HBASE-22879 user_permission command failed to show global permission (#…

…511)
apache · Aug 21, 2019 · 9d178cf · 9d178cf
1 parent 22814f8
commit 9d178cf
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 2 deletions.
diff --git a/hbase-shell/src/main/ruby/hbase/security.rb b/hbase-shell/src/main/ruby/hbase/security.rb
@@ -150,7 +150,7 @@ def user_permission(table_regex = nil)
         if !table_regex.nil? && isNamespace?(table_regex)
           nsPerm = permission.to_java(org.apache.hadoop.hbase.security.access.NamespacePermission)
           namespace = nsPerm.getNamespace
-        else
+        elsif !table_regex.nil?
           tblPerm = permission.to_java(org.apache.hadoop.hbase.security.access.TablePermission)
           namespace = tblPerm.getNamespace
           table = !tblPerm.getTableName.nil? ? tblPerm.getTableName.getNameAsString : ''

diff --git a/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestShell.java b/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestShell.java
@@ -35,7 +35,7 @@ public class TestShell extends AbstractTestShell {
   @Test
   public void testRunShellTests() throws IOException {
     System.setProperty("shell.test.exclude", "replication_admin_test.rb,rsgroup_shell_test.rb," +
-      "admin_test.rb,table_test.rb,quotas_test.rb");
+      "admin_test.rb,table_test.rb,quotas_test.rb,admin2_test.rb");
     // Start all ruby tests
     jruby.runScriptlet(PathType.ABSOLUTE, "src/test/ruby/tests_runner.rb");
   }

diff --git a/hbase-shell/src/test/ruby/hbase/security_admin_test.rb b/hbase-shell/src/test/ruby/hbase/security_admin_test.rb
@@ -78,5 +78,25 @@ def teardown
       end
       assert(found_permission, "Permission for user test_grant_revoke was not found.")
     end
+
+    define_test 'Grant and revoke global permission should set access rights appropriately' do
+      global_user_name = 'test_grant_revoke_global'
+      security_admin.grant(global_user_name, 'W')
+      found_permission = false
+      security_admin.user_permission do |user, permission|
+        if user == global_user_name
+          assert_match(/WRITE/, permission.to_s)
+          found_permission = true
+        end
+      end
+      assert(found_permission, 'Permission for user ' + global_user_name + ' was not found.')
+
+      found_permission = false
+      security_admin.revoke(global_user_name)
+      security_admin.user_permission do |user, _|
+        found_permission = true if user == global_user_name
+      end
+      assert(!found_permission, 'Permission for user ' + global_user_name + ' was found.')
+    end
   end
 end