HBASE-13171 Change AccessControlClient methods to accept connection object to reduce setup time (Srikanth Srungarapu)

hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java

@@ -60,7 +60,7 @@ public class AccessControlClient {
 
   /**
    * Grants permission on the specified table for the specified user
-   * @param conf
+   * @param connection The Connection instance to use
    * @param tableName
    * @param userName
    * @param family
@@ -68,66 +68,51 @@ public class AccessControlClient {
    * @param actions
    * @throws Throwable
    */
-  public static void grant(Configuration conf, final TableName tableName,
+  public static void grant(final Connection connection, final TableName tableName,
       final String userName, final byte[] family, final byte[] qual,
       final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
     try (Table table = connection.getTable(ACL_TABLE_NAME)) {
       ProtobufUtil.grant(getAccessControlServiceStub(table), userName, tableName, family, qual,
           actions);
     }
   }
-  }
 
   /**
    * Grants permission on the specified namespace for the specified user.
-   * @param conf
+   * @param connection The Connection instance to use
    * @param namespace
    * @param userName
    * @param actions
    * @throws Throwable
    */
-  public static void grant(Configuration conf, final String namespace,
+  public static void grant(final Connection connection, final String namespace,
       final String userName, final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
     try (Table table = connection.getTable(ACL_TABLE_NAME)) {
       ProtobufUtil.grant(getAccessControlServiceStub(table), userName, namespace, actions);
     }
   }
-  }
 
   /**
+   * @param connection The Connection instance to use
    * Grant global permissions for the specified user.
    */
-  public static void grant(Configuration conf, final String userName,
+  public static void grant(final Connection connection, final String userName,
        final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
     try (Table table = connection.getTable(ACL_TABLE_NAME)) {
       ProtobufUtil.grant(getAccessControlServiceStub(table), userName, actions);
     }
   }
-  }
 
-  public static boolean isAccessControllerRunning(Configuration conf)
+  public static boolean isAccessControllerRunning(final Connection connection)
       throws MasterNotRunningException, ZooKeeperConnectionException, IOException {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
     try (Admin admin = connection.getAdmin()) {
       return admin.isTableAvailable(ACL_TABLE_NAME);
     }
   }
-  }
 
   /**
    * Revokes the permission on the table
-   * @param conf
+   * @param connection The Connection instance to use
    * @param tableName
    * @param username
    * @param family
@@ -135,69 +120,45 @@ public class AccessControlClient {
    * @param actions
    * @throws Throwable
    */
-  public static void revoke(Configuration conf, final TableName tableName,
+  public static void revoke(final Connection connection, final TableName tableName,
       final String username, final byte[] family, final byte[] qualifier,
       final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
     try (Table table = connection.getTable(ACL_TABLE_NAME)) {
       ProtobufUtil.revoke(getAccessControlServiceStub(table), username, tableName, family,
           qualifier, actions);
     }
   }
-  }
 
   /**
    * Revokes the permission on the table for the specified user.
-   * @param conf
+   * @param connection The Connection instance to use
    * @param namespace
    * @param userName
    * @param actions
    * @throws Throwable
    */
-  public static void revoke(Configuration conf, final String namespace,
+  public static void revoke(final Connection connection, final String namespace,
       final String userName, final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
     try (Table table = connection.getTable(ACL_TABLE_NAME)) {
       ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, namespace, actions);
     }
   }
-  }
 
   /**
    * Revoke global permissions for the specified user.
+   * @param connection The Connection instance to use
    */
-  public static void revoke(Configuration conf, final String userName,
+  public static void revoke(final Connection connection, final String userName,
       final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
     try (Table table = connection.getTable(ACL_TABLE_NAME)) {
       ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, actions);
     }
-    }
+
   }
 
