diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java index 4500573aea5..919d7a049a1 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java @@ -60,7 +60,7 @@ public class AccessControlClient { /** * Grants permission on the specified table for the specified user - * @param conf + * @param connection The Connection instance to use * @param tableName * @param userName * @param family @@ -68,66 +68,51 @@ public class AccessControlClient { * @param actions * @throws Throwable */ - public static void grant(Configuration conf, final TableName tableName, + public static void grant(final Connection connection, final TableName tableName, final String userName, final byte[] family, final byte[] qual, final Permission.Action... actions) throws Throwable { - // TODO: Make it so caller passes in a Connection rather than have us do this expensive - // setup each time. This class only used in test and shell at moment though. - try (Connection connection = ConnectionFactory.createConnection(conf)) { - try (Table table = connection.getTable(ACL_TABLE_NAME)) { - ProtobufUtil.grant(getAccessControlServiceStub(table), userName, tableName, family, qual, + try (Table table = connection.getTable(ACL_TABLE_NAME)) { + ProtobufUtil.grant(getAccessControlServiceStub(table), userName, tableName, family, qual, actions); - } } } /** * Grants permission on the specified namespace for the specified user. - * @param conf + * @param connection The Connection instance to use * @param namespace * @param userName * @param actions * @throws Throwable */ - public static void grant(Configuration conf, final String namespace, + public static void grant(final Connection connection, final String namespace, final String userName, final Permission.Action... actions) throws Throwable { - // TODO: Make it so caller passes in a Connection rather than have us do this expensive - // setup each time. This class only used in test and shell at moment though. - try (Connection connection = ConnectionFactory.createConnection(conf)) { - try (Table table = connection.getTable(ACL_TABLE_NAME)) { - ProtobufUtil.grant(getAccessControlServiceStub(table), userName, namespace, actions); - } + try (Table table = connection.getTable(ACL_TABLE_NAME)) { + ProtobufUtil.grant(getAccessControlServiceStub(table), userName, namespace, actions); } } /** + * @param connection The Connection instance to use * Grant global permissions for the specified user. */ - public static void grant(Configuration conf, final String userName, + public static void grant(final Connection connection, final String userName, final Permission.Action... actions) throws Throwable { - // TODO: Make it so caller passes in a Connection rather than have us do this expensive - // setup each time. This class only used in test and shell at moment though. - try (Connection connection = ConnectionFactory.createConnection(conf)) { - try (Table table = connection.getTable(ACL_TABLE_NAME)) { - ProtobufUtil.grant(getAccessControlServiceStub(table), userName, actions); - } + try (Table table = connection.getTable(ACL_TABLE_NAME)) { + ProtobufUtil.grant(getAccessControlServiceStub(table), userName, actions); } } - public static boolean isAccessControllerRunning(Configuration conf) + public static boolean isAccessControllerRunning(final Connection connection) throws MasterNotRunningException, ZooKeeperConnectionException, IOException { - // TODO: Make it so caller passes in a Connection rather than have us do this expensive - // setup each time. This class only used in test and shell at moment though. - try (Connection connection = ConnectionFactory.createConnection(conf)) { - try (Admin admin = connection.getAdmin()) { - return admin.isTableAvailable(ACL_TABLE_NAME); - } + try (Admin admin = connection.getAdmin()) { + return admin.isTableAvailable(ACL_TABLE_NAME); } } /** * Revokes the permission on the table - * @param conf + * @param connection The Connection instance to use * @param tableName * @param username * @param family @@ -135,78 +120,52 @@ public class AccessControlClient { * @param actions * @throws Throwable */ - public static void revoke(Configuration conf, final TableName tableName, + public static void revoke(final Connection connection, final TableName tableName, final String username, final byte[] family, final byte[] qualifier, final Permission.Action... actions) throws Throwable { - // TODO: Make it so caller passes in a Connection rather than have us do this expensive - // setup each time. This class only used in test and shell at moment though. - try (Connection connection = ConnectionFactory.createConnection(conf)) { - try (Table table = connection.getTable(ACL_TABLE_NAME)) { - ProtobufUtil.revoke(getAccessControlServiceStub(table), username, tableName, family, + try (Table table = connection.getTable(ACL_TABLE_NAME)) { + ProtobufUtil.revoke(getAccessControlServiceStub(table), username, tableName, family, qualifier, actions); - } } } /** * Revokes the permission on the table for the specified user. - * @param conf + * @param connection The Connection instance to use * @param namespace * @param userName * @param actions * @throws Throwable */ - public static void revoke(Configuration conf, final String namespace, - final String userName, final Permission.Action... actions) throws Throwable { - // TODO: Make it so caller passes in a Connection rather than have us do this expensive - // setup each time. This class only used in test and shell at moment though. - try (Connection connection = ConnectionFactory.createConnection(conf)) { - try (Table table = connection.getTable(ACL_TABLE_NAME)) { - ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, namespace, actions); - } + public static void revoke(final Connection connection, final String namespace, + final String userName, final Permission.Action... actions) throws Throwable { + try (Table table = connection.getTable(ACL_TABLE_NAME)) { + ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, namespace, actions); } } /** * Revoke global permissions for the specified user. + * @param connection The Connection instance to use */ - public static void revoke(Configuration conf, final String userName, + public static void revoke(final Connection connection, final String userName, final Permission.Action... actions) throws Throwable { - // TODO: Make it so caller passes in a Connection rather than have us do this expensive - // setup each time. This class only used in test and shell at moment though. - try (Connection connection = ConnectionFactory.createConnection(conf)) { - try (Table table = connection.getTable(ACL_TABLE_NAME)) { - ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, actions); - } + try (Table table = connection.getTable(ACL_TABLE_NAME)) { + ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, actions); } + } /** * List all the userPermissions matching the given pattern. - * @param conf - * @param tableRegex The regular expression string to match against - * @return - returns an array of UserPermissions - * @throws Throwable - */ - public static List getUserPermissions(Configuration conf, String tableRegex) - throws Throwable { - try (Connection connection = ConnectionFactory.createConnection(conf)) { - return getUserPermissions(connection, tableRegex); - } - } - - /** - * List all the userPermissions matching the given pattern. - * @param connection + * @param connection The Connection instance to use * @param tableRegex The regular expression string to match against * @return - returns an array of UserPermissions * @throws Throwable */ public static List getUserPermissions(Connection connection, String tableRegex) - throws Throwable { + throws Throwable { List permList = new ArrayList(); - // TODO: Make it so caller passes in a Connection rather than have us do this expensive - // setup each time. This class only used in test and shell at moment though. try (Table table = connection.getTable(ACL_TABLE_NAME)) { try (Admin admin = connection.getAdmin()) { CoprocessorRpcChannel service = table.coprocessorService(HConstants.EMPTY_START_ROW); @@ -228,4 +187,132 @@ public class AccessControlClient { } return permList; } -} \ No newline at end of file + + /** + * Grants permission on the specified table for the specified user + * @param conf + * @param tableName + * @param userName + * @param family + * @param qual + * @param actions + * @throws Throwable + * @deprecated Use {@link #grant(Connection, TableName, String, byte[], byte[], + * Permission.Action...)} instead. + */ + @Deprecated + public static void grant(Configuration conf, final TableName tableName, + final String userName, final byte[] family, final byte[] qual, + final Permission.Action... actions) throws Throwable { + try (Connection connection = ConnectionFactory.createConnection(conf)) { + grant(connection, tableName, userName, family, qual, actions); + } + } + + /** + * Grants permission on the specified namespace for the specified user. + * @param conf + * @param namespace + * @param userName + * @param actions + * @throws Throwable + * @deprecated Use {@link #grant(Connection, String, String, Permission.Action...)} + * instead. + */ + @Deprecated + public static void grant(Configuration conf, final String namespace, + final String userName, final Permission.Action... actions) throws Throwable { + try (Connection connection = ConnectionFactory.createConnection(conf)) { + grant(connection, namespace, userName, actions); + } + } + + /** + * Grant global permissions for the specified user. + * @deprecated Use {@link #grant(Connection, String, Permission.Action...)