From b8c8e20e96e404ed60be3462691d44b160eed216 Mon Sep 17 00:00:00 2001 From: songxincun <365724453@qq.com> Date: Sat, 11 Apr 2020 22:29:46 +0800 Subject: [PATCH 1/2] user_permission failed when show table permissions with '.*' argument [HBASE-22879]user_permission command failed to show global permission --- hbase-shell/src/main/ruby/hbase/security.rb | 6 +++++- hbase-shell/src/test/ruby/hbase/security_admin_test.rb | 8 ++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/hbase-shell/src/main/ruby/hbase/security.rb b/hbase-shell/src/main/ruby/hbase/security.rb index f9aa2667ecd5..98193e7a9320 100644 --- a/hbase-shell/src/main/ruby/hbase/security.rb +++ b/hbase-shell/src/main/ruby/hbase/security.rb @@ -150,7 +150,7 @@ def user_permission(table_regex = nil) if !table_regex.nil? && isNamespace?(table_regex) nsPerm = permission.to_java(org.apache.hadoop.hbase.security.access.NamespacePermission) namespace = nsPerm.getNamespace - elsif !table_regex.nil? + elsif !table_regex.nil? && isTablePermission?(permission) tblPerm = permission.to_java(org.apache.hadoop.hbase.security.access.TablePermission) namespace = tblPerm.getNamespace table = !tblPerm.getTableName.nil? ? tblPerm.getTableName.getNameAsString : '' @@ -183,6 +183,10 @@ def isNamespace?(table_name) table_name.start_with?('@') end + def isTablePermission?(permission) + permission.java_kind_of?(org.apache.hadoop.hbase.security.access.TablePermission) + end + # Does Namespace exist def namespace_exists?(namespace_name) return !@admin.getNamespaceDescriptor(namespace_name).nil? diff --git a/hbase-shell/src/test/ruby/hbase/security_admin_test.rb b/hbase-shell/src/test/ruby/hbase/security_admin_test.rb index e19c22cea3af..171ff9e7ca71 100644 --- a/hbase-shell/src/test/ruby/hbase/security_admin_test.rb +++ b/hbase-shell/src/test/ruby/hbase/security_admin_test.rb @@ -91,6 +91,14 @@ def teardown end assert(found_permission, 'Permission for user ' + global_user_name + ' was not found.') + security_admin.user_permission('.*') do |user, permission| + if user == global_user_name + assert_match(/WRITE/, permission.to_s) + found_permission = true + end + end + assert(found_permission, 'Permission for user ' + global_user_name + ' was not found.') + found_permission = false security_admin.revoke(global_user_name) security_admin.user_permission do |user, _| From 48b3092f7a2b1958b628b7ac946983d24108c292 Mon Sep 17 00:00:00 2001 From: EEPROM Date: Mon, 13 Apr 2020 11:27:59 +0800 Subject: [PATCH 2/2] Update security_admin_test.rb --- hbase-shell/src/test/ruby/hbase/security_admin_test.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/hbase-shell/src/test/ruby/hbase/security_admin_test.rb b/hbase-shell/src/test/ruby/hbase/security_admin_test.rb index 171ff9e7ca71..e1360c27301b 100644 --- a/hbase-shell/src/test/ruby/hbase/security_admin_test.rb +++ b/hbase-shell/src/test/ruby/hbase/security_admin_test.rb @@ -91,6 +91,7 @@ def teardown end assert(found_permission, 'Permission for user ' + global_user_name + ' was not found.') + found_permission = false security_admin.user_permission('.*') do |user, permission| if user == global_user_name assert_match(/WRITE/, permission.to_s)