HBASE-10005 TestVisibilityLabels fails occasionally
git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1546396 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
2a6407fff4
commit
b4f0a38daa
|
@ -1078,8 +1078,7 @@ public class VisibilityController extends BaseRegionObserver implements MasterOb
|
|||
done.run(response.build());
|
||||
}
|
||||
|
||||
private void performACLCheck()
|
||||
throws IOException {
|
||||
private void performACLCheck() throws IOException {
|
||||
// Do ACL check only when the security is enabled.
|
||||
if (this.acOn && !isSystemOrSuperUser()) {
|
||||
User user = getActiveUser();
|
||||
|
@ -1166,28 +1165,10 @@ public class VisibilityController extends BaseRegionObserver implements MasterOb
|
|||
byte[] user = request.getUser().toByteArray();
|
||||
GetAuthsResponse.Builder response = GetAuthsResponse.newBuilder();
|
||||
response.setUser(request.getUser());
|
||||
|
||||
Scan s = new Scan();
|
||||
s.addColumn(LABELS_TABLE_FAMILY, user);
|
||||
Filter filter = createVisibilityLabelFilter(this.regionEnv.getRegion(), new Authorizations(
|
||||
SYSTEM_LABEL));
|
||||
s.setFilter(filter);
|
||||
try {
|
||||
// We do ACL check here as we create scanner directly on region. It will not make calls to
|
||||
// AccessController CP methods.
|
||||
performACLCheck();
|
||||
RegionScanner scanner = this.regionEnv.getRegion().getScanner(s);
|
||||
List<Cell> results = new ArrayList<Cell>(1);
|
||||
while (true) {
|
||||
scanner.next(results);
|
||||
if (results.isEmpty()) break;
|
||||
Cell cell = results.get(0);
|
||||
int ordinal = Bytes.toInt(cell.getRowArray(), cell.getRowOffset(), cell.getRowLength());
|
||||
String label = this.visibilityManager.getLabel(ordinal);
|
||||
if (label != null) {
|
||||
response.addAuth(ZeroCopyLiteralByteString.wrap(Bytes.toBytes(label)));
|
||||
}
|
||||
results.clear();
|
||||
List<String> labels = getUserAuthsFromLablesTable(user);
|
||||
for (String label : labels) {
|
||||
response.addAuth(ZeroCopyLiteralByteString.wrap(Bytes.toBytes(label)));
|
||||
}
|
||||
} catch (IOException e) {
|
||||
ResponseConverter.setControllerException(controller, e);
|
||||
|
@ -1195,6 +1176,32 @@ public class VisibilityController extends BaseRegionObserver implements MasterOb
|
|||
done.run(response.build());
|
||||
}
|
||||
|
||||
private List<String> getUserAuthsFromLablesTable(byte[] user) throws IOException {
|
||||
Scan s = new Scan();
|
||||
s.addColumn(LABELS_TABLE_FAMILY, user);
|
||||
Filter filter = createVisibilityLabelFilter(this.regionEnv.getRegion(), new Authorizations(
|
||||
SYSTEM_LABEL));
|
||||
s.setFilter(filter);
|
||||
List<String> auths = new ArrayList<String>();
|
||||
// We do ACL check here as we create scanner directly on region. It will not make calls to
|
||||
// AccessController CP methods.
|
||||
performACLCheck();
|
||||
RegionScanner scanner = this.regionEnv.getRegion().getScanner(s);
|
||||
List<Cell> results = new ArrayList<Cell>(1);
|
||||
while (true) {
|
||||
scanner.next(results);
|
||||
if (results.isEmpty()) break;
|
||||
Cell cell = results.get(0);
|
||||
int ordinal = Bytes.toInt(cell.getRowArray(), cell.getRowOffset(), cell.getRowLength());
|
||||
String label = this.visibilityManager.getLabel(ordinal);
|
||||
if (label != null) {
|
||||
auths.add(label);
|
||||
}
|
||||
results.clear();
|
||||
}
|
||||
return auths;
|
||||
}
|
||||
|
||||
@Override
|
||||
public synchronized void clearAuths(RpcController controller, SetAuthsRequest request,
|
||||
RpcCallback<VisibilityLabelsResponse> done) {
|
||||
|
@ -1203,7 +1210,7 @@ public class VisibilityController extends BaseRegionObserver implements MasterOb
|
|||
byte[] user = request.getUser().toByteArray();
|
||||
try {
|
||||
checkCallingUserAuth();
|
||||
List<String> currentAuths = this.visibilityManager.getAuths(Bytes.toString(user));
|
||||
List<String> currentAuths = this.getUserAuthsFromLablesTable(user);
|
||||
List<Mutation> deletes = new ArrayList<Mutation>(auths.size());
|
||||
RegionActionResult successResult = RegionActionResult.newBuilder().build();
|
||||
for (ByteString authBS : auths) {
|
||||
|
|
|
@ -348,6 +348,12 @@ public class TestVisibilityLabels {
|
|||
} catch (InterruptedException e) {
|
||||
}
|
||||
}
|
||||
while (regionServer.getOnlineRegions(LABELS_TABLE_NAME).isEmpty()) {
|
||||
try {
|
||||
Thread.sleep(10);
|
||||
} catch (InterruptedException e) {
|
||||
}
|
||||
}
|
||||
HTable table = createTableAndWriteDataWithLabels(tableName, "(" + SECRET + "|" + CONFIDENTIAL
|
||||
+ ")", PRIVATE);
|
||||
try {
|
||||
|
@ -379,6 +385,13 @@ public class TestVisibilityLabels {
|
|||
} catch (InterruptedException e) {
|
||||
}
|
||||
}
|
||||
while (regionServer.getOnlineRegions(LABELS_TABLE_NAME).isEmpty()) {
|
||||
try {
|
||||
Thread.sleep(10);
|
||||
} catch (InterruptedException e) {
|
||||
}
|
||||
}
|
||||
|
||||
String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, "ABC", "XYZ" };
|
||||
try {
|
||||
VisibilityClient.addLabels(conf, labels);
|
||||
|
|
Loading…
Reference in New Issue