@Override public void postTruncateTable(ObserverContext<MasterCoprocessorEnvironment> ctx, final TableName tableName) throws IOException { final Configuration conf = ctx.getEnvironment().getConfiguration(); User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { List<UserPermission> perms = tableAcls.get(tableName); if (perms != null) { for (UserPermission perm : perms) { try (Table table = ctx.getEnvironment().getConnection(). getTable(AccessControlLists.ACL_TABLE_NAME)) { AccessControlLists.addUserPermission(conf, perm, table); } } } tableAcls.remove(tableName); return null; } }); }
@Override public void preTruncateTable(ObserverContext<MasterCoprocessorEnvironment> c, final TableName tableName) throws IOException { requirePermission(c, "truncateTable", tableName, null, null, Action.ADMIN, Action.CREATE); final Configuration conf = c.getEnvironment().getConfiguration(); User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { List<UserPermission> acls = AccessControlLists.getUserTablePermissions(conf, tableName, null, null, null, false); if (acls != null) { tableAcls.put(tableName, acls); } return null; } }); }
@Override public void postDeleteNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx, final String namespace) throws IOException { final Configuration conf = ctx.getEnvironment().getConfiguration(); User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { try (Table table = ctx.getEnvironment().getConnection(). getTable(AccessControlLists.ACL_TABLE_NAME)) { AccessControlLists.removeNamespacePermissions(conf, namespace, table); } return null; } }); getAuthManager().getZKPermissionWatcher().deleteNamespaceACLNode(namespace); LOG.info(namespace + " entry deleted in " + AccessControlLists.ACL_TABLE_NAME + " table."); }
private static SnapshotDescription writeAclToSnapshotDescription(SnapshotDescription snapshot, Configuration conf) throws IOException { ListMultimap<String, UserPermission> perms = User.runAsLoginUser(new PrivilegedExceptionAction<ListMultimap<String, UserPermission>>() { @Override public ListMultimap<String, UserPermission> run() throws Exception { return AccessControlLists.getTablePermissions(conf, TableName.valueOf(snapshot.getTable())); } }); return snapshot.toBuilder() .setUsersAndPermissions(ShadedAccessControlUtil.toUserTablePermissions(perms)).build(); } }
@Override public void postDeleteTable(ObserverContext<MasterCoprocessorEnvironment> c, final TableName tableName) throws IOException { final Configuration conf = c.getEnvironment().getConfiguration(); User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { try (Table table = c.getEnvironment().getConnection(). getTable(AccessControlLists.ACL_TABLE_NAME)) { AccessControlLists.removeTablePermissions(conf, tableName, table); } return null; } }); getAuthManager().getZKPermissionWatcher().deleteTableACLNode(tableName); }
desc.getTableName(), Action.values()); User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception {
@Override public void postModifyTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName, TableDescriptor oldDesc, TableDescriptor currentDesc) throws IOException { final Configuration conf = c.getEnvironment().getConfiguration(); // default the table owner to current user, if not specified. final String owner = (currentDesc.getOwnerString() != null) ? currentDesc.getOwnerString() : getActiveUser(c).getShortName(); User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { UserPermission userperm = new UserPermission(owner, currentDesc.getTableName(), Action.values()); try (Table table = c.getEnvironment().getConnection(). getTable(AccessControlLists.ACL_TABLE_NAME)) { AccessControlLists.addUserPermission(conf, userperm, table); } return null; } }); }
accessChecker.requirePermission(caller, "userPermissions", table, cf, cq, userName, Action.ADMIN); perms = User.runAsLoginUser(new PrivilegedExceptionAction<List<UserPermission>>() { @Override public List<UserPermission> run() throws Exception { accessChecker.requireNamespacePermission(caller, "userPermissions", namespace, userName, Action.ADMIN); perms = User.runAsLoginUser(new PrivilegedExceptionAction<List<UserPermission>>() { @Override public List<UserPermission> run() throws Exception { } else { accessChecker.requirePermission(caller, "userPermissions", userName, Action.ADMIN); perms = User.runAsLoginUser(new PrivilegedExceptionAction<List<UserPermission>>() { @Override public List<UserPermission> run() throws Exception {
private void grantPermissions(final String toUser, final byte[] table, final Action... actions) throws IOException { User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { try (Connection conn = ConnectionFactory.createConnection(env.getConfiguration())) { AccessControlClient.grant(conn, TableName.valueOf(table), toUser , null, null, actions); } catch (Throwable e) { new DoNotRetryIOException(e); } return null; } }); }
public void commitStats(final List<Mutation> mutations, final StatisticsCollector statsCollector) throws IOException { User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { commitLastStatsUpdatedTime(statsCollector); if (mutations.size() > 0) { byte[] row = mutations.get(0).getRow(); MutateRowsRequest.Builder mrmBuilder = MutateRowsRequest.newBuilder(); for (Mutation m : mutations) { mrmBuilder.addMutationRequest(ProtobufUtil.toMutation(getMutationType(m), m)); } MutateRowsRequest mrm = mrmBuilder.build(); CoprocessorRpcChannel channel = statsWriterTable.coprocessorService(row); MultiRowMutationService.BlockingInterface service = MultiRowMutationService .newBlockingStub(channel); try { service.mutateRows(null, mrm); } catch (ServiceException ex) { ProtobufUtil.toIOException(ex); } } return null; } }); }
return User.runAsLoginUser(new PrivilegedExceptionAction<List<UserPermission>>() { @Override public List<UserPermission> run() throws Exception {
private void authorizeOrGrantAccessToUsers(final String request, final TableName fromTable, final List<Action> requiredActionsOnTable, final TableName toTable) throws IOException { User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws IOException {
private void mutateRowsWithLocks(final Region region, final List<Mutation> mutations, final Set<byte[]> rowsToLock, final long nonceGroup, final long nonce) throws IOException { // we need to mutate SYSTEM.CATALOG with HBase/login user if access is enabled. if (this.accessCheckEnabled) { User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { final RpcCall rpcContext = RpcUtil.getRpcContext(); // Setting RPC context as null so that user can be resetted try { RpcUtil.setRpcContext(null); region.mutateRowsWithLocks(mutations, rowsToLock, nonceGroup, nonce); } catch (Throwable e) { throw new IOException(e); } finally { // Setting RPC context back to original context of the RPC RpcUtil.setRpcContext(rpcContext); } return null; } }); } else { region.mutateRowsWithLocks(mutations, rowsToLock, nonceGroup, nonce); } }
User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception {
final long fTimestamp = timestamp; return User.runAsLoginUser(new PrivilegedExceptionAction<Long>() { @Override public Long run() throws Exception {
final Table mTable=metaTable; final Table sTable=statsTable; User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception {
User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception {
return User.runAsLoginUser( new PrivilegedExceptionAction<InternalScanner>() { @Override
@Override public void postDeleteColumn(ObserverContext<MasterCoprocessorEnvironment> c, final TableName tableName, final byte[] col) throws IOException { final Configuration conf = c.getEnvironment().getConfiguration(); User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { AccessControlLists.removeTablePermissions(conf, tableName, col); return null; } }); }
@Override public void postDeleteTable(ObserverContext<MasterCoprocessorEnvironment> c, final TableName tableName) throws IOException { final Configuration conf = c.getEnvironment().getConfiguration(); User.runAsLoginUser(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { AccessControlLists.removeTablePermissions(conf, tableName); return null; } }); this.authManager.getZKPermissionWatcher().deleteTableACLNode(tableName); }