Example 41 with Cell
use of org.apache.hadoop.hbase.Cell in project hbase by apache.
the class VisibilityController method preBatchMutate.
@Override
public void preBatchMutate(ObserverContext<RegionCoprocessorEnvironment> c, MiniBatchOperationInProgress<Mutation> miniBatchOp) throws IOException {
if (c.getEnvironment().getRegion().getRegionInfo().getTable().isSystemTable()) {
return;
}
// TODO this can be made as a global LRU cache at HRS level?
Map<String, List<Tag>> labelCache = new HashMap<>();
for (int i = 0; i < miniBatchOp.size(); i++) {
Mutation m = miniBatchOp.getOperation(i);
CellVisibility cellVisibility = null;
try {
cellVisibility = m.getCellVisibility();
} catch (DeserializationException de) {
miniBatchOp.setOperationStatus(i, new OperationStatus(SANITY_CHECK_FAILURE, de.getMessage()));
continue;
}
boolean sanityFailure = false;
boolean modifiedTagFound = false;
Pair<Boolean, Tag> pair = new Pair<>(false, null);
for (CellScanner cellScanner = m.cellScanner(); cellScanner.advance(); ) {
pair = checkForReservedVisibilityTagPresence(cellScanner.current(), pair);
if (!pair.getFirst()) {
// Don't disallow reserved tags if authorization is disabled
if (authorizationEnabled) {
miniBatchOp.setOperationStatus(i, new OperationStatus(SANITY_CHECK_FAILURE, "Mutation contains cell with reserved type tag"));
sanityFailure = true;
}
break;
} else {
// Indicates that the cell has a the tag which was modified in the src replication cluster
Tag tag = pair.getSecond();
if (cellVisibility == null && tag != null) {
// May need to store only the first one
cellVisibility = new CellVisibility(TagUtil.getValueAsString(tag));
modifiedTagFound = true;
}
}
}
if (!sanityFailure) {
if (cellVisibility != null) {
String labelsExp = cellVisibility.getExpression();
List<Tag> visibilityTags = labelCache.get(labelsExp);
if (visibilityTags == null) {
// Don't check user auths for labels with Mutations when the user is super user
boolean authCheck = authorizationEnabled && checkAuths && !(isSystemOrSuperUser());
try {
visibilityTags = this.visibilityLabelService.createVisibilityExpTags(labelsExp, true, authCheck);
} catch (InvalidLabelException e) {
miniBatchOp.setOperationStatus(i, new OperationStatus(SANITY_CHECK_FAILURE, e.getMessage()));
}
if (visibilityTags != null) {
labelCache.put(labelsExp, visibilityTags);
}
}
if (visibilityTags != null) {
List<Cell> updatedCells = new ArrayList<>();
for (CellScanner cellScanner = m.cellScanner(); cellScanner.advance(); ) {
Cell cell = cellScanner.current();
List<Tag> tags = CellUtil.getTags(cell);
if (modifiedTagFound) {
// Rewrite the tags by removing the modified tags.
removeReplicationVisibilityTag(tags);
}
tags.addAll(visibilityTags);
Cell updatedCell = CellUtil.createCell(cell, tags);
updatedCells.add(updatedCell);
}
m.getFamilyCellMap().clear();
// Clear and add new Cells to the Mutation.
for (Cell cell : updatedCells) {
if (m instanceof Put) {
Put p = (Put) m;
p.add(cell);
} else if (m instanceof Delete) {
Delete d = (Delete) m;
d.addDeleteMarker(cell);
}
}
}
}
}
}
}
Also used :
Delete(org.apache.hadoop.hbase.client.Delete)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
ByteString(com.google.protobuf.ByteString)
CellScanner(org.apache.hadoop.hbase.CellScanner)
ReplicationEndpoint(org.apache.hadoop.hbase.replication.ReplicationEndpoint)
DeserializationException(org.apache.hadoop.hbase.exceptions.DeserializationException)
Put(org.apache.hadoop.hbase.client.Put)
OperationStatus(org.apache.hadoop.hbase.regionserver.OperationStatus)
List(java.util.List)
FilterList(org.apache.hadoop.hbase.filter.FilterList)
ArrayList(java.util.ArrayList)
Mutation(org.apache.hadoop.hbase.client.Mutation)
Tag(org.apache.hadoop.hbase.Tag)
Cell(org.apache.hadoop.hbase.Cell)
Pair(org.apache.hadoop.hbase.util.Pair)
NameBytesPair(org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.NameBytesPair)
Example 42 with Cell
use of org.apache.hadoop.hbase.Cell in project hbase by apache.
the class VisibilityReplicationEndpoint method replicate.
