HBASE-22879 user_permission command failed to show global permission

apache · Aug 19, 2019 · 5803246 · 5803246
1 parent 7697d48
commit 5803246
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 2 deletions.
diff --git a/hbase-shell/src/main/ruby/hbase/security.rb b/hbase-shell/src/main/ruby/hbase/security.rb
@@ -150,7 +150,7 @@ def user_permission(table_regex = nil)
         if !table_regex.nil? && isNamespace?(table_regex)
           nsPerm = permission.to_java(org.apache.hadoop.hbase.security.access.NamespacePermission)
           namespace = nsPerm.getNamespace
-        else
+        elsif !table_regex.nil?
           tblPerm = permission.to_java(org.apache.hadoop.hbase.security.access.TablePermission)
           namespace = tblPerm.getNamespace
           table = !tblPerm.getTableName.nil? ? tblPerm.getTableName.getNameAsString : ''

diff --git a/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestShell.java b/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestShell.java
@@ -35,7 +35,7 @@ public class TestShell extends AbstractTestShell {
   @Test
   public void testRunShellTests() throws IOException {
     System.setProperty("shell.test.exclude", "replication_admin_test.rb,rsgroup_shell_test.rb," +
-      "admin_test.rb,table_test.rb,quotas_test.rb");
+      "admin_test.rb,table_test.rb,quotas_test.rb,admin2_test.rb");
     // Start all ruby tests
     jruby.runScriptlet(PathType.ABSOLUTE, "src/test/ruby/tests_runner.rb");
   }

diff --git a/hbase-shell/src/test/ruby/hbase/security_admin_test.rb b/hbase-shell/src/test/ruby/hbase/security_admin_test.rb
@@ -78,5 +78,30 @@ def teardown
       end
       assert(found_permission, "Permission for user test_grant_revoke was not found.")
     end
+
+    define_test "Grant and revoke global permission should set access rights appropriately" do
+      global_user_name = "test_grant_revoke_global"
+      global_user = org.apache.hadoop.hbase.security.User.createUserForTesting(
+          $TEST_CLUSTER.getConfiguration, global_user_name, []).getName()
+      security_admin.grant(global_user,"W")
+      found_permission = false
+      security_admin.user_permission() do |user, permission|
+        if user == global_user_name
+          assert_match(eval("/WRITE/"), permission.to_s)
+          found_permission = true
+        end
+      end
+      assert(found_permission, "Permission for user " + global_user_name + " was not found.")
+
+      found_permission = false
+      security_admin.revoke(global_user)
+      security_admin.user_permission() do |user, permission|
+        if user == global_user_name
+          found_permission = true
+        end
+      end
+      assert(!found_permission, "Permission for user " + global_user_name + " was found.")
+    end
+
   end
 end