Instead of system table just allow operation for hbase meta only

There are some other system tables such as acl or namespace which are shared with
active cluster hence allowing operation with them in readonly cluster will
make system inconsistent.

Author: sharmaar12

hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ReadOnlyController.java

@@ -105,7 +105,8 @@ private void internalReadOnlyGuard() throws IOException {
     }
   }
 
-  private boolean isOperationOnNonMetaTable(final ObserverContext<? extends RegionCoprocessorEnvironment> c){
+  private boolean
+    isOperationOnNonMetaTable(final ObserverContext<? extends RegionCoprocessorEnvironment> c) {
     return !c.getEnvironment().getRegionInfo().getTable().equals(TableName.META_TABLE_NAME);
   }
 
@@ -134,25 +135,29 @@ public Optional<RegionObserver> getRegionObserver() {
   }
 
   @Override
-  public void preFlush(final ObserverContext<? extends RegionCoprocessorEnvironment> c,
-    FlushLifeCycleTracker tracker) throws IOException {
-    if(isOperationOnNonMetaTable(c)){
+  public void preFlushScannerOpen(ObserverContext<? extends RegionCoprocessorEnvironment> c,
+    Store store, ScanOptions options, FlushLifeCycleTracker tracker) throws IOException {
+    if (isOperationOnNonMetaTable(c)) {
       internalReadOnlyGuard();
     }
-    RegionObserver.super.preFlush(c, tracker);
+    RegionObserver.super.preFlushScannerOpen(c, store, options, tracker);
   }
 
   @Override
-  public void preFlushScannerOpen(ObserverContext<? extends RegionCoprocessorEnvironment> c,
-    Store store, ScanOptions options, FlushLifeCycleTracker tracker) throws IOException {
-    internalReadOnlyGuard();
-    RegionObserver.super.preFlushScannerOpen(c, store, options, tracker);
+  public void preFlush(final ObserverContext<? extends RegionCoprocessorEnvironment> c,
+    FlushLifeCycleTracker tracker) throws IOException {
+    if (isOperationOnNonMetaTable(c)) {
+      internalReadOnlyGuard();
+    }
+    RegionObserver.super.preFlush(c, tracker);
   }
 
   @Override
   public InternalScanner preFlush(ObserverContext<? extends RegionCoprocessorEnvironment> c,
     Store store, InternalScanner scanner, FlushLifeCycleTracker tracker) throws IOException {
-    internalReadOnlyGuard();
+    if (isOperationOnNonMetaTable(c)) {
+      internalReadOnlyGuard();
+    }
     return RegionObserver.super.preFlush(c, store, scanner, tracker);
   }
 
@@ -183,30 +188,36 @@ public InternalScanner preMemStoreCompactionCompact(
   public void preCompactSelection(ObserverContext<? extends RegionCoprocessorEnvironment> c,
     Store store, List<? extends StoreFile> candidates, CompactionLifeCycleTracker tracker)
     throws IOException {
-    internalReadOnlyGuard();
+    if (isOperationOnNonMetaTable(c)) {
+      internalReadOnlyGuard();
+    }
     RegionObserver.super.preCompactSelection(c, store, candidates, tracker);
   }
 
   @Override
   public void preCompactScannerOpen(ObserverContext<? extends RegionCoprocessorEnvironment> c,
     Store store, ScanType scanType, ScanOptions options, CompactionLifeCycleTracker tracker,
     CompactionRequest request) throws IOException {
-    internalReadOnlyGuard();
+    if (isOperationOnNonMetaTable(c)) {
+      internalReadOnlyGuard();
+    }
     RegionObserver.super.preCompactScannerOpen(c, store, scanType, options, tracker, request);
   }
 