@Override
public boolean replicate(ReplicateContext replicateContext) {
if (!delegator.canReplicateToSameCluster()) {
// Only when the replication is inter cluster replication we need to
// convert the visibility tags to
// string based tags. But for intra cluster replication like region
// replicas it is not needed.
List<Entry> entries = replicateContext.getEntries();
List<Tag> visTags = new ArrayList<>();
List<Tag> nonVisTags = new ArrayList<>();
List<Entry> newEntries = new ArrayList<>(entries.size());
for (Entry entry : entries) {
WALEdit newEdit = new WALEdit();
ArrayList<Cell> cells = entry.getEdit().getCells();
for (Cell cell : cells) {
if (cell.getTagsLength() > 0) {
visTags.clear();
nonVisTags.clear();
Byte serializationFormat = VisibilityUtils.extractAndPartitionTags(cell, visTags, nonVisTags);
if (!visTags.isEmpty()) {
try {
byte[] modifiedVisExpression = visibilityLabelsService.encodeVisibilityForReplication(visTags, serializationFormat);
if (modifiedVisExpression != null) {
nonVisTags.add(new ArrayBackedTag(TagType.STRING_VIS_TAG_TYPE, modifiedVisExpression));
}
} catch (Exception ioe) {
LOG.error("Exception while reading the visibility labels from the cell. The replication " + "would happen as per the existing format and not as " + "string type for the cell " + cell + ".", ioe);
// just return the old entries as it is without applying the string type change
newEdit.add(cell);
continue;
}
// Recreate the cell with the new tags and the existing tags
Cell newCell = CellUtil.createCell(cell, nonVisTags);
newEdit.add(newCell);
} else {
newEdit.add(cell);
}
} else {
newEdit.add(cell);
}
}
newEntries.add(new Entry(entry.getKey(), newEdit));
}
replicateContext.setEntries(newEntries);
return delegator.replicate(replicateContext);
} else {
return delegator.replicate(replicateContext);
}
}
Also used :
Entry(org.apache.hadoop.hbase.wal.WAL.Entry)
WALEdit(org.apache.hadoop.hbase.regionserver.wal.WALEdit)
ArrayList(java.util.ArrayList)
ArrayBackedTag(org.apache.hadoop.hbase.ArrayBackedTag)
Tag(org.apache.hadoop.hbase.Tag)
ArrayBackedTag(org.apache.hadoop.hbase.ArrayBackedTag)
Cell(org.apache.hadoop.hbase.Cell)
IOException(java.io.IOException)
Example 43 with Cell
use of org.apache.hadoop.hbase.Cell in project hbase by apache.
the class AccessController method preIncrement.
@Override
public Result preIncrement(final ObserverContext<RegionCoprocessorEnvironment> c, final Increment increment) throws IOException {
User user = getActiveUser(c);
checkForReservedTagPresence(user, increment);
// Require WRITE permission to the table, CF, and the KV to be replaced by
// the incremented value
RegionCoprocessorEnvironment env = c.getEnvironment();
Map<byte[], ? extends Collection<Cell>> families = increment.getFamilyCellMap();
AuthResult authResult = permissionGranted(OpType.INCREMENT, user, env, families, Action.WRITE);
logResult(authResult);
if (!authResult.isAllowed()) {
if (cellFeaturesEnabled && !compatibleEarlyTermination) {
increment.setAttribute(CHECK_COVERING_PERM, TRUE);
} else if (authorizationEnabled) {
throw new AccessDeniedException("Insufficient permissions " + authResult.toContextString());
}
}
byte[] bytes = increment.getAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL);
if (bytes != null) {
if (cellFeaturesEnabled) {
addCellPermissions(bytes, increment.getFamilyCellMap());
} else {
throw new DoNotRetryIOException("Cell ACLs cannot be persisted");
}
}
return null;
}
Also used :
RegionCoprocessorEnvironment(org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment)
AccessDeniedException(org.apache.hadoop.hbase.security.AccessDeniedException)
User(org.apache.hadoop.hbase.security.User)
DoNotRetryIOException(org.apache.hadoop.hbase.DoNotRetryIOException)
Cell(org.apache.hadoop.hbase.Cell)
Example 44 with Cell
use of org.apache.hadoop.hbase.Cell in project hbase by apache.
