private void generateGroupMaps( List<RegionInfo> regions, List<ServerName> servers, ListMultimap<String, RegionInfo> regionMap, ListMultimap<String, ServerName> serverMap) throws HBaseIOException { try { for (RegionInfo region : regions) { String groupName = rsGroupInfoManager.getRSGroupOfTable(region.getTable()); if (groupName == null) { LOG.info("Group not found for table " + region.getTable() + ", using default"); groupName = RSGroupInfo.DEFAULT_GROUP; } regionMap.put(groupName, region); } for (String groupKey : regionMap.keySet()) { RSGroupInfo info = rsGroupInfoManager.getRSGroup(groupKey); serverMap.putAll(groupKey, filterOfflineServers(info, servers)); if(serverMap.get(groupKey).size() < 1) { serverMap.put(groupKey, LoadBalancer.BOGUS_SERVER_NAME); } } } catch(IOException e) { throw new HBaseIOException("Failed to generate group maps", e); } }
private static void cleanUp() throws Exception { // Clean the _acl_ table try { deleteTable(TEST_UTIL, TEST_TABLE); } catch (TableNotFoundException ex) { // Test deleted the table, no problem LOG.info("Test deleted table " + TEST_TABLE); } // Verify all table/namespace permissions are erased assertEquals(0, AccessControlLists.getTablePermissions(conf, TEST_TABLE).size()); assertEquals(0, AccessControlLists.getNamespacePermissions(conf, TEST_TABLE.getNamespaceAsString()).size()); }
public static AccessControlProtos.UsersAndPermissions toUsersAndPermissions( ListMultimap<String, Permission> perms) { AccessControlProtos.UsersAndPermissions.Builder builder = AccessControlProtos.UsersAndPermissions.newBuilder(); for (Map.Entry<String, Collection<Permission>> entry : perms.asMap().entrySet()) { AccessControlProtos.UsersAndPermissions.UserPermissions.Builder userPermBuilder = AccessControlProtos.UsersAndPermissions.UserPermissions.newBuilder(); userPermBuilder.setUser(ByteString.copyFromUtf8(entry.getKey())); for (Permission perm: entry.getValue()) { userPermBuilder.addPermissions(toPermission(perm)); } builder.addUserPermissions(userPermBuilder.build()); } return builder.build(); }
public void checkMultimapEqual(ListMultimap<String, UserPermission> first, ListMultimap<String, UserPermission> second) { assertEquals(first.size(), second.size()); for (String key : first.keySet()) { List<UserPermission> firstPerms = first.get(key); List<UserPermission> secondPerms = second.get(key); assertNotNull(secondPerms); assertEquals(firstPerms.size(), secondPerms.size()); LOG.info("First permissions: "+firstPerms.toString()); LOG.info("Second permissions: "+secondPerms.toString()); for (UserPermission p : firstPerms) { assertTrue("Permission "+p.toString()+" not found", secondPerms.contains(p)); } } }
/** * @param perms A map of permissions for a user or users */ public Query setACL(Map<String, Permission> perms) { ListMultimap<String, Permission> permMap = ArrayListMultimap.create(); for (Map.Entry<String, Permission> entry : perms.entrySet()) { permMap.put(entry.getKey(), entry.getValue()); } setAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL, AccessControlUtil.toUsersAndPermissions(permMap).toByteArray()); return this; }
groupName = RSGroupInfo.DEFAULT_GROUP; groupToRegion.put(groupName, region); for (String key : groupToRegion.keySet()) { Map<RegionInfo, ServerName> currentAssignmentMap = new TreeMap<RegionInfo, ServerName>(); List<RegionInfo> regionList = groupToRegion.get(key); RSGroupInfo info = rsGroupInfoManager.getRSGroup(key); List<ServerName> candidateList = filterOfflineServers(info, servers);
ListMultimap<String, UserPermission> perms = AccessControlLists.getNamespacePermissions(conf, TEST_NAMESPACE); for (Map.Entry<String, UserPermission> entry : perms.entries()) { LOG.debug(Objects.toString(entry)); assertEquals(6, perms.size()); assertTrue(result != null); perms = AccessControlLists.getNamespacePermissions(conf, TEST_NAMESPACE); assertEquals(7, perms.size()); List<UserPermission> namespacePerms = perms.get(userTestNamespace); assertTrue(perms.containsKey(userTestNamespace)); assertEquals(1, namespacePerms.size()); assertEquals(TEST_NAMESPACE, assertEquals(6, perms.size()); } finally { acl.close();
