/** * @param putVisTags Visibility tags in Put Mutation * @param deleteVisTags Visibility tags in Delete Mutation * @return true when all the visibility tags in Put matches with visibility tags in Delete. * This is used when, at least one set of tags are not sorted based on the label ordinal. */ private static boolean matchUnSortedVisibilityTags(List<Tag> putVisTags, List<Tag> deleteVisTags) throws IOException { return compareTagsOrdinals(sortTagsBasedOnOrdinal(putVisTags), sortTagsBasedOnOrdinal(deleteVisTags)); }
@Override public byte[] encodeVisibilityForReplication(final List<Tag> tags, final Byte serializationFormat) throws IOException { if (tags.size() > 0 && (serializationFormat == null || serializationFormat == SORTED_ORDINAL_SERIALIZATION_FORMAT)) { return createModifiedVisExpression(tags); } return null; }
@Override public List<String> listLabels(String regex) throws IOException { assert (labelsRegion != null); Pair<Map<String, Integer>, Map<String, List<Integer>>> labelsAndUserAuths = extractLabelsAndAuths(getExistingLabelsWithAuths()); Map<String, Integer> labels = labelsAndUserAuths.getFirst(); labels.remove(SYSTEM_LABEL); if (regex != null) { Pattern pattern = Pattern.compile(regex); ArrayList<String> matchedLabels = new ArrayList<>(); for (String label : labels.keySet()) { if (pattern.matcher(label).matches()) { matchedLabels.add(label); } } return matchedLabels; } return new ArrayList<>(labels.keySet()); }
@Override public boolean havingSystemAuth(User user) throws IOException { // A super user has 'system' auth. if (Superusers.isSuperUser(user)) { return true; } // A user can also be explicitly granted 'system' auth. List<String> auths = this.getUserAuths(Bytes.toBytes(user.getShortName()), true); if (LOG.isTraceEnabled()) { LOG.trace("The auths for user " + user.getShortName() + " are " + auths); } if (auths.contains(SYSTEM_LABEL)) { return true; } auths = this.getGroupAuths(user.getGroupNames(), true); if (LOG.isTraceEnabled()) { LOG.trace("The auths for groups of user " + user.getShortName() + " are " + auths); } return auths.contains(SYSTEM_LABEL); }
if (AuthUtil.isGroupPrincipal(Bytes.toString(user))) { String group = AuthUtil.getGroupName(Bytes.toString(user)); currentAuths = this.getGroupAuths(new String[]{group}, true); currentAuths = this.getUserAuths(user, true); if (mutateLabelsRegion(deletes, finalOpStatus)) { updateZk(false);
this.labelsRegion = e.getRegion(); Pair<Map<String, Integer>, Map<String, List<Integer>>> labelsAndUserAuths = extractLabelsAndAuths(getExistingLabelsWithAuths()); Map<String, Integer> labels = labelsAndUserAuths.getFirst(); Map<String, List<Integer>> userAuths = labelsAndUserAuths.getSecond(); addSystemLabel(this.labelsRegion, labels, userAuths); int ordinal = SYSTEM_LABEL_ORDINAL; // Ordinal 1 is reserved for "system" label. for (Integer i : labels.values()) {
private static List<List<Integer>> sortTagsBasedOnOrdinal(List<Tag> tags) throws IOException { List<List<Integer>> fullTagsList = new ArrayList<>(); for (Tag tag : tags) { if (tag.getType() == VISIBILITY_TAG_TYPE) { getSortedTagOrdinals(fullTagsList, tag); } } return fullTagsList; }
protected boolean isReadFromSystemAuthUser() throws IOException { User user = VisibilityUtils.getActiveUser(); return havingSystemAuth(user); }
if (isReadFromSystemAuthUser()) { return new VisibilityExpEvaluator() { @Override
@Override @Deprecated public List<String> getAuths(byte[] user, boolean systemCall) throws IOException { return getUserAuths(user, systemCall); }
if (AuthUtil.isGroupPrincipal(Bytes.toString(user))) { String group = AuthUtil.getGroupName(Bytes.toString(user)); currentAuths = this.getGroupAuths(new String[]{group}, true); currentAuths = this.getUserAuths(user, true); if (mutateLabelsRegion(deletes, finalOpStatus)) { updateZk(false);
