Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-15465

userPermission returned by getUserPermission() for the selected namespace does not have namespace set

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.2.0
    • 1.3.0, 1.2.2, 0.98.20, 2.0.0
    • Protobufs
    • None

    Description

      The request sent is with type = Namespace, but the response returned contains Global permissions (that is, the field of namespace is not set)

      It is in hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java, from line 2380, and I made some comments into it

      /**
         * A utility used to get permissions for selected namespace.
         * <p>
         * It's also called by the shell, in case you want to find references.
         *
         * @param protocol the AccessControlService protocol proxy
         * @param namespace name of the namespace
         * @throws ServiceException
         */
        public static List<UserPermission> getUserPermissions(
            AccessControlService.BlockingInterface protocol,
            byte[] namespace) throws ServiceException {
          AccessControlProtos.GetUserPermissionsRequest.Builder builder =
            AccessControlProtos.GetUserPermissionsRequest.newBuilder();
          if (namespace != null) {
            builder.setNamespaceName(ByteStringer.wrap(namespace)); 
          }
          builder.setType(AccessControlProtos.Permission.Type.Namespace);  //builder is set with type = Namespace
          AccessControlProtos.GetUserPermissionsRequest request = builder.build();  //I printed the request, its type is Namespace, which is correct.
          AccessControlProtos.GetUserPermissionsResponse response =  
             protocol.getUserPermissions(null, request);
      /* I printed the response, it contains Global permissions, as below, not a Namespace permission.
      
      user_permission {
        user: "a1"
        permission {
          type: Global
          global_permission {
            action: READ
            action: WRITE
            action: ADMIN
            action: EXEC
            action: CREATE
          }
        }
      }
      
      AccessControlProtos.GetUserPermissionsRequest has a member called type_ to store the type, but AccessControlProtos.GetUserPermissionsResponse does not.
      */
           
          List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount());
          for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) {
            perms.add(ProtobufUtil.toUserPermission(perm));  // (1)
          }
          return perms;
        }
      

      it could be more reasonable to return user permissions with namespace set in getUserPermission() for selected namespace ?

      Attachments

        1. HBASE-15465.patch.v0
          2 kB
          Xiang Li
        2. HBASE-15465.patch.v1
          2 kB
          Xiang Li
        3. HBASE-15465-master-v2.patch
          3 kB
          Xiang Li

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            xiangli Xiang Li
            xiangli Xiang Li
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment