Examples with RegionCoprocessorEnvironment org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment used on opensource projects

Example 6 with RegionCoprocessorEnvironment

use of org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment in project hbase by apache.

the class AccessController method prePut.

@Override
public void prePut(final ObserverContext<RegionCoprocessorEnvironment> c, final Put put, final WALEdit edit, final Durability durability) throws IOException {
    User user = getActiveUser(c);
    checkForReservedTagPresence(user, put);
    // Require WRITE permission to the table, CF, or top visible value, if any.
    // NOTE: We don't need to check the permissions for any earlier Puts
    // because we treat the ACLs in each Put as timestamped like any other
    // HBase value. A new ACL in a new Put applies to that Put. It doesn't
    // change the ACL of any previous Put. This allows simple evolution of
    // security policy over time without requiring expensive updates.
    RegionCoprocessorEnvironment env = c.getEnvironment();
    Map<byte[], ? extends Collection<Cell>> families = put.getFamilyCellMap();
    AuthResult authResult = permissionGranted(OpType.PUT, user, env, families, Action.WRITE);
    logResult(authResult);
    if (!authResult.isAllowed()) {
        if (cellFeaturesEnabled && !compatibleEarlyTermination) {
            put.setAttribute(CHECK_COVERING_PERM, TRUE);
        } else if (authorizationEnabled) {
            throw new AccessDeniedException("Insufficient permissions " + authResult.toContextString());
        }
    }
    // Add cell ACLs from the operation to the cells themselves
    byte[] bytes = put.getAttribute(AccessControlConstants.OP_ATTRIBUTE_ACL);
    if (bytes != null) {
        if (cellFeaturesEnabled) {
            addCellPermissions(bytes, put.getFamilyCellMap());
        } else {
            throw new DoNotRetryIOException("Cell ACLs cannot be persisted");
        }
    }
}

Example 7 with RegionCoprocessorEnvironment

use of org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment in project hbase by apache.

the class AccessController method start.

/* ---- MasterObserver implementation ---- */
@Override
public void start(CoprocessorEnvironment env) throws IOException {
    CompoundConfiguration conf = new CompoundConfiguration();
    conf.add(env.getConfiguration());
    authorizationEnabled = isAuthorizationSupported(conf);
    if (!authorizationEnabled) {
        LOG.warn("The AccessController has been loaded with authorization checks disabled.");
    }
    shouldCheckExecPermission = conf.getBoolean(AccessControlConstants.EXEC_PERMISSION_CHECKS_KEY, AccessControlConstants.DEFAULT_EXEC_PERMISSION_CHECKS);
    cellFeaturesEnabled = (HFile.getFormatVersion(conf) >= HFile.MIN_FORMAT_VERSION_WITH_TAGS);
    if (!cellFeaturesEnabled) {
        LOG.info("A minimum HFile version of " + HFile.MIN_FORMAT_VERSION_WITH_TAGS + " is required to persist cell ACLs. Consider setting " + HFile.FORMAT_VERSION_KEY + " accordingly.");
    }
    ZooKeeperWatcher zk = null;
    if (env instanceof MasterCoprocessorEnvironment) {
        // if running on HMaster
        MasterCoprocessorEnvironment mEnv = (MasterCoprocessorEnvironment) env;
        zk = mEnv.getMasterServices().getZooKeeper();
    } else if (env instanceof RegionServerCoprocessorEnvironment) {
        RegionServerCoprocessorEnvironment rsEnv = (RegionServerCoprocessorEnvironment) env;
        zk = rsEnv.getRegionServerServices().getZooKeeper();
    } else if (env instanceof RegionCoprocessorEnvironment) {
        // if running at region
        regionEnv = (RegionCoprocessorEnvironment) env;
        conf.addStringMap(regionEnv.getRegion().getTableDesc().getConfiguration());
        zk = regionEnv.getRegionServerServices().getZooKeeper();
        compatibleEarlyTermination = conf.getBoolean(AccessControlConstants.CF_ATTRIBUTE_EARLY_OUT, AccessControlConstants.DEFAULT_ATTRIBUTE_EARLY_OUT);
    }
    // set the user-provider.
    this.userProvider = UserProvider.instantiate(env.getConfiguration());
    // throw RuntimeException so that the coprocessor is unloaded.
    if (zk != null) {
        try {
            this.authManager = TableAuthManager.getOrCreate(zk, env.getConfiguration());
        } catch (IOException ioe) {
            throw new RuntimeException("Error obtaining TableAuthManager", ioe);
        }
    } else {
        throw new RuntimeException("Error obtaining TableAuthManager, zk found null.");
    }
    tableAcls = new MapMaker().weakValues().makeMap();
}

Example 8 with RegionCoprocessorEnvironment

use of org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment in project hbase by apache.

the class TokenProvider method start.

@Override
public void start(CoprocessorEnvironment env) {
    // if running at region
    if (env instanceof RegionCoprocessorEnvironment) {
        RegionCoprocessorEnvironment regionEnv = (RegionCoprocessorEnvironment) env;
        RpcServerInterface server = regionEnv.getRegionServerServices().getRpcServer();
        SecretManager<?> mgr = ((RpcServer) server).getSecretManager();
        if (mgr instanceof AuthenticationTokenSecretManager) {
            secretManager = (AuthenticationTokenSecretManager) mgr;
        }
    }
}

Example 9 with RegionCoprocessorEnvironment

use of org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment in project hbase by apache.

the class ConstraintProcessor method start.

@Override
public void start(CoprocessorEnvironment environment) {
    // make sure we are on a region server
    if (!(environment instanceof RegionCoprocessorEnvironment)) {
        throw new IllegalArgumentException("Constraints only act on regions - started in an environment that was not a region");
    }
    RegionCoprocessorEnvironment env = (RegionCoprocessorEnvironment) environment;
    HTableDescriptor desc = env.getRegion().getTableDesc();
    // load all the constraints from the HTD
    try {
        this.constraints = Constraints.getConstraints(desc, classloader);
    } catch (IOException e) {
        throw new IllegalArgumentException(e);
    }
    if (LOG.isInfoEnabled()) {
        LOG.info("Finished loading " + constraints.size() + " user Constraints on table: " + desc.getTableName());
    }
}

Example 10 with RegionCoprocessorEnvironment

use of org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment in project hbase by apache.

the class SecureBulkLoadManager method prepareBulkLoad.

public String prepareBulkLoad(final Region region, final PrepareBulkLoadRequest request) throws IOException {
    List<BulkLoadObserver> bulkLoadObservers = getBulkLoadObservers(region);
    if (bulkLoadObservers != null && bulkLoadObservers.size() != 0) {
        ObserverContext<RegionCoprocessorEnvironment> ctx = new ObserverContext<>(getActiveUser());
        ctx.prepare((RegionCoprocessorEnvironment) region.getCoprocessorHost().findCoprocessorEnvironment(BulkLoadObserver.class).get(0));
        for (BulkLoadObserver bulkLoadObserver : bulkLoadObservers) {
            bulkLoadObserver.prePrepareBulkLoad(ctx, request);
        }
    }
    String bulkToken = createStagingDir(baseStagingDir, getActiveUser(), region.getTableDesc().getTableName()).toString();
    return bulkToken;
}