   /**
    * List all the userPermissions matching the given pattern.
-   * @param conf
+   * @param connection The Connection instance to use
-   * @param tableRegex The regular expression string to match against
-   * @return - returns an array of UserPermissions
-   * @throws Throwable
-   */
-  public static List<UserPermission> getUserPermissions(Configuration conf, String tableRegex)
-  throws Throwable {
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      return getUserPermissions(connection, tableRegex);
-    }
-  }
-
-  /**
-   * List all the userPermissions matching the given pattern.
-   * @param connection
    * @param tableRegex The regular expression string to match against
    * @return - returns an array of UserPermissions
    * @throws Throwable
@@ -205,8 +166,6 @@ public class AccessControlClient {
   public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex)
       throws Throwable {
     List<UserPermission> permList = new ArrayList<UserPermission>();
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
-    // setup each time.  This class only used in test and shell at moment though.
     try (Table table = connection.getTable(ACL_TABLE_NAME)) {
       try (Admin admin = connection.getAdmin()) {
         CoprocessorRpcChannel service = table.coprocessorService(HConstants.EMPTY_START_ROW);
@@ -228,4 +187,132 @@ public class AccessControlClient {
     }
     return permList;
   }
+
+  /**
+   * Grants permission on the specified table for the specified user
+   * @param conf
+   * @param tableName
+   * @param userName
+   * @param family
+   * @param qual
+   * @param actions
+   * @throws Throwable
+   * @deprecated Use {@link #grant(Connection, TableName, String, byte[], byte[],
+   * Permission.Action...)} instead.
+   */
+  @Deprecated
+  public static void grant(Configuration conf, final TableName tableName,
+      final String userName, final byte[] family, final byte[] qual,
+      final Permission.Action... actions) throws Throwable {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      grant(connection, tableName, userName, family, qual, actions);
+    }
+  }
+
+  /**
+   * Grants permission on the specified namespace for the specified user.
+   * @param conf
+   * @param namespace
+   * @param userName
+   * @param actions
+   * @throws Throwable
+   * @deprecated Use {@link #grant(Connection, String, String, Permission.Action...)}
+   * instead.
+   */
+  @Deprecated
+  public static void grant(Configuration conf, final String namespace,
+      final String userName, final Permission.Action... actions) throws Throwable {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      grant(connection, namespace, userName, actions);
+    }
+  }
+
+  /**
+   * Grant global permissions for the specified user.
+   * @deprecated Use {@link #grant(Connection, String, Permission.Action...)} instead.
+   */
+  @Deprecated
+  public static void grant(Configuration conf, final String userName,
+      final Permission.Action... actions) throws Throwable {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      grant(connection, userName, actions);
+    }
+  }
+
+  /**
+   * @deprecated Use {@link #isAccessControllerRunning(Connection)} instead.
+   */
+  @Deprecated
+  public static boolean isAccessControllerRunning(Configuration conf)
+      throws MasterNotRunningException, ZooKeeperConnectionException, IOException {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      return isAccessControllerRunning(connection);
+    }
+  }
+
+  /**
+   * Revokes the permission on the table
+   * @param conf
+   * @param tableName
+   * @param username
+   * @param family
+   * @param qualifier
+   * @param actions
+   * @throws Throwable
+   * @deprecated Use {@link #revoke(Connection, TableName, String, byte[], byte[],
+   * Permission.Action...)} instead.
+   */
+  @Deprecated
+  public static void revoke(Configuration conf, final TableName tableName,
+      final String username, final byte[] family, final byte[] qualifier,
+      final Permission.Action... actions) throws Throwable {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      revoke(connection, tableName, username, family, qualifier, actions);
+    }
+  }
+
+  /**
+   * Revokes the permission on the table for the specified user.
+   * @param conf
+   * @param namespace
+   * @param userName
+   * @param actions
+   * @throws Throwable
+   * @deprecated Use {@link #revoke(Connection, String, String, Permission.Action...)} instead.
+   */
+  @Deprecated
+  public static void revoke(Configuration conf, final String namespace,
+      final String userName, final Permission.Action... actions) throws Throwable {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      revoke(connection, namespace, userName, actions);
+    }
+  }
+
+  /**
+   * Revoke global permissions for the specified user.
+   * @deprecated Use {@link #revoke(Connection, String, Permission.Action...)} instead.
+   */
+  @Deprecated
+  public static void revoke(Configuration conf, final String userName,
+      final Permission.Action... actions) throws Throwable {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      revoke(connection, userName, actions);
+    }
+  }
+
+  /**
+   * List all the userPermissions matching the given pattern.
+   * @param conf
+   * @param tableRegex The regular expression string to match against
+   * @return - returns an array of UserPermissions
+   * @throws Throwable
+   * @deprecated Use {@link #getUserPermissions(Connection, String)} instead.
+   */
+  @Deprecated
+  public static List<UserPermission> getUserPermissions(Configuration conf, String tableRegex)
+  throws Throwable {
+    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+      return getUserPermissions(connection, tableRegex);
+    }
+  }
 }

hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java

@@ -41,6 +41,7 @@ import org.apache.hadoop.hbase.chaos.factories.MonkeyFactory;
 import org.apache.hadoop.hbase.client.Admin;
 import org.apache.hadoop.hbase.client.BufferedMutator;
 import org.apache.hadoop.hbase.client.BufferedMutatorParams;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Delete;
 import org.apache.hadoop.hbase.client.HBaseAdmin;
 import org.apache.hadoop.hbase.client.HConnection;
@@ -128,7 +129,8 @@ public class IntegrationTestBigLinkedListWithVisibility extends IntegrationTestB
     protected void createSchema() throws IOException {
       LOG.info("Creating tables");
       // Create three tables
-      boolean acl = AccessControlClient.isAccessControllerRunning(getConf());
+      boolean acl = AccessControlClient.isAccessControllerRunning(ConnectionFactory
+          .createConnection(getConf()));
       if(!acl) {
         LOG.info("No ACL available.");
       }
@@ -156,8 +158,8 @@ public class IntegrationTestBigLinkedListWithVisibility extends IntegrationTestB
           LOG.info("Granting permissions for user " + USER.getShortName());
           Permission.Action[] actions = { Permission.Action.READ };
           try {
-            AccessControlClient.grant(getConf(), tableName, USER.getShortName(), null, null,
+            AccessControlClient.grant(ConnectionFactory.createConnection(getConf()), tableName,
-                actions);
+                USER.getShortName(), null, null, actions);
           } catch (Throwable e) {
             LOG.fatal("Error in granting permission for the user " + USER.getShortName(), e);
             throw new IOException(e);

hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java

@@ -403,13 +403,13 @@ public class SecureTestUtil {
    * or will throw an exception upon timeout (10 seconds).
    */
   public static void grantOnNamespaceUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final String namespace,
+      final Connection connection, final String user, final String namespace,
       final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.grant(conf, namespace, user, actions);
+          AccessControlClient.grant(connection, namespace, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -424,13 +424,13 @@ public class SecureTestUtil {
    * or will throw an exception upon timeout (10 seconds).
    */
   public static void revokeFromNamespaceUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final String namespace,
+      final Connection connection, final String user, final String namespace,
       final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.revoke(conf, namespace, user, actions);
+          AccessControlClient.revoke(connection, namespace, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -492,13 +492,13 @@ public class SecureTestUtil {
    * throw an exception upon timeout (10 seconds).
    */
   public static void grantOnTableUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final TableName table, final byte[] family,
+      final Connection connection, final String user, final TableName table, final byte[] family,
       final byte[] qualifier, final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.grant(conf, table, user, family, qualifier, actions);
+          AccessControlClient.grant(connection, table, user, family, qualifier, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -513,13 +513,13 @@ public class SecureTestUtil {
    * throw an exception upon timeout (10 seconds).
    */
   public static void grantGlobalUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final Permission.Action... actions)
+      final Connection connection, final String user, final Permission.Action... actions)
       throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.grant(conf, user, actions);
+          AccessControlClient.grant(connection, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -558,13 +558,13 @@ public class SecureTestUtil {
    * throw an exception upon timeout (10 seconds).
    */
   public static void revokeFromTableUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final TableName table, final byte[] family,
+      final Connection connection, final String user, final TableName table, final byte[] family,
       final byte[] qualifier, final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.revoke(conf, table, user, family, qualifier, actions);
+          AccessControlClient.revoke(connection, table, user, family, qualifier, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -579,13 +579,13 @@ public class SecureTestUtil {
    * throw an exception upon timeout (10 seconds).
    */
   public static void revokeGlobalUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user,final Permission.Action... actions)
+      final Connection connection, final String user,final Permission.Action... actions)
       throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.revoke(conf, user, actions);
+          AccessControlClient.revoke(connection, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }

hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java

@@ -137,6 +137,8 @@ public class TestAccessController extends SecureTestUtil {
   @Rule public TestTableName TEST_TABLE = new TestTableName();
   private static HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
   private static Configuration conf;
+  private static Connection connection;
+
 
   // user with all permissions
   private static User SUPERUSER;
@@ -208,10 +210,13 @@ public class TestAccessController extends SecureTestUtil {
     USER_CREATE = User.createUserForTesting(conf, "tbl_create", new String[0]);
     USER_NONE = User.createUserForTesting(conf, "nouser", new String[0]);
     USER_ADMIN_CF = User.createUserForTesting(conf, "col_family_admin", new String[0]);
+
+    connection = ConnectionFactory.createConnection(conf);
   }
 
   @AfterClass
   public static void tearDownAfterClass() throws Exception {
+    connection.close();
     TEST_UTIL.shutdownMiniCluster();
   }
 
