndPrepare(CP_ENV), TEST_NAMESPACE); return null; } @@ -484,7 +484,7 @@ public class TestNamespaceCommands extends SecureTestUtil { public Object run() throws Exception { HTableDescriptor htd = new HTableDescriptor(TableName.valueOf(TEST_TABLE)); htd.addFamily(new HColumnDescriptor(TEST_FAMILY)); - ACCESS_CONTROLLER.preCreateTable(ObserverContext.createAndPrepare(CP_ENV, null), htd, null); + ACCESS_CONTROLLER.preCreateTable(ObserverContext.createAndPrepare(CP_ENV), htd, null); return null; } }; diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestWithDisabledAuthorization.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestWithDisabledAuthorization.java index fad63a104a7..ed46ab3cd32 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestWithDisabledAuthorization.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestWithDisabledAuthorization.java @@ -483,7 +483,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { public Object run() throws Exception { HTableDescriptor htd = new HTableDescriptor(TEST_TABLE.getTableName()); htd.addFamily(new HColumnDescriptor(TEST_FAMILY)); - ACCESS_CONTROLLER.preCreateTable(ObserverContext.createAndPrepare(CP_ENV, null), htd, + ACCESS_CONTROLLER.preCreateTable(ObserverContext.createAndPrepare(CP_ENV), htd, null); return null; } @@ -496,7 +496,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { HTableDescriptor htd = new HTableDescriptor(TEST_TABLE.getTableName()); htd.addFamily(new HColumnDescriptor(TEST_FAMILY)); htd.addFamily(new HColumnDescriptor(TEST_FAMILY2)); - ACCESS_CONTROLLER.preModifyTable(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preModifyTable(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE.getTableName(), htd); return null; } @@ -506,7 +506,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preDeleteTable(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preDeleteTable(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE.getTableName()); return null; } @@ -516,7 +516,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preTruncateTable(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preTruncateTable(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE.getTableName()); return null; } @@ -527,7 +527,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { @Override public Object run() throws Exception { HColumnDescriptor hcd = new HColumnDescriptor(TEST_FAMILY2); - ACCESS_CONTROLLER.preAddColumnFamily(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preAddColumnFamily(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE.getTableName(), hcd); return null; } @@ -538,7 +538,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { @Override public Object run() throws Exception { HColumnDescriptor hcd = new HColumnDescriptor(TEST_FAMILY2); - ACCESS_CONTROLLER.preModifyColumnFamily(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preModifyColumnFamily(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE.getTableName(), hcd); return null; } @@ -548,7 +548,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preDeleteColumnFamily(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preDeleteColumnFamily(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE.getTableName(), TEST_FAMILY2); return null; } @@ -558,7 +558,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preEnableTable(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preEnableTable(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE.getTableName()); return null; } @@ -568,7 +568,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preDisableTable(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preDisableTable(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE.getTableName()); return null; } @@ -581,7 +581,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { HRegionInfo region = new HRegionInfo(TEST_TABLE.getTableName()); ServerName srcServer = ServerName.valueOf("1.1.1.1", 1, 0); ServerName destServer = ServerName.valueOf("2.2.2.2", 2, 0); - ACCESS_CONTROLLER.preMove(ObserverContext.createAndPrepare(CP_ENV, null), region, + ACCESS_CONTROLLER.preMove(ObserverContext.createAndPrepare(CP_ENV), region, srcServer, destServer); return null; } @@ -592,7 +592,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { @Override public Object run() throws Exception { HRegionInfo region = new HRegionInfo(TEST_TABLE.getTableName()); - ACCESS_CONTROLLER.preAssign(ObserverContext.createAndPrepare(CP_ENV, null), region); + ACCESS_CONTROLLER.preAssign(ObserverContext.createAndPrepare(CP_ENV), region); return null; } }, SUPERUSER, USER_ADMIN, USER_RW, USER_RO, USER_OWNER, USER_CREATE, USER_QUAL, USER_NONE); @@ -602,7 +602,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { @Override public Object run() throws Exception { HRegionInfo region = new HRegionInfo(TEST_TABLE.getTableName()); - ACCESS_CONTROLLER.preUnassign(ObserverContext.createAndPrepare(CP_ENV, null), region, + ACCESS_CONTROLLER.preUnassign(ObserverContext.createAndPrepare(CP_ENV), region, true); return null; } @@ -612,7 +612,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preBalance(ObserverContext.createAndPrepare(CP_ENV, null)); + ACCESS_CONTROLLER.preBalance(ObserverContext.createAndPrepare(CP_ENV)); return