the class AccessController method prePut.
@Override
public void prePut(final ObserverContext<RegionCoprocessorEnvironment> c, final Put put, final WALEdit edit, final Durability durability) throws IOException {
User user = getActiveUser(c);
checkForReservedTagPresence(user, put);
// Require WRITE permission to the table, CF, or top visible value, if any.
// NOTE: We don't need to check the permissions for any earlier Puts
// because we treat the ACLs in each Put as timestamped like any other
// HBase value. A new ACL in a new Put applies to that Put. It doesn't
// change the ACL of any previous Put. This allows simple evolution of
// security policy over time without requiring expensive updates.
RegionCoprocessorEnvironment env = c.getEnvironment();
Map<byte[], ? extends Collection<Cell>> families = put.getFamilyCellMap();
AuthResult authResult = permissionGranted(OpType.PUT, user, env, families, Action.WRITE);
logResult(authResult);
if (!authResult.isAllowed()) {
if (cellFeaturesEnabled && !compatibleEarlyTermination) {
put.setAttribute(CHECK_COVERING_PERM, TRUE);
} else if (authorizationEnabled) {
throw new AccessDeniedException("Insufficient permissions " + authResult.toContextString());
}
}
// Add cell ACLs from the operation to the cells themselves
byte[] bytes = put.getAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL);
if (bytes != null) {
if (cellFeaturesEnabled) {
addCellPermissions(bytes, put.getFamilyCellMap());
} else {
throw new DoNotRetryIOException("Cell ACLs cannot be persisted");
}
}
}
Also used :
RegionCoprocessorEnvironment(org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment)
AccessDeniedException(org.apache.hadoop.hbase.security.AccessDeniedException)
User(org.apache.hadoop.hbase.security.User)
DoNotRetryIOException(org.apache.hadoop.hbase.DoNotRetryIOException)
Cell(org.apache.hadoop.hbase.Cell)
Example 45 with Cell
use of org.apache.hadoop.hbase.Cell in project hbase by apache.
the class CollectionBackedScanner method reseek.
@Override
public boolean reseek(Cell seekCell) {
while (iter.hasNext()) {
Cell next = iter.next();
int ret = comparator.compare(next, seekCell);
if (ret >= 0) {
current = next;
return true;
}
}
return false;
}
Also used :
Cell(org.apache.hadoop.hbase.Cell)
Aggregations
Cell (org.apache.hadoop.hbase.Cell)862
Test (org.junit.Test)326
ArrayList (java.util.ArrayList)323
Scan (org.apache.hadoop.hbase.client.Scan)258
KeyValue (org.apache.hadoop.hbase.KeyValue)220
Result (org.apache.hadoop.hbase.client.Result)203
Put (org.apache.hadoop.hbase.client.Put)159
IOException (java.io.IOException)123
ResultScanner (org.apache.hadoop.hbase.client.ResultScanner)106
Get (org.apache.hadoop.hbase.client.Get)85
Table (org.apache.hadoop.hbase.client.Table)85
List (java.util.List)80
TableName (org.apache.hadoop.hbase.TableName)77
Delete (org.apache.hadoop.hbase.client.Delete)75
CellScanner (org.apache.hadoop.hbase.CellScanner)69
Configuration (org.apache.hadoop.conf.Configuration)62
InterruptedIOException (java.io.InterruptedIOException)48
Map (java.util.Map)45
Path (org.apache.hadoop.fs.Path)45
RegionScanner (org.apache.hadoop.hbase.regionserver.RegionScanner)45
