[HBASE-26001] When turn on access control, the cell level TTL of Increment and Append operations is invalid. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.0.0-alpha-1, 2.5.0, 2.4.5
Component/s: Coprocessors
Labels:
None

Hadoop Flags:

Reviewed

Description

AccessController postIncrementBeforeWAL() and postAppendBeforeWAL() methods will rewrite the new cell's tags by the old cell's. This will makes the other kinds of tag in new cell invisible (such as TTL tag) after this. As in Increment and Append operations, the new cell has already catch forward all tags of the old cell and TTL tag from mutation operation, here in AccessController we do not need to rewrite the tags once again. Also, the TTL tag of newCell will be invisible in the new created cell. Actually, in Increment and Append operations, the newCell has already copied all tags of the oldCell. So the oldCell is useless here.

private Cell createNewCellWithTags(Mutation mutation, Cell oldCell, Cell newCell) {
    // Collect any ACLs from the old cell
    List<Tag> tags = Lists.newArrayList();
    List<Tag> aclTags = Lists.newArrayList();
    ListMultimap<String,Permission> perms = ArrayListMultimap.create();
    if (oldCell != null) {
      Iterator<Tag> tagIterator = PrivateCellUtil.tagsIterator(oldCell);
      while (tagIterator.hasNext()) {
        Tag tag = tagIterator.next();
        if (tag.getType() != PermissionStorage.ACL_TAG_TYPE) {
          // Not an ACL tag, just carry it through
          if (LOG.isTraceEnabled()) {
            LOG.trace("Carrying forward tag from " + oldCell + ": type " + tag.getType()
                + " length " + tag.getValueLength());
          }
          tags.add(tag);
        } else {
          aclTags.add(tag);
        }
      }
    }

    // Do we have an ACL on the operation?
    byte[] aclBytes = mutation.getACL();
    if (aclBytes != null) {
      // Yes, use it
      tags.add(new ArrayBackedTag(PermissionStorage.ACL_TAG_TYPE, aclBytes));
    } else {
      // No, use what we carried forward
      if (perms != null) {
        // TODO: If we collected ACLs from more than one tag we may have a
        // List<Permission> of size > 1, this can be collapsed into a single
        // Permission
        if (LOG.isTraceEnabled()) {
          LOG.trace("Carrying forward ACLs from " + oldCell + ": " + perms);
        }
        tags.addAll(aclTags);
      }
    }

    // If we have no tags to add, just return
    if (tags.isEmpty()) {
      return newCell;
    }
    // Here the new cell's tags will be in visible.
    return PrivateCellUtil.createCell(newCell, tags);
  }

Attachments

Issue Links

is a parent of

HBASE-26004 Port HBASE-26001 (cell level tags invisible in atomic operations when access control is on) to branch-1

Resolved

links to

GitHub Pull Request #3385

GitHub Pull Request #3403

Activity

People

Assignee:: Yutong Xiao

Reporter:: Yutong Xiao

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 14/Jun/21 11:32

Updated:: 01/Sep/22 10:57

Resolved:: 26/Jul/21 18:34