From b4f0a38daabc6ba6b607f75e432a29546aeee315 Mon Sep 17 00:00:00 2001
From: anoopsamjohn <anoopsamjohn@unknown>
Date: Thu, 28 Nov 2013 16:49:12 +0000
Subject: [PATCH] HBASE-10005 TestVisibilityLabels fails occasionally

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1546396 13f79535-47bb-0310-9956-ffa450edef68
---
 .../visibility/VisibilityController.java      | 55 +++++++++++--------
 .../visibility/TestVisibilityLabels.java      | 13 +++++
 2 files changed, 44 insertions(+), 24 deletions(-)

diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
index 9329056ec30..c4d2002a2da 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
@@ -1078,8 +1078,7 @@ public class VisibilityController extends BaseRegionObserver implements MasterOb
     done.run(response.build());
   }
 
-  private void performACLCheck()
-      throws IOException {
+  private void performACLCheck() throws IOException {
     // Do ACL check only when the security is enabled.
     if (this.acOn && !isSystemOrSuperUser()) {
       User user = getActiveUser();
@@ -1166,28 +1165,10 @@ public class VisibilityController extends BaseRegionObserver implements MasterOb
     byte[] user = request.getUser().toByteArray();
     GetAuthsResponse.Builder response = GetAuthsResponse.newBuilder();
     response.setUser(request.getUser());
-
-    Scan s = new Scan();
-    s.addColumn(LABELS_TABLE_FAMILY, user);
-    Filter filter = createVisibilityLabelFilter(this.regionEnv.getRegion(), new Authorizations(
-        SYSTEM_LABEL));
-    s.setFilter(filter);
     try {
-      // We do ACL check here as we create scanner directly on region. It will not make calls to
-      // AccessController CP methods.
-      performACLCheck();
-      RegionScanner scanner = this.regionEnv.getRegion().getScanner(s);
-      List<Cell> results = new ArrayList<Cell>(1);
-      while (true) {
-        scanner.next(results);
-        if (results.isEmpty()) break;
-        Cell cell = results.get(0);
-        int ordinal = Bytes.toInt(cell.getRowArray(), cell.getRowOffset(), cell.getRowLength());
-        String label = this.visibilityManager.getLabel(ordinal);
-        if (label != null) {
-          response.addAuth(ZeroCopyLiteralByteString.wrap(Bytes.toBytes(label)));
-        }
-        results.clear();
+      List<String> labels = getUserAuthsFromLablesTable(user);
+      for (String label : labels) {
+        response.addAuth(ZeroCopyLiteralByteString.wrap(Bytes.toBytes(label)));
       }
     } catch (IOException e) {
       ResponseConverter.setControllerException(controller, e);
@@ -1195,6 +1176,32 @@ public class VisibilityController extends BaseRegionObserver implements MasterOb
     done.run(response.build());
   }
 
+  private List<String> getUserAuthsFromLablesTable(byte[] user) throws IOException {
+    Scan s = new Scan();
+    s.addColumn(LABELS_TABLE_FAMILY, user);
+    Filter filter = createVisibilityLabelFilter(this.regionEnv.getRegion(), new Authorizations(
+        SYSTEM_LABEL));
+    s.setFilter(filter);
+    List<String> auths = new ArrayList<String>();
+    // We do ACL check here as we create scanner directly on region. It will not make calls to
+    // AccessController CP methods.
+    performACLCheck();
+    RegionScanner scanner = this.regionEnv.getRegion().getScanner(s);
+    List<Cell> results = new ArrayList<Cell>(1);
+    while (true) {
+      scanner.next(results);
+      if (results.isEmpty()) break;
+      Cell cell = results.get(0);
+      int ordinal = Bytes.toInt(cell.getRowArray(), cell.getRowOffset(), cell.getRowLength());
+      String label = this.visibilityManager.getLabel(ordinal);
+      if (label != null) {
+        auths.add(label);
+      }
+      results.clear();
+    }
+    return auths;
+  }
+
   @Override
   public synchronized void clearAuths(RpcController controller, SetAuthsRequest request,
       RpcCallback<VisibilityLabelsResponse> done) {
@@ -1203,7 +1210,7 @@ public class VisibilityController extends BaseRegionObserver implements MasterOb
     byte[] user = request.getUser().toByteArray();
     try {
       checkCallingUserAuth();
-      List<String> currentAuths = this.visibilityManager.getAuths(Bytes.toString(user));
+      List<String> currentAuths = this.getUserAuthsFromLablesTable(user);
       List<Mutation> deletes = new ArrayList<Mutation>(auths.size());
       RegionActionResult successResult = RegionActionResult.newBuilder().build();
       for (ByteString authBS : auths) {
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
index 6908fdc6e69..eb01cabf41a 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabels.java
@@ -348,6 +348,12 @@ public class TestVisibilityLabels {
       } catch (InterruptedException e) {
       }
     }
+    while (regionServer.getOnlineRegions(LABELS_TABLE_NAME).isEmpty()) {
+      try {
+        Thread.sleep(10);
+      } catch (InterruptedException e) {
+      }
+    }
     HTable table = createTableAndWriteDataWithLabels(tableName, "(" + SECRET + "|" + CONFIDENTIAL
         + ")", PRIVATE);
     try {
@@ -379,6 +385,13 @@ public class TestVisibilityLabels {
       } catch (InterruptedException e) {
       }
     }
+    while (regionServer.getOnlineRegions(LABELS_TABLE_NAME).isEmpty()) {
+      try {
+        Thread.sleep(10);
+      } catch (InterruptedException e) {
+      }
+    }
+
     String[] labels = { SECRET, CONFIDENTIAL, PRIVATE, "ABC", "XYZ" };
     try {
       VisibilityClient.addLabels(conf, labels);