[
https://issues.apache.org/jira/browse/HBASE-26001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yutong Xiao updated HBASE-26001:
--------------------------------
Summary: When turn on access control, the cell level TTL of Increment and
Append operations is invalid. (was: When turn on access control, the TTL of
Increment and Append operations is invalid.)
> When turn on access control, the cell level TTL of Increment and Append
> operations is invalid.
> ----------------------------------------------------------------------------------------------
>
> Key: HBASE-26001
> URL: https://issues.apache.org/jira/browse/HBASE-26001
> Project: HBase
> Issue Type: Bug
> Reporter: Yutong Xiao
> Assignee: Yutong Xiao
> Priority: Major
>
> AccessController will rewrite the new cell's tags by the old cell's. This
> will makes the other kinds of tag in new cell invisible (apart from ACL tag)
> after this. As in Increment and Append operations, the new cell has already
> catch forward all tags of the old cell, here in AccessController we do not
> rewrite the tags once again.
> {code:java}
> private Cell createNewCellWithTags(Mutation mutation, Cell oldCell, Cell
> newCell) {
> // Collect any ACLs from the old cell
> List<Tag> tags = Lists.newArrayList();
> List<Tag> aclTags = Lists.newArrayList();
> ListMultimap<String,Permission> perms = ArrayListMultimap.create();
> if (oldCell != null) {
> Iterator<Tag> tagIterator = PrivateCellUtil.tagsIterator(oldCell);
> while (tagIterator.hasNext()) {
> Tag tag = tagIterator.next();
> if (tag.getType() != PermissionStorage.ACL_TAG_TYPE) {
> // Not an ACL tag, just carry it through
> if (LOG.isTraceEnabled()) {
> LOG.trace("Carrying forward tag from " + oldCell + ": type " +
> tag.getType()
> + " length " + tag.getValueLength());
> }
> tags.add(tag);
> } else {
> aclTags.add(tag);
> }
> }
> }
> // Do we have an ACL on the operation?
> byte[] aclBytes = mutation.getACL();
> if (aclBytes != null) {
> // Yes, use it
> tags.add(new ArrayBackedTag(PermissionStorage.ACL_TAG_TYPE, aclBytes));
> } else {
> // No, use what we carried forward
> if (perms != null) {
> // TODO: If we collected ACLs from more than one tag we may have a
> // List<Permission> of size > 1, this can be collapsed into a single
> // Permission
> if (LOG.isTraceEnabled()) {
> LOG.trace("Carrying forward ACLs from " + oldCell + ": " + perms);
> }
> tags.addAll(aclTags);
> }
> }
> // If we have no tags to add, just return
> if (tags.isEmpty()) {
> return newCell;
> }
> // Here the new cell's tags will be in visible.
> return PrivateCellUtil.createCell(newCell, tags);
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)