ddupg commented on code in PR #4865:
URL: https://github.com/apache/hbase/pull/4865#discussion_r1016087821
##########
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SnapshotScannerHDFSAclController.java:
##########
@@ -132,8 +132,7 @@ public void
preMasterInitialization(ObserverContext<MasterCoprocessorEnvironment
userProvider =
UserProvider.instantiate(c.getEnvironment().getConfiguration());
} else {
LOG.warn("Try to initialize the coprocessor
SnapshotScannerHDFSAclController but failure "
- + "because the config " +
SnapshotScannerHDFSAclHelper.ACL_SYNC_TO_HDFS_ENABLE
- + " is false.");
+ + "because the config {} is false.",
SnapshotScannerHDFSAclHelper.ACL_SYNC_TO_HDFS_ENABLE);
Review Comment:
OK.
##########
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SnapshotScannerHDFSAclController.java:
##########
@@ -610,7 +609,8 @@ private Set<String> filterUsersToRemoveNsAccessAcl(Table
aclTable, TableName tab
PermissionStorage.isGlobalEntry(entry)
|| (PermissionStorage.isNamespaceEntry(entry)
&& Bytes.equals(PermissionStorage.fromNamespaceEntry(entry),
namespace))
- || (!Bytes.equals(tableName.getName(), entry)
+ || (PermissionStorage.isTableEntry(entry)
Review Comment:
Yes, this is the problem.
The `userEntries` from hbase:acl contains namespaces (beginning with '@'
like '@ns1') and tables, before we call `TableName.valueOf(entry)`, must make
sure it is a table name and not a namespace name. If a namespace name goes
there, `TableName.valueOf(entry)` will throw IllegalArgumentException since
char '@'.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