} instead. + */ + @Deprecated + public static void grant(Configuration conf, final String userName, + final Permission.Action... actions) throws Throwable { + try (Connection connection = ConnectionFactory.createConnection(conf)) { + grant(connection, userName, actions); + } + } + + /** + * @deprecated Use {@link #isAccessControllerRunning(Connection)} instead. + */ + @Deprecated + public static boolean isAccessControllerRunning(Configuration conf) + throws MasterNotRunningException, ZooKeeperConnectionException, IOException { + try (Connection connection = ConnectionFactory.createConnection(conf)) { + return isAccessControllerRunning(connection); + } + } + + /** + * Revokes the permission on the table + * @param conf + * @param tableName + * @param username + * @param family + * @param qualifier + * @param actions + * @throws Throwable + * @deprecated Use {@link #revoke(Connection, TableName, String, byte[], byte[], + * Permission.Action...)} instead. + */ + @Deprecated + public static void revoke(Configuration conf, final TableName tableName, + final String username, final byte[] family, final byte[] qualifier, + final Permission.Action... actions) throws Throwable { + try (Connection connection = ConnectionFactory.createConnection(conf)) { + revoke(connection, tableName, username, family, qualifier, actions); + } + } + + /** + * Revokes the permission on the table for the specified user. + * @param conf + * @param namespace + * @param userName + * @param actions + * @throws Throwable + * @deprecated Use {@link #revoke(Connection, String, String, Permission.Action...)} instead. + */ + @Deprecated + public static void revoke(Configuration conf, final String namespace, + final String userName, final Permission.Action... actions) throws Throwable { + try (Connection connection = ConnectionFactory.createConnection(conf)) { + revoke(connection, namespace, userName, actions); + } + } + + /** + * Revoke global permissions for the specified user. + * @deprecated Use {@link #revoke(Connection, String, Permission.Action...)} instead. + */ + @Deprecated + public static void revoke(Configuration conf, final String userName, + final Permission.Action... actions) throws Throwable { + try (Connection connection = ConnectionFactory.createConnection(conf)) { + revoke(connection, userName, actions); + } + } + + /** + * List all the userPermissions matching the given pattern. + * @param conf + * @param tableRegex The regular expression string to match against + * @return - returns an array of UserPermissions + * @throws Throwable + * @deprecated Use {@link #getUserPermissions(Connection, String)} instead. + */ + @Deprecated + public static List getUserPermissions(Configuration conf, String tableRegex) + throws Throwable { + try (Connection connection = ConnectionFactory.createConnection(conf)) { + return getUserPermissions(connection, tableRegex); + } + } +} diff --git a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java index 25142228a07..5e190e5afc7 100644 --- a/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java +++ b/hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java @@ -41,6 +41,7 @@ import org.apache.hadoop.hbase.chaos.factories.MonkeyFactory; import org.apache.hadoop.hbase.client.Admin; import org.apache.hadoop.hbase.client.BufferedMutator; import org.apache.hadoop.hbase.client.BufferedMutatorParams; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.Delete; import org.apache.hadoop.hbase.client.HBaseAdmin; import org.apache.hadoop.hbase.client.HConnection; @@ -128,7 +129,8 @@ public class IntegrationTestBigLinkedListWithVisibility extends IntegrationTestB protected void createSchema() throws IOException { LOG.info("Creating tables"); // Create three tables - boolean acl = AccessControlClient.isAccessControllerRunning(getConf()); + boolean acl = AccessControlClient.isAccessControllerRunning(ConnectionFactory + .createConnection(getConf())); if(!acl) { LOG.info("No ACL available."); } @@ -156,8 +158,8 @@ public class IntegrationTestBigLinkedListWithVisibility extends IntegrationTestB LOG.info("Granting permissions for user " + USER.getShortName()); Permission.Action[] actions = { Permission.Action.READ }; try { - AccessControlClient.grant(getConf(), tableName, USER.getShortName(), null, null, - actions); + AccessControlClient.grant(ConnectionFactory.createConnection(getConf()), tableName, + USER.getShortName(), null, null, actions); } catch (Throwable e) { LOG.fatal("Error in granting permission for the user " + USER.getShortName(), e); throw new IOException(e); diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java index fa52de343eb..f77bb85b0a0 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java @@ -403,13 +403,13 @@ public class SecureTestUtil { * or will throw an exception upon timeout (10 seconds). */ public static void