   @Override
   public InternalScanner preCompact(ObserverContext<? extends RegionCoprocessorEnvironment> c,
     Store store, InternalScanner scanner, ScanType scanType, CompactionLifeCycleTracker tracker,
     CompactionRequest request) throws IOException {
-    internalReadOnlyGuard();
+    if (isOperationOnNonMetaTable(c)) {
+      internalReadOnlyGuard();
+    }
     return RegionObserver.super.preCompact(c, store, scanner, scanType, tracker, request);
   }
 
   @Override
   public void prePut(ObserverContext<? extends RegionCoprocessorEnvironment> c, Put put,
     WALEdit edit, Durability durability) throws IOException {
-    if(isOperationOnNonMetaTable(c)){
+    if (isOperationOnNonMetaTable(c)) {
       internalReadOnlyGuard();
     }
     RegionObserver.super.prePut(c, put, edit, durability);
@@ -215,7 +226,7 @@ public void prePut(ObserverContext<? extends RegionCoprocessorEnvironment> c, Pu
   @Override
   public void prePut(ObserverContext<? extends RegionCoprocessorEnvironment> c, Put put,
     WALEdit edit) throws IOException {
-    if(isOperationOnNonMetaTable(c)){
+    if (isOperationOnNonMetaTable(c)) {
       internalReadOnlyGuard();
     }
     RegionObserver.super.prePut(c, put, edit);
@@ -224,7 +235,7 @@ public void prePut(ObserverContext<? extends RegionCoprocessorEnvironment> c, Pu
   @Override
   public void preDelete(ObserverContext<? extends RegionCoprocessorEnvironment> c, Delete delete,
     WALEdit edit, Durability durability) throws IOException {
-    if(isOperationOnNonMetaTable(c)){
+    if (isOperationOnNonMetaTable(c)) {
       internalReadOnlyGuard();
     }
     RegionObserver.super.preDelete(c, delete, edit, durability);
@@ -233,7 +244,7 @@ public void preDelete(ObserverContext<? extends RegionCoprocessorEnvironment> c,
   @Override
   public void preDelete(ObserverContext<? extends RegionCoprocessorEnvironment> c, Delete delete,
     WALEdit edit) throws IOException {
-    if(isOperationOnNonMetaTable(c)){
+    if (isOperationOnNonMetaTable(c)) {
       internalReadOnlyGuard();
     }
     RegionObserver.super.preDelete(c, delete, edit);
@@ -242,7 +253,7 @@ public void preDelete(ObserverContext<? extends RegionCoprocessorEnvironment> c,
   @Override
   public void preBatchMutate(ObserverContext<? extends RegionCoprocessorEnvironment> c,
     MiniBatchOperationInProgress<Mutation> miniBatchOp) throws IOException {
-    if(isOperationOnNonMetaTable(c)){
+    if (isOperationOnNonMetaTable(c)) {
       internalReadOnlyGuard();
     }
     RegionObserver.super.preBatchMutate(c, miniBatchOp);
@@ -252,15 +263,19 @@ public void preBatchMutate(ObserverContext<? extends RegionCoprocessorEnvironmen
   public boolean preCheckAndPut(ObserverContext<? extends RegionCoprocessorEnvironment> c,
     byte[] row, byte[] family, byte[] qualifier, CompareOperator op, ByteArrayComparable comparator,
     Put put, boolean result) throws IOException {
-    internalReadOnlyGuard();
+    if (isOperationOnNonMetaTable(c)) {
+      internalReadOnlyGuard();
+    }
     return RegionObserver.super.preCheckAndPut(c, row, family, qualifier, op, comparator, put,
       result);
   }
 
   @Override
   public boolean preCheckAndPut(ObserverContext<? extends RegionCoprocessorEnvironment> c,
     byte[] row, Filter filter, Put put, boolean result) throws IOException {
-    internalReadOnlyGuard();
+    if (isOperationOnNonMetaTable(c)) {
+      internalReadOnlyGuard();
+    }
     return RegionObserver.super.preCheckAndPut(c, row, filter, put, result);
   }
 