@@ -262,7 +267,8 @@ public class TestAccessController extends SecureTestUtil {
 
     assertEquals(5, AccessControlLists.getTablePermissions(conf, TEST_TABLE.getTableName()).size());
     try {
-      assertEquals(5, AccessControlClient.getUserPermissions(conf, TEST_TABLE.toString()).size());
+      assertEquals(5, AccessControlClient.getUserPermissions(connection,
+          TEST_TABLE.toString()).size());
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.getUserPermissions. ", e);
     }
@@ -2118,7 +2124,7 @@ public class TestAccessController extends SecureTestUtil {
 
     // Grant table READ permissions to testGrantRevoke.
     try {
-      grantOnTableUsingAccessControlClient(TEST_UTIL, conf, testGrantRevoke.getShortName(),
+      grantOnTableUsingAccessControlClient(TEST_UTIL, connection, testGrantRevoke.getShortName(),
           TEST_TABLE.getTableName(), null, null, Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.grant. ", e);
@@ -2129,7 +2135,7 @@ public class TestAccessController extends SecureTestUtil {
 
     // Revoke table READ permission to testGrantRevoke.
     try {
-      revokeFromTableUsingAccessControlClient(TEST_UTIL, conf, testGrantRevoke.getShortName(),
+      revokeFromTableUsingAccessControlClient(TEST_UTIL, connection, testGrantRevoke.getShortName(),
           TEST_TABLE.getTableName(), null, null, Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.revoke ", e);
@@ -2160,8 +2166,8 @@ public class TestAccessController extends SecureTestUtil {
 
     // Grant table READ permissions to testGlobalGrantRevoke.
     try {
-      grantGlobalUsingAccessControlClient(TEST_UTIL, conf, testGlobalGrantRevoke.getShortName(),
+      grantGlobalUsingAccessControlClient(TEST_UTIL, connection,
-        Permission.Action.READ);
+          testGlobalGrantRevoke.getShortName(), Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.grant. ", e);
     }
@@ -2171,8 +2177,8 @@ public class TestAccessController extends SecureTestUtil {
 
     // Revoke table READ permission to testGlobalGrantRevoke.
     try {
-      revokeGlobalUsingAccessControlClient(TEST_UTIL, conf, testGlobalGrantRevoke.getShortName(),
+      revokeGlobalUsingAccessControlClient(TEST_UTIL, connection,
-        Permission.Action.READ);
+          testGlobalGrantRevoke.getShortName(), Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.revoke ", e);
     }
@@ -2201,7 +2207,7 @@ public class TestAccessController extends SecureTestUtil {
 
     // Grant namespace READ to testNS, this should supersede any table permissions
     try {
-      grantOnNamespaceUsingAccessControlClient(TEST_UTIL, conf, testNS.getShortName(),
+      grantOnNamespaceUsingAccessControlClient(TEST_UTIL, connection, testNS.getShortName(),
           TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.grant. ", e);
@@ -2212,7 +2218,7 @@ public class TestAccessController extends SecureTestUtil {
 
     // Revoke namespace READ to testNS, this should supersede any table permissions
     try {
-      revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, conf, testNS.getShortName(),
+      revokeFromNamespaceUsingAccessControlClient(TEST_UTIL, connection, testNS.getShortName(),
           TEST_TABLE.getTableName().getNamespaceAsString(), Permission.Action.READ);
     } catch (Throwable e) {
       LOG.error("error during call of AccessControlClient.revoke ", e);
@@ -2345,13 +2351,13 @@ public class TestAccessController extends SecureTestUtil {
 
    @Test
    public void testGetNamespacePermission() throws Exception {
-     String namespace = "testNamespace";
+     String namespace = "testGetNamespacePermission";
      NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build();
      TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc);
      grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ);
      try {
-       List<UserPermission> namespacePermissions = AccessControlClient.getUserPermissions(conf,
+       List<UserPermission> namespacePermissions = AccessControlClient.getUserPermissions(
-       AccessControlLists.toNamespaceEntry(namespace));
+           connection, AccessControlLists.toNamespaceEntry(namespace));
        assertTrue(namespacePermissions != null);
        assertTrue(namespacePermissions.size() == 1);
      } catch (Throwable thw) {
@@ -2362,7 +2368,6 @@ public class TestAccessController extends SecureTestUtil {
 