grantOnNamespaceUsingAccessControlClient(final HBaseTestingUtility util, - final Configuration conf, final String user, final String namespace, + final Connection connection, final String user, final String namespace, final Permission.Action... actions) throws Exception { SecureTestUtil.updateACLs(util, new Callable() { @Override public Void call() throws Exception { try { - AccessControlClient.grant(conf, namespace, user, actions); + AccessControlClient.grant(connection, namespace, user, actions); } catch (Throwable t) { t.printStackTrace(); } @@ -424,13 +424,13 @@ public class SecureTestUtil { * or will throw an exception upon timeout (10 seconds). */ public static void revokeFromNamespaceUsingAccessControlClient(final HBaseTestingUtility util, - final Configuration conf, final String user, final String namespace, + final Connection connection, final String user, final String namespace, final Permission.Action... actions) throws Exception { SecureTestUtil.updateACLs(util, new Callable() { @Override public Void call() throws Exception { try { - AccessControlClient.revoke(conf, namespace, user, actions); + AccessControlClient.revoke(connection, namespace, user, actions); } catch (Throwable t) { t.printStackTrace(); } @@ -492,13 +492,13 @@ public class SecureTestUtil { * throw an exception upon timeout (10 seconds). */ public static void grantOnTableUsingAccessControlClient(final HBaseTestingUtility util, - final Configuration conf, final String user, final TableName table, final byte[] family, + final Connection connection, final String user, final TableName table, final byte[] family, final byte[] qualifier, final Permission.Action... actions) throws Exception { SecureTestUtil.updateACLs(util, new Callable() { @Override public Void call() throws Exception { try { - AccessControlClient.grant(conf, table, user, family, qualifier, actions); + AccessControlClient.grant(connection, table, user, family, qualifier, actions); } catch (Throwable t) { t.printStackTrace(); } @@ -513,13 +513,13 @@ public class SecureTestUtil { * throw an exception upon timeout (10 seconds). */ public static void grantGlobalUsingAccessControlClient(final HBaseTestingUtility util, - final Configuration conf, final String user, final Permission.Action... actions) + final Connection connection, final String user, final Permission.Action... actions) throws Exception { SecureTestUtil.updateACLs(util, new Callable() { @Override public Void call() throws Exception { try { - AccessControlClient.grant(conf, user, actions); + AccessControlClient.grant(connection, user, actions); } catch (Throwable t) { t.printStackTrace(); } @@ -558,13 +558,13 @@ public class SecureTestUtil { * throw an exception upon timeout (10 seconds). */ public static void revokeFromTableUsingAccessControlClient(final HBaseTestingUtility util, - final Configuration conf, final String user, final TableName table, final byte[] family, + final Connection connection, final String user, final TableName table, final byte[] family, final byte[] qualifier, final Permission.Action... actions) throws Exception { SecureTestUtil.updateACLs(util, new Callable() { @Override public Void call() throws Exception { try { - AccessControlClient.revoke(conf, table, user, family, qualifier, actions); + AccessControlClient.revoke(connection, table, user, family, qualifier, actions); } catch (Throwable t) { t.printStackTrace(); } @@ -579,13 +579,13 @@ public class SecureTestUtil { * throw an exception upon timeout (10 seconds). */ public static void revokeGlobalUsingAccessControlClient(final HBaseTestingUtility util, - final Configuration conf, final String user,final Permission.Action... actions) + final Connection connection, final String user,final Permission.Action... actions) throws Exception { SecureTestUtil.updateACLs(util, new Callable() { @Override public Void call() throws Exception { try { - AccessControlClient.revoke(conf, user, actions); + AccessControlClient.revoke(connection, user, actions); } catch (Throwable t) { t.printStackTrace(); } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index aac9757e060..76f54af5634 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -137,6 +137,8 @@ public class TestAccessController extends SecureTestUtil { @Rule public TestTableName TEST_TABLE = new TestTableName(); private static HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility(); private static Configuration conf; + private static Connection connection; + // user with all permissions private static User SUPERUSER; @@ -208,10 +210,13 @@ public class TestAccessController extends SecureTestUtil { USER_CREATE = User.createUserForTesting(conf, "tbl_create", new String[0]); USER_NONE = User.createUserForTesting(conf, "nouser", new String[0]); USER_ADMIN_CF = User.createUserForTesting(conf, "col_family_admin", new String[0]); + + connection = ConnectionFactory.createConnection(conf); } @AfterClass public static void tearDownAfterClass() throws Exception { + connection.close(); TEST_UTIL.shutdownMiniCluster(); } @@ -262,7 +267,8 @@ public class TestAccessController extends SecureTestUtil { assertEquals(5, AccessControlLists.getTablePermissions(conf, TEST_TABLE.getTableName()).size()); try { - assertEquals(5, AccessControlClient.getUserPermissions(conf, TEST_TABLE.toString()).size()); + assertEquals(5, AccessControlClient.getUserPermissions(connection, + TEST_TABLE.toString()).size()); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.getUserPermissions. ", e); } @@ -2118,7 +2124,7 @@ public class TestAccessController extends SecureTestUtil { // Grant table READ permissions to testGrantRevoke. try { - grantOnTableUsingAccessControlClient(TEST_UTIL, conf, testGrantRevoke.getShortName(), + grantOnTableUsingAccessControlClient(TEST_UTIL, connection, testGrantRevoke.getShortName(), TEST_TABLE.getTableName(), null, null, Permission.Action.READ); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.grant. ", e); @@ -2129,7 +2135,7 @@ public class TestAccessController extends SecureTestUtil { // Revoke table READ permission to testGrantRevoke. try { - revokeFromTableUsingAccessControlClient(TEST_UTIL, conf, testGrantRevoke.getShortName(), + revokeFromTableUsingAccessControlClient(TEST_UTIL, connection, testGrantRevoke.getShortName(), TEST_TABLE.getTableName(), null, null, Permission.Action.READ); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.revoke ", e); @@ -2160,8 +2166,8 @@ public class TestAccessController extends SecureTestUtil { // Grant table READ permissions to testGlobalGrantRevoke. try { - grantGlobalUsingAccessControlClient(TEST_UTIL, conf, testGlobalGrantRevoke.getShortName(), - Permission.Action.READ); + grantGlobalUsingAccessControlClient(TEST_UTIL, connection, + testGlobalGrantRevoke.getShortName(), Permission.Action.READ); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.grant. ", e); } @@ -2171,8 +2177,8 @@ public class TestAccessController extends SecureTestUtil { // Revoke table READ permission to testGlobalGrantRevoke. try { - revokeGlobalUsingAccessControlClient(TEST_UTIL, conf, testGlobalGrantRevoke.getShortName(), - Permission.Action.READ); + revokeGlobalUsingAccessControlClient(TEST_UTIL, connection, + testGlobalGrantRevoke.getShortName(), Permission.Action.READ); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.revoke ", e); } @@ -2201,7 +2207,7 @@ public class TestAccessController extends SecureTestUtil { // Grant namespace READ to testNS, this should supersede any table permissions try { - grantOnNamespaceUsingAccessControlClient(TEST_UTIL, conf, testNS.getShortName(), + grantOnNamespaceUsingAccessControlClient(TEST_UTIL, connection, testNS.getShortName(), TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.grant. ", e); @@ -2212,7 +2218,7 @@ public class TestAccessController extends SecureTestUtil { // Revoke namespace READ to testNS, this should supersede any table permissions try { - revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, conf, testNS.getShortName(), + revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, connection, testNS.getShortName(), TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.revoke ", e); @@ -2345,13 +2351,13 @@ public class TestAccessController extends SecureTestUtil { @Test public void testGetNamespacePermission() throws Exception { - String namespace = "testNamespace"; + String namespace = "testGetNamespacePermission"; NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build(); TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc); grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ); try { - List namespacePermissions = AccessControlClient.getUserPermissions(conf, - AccessControlLists.toNamespaceEntry(namespace)); + List namespacePermissions = AccessControlClient.getUserPermissions( + connection, AccessControlLists.toNamespaceEntry(namespace)); assertTrue(namespacePermissions != null); assertTrue(namespacePermissions.size() == 1); } catch (Throwable thw) { @@ -2362,32 +2368,38 @@ public class TestAccessController extends SecureTestUtil { @Test public void testTruncatePerms() throws Throwable { - try (Connection connection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) { - List existingPerms = - AccessControlClient.getUserPermissions(connection, - TEST_TABLE.getTableName().getNameAsString()); - assertTrue(existingPerms != null); - assertTrue(existingPerms.size() > 1); - try (Admin admin = connection.getAdmin()) { - admin.disableTable(TEST_TABLE.getTableName()); - admin.truncateTable(TEST_TABLE.getTableName(), true); - } - List perms = AccessControlClient.getUserPermissions(connection, - TEST_TABLE.getTableName().getNameAsString()); - assertTrue(perms != null); - assertEquals(existingPerms.size(), perms.size()); + List existingPerms = + AccessControlClient.getUserPermissions(connection, + TEST_TABLE.getTableName().getNameAsString()); + assertTrue(existingPerms != null); + assertTrue(existingPerms.size() > 1); + try (Admin admin = connection.getAdmin()) { + admin.disableTable(TEST_TABLE.getTableName()); + admin.truncateTable(TEST_TABLE.getTableName(), true); } + List perms = AccessControlClient.getUserPermissions(connection, + TEST_TABLE.getTableName().getNameAsString()); + assertTrue(perms != null); + assertEquals(existingPerms.size(), perms.size()); } private PrivilegedAction> getPrivilegedAction(final String regex) { return new PrivilegedAction>() { @Override public List run() { + Connection connection = null; try { - return AccessControlClient.getUserPermissions(conf, regex); + connection = ConnectionFactory.createConnection(conf); + return AccessControlClient.getUserPermissions(connection, regex); } catch (Throwable e) { LOG.error("error during call of AccessControlClient.getUserPermissions.", e); return null; + } finally { + try { + connection.close(); + } catch (IOException e) { + LOG.error("Error during close of connection.", e); + } } } }; diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java index 6d64bc62419..0f077ed4b97 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java @@ -43,6 +43,7 @@ import org.apache.hadoop.hbase.HTableDescriptor; import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.classification.InterfaceAudience; import org.apache.hadoop.hbase.client.Admin; +import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.Durability; import org.apache.hadoop.hbase.client.HBaseAdmin; import org.apache.hadoop.hbase.io.compress.Compression; @@ -606,7 +607,8 @@ public class LoadTestTool extends AbstractHBaseTool { Permission.Action.ADMIN, Permission.Action.CREATE, Permission.Action.READ, Permission.Action.WRITE }; try { - AccessControlClient.grant(conf, tableName, userOwner.getShortName(), null, null, actions); + AccessControlClient.grant(ConnectionFactory.createConnection(conf), + tableName, userOwner.getShortName(), null, null, actions); } catch (Throwable e) { LOG.fatal("Error in granting permission for the user " + userOwner.getShortName(), e); return EXIT_FAILURE; diff --git a/hbase-shell/src/main/ruby/hbase/security.rb b/hbase-shell/src/main/ruby/hbase/security.rb index bfdd7330ff3..2aaef02a92c 100644 --- a/hbase-shell/src/main/ruby/hbase/security.rb +++ b/hbase-shell/src/main/ruby/hbase/security.rb @@ -26,7 +26,7 @@ module Hbase def initialize(admin, formatter) @admin = admin - @config = @admin.getConfiguration() + @connection = @admin.getConnection() @formatter = formatter end @@ -59,7 +59,7 @@ module Hbase namespace_exists?(namespace_name) org.apache.hadoop.hbase.security.access.AccessControlClient.grant( - @config, namespace_name, user, perm.getActions()) + @connection, namespace_name, user, perm.getActions()) else # Table should exist raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name) @@ -75,12 +75,12 @@ module Hbase qualbytes = qualifier.to_java_bytes if (qualifier != nil) org.apache.hadoop.hbase.security.access.AccessControlClient.grant( - @config, tableName, user, fambytes, qualbytes, perm.getActions()) + @connection, tableName, user, fambytes, qualbytes, perm.getActions()) end else # invoke cp endpoint to perform access controls org.apache.hadoop.hbase.security.access.AccessControlClient.grant( - @config, user, perm.getActions()) + @connection, user, perm.getActions()) end end end @@ -101,7 +101,7 @@ module Hbase tablebytes=table_name.to_java_bytes org.apache.hadoop.hbase.security.access.AccessControlClient.revoke( - @config, namespace_name, user) + @connection, namespace_name, user) else # Table should exist raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name) @@ -117,12 +117,12 @@ module Hbase qualbytes = qualifier.to_java_bytes if (qualifier != nil) org.apache.hadoop.hbase.security.access.AccessControlClient.revoke( - @config, tableName, user, fambytes, qualbytes) + @connection, tableName, user, fambytes, qualbytes) end else perm = org.apache.hadoop.hbase.security.access.Permission.new(''.to_java_bytes) org.apache.hadoop.hbase.security.access.AccessControlClient.revoke( - @config, user, perm.getActions()) + @connection, user, perm.getActions()) end end end @@ -130,7 +130,8 @@ module Hbase #---------------------------------------------------------------------------------------------- def user_permission(table_regex=nil) security_available? - all_perms = org.apache.hadoop.hbase.security.access.AccessControlClient.getUserPermissions(@config,table_regex) + all_perms = org.apache.hadoop.hbase.security.access.AccessControlClient.getUserPermissions( + @connection,table_regex) res = {} count = 0 all_perms.each do |value|