Repository: hbase Updated Branches: refs/heads/0.98 e7841634e -> 5c3e567ff
HBASE-13296 Fix the deletion of acl notify nodes for namespace. Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/5c3e567f Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/5c3e567f Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/5c3e567f Branch: refs/heads/0.98 Commit: 5c3e567ffb96499a1fb3b7c2fec9f768b256abb0 Parents: e784163 Author: Srikanth Srungarapu <ssrungar...@cloudera.com> Authored: Wed Apr 1 14:15:46 2015 -0700 Committer: Srikanth Srungarapu <ssrungar...@cloudera.com> Committed: Wed Apr 1 14:15:46 2015 -0700 ---------------------------------------------------------------------- .../hbase/security/access/AccessController.java | 3 +- .../security/access/ZKPermissionWatcher.java | 17 +++++++ .../hbase/security/access/SecureTestUtil.java | 19 +++++++ .../security/access/TestAccessController.java | 4 +- .../security/access/TestAccessController2.java | 53 ++++++++++++++------ 5 files changed, 77 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/5c3e567f/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java index 2c0b05f..0601ce4 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java @@ -1202,7 +1202,8 @@ public class AccessController extends BaseMasterAndRegionObserver return null; } }); - LOG.info(namespace + "entry deleted in "+AccessControlLists.ACL_TABLE_NAME+" table."); + this.authManager.getZKPermissionWatcher().deleteNamespaceACLNode(namespace); + LOG.info(namespace + " entry deleted in "+AccessControlLists.ACL_TABLE_NAME+" table."); } @Override http://git-wip-us.apache.org/repos/asf/hbase/blob/5c3e567f/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java index 53de50f..2c051ea 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java @@ -211,4 +211,21 @@ public class ZKPermissionWatcher extends ZooKeeperListener { watcher.abort("Failed deleting node " + zkNode, e); } } + + /*** + * Delete the acl notify node of namespace + */ + public void deleteNamespaceACLNode(final String namespace) { + String zkNode = ZKUtil.joinZNode(watcher.baseZNode, ACL_NODE); + zkNode = ZKUtil.joinZNode(zkNode, AccessControlLists.NAMESPACE_PREFIX + namespace); + + try { + ZKUtil.deleteNode(watcher, zkNode); + } catch (KeeperException.NoNodeException e) { + LOG.warn("No acl notify node of namespace '" + namespace + "'"); + } catch (KeeperException e) { + LOG.error("Failed deleting acl node of namespace '" + namespace + "'", e); + watcher.abort("Failed deleting node " + zkNode, e); + } + } } http://git-wip-us.apache.org/repos/asf/hbase/blob/5c3e567f/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java index 0c8fa81..8227b7f 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java @@ -36,6 +36,7 @@ import org.apache.hadoop.hbase.Coprocessor; import org.apache.hadoop.hbase.HBaseTestingUtility; import org.apache.hadoop.hbase.HConstants; import org.apache.hadoop.hbase.MiniHBaseCluster; +import org.apache.hadoop.hbase.NamespaceDescriptor; import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.Waiter.Predicate; import org.apache.hadoop.hbase.client.HTable; @@ -601,4 +602,22 @@ public class SecureTestUtil { } }); } + + public static void createNamespace(HBaseTestingUtility testUtil, NamespaceDescriptor nsDesc) + throws Exception { + testUtil.getHBaseAdmin().createNamespace(nsDesc); + } + + public static void deleteNamespace(HBaseTestingUtility testUtil, String namespace) + throws Exception { + testUtil.getHBaseAdmin().deleteNamespace(namespace); + } + + public static String convertToNamespace(String namespace) { + return AccessControlLists.NAMESPACE_PREFIX + namespace; + } + + public static String convertToGroup(String group) { + return AccessControlLists.GROUP_PREFIX + group; + } } http://git-wip-us.apache.org/repos/asf/hbase/blob/5c3e567f/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index 1762e41..a43e208 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -2327,7 +2327,7 @@ public class TestAccessController extends