HBASE-13171 Change AccessControlClient methods to accept connection o…

…bject to reduce setup time (Srikanth Srungarapu)
apache · Mar 12, 2015 · 7a3ea23 · 7a3ea23
1 parent 9c83fa7
commit 7a3ea23
Show file tree

Hide file tree

Showing 6 changed files with 105 additions and 117 deletions.
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
@@ -22,7 +22,6 @@
 import java.util.List;
 import java.util.regex.Pattern;
 
-import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.HConstants;
 import org.apache.hadoop.hbase.HTableDescriptor;
 import org.apache.hadoop.hbase.MasterNotRunningException;
@@ -33,7 +32,6 @@
 import org.apache.hadoop.hbase.classification.InterfaceStability;
 import org.apache.hadoop.hbase.client.Admin;
 import org.apache.hadoop.hbase.client.Connection;
-import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Table;
 import org.apache.hadoop.hbase.ipc.CoprocessorRpcChannel;
 import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
@@ -60,156 +58,127 @@ private static BlockingInterface getAccessControlServiceStub(Table ht)
 
   /**
    * Grants permission on the specified table for the specified user
-   * @param conf
+   * @param connection The Connection instance to use
    * @param tableName
    * @param userName
    * @param family
    * @param qual
    * @param actions
    * @throws Throwable
    */
-  public static void grant(Configuration conf, final TableName tableName,
+  public static void grant(Connection connection, final TableName tableName,
       final String userName, final byte[] family, final byte[] qual,
       final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-    // setup each time.  This class only used in test and shell at moment though.
+      ProtobufUtil.grant(getAccessControlServiceStub(table), userName, tableName, family, qual,
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.grant(getAccessControlServiceStub(table), userName, tableName, family, qual,
           actions);
-      }
     }
   }
 
   /**
    * Grants permission on the specified namespace for the specified user.
-   * @param conf
+   * @param connection The Connection instance to use
    * @param namespace
    * @param userName
    * @param actions
    * @throws Throwable
    */
-  public static void grant(Configuration conf, final String namespace,
+  public static void grant(Connection connection, final String namespace,
       final String userName, final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-    // setup each time.  This class only used in test and shell at moment though.
+      ProtobufUtil.grant(getAccessControlServiceStub(table), userName, namespace, actions);
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.grant(getAccessControlServiceStub(table), userName, namespace, actions);
-      }
     }
   }
 
   /**
+   * @param connection The Connection instance to use
    * Grant global permissions for the specified user.
    */
-  public static void grant(Configuration conf, final String userName,
+  public static void grant(Connection connection, final String userName,
        final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-    // setup each time.  This class only used in test and shell at moment though.
+      ProtobufUtil.grant(getAccessControlServiceStub(table), userName, actions);
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.grant(getAccessControlServiceStub(table), userName, actions);
-      }
     }
   }
 
-  public static boolean isAccessControllerRunning(Configuration conf)
+  public static boolean isAccessControllerRunning(Connection connection)
       throws MasterNotRunningException, ZooKeeperConnectionException, IOException {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
+    try (Admin admin = connection.getAdmin()) {
-    // setup each time.  This class only used in test and shell at moment though.
+      return admin.isTableAvailable(ACL_TABLE_NAME);
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Admin admin = connection.getAdmin()) {
-        return admin.isTableAvailable(ACL_TABLE_NAME);
-      }
     }
   }
 
   /**
    * Revokes the permission on the table
-   * @param conf
+   * @param connection The Connection instance to use
    * @param tableName
    * @param username
    * @param family
    * @param qualifier
    * @param actions
    * @throws Throwable
    */
-  public static void revoke(Configuration conf, final TableName tableName,
+  public static void revoke(Connection connection, final TableName tableName,
       final String username, final byte[] family, final byte[] qualifier,
       final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-    // setup each time.  This class only used in test and shell at moment though.
+      ProtobufUtil.revoke(getAccessControlServiceStub(table), username, tableName, family,
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.revoke(getAccessControlServiceStub(table), username, tableName, family,
           qualifier, actions);
-      }
     }
   }
 
   /**
    * Revokes the permission on the table for the specified user.
-   * @param conf
+   * @param connection The Connection instance to use
    * @param namespace
    * @param userName
    * @param actions
    * @throws Throwable
    */
-  public static void revoke(Configuration conf, final String namespace,
+  public static void revoke(Connection connection, final String namespace,
-    final String userName, final Permission.Action... actions) throws Throwable {
+      final String userName, final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-    // setup each time.  This class only used in test and shell at moment though.
+      ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, namespace, actions);
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, namespace, actions);
-      }
     }
   }
 
   /**
    * Revoke global permissions for the specified user.
+   * @param connection The Connection instance to use
    */
-  public static void revoke(Configuration conf, final String userName,
+  public static void revoke(Connection connection, final String userName,
       final Permission.Action... actions) throws Throwable {
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-    // setup each time.  This class only used in test and shell at moment though.
+      ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, actions);
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-        ProtobufUtil.revoke(getAccessControlServiceStub(table), userName, actions);
-      }
     }
+
   }
 
   /**
    * List all the userPermissions matching the given pattern.
-   * @param conf
+   * @param connection The Connection instance to use
    * @param tableRegex The regular expression string to match against
    * @return - returns an array of UserPermissions
    * @throws Throwable
    */
-  public static List<UserPermission> getUserPermissions(Configuration conf, String tableRegex)
+  public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex)
       throws Throwable {
     List<UserPermission> permList = new ArrayList<UserPermission>();
-    // TODO: Make it so caller passes in a Connection rather than have us do this expensive
+    try (Table table = connection.getTable(ACL_TABLE_NAME)) {
-    // setup each time.  This class only used in test and shell at moment though.
+      try (Admin admin = connection.getAdmin()) {
-    try (Connection connection = ConnectionFactory.createConnection(conf)) {
+        CoprocessorRpcChannel service = table.coprocessorService(HConstants.EMPTY_START_ROW);
-      try (Table table = connection.getTable(ACL_TABLE_NAME)) {
+        BlockingInterface protocol =
-        try (Admin admin = connection.getAdmin()) {
-          CoprocessorRpcChannel service = table.coprocessorService(HConstants.EMPTY_START_ROW);
-          BlockingInterface protocol =
             AccessControlProtos.AccessControlService.newBlockingStub(service);
-          HTableDescriptor[] htds = null;
+        HTableDescriptor[] htds = null;
-          if (tableRegex == null || tableRegex.isEmpty()) {
+        if (tableRegex == null || tableRegex.isEmpty()) {
-            permList = ProtobufUtil.getUserPermissions(protocol);
+          permList = ProtobufUtil.getUserPermissions(protocol);
-          } else if (tableRegex.charAt(0) == '@') {
+        } else if (tableRegex.charAt(0) == '@') {
-            String namespace = tableRegex.substring(1);
+          String namespace = tableRegex.substring(1);
-            permList = ProtobufUtil.getUserPermissions(protocol, Bytes.toBytes(namespace));
+          permList = ProtobufUtil.getUserPermissions(protocol, Bytes.toBytes(namespace));
-          } else {
+        } else {
-            htds = admin.listTables(Pattern.compile(tableRegex), true);
+          htds = admin.listTables(Pattern.compile(tableRegex), true);
-            for (HTableDescriptor hd : htds) {
+          for (HTableDescriptor hd : htds) {
-              permList.addAll(ProtobufUtil.getUserPermissions(protocol, hd.getTableName()));
+            permList.addAll(ProtobufUtil.getUserPermissions(protocol, hd.getTableName()));
-            }
           }
         }
       }

diff --git a/...rc/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java b/...rc/test/java/org/apache/hadoop/hbase/test/IntegrationTestBigLinkedListWithVisibility.java
@@ -40,6 +40,7 @@
 import org.apache.hadoop.hbase.client.Admin;
 import org.apache.hadoop.hbase.client.BufferedMutator;
 import org.apache.hadoop.hbase.client.BufferedMutatorParams;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.client.Delete;
 import org.apache.hadoop.hbase.client.HBaseAdmin;
 import org.apache.hadoop.hbase.client.HConnection;
@@ -128,7 +129,8 @@ static class VisibilityGenerator extends Generator {
     protected void createSchema() throws IOException {
       LOG.info("Creating tables");
       // Create three tables
-      boolean acl = AccessControlClient.isAccessControllerRunning(getConf());
+      boolean acl = AccessControlClient.isAccessControllerRunning(ConnectionFactory
+          .createConnection(getConf()));
       if(!acl) {
         LOG.info("No ACL available.");
       }
@@ -156,8 +158,8 @@ private void createTable(Admin admin, TableName tableName, boolean setVersion,
           LOG.info("Granting permissions for user " + USER.getShortName());
           Permission.Action[] actions = { Permission.Action.READ };
           try {
-            AccessControlClient.grant(getConf(), tableName, USER.getShortName(), null, null,
+            AccessControlClient.grant(ConnectionFactory.createConnection(getConf()), tableName,
-                actions);
+                USER.getShortName(), null, null, actions);
           } catch (Throwable e) {
             LOG.fatal("Error in granting permission for the user " + USER.getShortName(), e);
             throw new IOException(e);

diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
@@ -403,13 +403,13 @@ public Void call() throws Exception {
    * or will throw an exception upon timeout (10 seconds).
    */
   public static void grantOnNamespaceUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final String namespace,
+      final Connection connection, final String user, final String namespace,
       final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.grant(conf, namespace, user, actions);
+          AccessControlClient.grant(connection, namespace, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -424,13 +424,13 @@ public Void call() throws Exception {
    * or will throw an exception upon timeout (10 seconds).
    */
   public static void revokeFromNamespaceUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final String namespace,
+      final Connection connection, final String user, final String namespace,
       final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.revoke(conf, namespace, user, actions);
+          AccessControlClient.revoke(connection, namespace, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -492,13 +492,13 @@ public Void call() throws Exception {
    * throw an exception upon timeout (10 seconds).
    */
   public static void grantOnTableUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final TableName table, final byte[] family,
+      final Connection connection, final String user, final TableName table, final byte[] family,
       final byte[] qualifier, final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.grant(conf, table, user, family, qualifier, actions);
+          AccessControlClient.grant(connection, table, user, family, qualifier, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -513,13 +513,13 @@ public Void call() throws Exception {
    * throw an exception upon timeout (10 seconds).
    */
   public static void grantGlobalUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final Permission.Action... actions)
+      final Connection connection, final String user, final Permission.Action... actions)
       throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.grant(conf, user, actions);
+          AccessControlClient.grant(connection, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -558,13 +558,13 @@ public Void call() throws Exception {
    * throw an exception upon timeout (10 seconds).
    */
   public static void revokeFromTableUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user, final TableName table, final byte[] family,
+      final Connection connection, final String user, final TableName table, final byte[] family,
       final byte[] qualifier, final Permission.Action... actions) throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.revoke(conf, table, user, family, qualifier, actions);
+          AccessControlClient.revoke(connection, table, user, family, qualifier, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }
@@ -579,13 +579,13 @@ public Void call() throws Exception {
    * throw an exception upon timeout (10 seconds).
    */
   public static void revokeGlobalUsingAccessControlClient(final HBaseTestingUtility util,
-      final Configuration conf, final String user,final Permission.Action... actions)
+      final Connection connection, final String user,final Permission.Action... actions)
       throws Exception {
     SecureTestUtil.updateACLs(util, new Callable<Void>() {
       @Override
       public Void call() throws Exception {
         try {
-          AccessControlClient.revoke(conf, user, actions);
+          AccessControlClient.revoke(connection, user, actions);
         } catch (Throwable t) {
           t.printStackTrace();
         }