HBASE-12474 Incorrect handling of default namespace in user_permission command (Srikanth Srungarapu)

This commit is contained in:
Matteo Bertozzi 2014-11-26 12:29:38 +00:00
parent 8b8f2026bd
commit c57bc08082
2 changed files with 76 additions and 34 deletions

View File

@ -839,9 +839,15 @@ public class MasterRpcServices extends RSRpcServices
Pattern pat = Pattern.compile(regex);
for (Iterator<HTableDescriptor> itr = descriptors.iterator(); itr.hasNext(); ) {
HTableDescriptor htd = itr.next();
if (!pat.matcher(htd.getTableName().getNameAsString()).matches()) {
itr.remove();
String tableName = htd.getTableName().getNameAsString();
String defaultNameSpace = NamespaceDescriptor.DEFAULT_NAMESPACE_NAME_STR;
boolean matched = pat.matcher(tableName).matches();
if(!matched && htd.getTableName().getNamespaceAsString().equals(defaultNameSpace)) {
matched = pat.matcher(defaultNameSpace + TableName.NAMESPACE_DELIM + tableName)
.matches();
}
if (!matched)
itr.remove();
}
}

View File

@ -2420,14 +2420,8 @@ public class TestAccessController extends SecureTestUtil {
}
}
@Test
public void testAccessControlClientUserPerms() throws Exception {
try {
final String regex = TEST_TABLE.getTableName().getNameAsString();
User testUserPerms = User.createUserForTesting(conf, "testUserPerms", new String[0]);
PrivilegedAction<List<UserPermission>> listTablesRestrictedAction =
new PrivilegedAction<List<UserPermission>>() {
private PrivilegedAction<List<UserPermission>> getPrivilegedAction(final String regex) {
return new PrivilegedAction<List<UserPermission>>() {
@Override
public List<UserPermission> run() {
try {
@ -2439,19 +2433,61 @@ public class TestAccessController extends SecureTestUtil {
}
}
};
assertNull(testUserPerms.runAs(listTablesRestrictedAction));
}
@Test
public void testAccessControlClientUserPerms() throws Exception {
// adding default prefix explicitly as it is not included in the table name.
final String regex = TEST_TABLE.getTableName().getNamespaceAsString() + ":"
+ TEST_TABLE.getTableName().getNameAsString();
User testUserPerms = User.createUserForTesting(conf, "testUserPerms", new String[0]);
assertNull(testUserPerms.runAs(getPrivilegedAction(regex)));
// Grant TABLE ADMIN privs to testUserPerms
grantOnTable(TEST_UTIL, testUserPerms.getShortName(),
TEST_TABLE.getTableName(), null, null,
Permission.Action.ADMIN);
List<UserPermission> perms = testUserPerms.runAs(listTablesRestrictedAction);
grantOnTable(TEST_UTIL, testUserPerms.getShortName(), TEST_TABLE.getTableName(), null,
null, Action.ADMIN);
List<UserPermission> perms = testUserPerms.runAs(getPrivilegedAction(regex));
assertNotNull(perms);
// USER_ADMIN, USER_CREATE, USER_RW, USER_RO, testUserPerms has row each.
assertEquals(5, perms.size());
} catch (Throwable e) {
throw new HBaseIOException(e);
}
}
@Test
public void testAccessControllerRegexHandling() throws Exception {
User testRegexHandler = User.createUserForTesting(conf, "testRegexHandling", new String[0]);
String tableName = "testRegex";
final TableName table1 = TableName.valueOf(tableName);
final byte[] family = Bytes.toBytes("f1");
// create table in default ns
Admin admin = TEST_UTIL.getHBaseAdmin();
HTableDescriptor htd = new HTableDescriptor(table1);
htd.addFamily(new HColumnDescriptor(family));
admin.createTable(htd);
TEST_UTIL.waitUntilAllRegionsAssigned(table1);
// creating the ns and table in it
String ns = "testNamespace";
NamespaceDescriptor desc = NamespaceDescriptor.create(ns).build();
final TableName table2 = TableName.valueOf(ns + ":" + tableName);
TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc);
htd = new HTableDescriptor(table2);
htd.addFamily(new HColumnDescriptor(family));
admin.createTable(htd);
// Grant TABLE ADMIN privs to testUserPerms
grantOnTable(TEST_UTIL, testRegexHandler.getShortName(), table1, null, null, Action.ADMIN);
grantOnTable(TEST_UTIL, testRegexHandler.getShortName(), table2, null, null, Action.ADMIN);
// USER_ADMIN, testUserPerms must have a row each.
assertEquals(2, testRegexHandler.runAs(getPrivilegedAction(tableName)).size());
assertEquals(2, testRegexHandler.runAs(getPrivilegedAction("default:" + tableName)).size());
assertEquals(2, testRegexHandler.runAs(getPrivilegedAction(ns + ":" + tableName)).size());
assertEquals(0, testRegexHandler.runAs(getPrivilegedAction("notMatchingAny")).size());
TEST_UTIL.deleteTable(table1);
TEST_UTIL.deleteTable(table2);
TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(ns);
}
}