Index: hbase-server/src/main/java/org/apache/hadoop/hbase/master/handler/DisableTableHandler.java =================================================================== --- hbase-server/src/main/java/org/apache/hadoop/hbase/master/handler/DisableTableHandler.java (revision 1572589) +++ hbase-server/src/main/java/org/apache/hadoop/hbase/master/handler/DisableTableHandler.java (working copy) @@ -25,6 +25,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.classification.InterfaceAudience; +import org.apache.hadoop.hbase.NamespaceDescriptor; import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.HRegionInfo; import org.apache.hadoop.hbase.Server; @@ -72,8 +73,9 @@ public DisableTableHandler prepare() throws TableNotFoundException, TableNotEnabledException, IOException { - if(tableName.equals(TableName.META_TABLE_NAME)) { - throw new ConstraintException("Cannot disable catalog table"); + if (tableName.getNamespaceAsString().equals(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR)) { + throw new ConstraintException("Cannot disable tables in '" + + NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR + "' namespace"); } //acquire the table write lock, blocking this.tableLock = this.tableLockManager.writeLock(tableName, Index: hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java =================================================================== --- hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java (revision 1572589) +++ hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java (working copy) @@ -77,6 +77,7 @@ import org.apache.hadoop.hbase.client.MetaScanner.MetaScannerVisitor; import org.apache.hadoop.hbase.client.MetaScanner.MetaScannerVisitorBase; import org.apache.hadoop.hbase.client.Result; +import org.apache.hadoop.hbase.constraint.ConstraintException; import org.apache.hadoop.hbase.coprocessor.CoprocessorHost; import org.apache.hadoop.hbase.exceptions.DeserializationException; import org.apache.hadoop.hbase.exceptions.MergeRegionException; @@ -1871,6 +1872,12 @@ public CreateTableResponse createTable(RpcController controller, CreateTableRequest req) throws ServiceException { HTableDescriptor hTableDescriptor = HTableDescriptor.convert(req.getTableSchema()); + // Do not allow users to create tables in system namespace + if (NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR.equals(hTableDescriptor.getTableName() + .getNamespaceAsString())) { + throw new ServiceException(new ConstraintException("Cannot create tables in '" + + NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR + "' namespace")); + } byte [][] splitKeys = ProtobufUtil.getSplitKeysArray(req); try { createTable(hTableDescriptor,splitKeys); @@ -1901,10 +1908,6 @@ return hRegionInfos; } - private static boolean isCatalogTable(final TableName tableName) { - return tableName.equals(TableName.META_TABLE_NAME); - } - @Override public void deleteTable(final TableName tableName) throws IOException { checkInitialized(); @@ -2158,8 +2161,9 @@ @Override public void checkTableModifiable(final TableName tableName) throws IOException, TableNotFoundException, TableNotDisabledException { - if (isCatalogTable(tableName)) { - throw new IOException("Can't modify catalog tables"); + if (tableName.getNamespaceAsString().equals(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR)) { + throw new DoNotRetryIOException("Can't modify tables in '" + + NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR + "' namespace"); } if (!MetaReader.tableExists(getCatalogTracker(), tableName)) { throw new TableNotFoundException(tableName); Index: hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java =================================================================== --- hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java (revision 1572589) +++ hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java (working copy) @@ -46,9 +46,8 @@ import org.apache.hadoop.hbase.KeyValueUtil; import org.apache.hadoop.hbase.NamespaceDescriptor; import org.apache.hadoop.hbase.ServerName; -import org.apache.hadoop.hbase.TableNotDisabledException; -import org.apache.hadoop.hbase.TableNotFoundException; import org.apache.hadoop.hbase.Tag; +import org.apache.hadoop.hbase.catalog.MetaReader; import org.apache.hadoop.hbase.client.Append; import org.apache.hadoop.hbase.client.Delete; import org.apache.hadoop.hbase.client.Get; @@ -842,10 +841,6 @@ @Override public void preDisableTable(ObserverContext c, TableName tableName) throws IOException { - if (Bytes.equals(tableName.getName(), AccessControlLists.ACL_GLOBAL_NAME)) { - throw new AccessDeniedException("Not allowed to disable " - + AccessControlLists.ACL_TABLE_NAME + " table."); - } requirePermission("disableTable", tableName, null, null, Action.ADMIN, Action.CREATE); } @@ -1760,16 +1755,10 @@ MasterServices masterServices = ctx.getEnvironment().getMasterServices(); for (TableName tableName: tableNamesList) { // Do not deny if the table does not exist - try { - masterServices.checkTableModifiable(tableName); - } catch (TableNotFoundException ex) { - // Skip checks for a table that does not exist - continue; - } catch (TableNotDisabledException ex) { - // We don't care about this + if (MetaReader.tableExists(masterServices.getCatalogTracker(), tableName)) { + requirePermission("getTableDescriptors", tableName, null, null, Permission.Action.ADMIN, + Permission.Action.CREATE); } - requirePermission("getTableDescriptors", tableName, null, null, - Permission.Action.ADMIN, Permission.Action.CREATE); } } } Index: hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java =================================================================== --- hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java (revision 1572589) +++ hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java (working copy) @@ -63,7 +63,6 @@ import org.apache.hadoop.hbase.client.Put; import org.apache.hadoop.hbase.client.Result; import org.apache.hadoop.hbase.client.Scan; -import org.apache.hadoop.hbase.constraint.ConstraintException; import org.apache.hadoop.hbase.coprocessor.BaseRegionObserver; import org.apache.hadoop.hbase.coprocessor.CoprocessorException; import org.apache.hadoop.hbase.coprocessor.CoprocessorHost; @@ -273,9 +272,6 @@ @Override public void preModifyTable(ObserverContext ctx, TableName tableName, HTableDescriptor htd) throws IOException { - if (LABELS_TABLE_NAME.equals(tableName)) { - throw new ConstraintException("Cannot alter " + LABELS_TABLE_NAME); - } } @Override @@ -296,9 +292,6 @@ @Override public void preAddColumn(ObserverContext ctx, TableName tableName, HColumnDescriptor column) throws IOException { - if (LABELS_TABLE_NAME.equals(tableName)) { - throw new ConstraintException("Cannot alter " + LABELS_TABLE_NAME); - } } @Override @@ -319,9 +312,6 @@ @Override public void preModifyColumn(ObserverContext ctx, TableName tableName, HColumnDescriptor descriptor) throws IOException { - if (LABELS_TABLE_NAME.equals(tableName)) { - throw new ConstraintException("Cannot alter " + LABELS_TABLE_NAME); - } } @Override @@ -342,9 +332,6 @@ @Override public void preDeleteColumn(ObserverContext ctx, TableName tableName, byte[] c) throws IOException { - if (LABELS_TABLE_NAME.equals(tableName)) { - throw new ConstraintException("Cannot alter " + LABELS_TABLE_NAME); - } } @Override @@ -385,9 +372,6 @@ @Override public void preDisableTable(ObserverContext ctx, TableName tableName) throws IOException { - if (LABELS_TABLE_NAME.equals(tableName)) { - throw new ConstraintException("Cannot disable " + LABELS_TABLE_NAME); - } } @Override Index: hbase-server/src/test/java/org/apache/hadoop/hbase/client/TestAdmin.java =================================================================== --- hbase-server/src/test/java/org/apache/hadoop/hbase/client/TestAdmin.java (revision 1572589) +++ hbase-server/src/test/java/org/apache/hadoop/hbase/client/TestAdmin.java (working copy) @@ -26,8 +26,6 @@ import java.io.IOException; import java.util.ArrayList; -import java.util.Collections; -import java.util.Comparator; import java.util.HashMap; import java.util.Iterator; import java.util.List; @@ -58,7 +56,6 @@ import org.apache.hadoop.hbase.TableNotFoundException; import org.apache.hadoop.hbase.ZooKeeperConnectionException; import org.apache.hadoop.hbase.catalog.CatalogTracker; -import org.apache.hadoop.hbase.catalog.MetaReader; import org.apache.hadoop.hbase.constraint.ConstraintException; import org.apache.hadoop.hbase.executor.EventHandler; import org.apache.hadoop.hbase.master.AssignmentManager; @@ -1101,12 +1098,12 @@ String msg = null; try { this.admin.createTable(HTableDescriptor.META_TABLEDESC); - } catch(TableExistsException e) { + } catch(ConstraintException e) { msg = e.toString(); } assertTrue("Unexcepted exception message " + msg, msg != null && - msg.startsWith(TableExistsException.class.getName()) && - msg.contains(HTableDescriptor.META_TABLEDESC.getTableName().getNameAsString())); + msg.startsWith(ConstraintException.class.getName()) && + msg.contains("Cannot create tables in 'hbase' namespace")); // Now try and do concurrent creation with a bunch of threads. final HTableDescriptor threadDesc = Index: hbase-server/src/test/java/org/apache/hadoop/hbase/TestNamespace.java =================================================================== --- hbase-server/src/test/java/org/apache/hadoop/hbase/TestNamespace.java (revision 1572589) +++ hbase-server/src/test/java/org/apache/hadoop/hbase/TestNamespace.java (working copy) @@ -37,7 +37,6 @@ import org.apache.hadoop.hbase.client.HBaseAdmin; import org.apache.hadoop.hbase.client.HTable; import org.apache.hadoop.hbase.client.Put; -import org.apache.hadoop.hbase.constraint.ConstraintException; import org.apache.hadoop.hbase.master.HMaster; import org.apache.hadoop.hbase.util.Bytes; import org.apache.hadoop.hbase.util.FSUtils; @@ -52,11 +51,6 @@ import org.junit.Test; import org.junit.experimental.categories.Category; -import java.io.IOException; -import java.util.Set; - -import static org.junit.Assert.*; - @Category(MediumTests.class) public class TestNamespace { protected static final Log LOG = LogFactory.getLog(TestNamespace.class); @@ -285,11 +279,11 @@ HTableDescriptor desc = new HTableDescriptor(TableName.valueOf(tableName)); HColumnDescriptor colDesc = new HColumnDescriptor("cf1"); desc.addFamily(colDesc); - admin.createTable(desc); - assertEquals(0, admin.listTables().length); - assertTrue(admin.tableExists(Bytes.toBytes(tableName))); - admin.disableTable(desc.getTableName()); - admin.deleteTable(desc.getTableName()); + try { + admin.createTable(desc); + fail("Should not allow creation of tables in 'hbase' namespace"); + } catch (Exception e) { + } } @Ignore @Test