null; } }, SUPERUSER, USER_ADMIN, USER_RW, USER_RO, USER_OWNER, USER_CREATE, USER_QUAL, USER_NONE); @@ -621,7 +621,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preBalanceSwitch(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preBalanceSwitch(ObserverContext.createAndPrepare(CP_ENV), true); return null; } @@ -633,7 +633,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { public Object run() throws Exception { SnapshotDescription snapshot = new SnapshotDescription("foo"); HTableDescriptor htd = new HTableDescriptor(TEST_TABLE.getTableName()); - ACCESS_CONTROLLER.preSnapshot(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preSnapshot(ObserverContext.createAndPrepare(CP_ENV), snapshot, htd); return null; } @@ -644,7 +644,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { @Override public Object run() throws Exception { SnapshotDescription snapshot = new SnapshotDescription("foo"); - ACCESS_CONTROLLER.preListSnapshot(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preListSnapshot(ObserverContext.createAndPrepare(CP_ENV), snapshot); return null; } @@ -656,7 +656,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { public Object run() throws Exception { SnapshotDescription snapshot = new SnapshotDescription("foo"); HTableDescriptor htd = new HTableDescriptor(TEST_TABLE.getTableName()); - ACCESS_CONTROLLER.preCloneSnapshot(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preCloneSnapshot(ObserverContext.createAndPrepare(CP_ENV), snapshot, htd); return null; } @@ -668,7 +668,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { public Object run() throws Exception { SnapshotDescription snapshot = new SnapshotDescription("foo"); HTableDescriptor htd = new HTableDescriptor(TEST_TABLE.getTableName()); - ACCESS_CONTROLLER.preRestoreSnapshot(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preRestoreSnapshot(ObserverContext.createAndPrepare(CP_ENV), snapshot, htd); return null; } @@ -679,7 +679,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { @Override public Object run() throws Exception { SnapshotDescription snapshot = new SnapshotDescription("foo"); - ACCESS_CONTROLLER.preDeleteSnapshot(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preDeleteSnapshot(ObserverContext.createAndPrepare(CP_ENV), snapshot); return null; } @@ -692,7 +692,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { List tableNamesList = Lists.newArrayList(); tableNamesList.add(TEST_TABLE.getTableName()); List descriptors = Lists.newArrayList(); - ACCESS_CONTROLLER.preGetTableDescriptors(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preGetTableDescriptors(ObserverContext.createAndPrepare(CP_ENV), tableNamesList, descriptors, ".+"); return null; } @@ -703,7 +703,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { @Override public Object run() throws Exception { List descriptors = Lists.newArrayList(); - ACCESS_CONTROLLER.preGetTableNames(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preGetTableNames(ObserverContext.createAndPrepare(CP_ENV), descriptors, ".+"); return null; } @@ -714,7 +714,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { @Override public Object run() throws Exception { NamespaceDescriptor ns = NamespaceDescriptor.create("test").build(); - ACCESS_CONTROLLER.preCreateNamespace(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preCreateNamespace(ObserverContext.createAndPrepare(CP_ENV), ns); return null; } @@ -724,7 +724,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preDeleteNamespace(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preDeleteNamespace(ObserverContext.createAndPrepare(CP_ENV), "test"); return null; } @@ -735,7 +735,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { @Override public Object run() throws Exception { NamespaceDescriptor ns = NamespaceDescriptor.create("test").build(); - ACCESS_CONTROLLER.preModifyNamespace(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preModifyNamespace(ObserverContext.createAndPrepare(CP_ENV), ns); return null; } @@ -745,8 +745,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preGetNamespaceDescriptor(ObserverContext.createAndPrepare(CP_ENV, - null), + ACCESS_CONTROLLER.preGetNamespaceDescriptor(ObserverContext.createAndPrepare(CP_ENV), "test"); return null; } @@ -757,8 +756,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { @Override public Object run() throws Exception { List descriptors = Lists.newArrayList(); - ACCESS_CONTROLLER.preListNamespaceDescriptors(ObserverContext.createAndPrepare(CP_ENV, - null), + ACCESS_CONTROLLER.preListNamespaceDescriptors(ObserverContext.createAndPrepare(CP_ENV), descriptors); return null; } @@ -769,7 +767,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { @Override public Object run() throws Exception { ACCESS_CONTROLLER.preSplitRegion( - ObserverContext.createAndPrepare(CP_ENV, null), + ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE.getTableName(), Bytes.toBytes("ss")); return null; @@ -780,7 +778,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preSetUserQuota(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preSetUserQuota(ObserverContext.createAndPrepare(CP_ENV), "testuser", null); return null; } @@ -790,7 +788,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preSetTableQuota(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preSetTableQuota(ObserverContext.createAndPrepare(CP_ENV), TEST_TABLE.getTableName(), null); return null; } @@ -800,7 +798,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preSetNamespaceQuota(ObserverContext.createAndPrepare(CP_ENV, null), + ACCESS_CONTROLLER.preSetNamespaceQuota(ObserverContext.createAndPrepare(CP_ENV), "test", null); return null; } @@ -815,7 +813,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preStopRegionServer(ObserverContext.createAndPrepare(RSCP_ENV, null)); + ACCESS_CONTROLLER.preStopRegionServer(ObserverContext.createAndPrepare(RSCP_ENV)); return null; } }, SUPERUSER, USER_ADMIN, USER_RW, USER_RO, USER_OWNER, USER_CREATE, USER_QUAL, USER_NONE); @@ -824,8 +822,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preRollWALWriterRequest(ObserverContext.createAndPrepare(RSCP_ENV, - null)); + ACCESS_CONTROLLER.preRollWALWriterRequest(ObserverContext.createAndPrepare(RSCP_ENV)); return null; } }, SUPERUSER, USER_ADMIN, USER_RW, USER_RO, USER_OWNER, USER_CREATE, USER_QUAL, USER_NONE); @@ -840,7 +837,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preOpen(ObserverContext.createAndPrepare(RCP_ENV, null)); + ACCESS_CONTROLLER.preOpen(ObserverContext.createAndPrepare(RCP_ENV)); return null; } }, SUPERUSER, USER_ADMIN, USER_RW, USER_RO, USER_OWNER, USER_CREATE, USER_QUAL, USER_NONE); @@ -849,7 +846,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preFlush(ObserverContext.createAndPrepare(RCP_ENV, null)); + ACCESS_CONTROLLER.preFlush(ObserverContext.createAndPrepare(RCP_ENV)); return null; } }, SUPERUSER, USER_ADMIN, USER_RW, USER_RO, USER_OWNER, USER_CREATE, USER_QUAL, USER_NONE); @@ -859,7 +856,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { @Override public Object run() throws Exception { List cells = Lists.newArrayList(); - ACCESS_CONTROLLER.preGetOp(ObserverContext.createAndPrepare(RCP_ENV, null), + ACCESS_CONTROLLER.preGetOp(ObserverContext.createAndPrepare(RCP_ENV), new Get(TEST_ROW), cells); return null; } @@ -869,7 +866,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preExists(ObserverContext.createAndPrepare(RCP_ENV, null), + ACCESS_CONTROLLER.preExists(ObserverContext.createAndPrepare(RCP_ENV), new Get(TEST_ROW), true); return null; } @@ -879,7 +876,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.prePut(ObserverContext.createAndPrepare(RCP_ENV, null), + ACCESS_CONTROLLER.prePut(ObserverContext.createAndPrepare(RCP_ENV), new Put(TEST_ROW), new WALEdit(), Durability.USE_DEFAULT); return null; } @@ -889,7 +886,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preDelete(ObserverContext.createAndPrepare(RCP_ENV, null), + ACCESS_CONTROLLER.preDelete(ObserverContext.createAndPrepare(RCP_ENV), new Delete(TEST_ROW), new WALEdit(), Durability.USE_DEFAULT); return null; } @@ -899,7 +896,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preBatchMutate(ObserverContext.createAndPrepare(RCP_ENV, null), + ACCESS_CONTROLLER.preBatchMutate(ObserverContext.createAndPrepare(RCP_ENV), new MiniBatchOperationInProgress<>(null, null, null, 0, 0)); return null; } @@ -909,7 +906,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preCheckAndPut(ObserverContext.createAndPrepare(RCP_ENV, null), + ACCESS_CONTROLLER.preCheckAndPut(ObserverContext.createAndPrepare(RCP_ENV), TEST_ROW, TEST_FAMILY, TEST_Q1, CompareOperator.EQUAL, new BinaryComparator("foo".getBytes()), new Put(TEST_ROW), true); return null; @@ -920,7 +917,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preCheckAndDelete(ObserverContext.createAndPrepare(RCP_ENV, null), + ACCESS_CONTROLLER.preCheckAndDelete(ObserverContext.createAndPrepare(RCP_ENV), TEST_ROW, TEST_FAMILY, TEST_Q1, CompareOperator.EQUAL, new BinaryComparator("foo".getBytes()), new Delete(TEST_ROW), true); return null; @@ -931,7 +928,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preAppend(ObserverContext.createAndPrepare(RCP_ENV, null), + ACCESS_CONTROLLER.preAppend(ObserverContext.createAndPrepare(RCP_ENV), new Append(TEST_ROW)); return null; } @@ -941,7 +938,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preIncrement(ObserverContext.createAndPrepare(RCP_ENV, null), + ACCESS_CONTROLLER.preIncrement(ObserverContext.createAndPrepare(RCP_ENV), new Increment(TEST_ROW)); return null; } @@ -951,7 +948,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { verifyAllowed(new AccessTestAction() { @Override public Object run() throws Exception { - ACCESS_CONTROLLER.preScannerOpen(ObserverContext.createAndPrepare(RCP_ENV, null), + ACCESS_CONTROLLER.preScannerOpen(ObserverContext.createAndPrepare(RCP_ENV), new Scan(), mock(RegionScanner.class)); return null; } @@ -962,7 +959,7 @@ public class TestWithDisabledAuthorization extends SecureTestUtil { @Override public Object run() throws Exception { List> paths = Lists.newArrayList(); - ACCESS_CONTROLLER.preBulkLoadHFile(ObserverContext.createAndPrepare(RCP_ENV, null), + ACCESS_CONTROLLER.preBulkLoadHFile(ObserverContext.createAndPrepare(RCP_ENV), paths); return null; }