AccessControlUtil.toUsersAndPermissions(builder.build()); List<Permission> userPerms = kvPerms.get(user.getShortName()); if (userPerms != null) { results.addAll(userPerms); if (groupNames != null) { for (String group : groupNames) { List<Permission> groupPerms = kvPerms.get(AuthUtil.toGroupEntry(group)); if (results != null) { results.addAll(groupPerms);
public static ListMultimap<String, Permission> readPermissions(byte[] data, Configuration conf) throws DeserializationException { if (ProtobufUtil.isPBMagicPrefix(data)) { int pblen = ProtobufUtil.lengthOfPBMagic(); try { AccessControlProtos.UsersAndPermissions.Builder builder = AccessControlProtos.UsersAndPermissions.newBuilder(); ProtobufUtil.mergeFrom(builder, data, pblen, data.length - pblen); return AccessControlUtil.toPermission(builder.build()); } catch (IOException e) { throw new DeserializationException(e); } } else { // TODO: We have to re-write non-PB data as PB encoded. Otherwise we will carry old Writables // forever (here and a couple of other places). ListMultimap<String, Permission> perms = ArrayListMultimap.create(); try { DataInput in = new DataInputStream(new ByteArrayInputStream(data)); int length = in.readInt(); for (int i = 0; i < length; i++) { String user = Text.readString(in); perms.putAll(user, readWritableUserPermission(in, conf)); } } catch (IOException | ClassNotFoundException e) { throw new DeserializationException(e); } return perms; } }
/** * Returns the currently granted permissions for a given table/namespace with associated * permissions based on the specified column family, column qualifier and user name. * @param conf the configuration * @param entryName Table name or the namespace * @param cf Column family * @param cq Column qualifier * @param user User name to be filtered from permission as requested * @param hasFilterUser true if filter user is provided, otherwise false. * @return List of UserPermissions * @throws IOException on failure */ static List<UserPermission> getUserPermissions(Configuration conf, byte[] entryName, byte[] cf, byte[] cq, String user, boolean hasFilterUser) throws IOException { ListMultimap<String, UserPermission> allPerms = getPermissions(conf, entryName, null, cf, cq, user, hasFilterUser); List<UserPermission> perms = new ArrayList<>(); for (Map.Entry<String, UserPermission> entry : allPerms.entries()) { perms.add(entry.getValue()); } return perms; }
/** * @param perms A map of permissions for a user or users */ public Mutation setACL(Map<String, Permission> perms) { ListMultimap<String, Permission> permMap = ArrayListMultimap.create(); for (Map.Entry<String, Permission> entry : perms.entrySet()) { permMap.put(entry.getKey(), entry.getValue()); } setAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL, AccessControlUtil.toUsersAndPermissions(permMap).toByteArray()); return this; }
if (!misplacedRegions.contains(region)) { String groupName = rsGroupInfoManager.getRSGroupOfTable(region.getTable()); groupToRegion.put(groupName, region); for (String key : groupToRegion.keySet()) { Map<RegionInfo, ServerName> currentAssignmentMap = new TreeMap<RegionInfo, ServerName>(); List<RegionInfo> regionList = groupToRegion.get(key); RSGroupInfo info = rsGroupInfoManager.getRSGroup(key); List<ServerName> candidateList = filterOfflineServers(info, servers);
/** * Updates the internal global permissions cache. * @param globalPerms new global permissions */ private void updateGlobalCache(ListMultimap<String, Permission> globalPerms) { try { Map<String, GlobalPermission> global = initGlobal(conf); for (String name : globalPerms.keySet()) { for (Permission permission : globalPerms.get(name)) { global.put(name, (GlobalPermission) permission); } } globalCache = global; mtime.incrementAndGet(); } catch (Exception e) { // Never happens LOG.error("Error occurred while updating the global cache", e); } }
