diff --git hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java index 23f0583..130587a 100644 --- hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java +++ hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java @@ -1074,6 +1074,10 @@ public class VisibilityController implements MasterObserver, RegionObserver, public ReturnCode filterKeyValue(Cell cell) throws IOException { List putVisTags = new ArrayList<>(); Byte putCellVisTagsFormat = VisibilityUtils.extractVisibilityTags(cell, putVisTags); + if (putVisTags.isEmpty() && deleteCellVisTags.isEmpty()) { + // Early out if there are no tags in the cell + return ReturnCode.INCLUDE; + } boolean matchFound = VisibilityLabelServiceManager .getInstance().getVisibilityLabelService() .matchVisibility(putVisTags, putCellVisTagsFormat, deleteCellVisTags, diff --git hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDeletes.java hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDeletes.java index dfc48bf..2d674a4 100644 --- hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDeletes.java +++ hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithDeletes.java @@ -17,9 +17,12 @@ */ package org.apache.hadoop.hbase.security.visibility; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hbase.Cell; import org.apache.hadoop.hbase.CellScanner; +import org.apache.hadoop.hbase.CellUtil; import org.apache.hadoop.hbase.HBaseTestingUtility; import org.apache.hadoop.hbase.HColumnDescriptor; import org.apache.hadoop.hbase.HConstants; @@ -67,6 +70,7 @@ import static org.junit.Assert.assertTrue; */ @Category({SecurityTests.class, MediumTests.class}) public class TestVisibilityLabelsWithDeletes { + private static final Log LOG = LogFactory.getLog(TestVisibilityLabelsWithDeletes.class); private static final String TOPSECRET = "TOPSECRET"; private static final String PUBLIC = "PUBLIC"; private static final String PRIVATE = "PRIVATE"; @@ -3285,4 +3289,47 @@ public class TestVisibilityLabelsWithDeletes { public static List createList(T... ts) { return new ArrayList<>(Arrays.asList(ts)); } + + + @Test + public void testDeleteCellWithoutVisibility() throws IOException, InterruptedException { + testDeleteCellWithoutVisibility(false); + } + + @Test + public void testDeleteAllCellWithoutVisibility() throws IOException, InterruptedException { + testDeleteCellWithoutVisibility(true); + } + + private void testDeleteCellWithoutVisibility(boolean deletaALl) throws IOException, InterruptedException { + setAuths(); + final TableName tableName = TableName.valueOf(TEST_NAME.getMethodName() + (deletaALl ? "deleteall" : "delete")); + Admin hBaseAdmin = TEST_UTIL.getAdmin(); + HColumnDescriptor colDesc = new HColumnDescriptor(fam); + colDesc.setMaxVersions(5); + HTableDescriptor desc = new HTableDescriptor(tableName); + desc.addFamily(colDesc); + hBaseAdmin.createTable(desc); + List puts = new ArrayList<>(2); + Put put = new Put(row1); + put.addColumn(fam, qual, value); + puts.add(put); + try (Table table = TEST_UTIL.getConnection().getTable(tableName)){ + table.put(puts); + Result r = table.get(new Get(row1)); + assertEquals(1, r.size()); + assertEquals(Bytes.toString(value), Bytes.toString(CellUtil.cloneValue(r.rawCells()[0]))); + + Delete d = new Delete(row1); + if (deletaALl) { + d.addColumns(fam, qual); + } else { + d.addColumn(fam, qual); + } + table.delete(d); + r = table.get(new Get(row1)); + assertEquals(0, r.size()); + } + } + }