   @Test
   public void testTruncatePerms() throws Throwable {
-    try (Connection connection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) {
     List<UserPermission> existingPerms =
         AccessControlClient.getUserPermissions(connection,
             TEST_TABLE.getTableName().getNameAsString());
@@ -2377,17 +2382,24 @@ public class TestAccessController extends SecureTestUtil {
     assertTrue(perms != null);
     assertEquals(existingPerms.size(), perms.size());
   }
-  }
 
   private PrivilegedAction<List<UserPermission>> getPrivilegedAction(final String regex) {
     return new PrivilegedAction<List<UserPermission>>() {
       @Override
       public List<UserPermission> run() {
+        Connection connection = null;
         try {
-          return AccessControlClient.getUserPermissions(conf, regex);
+          connection = ConnectionFactory.createConnection(conf);
+          return AccessControlClient.getUserPermissions(connection, regex);
         } catch (Throwable e) {
           LOG.error("error during call of AccessControlClient.getUserPermissions.", e);
           return null;
+        } finally {
+          try {
+            connection.close();
+          } catch (IOException e) {
+            LOG.error("Error during close of connection.", e);
+          }
         }
       }
     };

hbase-server/src/test/java/org/apache/hadoop/hbase/util/LoadTestTool.java

@@ -43,6 +43,7 @@ import org.apache.hadoop.hbase.HTableDescriptor;
 import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.classification.InterfaceAudience;
 import org.apache.hadoop.hbase.client.Admin;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Durability;
 import org.apache.hadoop.hbase.client.HBaseAdmin;
 import org.apache.hadoop.hbase.io.compress.Compression;
@@ -606,7 +607,8 @@ public class LoadTestTool extends AbstractHBaseTool {
         Permission.Action.ADMIN, Permission.Action.CREATE,
         Permission.Action.READ, Permission.Action.WRITE };
       try {
-        AccessControlClient.grant(conf, tableName, userOwner.getShortName(), null, null, actions);
+        AccessControlClient.grant(ConnectionFactory.createConnection(conf),
+            tableName, userOwner.getShortName(), null, null, actions);
       } catch (Throwable e) {
         LOG.fatal("Error in granting permission for the user " + userOwner.getShortName(), e);
         return EXIT_FAILURE;

hbase-shell/src/main/ruby/hbase/security.rb

@@ -26,7 +26,7 @@ module Hbase
 
     def initialize(admin, formatter)
       @admin = admin
-      @config = @admin.getConfiguration()
+      @connection = @admin.getConnection()
       @formatter = formatter
     end
 
@@ -59,7 +59,7 @@ module Hbase
               namespace_exists?(namespace_name)
 
             org.apache.hadoop.hbase.security.access.AccessControlClient.grant(
-              @config, namespace_name, user, perm.getActions())
+              @connection, namespace_name, user, perm.getActions())
           else
             # Table should exist
             raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name)
@@ -75,12 +75,12 @@ module Hbase
             qualbytes = qualifier.to_java_bytes if (qualifier != nil)
 
             org.apache.hadoop.hbase.security.access.AccessControlClient.grant(
-              @config, tableName, user, fambytes, qualbytes, perm.getActions())
+              @connection, tableName, user, fambytes, qualbytes, perm.getActions())
           end
         else
           # invoke cp endpoint to perform access controls
           org.apache.hadoop.hbase.security.access.AccessControlClient.grant(
-            @config, user, perm.getActions())
+            @connection, user, perm.getActions())
         end
       end
     end
@@ -101,7 +101,7 @@ module Hbase
 
             tablebytes=table_name.to_java_bytes
             org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
-              @config, namespace_name, user)
+              @connection, namespace_name, user)
           else
              # Table should exist
              raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name)
@@ -117,12 +117,12 @@ module Hbase
              qualbytes = qualifier.to_java_bytes if (qualifier != nil)
 
             org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
-              @config, tableName, user, fambytes, qualbytes)
+              @connection, tableName, user, fambytes, qualbytes)
           end
         else
           perm = org.apache.hadoop.hbase.security.access.Permission.new(''.to_java_bytes)
           org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
-            @config, user, perm.getActions())
+            @connection, user, perm.getActions())
         end
       end
     end
@@ -130,7 +130,8 @@ module Hbase
     #----------------------------------------------------------------------------------------------
     def user_permission(table_regex=nil)
       security_available?
-      all_perms = org.apache.hadoop.hbase.security.access.AccessControlClient.getUserPermissions(@config,table_regex)
+      all_perms = org.apache.hadoop.hbase.security.access.AccessControlClient.getUserPermissions(
+        @connection,table_regex)
       res = {}
       count  = 0
       all_perms.each do |value|