[
https://issues.apache.org/jira/browse/HBASE-26001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yutong Xiao updated HBASE-26001:
--------------------------------
Description:
AccessController postIncrementBeforeWAL() and postAppendBeforeWAL() methods
will rewrite the new cell's tags by the old cell's. This will makes the other
kinds of tag in new cell invisible (such as TTL tag) after this. As in
Increment and Append operations, the new cell has already catch forward all
tags of the old cell and TTL tag from mutation operation, here in
AccessController we do not need to rewrite the tags once again. Also, the TTL
tag of newCell will be invisible in the new created cell. Actually, in
Increment and Append operations, the newCell has already copied all tags of the
oldCell. So the oldCell is useless here.
{code:java}
private Cell createNewCellWithTags(Mutation mutation, Cell oldCell, Cell
newCell) {
// Collect any ACLs from the old cell
List<Tag> tags = Lists.newArrayList();
List<Tag> aclTags = Lists.newArrayList();
ListMultimap<String,Permission> perms = ArrayListMultimap.create();
if (oldCell != null) {
Iterator<Tag> tagIterator = PrivateCellUtil.tagsIterator(oldCell);
while (tagIterator.hasNext()) {
Tag tag = tagIterator.next();
if (tag.getType() != PermissionStorage.ACL_TAG_TYPE) {
// Not an ACL tag, just carry it through
if (LOG.isTraceEnabled()) {
LOG.trace("Carrying forward tag from " + oldCell + ": type " +
tag.getType()
+ " length " + tag.getValueLength());
}
tags.add(tag);
} else {
aclTags.add(tag);
}
}
}
// Do we have an ACL on the operation?
byte[] aclBytes = mutation.getACL();
if (aclBytes != null) {
// Yes, use it
tags.add(new ArrayBackedTag(PermissionStorage.ACL_TAG_TYPE, aclBytes));
} else {
// No, use what we carried forward
if (perms != null) {
// TODO: If we collected ACLs from more than one tag we may have a
// List<Permission> of size > 1, this can be collapsed into a single
// Permission
if (LOG.isTraceEnabled()) {
LOG.trace("Carrying forward ACLs from " + oldCell + ": " + perms);
}
tags.addAll(aclTags);
}
}
// If we have no tags to add, just return
if (tags.isEmpty()) {
return newCell;
}
// Here the new cell's tags will be in visible.
return PrivateCellUtil.createCell(newCell, tags);
}
{code}
was:
AccessController will rewrite the new cell's tags by the old cell's. This will
makes the other kinds of tag in new cell invisible (apart from ACL tag) after
this. As in Increment and Append operations, the new cell has already catch
forward all tags of the old cell, here in AccessController we do not rewrite
the tags once again. Actually, in Increment and Append operations, the newCell
has already copied all tags of the oldCell. So the oldCell is useless here.
{code:java}
private Cell createNewCellWithTags(Mutation mutation, Cell oldCell, Cell
newCell) {
// Collect any ACLs from the old cell
List<Tag> tags = Lists.newArrayList();
List<Tag> aclTags = Lists.newArrayList();
ListMultimap<String,Permission> perms = ArrayListMultimap.create();
if (oldCell != null) {
Iterator<Tag> tagIterator = PrivateCellUtil.tagsIterator(oldCell);
while (tagIterator.hasNext()) {
Tag tag = tagIterator.next();
if (tag.getType() != PermissionStorage.ACL_TAG_TYPE) {
// Not an ACL tag, just carry it through
if (LOG.isTraceEnabled()) {
LOG.trace("Carrying forward tag from " + oldCell + ": type " +
tag.getType()
+ " length " + tag.getValueLength());
}
tags.add(tag);
} else {
aclTags.add(tag);
}
}
}
// Do we have an ACL on the operation?
byte[] aclBytes = mutation.getACL();
if (aclBytes != null) {
// Yes, use it
tags.add(new ArrayBackedTag(PermissionStorage.ACL_TAG_TYPE, aclBytes));
} else {
// No, use what we carried forward
if (perms != null) {
// TODO: If we collected ACLs from more than one tag we may have a
// List<Permission> of size > 1, this can be collapsed into a single
// Permission
if (LOG.isTraceEnabled()) {
LOG.trace("Carrying forward ACLs from " + oldCell + ": " + perms);
}
tags.addAll(aclTags);
}
}
// If we have no tags to add, just return
if (tags.isEmpty()) {
return newCell;
}
// Here the new cell's tags will be in visible.
return PrivateCellUtil.createCell(newCell, tags);
}
{code}
> When turn on access control, the cell level TTL of Increment and Append
> operations is invalid.
> ----------------------------------------------------------------------------------------------
>
> Key: HBASE-26001
> URL: https://issues.apache.org/jira/browse/HBASE-26001
> Project: HBase
> Issue Type: Bug
> Components: Coprocessors
> Reporter: Yutong Xiao
> Assignee: Yutong Xiao
> Priority: Major
>
> AccessController postIncrementBeforeWAL() and postAppendBeforeWAL() methods
> will rewrite the new cell's tags by the old cell's. This will makes the other
> kinds of tag in new cell invisible (such as TTL tag) after this. As in
> Increment and Append operations, the new cell has already catch forward all
> tags of the old cell and TTL tag from mutation operation, here in
> AccessController we do not need to rewrite the tags once again. Also, the TTL
> tag of newCell will be invisible in the new created cell. Actually, in
> Increment and Append operations, the newCell has already copied all tags of
> the oldCell. So the oldCell is useless here.
> {code:java}
> private Cell createNewCellWithTags(Mutation mutation, Cell oldCell, Cell
> newCell) {
> // Collect any ACLs from the old cell
> List<Tag> tags = Lists.newArrayList();
> List<Tag> aclTags = Lists.newArrayList();
> ListMultimap<String,Permission> perms = ArrayListMultimap.create();
> if (oldCell != null) {
> Iterator<Tag> tagIterator = PrivateCellUtil.tagsIterator(oldCell);
> while (tagIterator.hasNext()) {
> Tag tag = tagIterator.next();
> if (tag.getType() != PermissionStorage.ACL_TAG_TYPE) {
> // Not an ACL tag, just carry it through
> if (LOG.isTraceEnabled()) {
> LOG.trace("Carrying forward tag from " + oldCell + ": type " +
> tag.getType()
> + " length " + tag.getValueLength());
> }
> tags.add(tag);
> } else {
> aclTags.add(tag);
> }
> }
> }
> // Do we have an ACL on the operation?
> byte[] aclBytes = mutation.getACL();
> if (aclBytes != null) {
> // Yes, use it
> tags.add(new ArrayBackedTag(PermissionStorage.ACL_TAG_TYPE, aclBytes));
> } else {
> // No, use what we carried forward
> if (perms != null) {
> // TODO: If we collected ACLs from more than one tag we may have a
> // List<Permission> of size > 1, this can be collapsed into a single
> // Permission
> if (LOG.isTraceEnabled()) {
> LOG.trace("Carrying forward ACLs from " + oldCell + ": " + perms);
> }
> tags.addAll(aclTags);
> }
> }
> // If we have no tags to add, just return
> if (tags.isEmpty()) {
> return newCell;
> }
> // Here the new cell's tags will be in visible.
> return PrivateCellUtil.createCell(newCell, tags);
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)