@@ -269,7 +284,9 @@ public boolean preCheckAndPutAfterRowLock(
     ObserverContext<? extends RegionCoprocessorEnvironment> c, byte[] row, byte[] family,
     byte[] qualifier, CompareOperator op, ByteArrayComparable comparator, Put put, boolean result)
     throws IOException {
-    internalReadOnlyGuard();
+    if (isOperationOnNonMetaTable(c)) {
+      internalReadOnlyGuard();
+    }
     return RegionObserver.super.preCheckAndPutAfterRowLock(c, row, family, qualifier, op,
       comparator, put, result);
   }
@@ -278,15 +295,17 @@ public boolean preCheckAndPutAfterRowLock(
   public boolean preCheckAndPutAfterRowLock(
     ObserverContext<? extends RegionCoprocessorEnvironment> c, byte[] row, Filter filter, Put put,
     boolean result) throws IOException {
-    internalReadOnlyGuard();
+    if (isOperationOnNonMetaTable(c)) {
+      internalReadOnlyGuard();
+    }
     return RegionObserver.super.preCheckAndPutAfterRowLock(c, row, filter, put, result);
   }
 
   @Override
   public boolean preCheckAndDelete(ObserverContext<? extends RegionCoprocessorEnvironment> c,
     byte[] row, byte[] family, byte[] qualifier, CompareOperator op, ByteArrayComparable comparator,
     Delete delete, boolean result) throws IOException {
-    if(isOperationOnNonMetaTable(c)){
+    if (isOperationOnNonMetaTable(c)) {
       internalReadOnlyGuard();
     }
     return RegionObserver.super.preCheckAndDelete(c, row, family, qualifier, op, comparator, delete,
@@ -296,7 +315,7 @@ public boolean preCheckAndDelete(ObserverContext<? extends RegionCoprocessorEnvi
   @Override
   public boolean preCheckAndDelete(ObserverContext<? extends RegionCoprocessorEnvironment> c,
     byte[] row, Filter filter, Delete delete, boolean result) throws IOException {
-    if(isOperationOnNonMetaTable(c)){
+    if (isOperationOnNonMetaTable(c)) {
       internalReadOnlyGuard();
     }
     return RegionObserver.super.preCheckAndDelete(c, row, filter, delete, result);
@@ -307,7 +326,7 @@ public boolean preCheckAndDeleteAfterRowLock(
     ObserverContext<? extends RegionCoprocessorEnvironment> c, byte[] row, byte[] family,
     byte[] qualifier, CompareOperator op, ByteArrayComparable comparator, Delete delete,
     boolean result) throws IOException {
-    if(isOperationOnNonMetaTable(c)){
+    if (isOperationOnNonMetaTable(c)) {
       internalReadOnlyGuard();
     }
     return RegionObserver.super.preCheckAndDeleteAfterRowLock(c, row, family, qualifier, op,
@@ -318,7 +337,7 @@ public boolean preCheckAndDeleteAfterRowLock(
   public boolean preCheckAndDeleteAfterRowLock(
     ObserverContext<? extends RegionCoprocessorEnvironment> c, byte[] row, Filter filter,
     Delete delete, boolean result) throws IOException {
-    if(isOperationOnNonMetaTable(c)){
+    if (isOperationOnNonMetaTable(c)) {
       internalReadOnlyGuard();
     }
     return RegionObserver.super.preCheckAndDeleteAfterRowLock(c, row, filter, delete, result);
@@ -406,7 +425,8 @@ public void preCommitStoreFile(ObserverContext<? extends RegionCoprocessorEnviro
   @Override
   public void preWALAppend(ObserverContext<? extends RegionCoprocessorEnvironment> ctx, WALKey key,
     WALEdit edit) throws IOException {
-    if (!key.getTableName().isSystemTable()) {
+    // Only allow this operation for meta table
+    if (!key.getTableName().equals(TableName.META_TABLE_NAME)) {
       internalReadOnlyGuard();
     }
     RegionObserver.super.preWALAppend(ctx, key, edit);