SecureTestUtil { public void testGetNamespacePermission() throws Exception { String namespace = "testNamespace"; NamespaceDescriptor desc = NamespaceDescriptor.create(namespace).build(); - TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc); + createNamespace(TEST_UTIL, desc); grantOnNamespace(TEST_UTIL, USER_NONE.getShortName(), namespace, Permission.Action.READ); try { List<UserPermission> namespacePermissions = AccessControlClient.getUserPermissions(conf, @@ -2337,7 +2337,7 @@ public class TestAccessController extends SecureTestUtil { } catch (Throwable thw) { throw new HBaseException(thw); } - TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(namespace); + deleteNamespace(TEST_UTIL, namespace); } @Test http://git-wip-us.apache.org/repos/asf/hbase/blob/5c3e567f/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java index a64f294..3c327e8 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java @@ -19,7 +19,7 @@ package org.apache.hadoop.hbase.security.access; import static org.junit.Assert.*; -import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import org.apache.commons.logging.Log; @@ -42,6 +42,8 @@ import org.apache.hadoop.hbase.security.access.Permission.Action; import org.apache.hadoop.hbase.testclassification.LargeTests; import org.apache.hadoop.hbase.util.Bytes; import org.apache.hadoop.hbase.util.TestTableName; +import org.apache.hadoop.hbase.zookeeper.ZKUtil; +import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher; import org.junit.After; import org.junit.AfterClass; import org.junit.Before; @@ -110,21 +112,10 @@ public class TestAccessController2 extends SecureTestUtil { TEST_UTIL.createTable(TableName.valueOf(tableName), new String[] { Bytes.toString(TEST_FAMILY), Bytes.toString(TEST_FAMILY_2) }); - List<Put> puts = new ArrayList<Put>(5); - Put put_1 = new Put(TEST_ROW); - put_1.add(TEST_FAMILY, Q1, value1); - - Put put_2 = new Put(TEST_ROW_2); - put_2.add(TEST_FAMILY, Q2, value2); - - Put put_3 = new Put(TEST_ROW_3); - put_3.add(TEST_FAMILY_2, Q1, value1); - - puts.add(put_1); - puts.add(put_2); - puts.add(put_3); - - table.put(puts); + // Ingesting test data. + table.put(Arrays.asList(new Put(TEST_ROW).add(TEST_FAMILY, Q1, value1), + new Put(TEST_ROW_2).add(TEST_FAMILY, Q2, value2), + new Put(TEST_ROW_3).add(TEST_FAMILY_2, Q1, value1))); } finally { table.close(); } @@ -451,4 +442,34 @@ public class TestAccessController2 extends SecureTestUtil { verifyDenied(TESTGROUP1_USER1, scanTableActionForGroupWithQualifierLevelAccess); } + @Test + public void testACLZNodeDeletion() throws Exception { + String baseAclZNode = "/hbase/acl/"; + String ns = "testACLZNodeDeletionNamespace"; + NamespaceDescriptor desc = NamespaceDescriptor.create(ns).build(); + createNamespace(TEST_UTIL, desc); + + final TableName table = TableName.valueOf(ns, "testACLZNodeDeletionTable"); + final byte[] family = Bytes.toBytes("f1"); + HTableDescriptor htd = new HTableDescriptor(table); + htd.addFamily(new HColumnDescriptor(family)); + TEST_UTIL.getHBaseAdmin().createTable(htd); + + // Namespace needs this, as they follow the lazy creation of ACL znode. + grantOnNamespace(TEST_UTIL, TESTGROUP1_USER1.getShortName(), ns, Action.ADMIN); + ZooKeeperWatcher zkw = TEST_UTIL.getMiniHBaseCluster().getMaster().getZooKeeper(); + assertTrue("The acl znode for table should exist", ZKUtil.checkExists(zkw, baseAclZNode + + table.getNameAsString()) != -1); + assertTrue("The acl znode for namespace should exist", ZKUtil.checkExists(zkw, baseAclZNode + + convertToNamespace(ns)) != -1); + + revokeFromNamespace(TEST_UTIL, TESTGROUP1_USER1.getShortName(), ns, Action.ADMIN); + TEST_UTIL.deleteTable(table); + deleteNamespace(TEST_UTIL, ns); + + assertTrue("The acl znode for table should have been deleted", + ZKUtil.checkExists(zkw, baseAclZNode + table.getNameAsString()) == -1); + assertTrue( "The acl znode for namespace should have been deleted", + ZKUtil.checkExists(zkw, baseAclZNode + convertToNamespace(ns)) == -1); + } }