HBASE-26208 Supports revoke @ns specified permission

SiCheng-Zheng · SiCheng-Zheng · commit 2d5db0433fed · 2022-06-27T22:57:11.000+08:00
diff --git a/hbase-shell/src/main/ruby/hbase/security.rb b/hbase-shell/src/main/ruby/hbase/security.rb
@@ -100,10 +100,21 @@ def revoke(user, table_name = nil, family = nil, qualifier = nil)
             namespace_name = table_name[1...table_name.length]
             raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless namespace_exists?(namespace_name)
 
-            tablebytes = table_name.to_java_bytes
-            org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
-              @connection, namespace_name, user
-            )
+            if (!family.nil?)
+              permission = family[1...family.length-1]
+              perm = org.apache.hadoop.hbase.security.access.Permission.new(
+                permission.to_java_bytes
+              )
+              puts "revoke #{permission} permission"
+              org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
+                @connection, namespace_name, user, perm.getActions
+              )
+            else
+              tablebytes = table_name.to_java_bytes
+              org.apache.hadoop.hbase.security.access.AccessControlClient.revoke(
+                @connection, namespace_name, user
+              )
+            end
           else
             # Table should exist
             raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name)
diff --git a/hbase-shell/src/main/ruby/shell/commands/revoke.rb b/hbase-shell/src/main/ruby/shell/commands/revoke.rb
@@ -34,6 +34,7 @@ def help
     hbase> revoke 'bobsmith'
     hbase> revoke '@admins'
     hbase> revoke 'bobsmith', '@ns1'
+    hbase> revoke 'bobsmith', '@ns1', 'RWXCA'
     hbase> revoke 'bobsmith', 't1', 'f1', 'col1'
     hbase> revoke 'bobsmith', 'ns1:t1', 'f1', 'col1'
 EOF
diff --git a/hbase-shell/src/test/ruby/hbase/security_admin_test.rb b/hbase-shell/src/test/ruby/hbase/security_admin_test.rb
@@ -63,7 +63,8 @@ def teardown
          assert_match(eval("/WRITE/"), permission.to_s)
       end
 
-      security_admin.grant(test_grant_revoke_user,"RX", @test_name)
+      security_admin.grant(test_grant_revoke_user,"RXCA", @test_name)
+      security_admin.revoke(test_grant_revoke_user, @test_name, "CA")
       found_permission = false
       security_admin.user_permission(@test_name) do |user, permission|
          if user == "test_grant_revoke"
