Skip to content

Commit

Permalink
HBASE-26208 Supports revoke @ns single permission
Browse files Browse the repository at this point in the history
  • Loading branch information
zhengsicheng committed Aug 25, 2021
1 parent 4b0a640 commit a5cb506
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 6 deletions.
25 changes: 20 additions & 5 deletions hbase-shell/src/main/ruby/hbase/security.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,11 +99,21 @@ def revoke(user, table_name = nil, family = nil, qualifier = nil)
# Namespace should exist first.
namespace_name = table_name[1...table_name.length]
raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless namespace_exists?(namespace_name)

tablebytes = table_name.to_java_bytes
org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
@connection, namespace_name, user
)
if (!family.nil? and isPermissionType?(family))
permission = family[1...family.length-1]
perm = org.apache.hadoop.hbase.security.access.Permission.new(
permission.to_java_bytes
)
puts "revoke #{permission} permission"
org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
@connection, namespace_name, user, perm.getActions
)
else
tablebytes = table_name.to_java_bytes
org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
@connection, namespace_name, user
)
end
else
# Table should exist
raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name)
Expand Down Expand Up @@ -181,6 +191,11 @@ def isNamespace?(table_name)
table_name.start_with?('@')
end

def isPermissionType?(permission_type)
permission_type.start_with?('{')
end


def isTablePermission?(permission)
permission.java_kind_of?(org.apache.hadoop.hbase.security.access.TablePermission)
end
Expand Down
2 changes: 1 addition & 1 deletion hbase-shell/src/main/ruby/shell/commands/revoke.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ def help
hbase> revoke 'bobsmith'
hbase> revoke '@admins'
hbase> revoke 'bobsmith', '@ns1'
hbase> revoke 'bobsmith', '@ns1', '{permissions}'
hbase> revoke 'bobsmith', 't1', 'f1', 'col1'
hbase> revoke 'bobsmith', 'ns1:t1', 'f1', 'col1'
EOF
Expand Down

0 comments on commit a5cb506

Please sign in to comment.