public void checkMultimapEqual(ListMultimap<String,TablePermission> first, ListMultimap<String,TablePermission> second) { assertEquals(first.size(), second.size()); for (String key : first.keySet()) { List<TablePermission> firstPerms = first.get(key); List<TablePermission> secondPerms = second.get(key); assertNotNull(secondPerms); assertEquals(firstPerms.size(), secondPerms.size()); LOG.info("First permissions: "+firstPerms.toString()); LOG.info("Second permissions: "+secondPerms.toString()); for (TablePermission p : firstPerms) { assertTrue("Permission "+p.toString()+" not found", secondPerms.contains(p)); } } }
for (Map.Entry<String, TablePermission> entry : perms.entries()) { LOG.debug(Objects.toString(entry)); assertEquals(6, perms.size()); assertTrue(result != null); perms = AccessControlLists.getNamespacePermissions(conf, TEST_NAMESPACE); assertEquals(7, perms.size()); List<TablePermission> namespacePerms = perms.get(userTestNamespace); assertTrue(perms.containsKey(userTestNamespace)); assertEquals(1, namespacePerms.size()); assertEquals(TEST_NAMESPACE, assertEquals(6, perms.size()); } finally { acl.close();
List<UserPermission> user1Perms = perms.get("user1"); assertEquals("Should have 1 permission for user1", 1, user1Perms.size()); assertEquals("user1 should have WRITE permission", user1Perms.get(0).getPermission().getActions()); List<UserPermission> user2Perms = perms.get("user2"); assertEquals("Should have 1 permission for user2", 1, user2Perms.size()); assertEquals("user2 should have CREATE permission", user2Perms.get(0).getPermission().getActions()); List<UserPermission> user3Perms = perms.get("user3"); assertEquals("Should have 1 permission for user3", 1, user3Perms.size()); assertEquals("user3 should have ADMIN, READ, CREATE permission",
Permission.Action.READ, Permission.Action.WRITE)); ListMultimap<String, UserPermission> multimap = ArrayListMultimap.create(); multimap.putAll(george.getShortName(), acl); byte[] serialized = AccessControlLists.writePermissionsAsBytes(multimap, conf); AUTH_A.getZKPermissionWatcher().writeToZookeeper(TEST_TABLE.getName(), serialized); acl2.add(new UserPermission(hubert.getShortName(), TEST_TABLE, TablePermission.Action.READ)); final long mtimeA = AUTH_A.getMTime(); multimap.putAll(hubert.getShortName(), acl2); byte[] serialized2 = AccessControlLists.writePermissionsAsBytes(multimap, conf); AUTH_B.getZKPermissionWatcher().writeToZookeeper(TEST_TABLE.getName(), serialized2);
public static void restoreSnapshotAcl(SnapshotDescription snapshot, TableName newTableName, Configuration conf) throws IOException { if (snapshot.hasUsersAndPermissions() && snapshot.getUsersAndPermissions() != null) { LOG.info("Restore snapshot acl to table. snapshot: " + snapshot + ", table: " + newTableName); ListMultimap<String, Permission> perms = ShadedAccessControlUtil.toUserTablePermissions(snapshot.getUsersAndPermissions()); try (Connection conn = ConnectionFactory.createConnection(conf)) { for (Entry<String, Permission> e : perms.entries()) { String user = e.getKey(); TablePermission tablePerm = (TablePermission) e.getValue(); TablePermission newPerm = new TablePermission(newTableName, tablePerm.getFamily(), tablePerm.getQualifier(), tablePerm.getActions()); AccessControlClient.grant(conn, newPerm.getTableName(), user, newPerm.getFamily(), newPerm.getQualifier(), newPerm.getActions()); } } catch (Throwable e) { throw new IOException("Grant acl into newly creatd table failed. snapshot: " + snapshot + ", table: " + newTableName, e); } } } }
private void generateGroupMaps( List<RegionInfo> regions, List<ServerName> servers, ListMultimap<String, RegionInfo> regionMap, ListMultimap<String, ServerName> serverMap) throws HBaseIOException { try { for (RegionInfo region : regions) { String groupName = rsGroupInfoManager.getRSGroupOfTable(region.getTable()); if (groupName == null) { LOG.info("Group not found for table " + region.getTable() + ", using default"); groupName = RSGroupInfo.DEFAULT_GROUP; } regionMap.put(groupName, region); } for (String groupKey : regionMap.keySet()) { RSGroupInfo info = rsGroupInfoManager.getRSGroup(groupKey); serverMap.putAll(groupKey, filterOfflineServers(info, servers)); if(serverMap.get(groupKey).size() < 1) { serverMap.put(groupKey, LoadBalancer.BOGUS_SERVER_NAME); } } } catch(IOException e) { throw new HBaseIOException("Failed to generate group maps", e); } }