From 81671f2b3fc948185559d37fcce43bf8954dadf3 Mon Sep 17 00:00:00 2001 From: Kota-SH Date: Fri, 14 Apr 2023 04:19:29 -0500 Subject: [PATCH] HBASE-27422: Support replication for hbase:acl (#4827) Signed-off-by: Ankit Singhal Signed-off-by: Duo Zhang Signed-off-by: Tak Lon (Stephen) Wu Signed-off-by: Wellington Chevreuil (cherry-picked from commit 856fa145372b85e7f600f7c959b69ee62702dfb1) --- .../replication/SystemTableWALEntryFilter.java | 14 +++++++++++++- .../TestReplicationWALEntryFilters.java | 14 ++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/replication/SystemTableWALEntryFilter.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/replication/SystemTableWALEntryFilter.java index d71260cce5c0..495bfc03ed3b 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/replication/SystemTableWALEntryFilter.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/replication/SystemTableWALEntryFilter.java @@ -17,16 +17,28 @@ */ package org.apache.hadoop.hbase.replication; +import org.apache.hadoop.hbase.security.access.PermissionStorage; +import org.apache.hadoop.hbase.security.visibility.VisibilityConstants; import org.apache.hadoop.hbase.wal.WAL.Entry; import org.apache.yetus.audience.InterfaceAudience; /** - * Skips WAL edits for all System tables including hbase:meta. + * Skips WAL edits for all System tables including hbase:meta except hbase:acl. As of now, only 2 + * tables can be allowed for replication - hbase:acl and hbase:labels. Other tables which not be + * replicated are 1. hbase:meta - not to be replicated 2. hbase:canary - for current cluster 3. + * hbase:namespace - Deprecated and moved to meta 4. hbase:quota - related to namespace, quota for + * the current cluster usage 5. hbase:rsgroup - contains hostnames */ @InterfaceAudience.Private public class SystemTableWALEntryFilter implements WALEntryFilter { @Override public Entry filter(Entry entry) { + if ( + entry.getKey().getTableName().equals(PermissionStorage.ACL_TABLE_NAME) + || entry.getKey().getTableName().equals(VisibilityConstants.LABELS_TABLE_NAME) + ) { + return entry; + } return entry.getKey().getTableName().isSystemTable() ? null : entry; } } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/replication/TestReplicationWALEntryFilters.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/replication/TestReplicationWALEntryFilters.java index 4de28a0fd0b3..d5f91d808fc9 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/replication/TestReplicationWALEntryFilters.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/replication/TestReplicationWALEntryFilters.java @@ -36,6 +36,8 @@ import org.apache.hadoop.hbase.KeyValue; import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.client.RegionInfoBuilder; +import org.apache.hadoop.hbase.security.access.PermissionStorage; +import org.apache.hadoop.hbase.security.visibility.VisibilityConstants; import org.apache.hadoop.hbase.testclassification.ReplicationTests; import org.apache.hadoop.hbase.testclassification.SmallTests; import org.apache.hadoop.hbase.util.Bytes; @@ -86,6 +88,18 @@ public void testSystemTableWALEntryFilter() { Entry userEntry = new Entry(key3, null); assertEquals(userEntry, filter.filter(userEntry)); + + // hbase:acl should be allowed through the filter + WALKeyImpl key4 = + new WALKeyImpl(new byte[0], PermissionStorage.ACL_TABLE_NAME, System.currentTimeMillis()); + Entry aclEntry = new Entry(key4, null); + assertEquals(aclEntry, filter.filter(aclEntry)); + + // hbase:labels should be allowed through the filter + WALKeyImpl key5 = new WALKeyImpl(new byte[0], VisibilityConstants.LABELS_TABLE_NAME, + System.currentTimeMillis()); + Entry labelsEntry = new Entry(key5, null); + assertEquals(labelsEntry, filter.filter(labelsEntry)); } @Test