diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java index 2efcf63..1e52d57 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java @@ -839,10 +839,16 @@ public class MasterRpcServices extends RSRpcServices Pattern pat = Pattern.compile(regex); for (Iterator itr = descriptors.iterator(); itr.hasNext(); ) { HTableDescriptor htd = itr.next(); - if (!pat.matcher(htd.getTableName().getNameAsString()).matches()) { + String tableName = htd.getTableName().getNameAsString(); + String defaultNameSpace = NamespaceDescriptor.DEFAULT_NAMESPACE_NAME_STR; + boolean matched = pat.matcher(tableName).matches(); + if(!matched && htd.getTableName().getNamespaceAsString().equals(defaultNameSpace)) { + matched = pat.matcher(defaultNameSpace + TableName.NAMESPACE_DELIM + tableName) + .matches(); + } + if (!matched) itr.remove(); } - } } if (master.cpHost != null) { diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index 76aa656..c79086c 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -2433,38 +2433,74 @@ public class TestAccessController extends SecureTestUtil { } } + private PrivilegedAction> getPrivilegedAction(final String regex) { + return new PrivilegedAction>() { + @Override + public List run() { + try { + return AccessControlClient.getUserPermissions(conf, regex); + } catch (Throwable e) { + LOG.error("error during call of AccessControlClient.getUserPermissions. " + + e.getStackTrace()); + return null; + } + } + }; + } + @Test public void testAccessControlClientUserPerms() throws Exception { - try { - final String regex = TEST_TABLE.getTableName().getNameAsString(); - User testUserPerms = User.createUserForTesting(conf, "testUserPerms", new String[0]); - - PrivilegedAction> listTablesRestrictedAction = - new PrivilegedAction>() { - @Override - public List run() { - try { - return AccessControlClient.getUserPermissions(conf, regex); - } catch (Throwable e) { - LOG.error("error during call of AccessControlClient.getUserPermissions. " - + e.getStackTrace()); - return null; - } - } - }; - assertNull(testUserPerms.runAs(listTablesRestrictedAction)); - - // Grant TABLE ADMIN privs to testUserPerms - grantOnTable(TEST_UTIL, testUserPerms.getShortName(), - TEST_TABLE.getTableName(), null, null, - Permission.Action.ADMIN); - List perms = testUserPerms.runAs(listTablesRestrictedAction); - assertNotNull(perms); - // USER_ADMIN, USER_CREATE, USER_RW, USER_RO, testUserPerms has row each. - assertEquals(5, perms.size()); - } catch (Throwable e) { - throw new HBaseIOException(e); - } + // adding default prefix explicitly as it is not included in the table name. + final String regex = TEST_TABLE.getTableName().getNamespaceAsString() + ":" + + TEST_TABLE.getTableName().getNameAsString(); + User testUserPerms = User.createUserForTesting(conf, "testUserPerms", new String[0]); + assertNull(testUserPerms.runAs(getPrivilegedAction(regex))); + // Grant TABLE ADMIN privs to testUserPerms + grantOnTable(TEST_UTIL, testUserPerms.getShortName(), TEST_TABLE.getTableName(), null, + null, Action.ADMIN); + List perms = testUserPerms.runAs(getPrivilegedAction(regex)); + assertNotNull(perms); + // USER_ADMIN, USER_CREATE, USER_RW, USER_RO, testUserPerms has row each. + assertEquals(5, perms.size()); } + + + @Test + public void testAccessControllerRegexHandling() throws Exception { + User testRegexHandler = User.createUserForTesting(conf, "testRegexHandling", new String[0]); + String tableName = "testRegex"; + final TableName table1 = TableName.valueOf(tableName); + final byte[] family = Bytes.toBytes("f1"); + + // create table in default ns + Admin admin = TEST_UTIL.getHBaseAdmin(); + HTableDescriptor htd = new HTableDescriptor(table1); + htd.addFamily(new HColumnDescriptor(family)); + admin.createTable(htd); + TEST_UTIL.waitUntilAllRegionsAssigned(table1); + + // creating the ns and table in it + String ns = "testNamespace"; + NamespaceDescriptor desc = NamespaceDescriptor.create(ns).build(); + final TableName table2 = TableName.valueOf(ns + ":" + tableName); + TEST_UTIL.getMiniHBaseCluster().getMaster().createNamespace(desc); + htd = new HTableDescriptor(table2); + htd.addFamily(new HColumnDescriptor(family)); + admin.createTable(htd); + + // Grant TABLE ADMIN privs to testUserPerms + grantOnTable(TEST_UTIL, testRegexHandler.getShortName(), table1, null, null, Action.ADMIN); + grantOnTable(TEST_UTIL, testRegexHandler.getShortName(), table2, null, null, Action.ADMIN); + + // USER_ADMIN, testUserPerms must have a row each. + assertEquals(2, testRegexHandler.runAs(getPrivilegedAction(tableName)).size()); + assertEquals(2, testRegexHandler.runAs(getPrivilegedAction("default:" + tableName)).size()); + assertEquals(2, testRegexHandler.runAs(getPrivilegedAction(ns + ":" + tableName)).size()); + assertEquals(0, testRegexHandler.runAs(getPrivilegedAction("notMatchingAny")).size()); + + TEST_UTIL.deleteTable(table1); + TEST_UTIL.deleteTable(table2); + TEST_UTIL.getMiniHBaseCluster().getMaster().deleteNamespace(ns); + } }