this.labelsRegion = e.getRegion(); Pair<Map<String, Integer>, Map<String, List<Integer>>> labelsAndUserAuths = extractLabelsAndAuths(getExistingLabelsWithAuths()); Map<String, Integer> labels = labelsAndUserAuths.getFirst(); Map<String, List<Integer>> userAuths = labelsAndUserAuths.getSecond(); addSystemLabel(this.labelsRegion, labels, userAuths); int ordinal = SYSTEM_LABEL_ORDINAL; // Ordinal 1 is reserved for "system" label. for (Integer i : labels.values()) {
@Override public boolean havingSystemAuth(User user) throws IOException { // A super user has 'system' auth. if (Superusers.isSuperUser(user)) { return true; } // A user can also be explicitly granted 'system' auth. List<String> auths = this.getUserAuths(Bytes.toBytes(user.getShortName()), true); if (LOG.isTraceEnabled()) { LOG.trace("The auths for user " + user.getShortName() + " are " + auths); } if (auths.contains(SYSTEM_LABEL)) { return true; } auths = this.getGroupAuths(user.getGroupNames(), true); if (LOG.isTraceEnabled()) { LOG.trace("The auths for groups of user " + user.getShortName() + " are " + auths); } return auths.contains(SYSTEM_LABEL); }
private static List<List<Integer>> sortTagsBasedOnOrdinal(List<Tag> tags) throws IOException { List<List<Integer>> fullTagsList = new ArrayList<List<Integer>>(); for (Tag tag : tags) { if (tag.getType() == VISIBILITY_TAG_TYPE) { getSortedTagOrdinals(fullTagsList, tag); } } return fullTagsList; }
protected boolean isReadFromSystemAuthUser() throws IOException { User user = VisibilityUtils.getActiveUser(); return havingSystemAuth(user); }
if (isReadFromSystemAuthUser()) { return new VisibilityExpEvaluator() { @Override
@Override @Deprecated public boolean havingSystemAuth(byte[] user) throws IOException { // Implementation for backward compatibility if (Superusers.isSuperUser(Bytes.toString(user))) { return true; } List<String> auths = this.getUserAuths(user, true); if (LOG.isTraceEnabled()) { LOG.trace("The auths for user " + Bytes.toString(user) + " are " + auths); } return auths.contains(SYSTEM_LABEL); }
protected void updateZk(boolean labelAddition) throws IOException { // We will add to zookeeper here. // TODO we should add the delta only to zk. Else this will be a very heavy op and when there are // so many labels and auth in the system, we will end up adding lots of data to zk. Most // possibly we will exceed zk node data limit! Pair<Map<String, Integer>, Map<String, List<Integer>>> labelsAndUserAuths = extractLabelsAndAuths(getExistingLabelsWithAuths()); Map<String, Integer> existingLabels = labelsAndUserAuths.getFirst(); Map<String, List<Integer>> userAuths = labelsAndUserAuths.getSecond(); if (labelAddition) { byte[] serialized = VisibilityUtils.getDataToWriteToZooKeeper(existingLabels); this.labelsCache.writeToZookeeper(serialized, true); } else { byte[] serialized = VisibilityUtils.getUserAuthsDataToWriteToZooKeeper(userAuths); this.labelsCache.writeToZookeeper(serialized, false); } }
/** * @param putVisTags Visibility tags in Put Mutation * @param deleteVisTags Visibility tags in Delete Mutation * @return true when all the visibility tags in Put matches with visibility tags in Delete. * This is used when, at least one set of tags are not sorted based on the label ordinal. */ private static boolean matchUnSortedVisibilityTags(List<Tag> putVisTags, List<Tag> deleteVisTags) throws IOException { return compareTagsOrdinals(sortTagsBasedOnOrdinal(putVisTags), sortTagsBasedOnOrdinal(deleteVisTags)); }
@Override public byte[] encodeVisibilityForReplication(final List<Tag> tags, final Byte serializationFormat) throws IOException { if (tags.size() > 0 && (serializationFormat == null || serializationFormat == SORTED_ORDINAL_SERIALIZATION_FORMAT)) { return createModifiedVisExpression(tags); } return null; }