Example 1 with OperationStatus
use of org.apache.hadoop.hbase.regionserver.OperationStatus in project hbase by apache.
the class VisibilityController method setAuths.
@Override
public synchronized void setAuths(RpcController controller, SetAuthsRequest request, RpcCallback<VisibilityLabelsResponse> done) {
VisibilityLabelsResponse.Builder response = VisibilityLabelsResponse.newBuilder();
List<ByteString> auths = request.getAuthList();
if (!initialized) {
setExceptionResults(auths.size(), new VisibilityControllerNotReadyException("VisibilityController not yet initialized!"), response);
} else {
byte[] user = request.getUser().toByteArray();
List<byte[]> labelAuths = new ArrayList<>(auths.size());
try {
if (authorizationEnabled) {
checkCallingUserAuth();
}
for (ByteString authBS : auths) {
labelAuths.add(authBS.toByteArray());
}
OperationStatus[] opStatus = this.visibilityLabelService.setAuths(user, labelAuths);
logResult(true, "setAuths", "Setting authorization for labels allowed", user, labelAuths, null);
RegionActionResult successResult = RegionActionResult.newBuilder().build();
for (OperationStatus status : opStatus) {
if (status.getOperationStatusCode() == SUCCESS) {
response.addResult(successResult);
} else {
RegionActionResult.Builder failureResultBuilder = RegionActionResult.newBuilder();
failureResultBuilder.setException(buildException(new DoNotRetryIOException(status.getExceptionMsg())));
response.addResult(failureResultBuilder.build());
}
}
} catch (AccessDeniedException e) {
logResult(false, "setAuths", e.getMessage(), user, labelAuths, null);
LOG.error("User is not having required permissions to set authorization", e);
setExceptionResults(auths.size(), e, response);
} catch (IOException e) {
LOG.error(e);
setExceptionResults(auths.size(), e, response);
}
}
done.run(response.build());
}
Also used :
AccessDeniedException(org.apache.hadoop.hbase.security.AccessDeniedException)
DoNotRetryIOException(org.apache.hadoop.hbase.DoNotRetryIOException)
ByteString(com.google.protobuf.ByteString)
ArrayList(java.util.ArrayList)
RegionActionResult(org.apache.hadoop.hbase.protobuf.generated.ClientProtos.RegionActionResult)
DoNotRetryIOException(org.apache.hadoop.hbase.DoNotRetryIOException)
IOException(java.io.IOException)
OperationStatus(org.apache.hadoop.hbase.regionserver.OperationStatus)
VisibilityLabelsResponse(org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)
Example 2 with OperationStatus
use of org.apache.hadoop.hbase.regionserver.OperationStatus in project hbase by apache.
the class VisibilityController method preBatchMutate.
@Override
public void preBatchMutate(ObserverContext<RegionCoprocessorEnvironment> c, MiniBatchOperationInProgress<Mutation> miniBatchOp) throws IOException {
if (c.getEnvironment().getRegion().getRegionInfo().getTable().isSystemTable()) {
return;
}
// TODO this can be made as a global LRU cache at HRS level?
Map<String, List<Tag>> labelCache = new HashMap<>();
for (int i = 0; i < miniBatchOp.size(); i++) {
Mutation m = miniBatchOp.getOperation(i);
CellVisibility cellVisibility = null;
try {
cellVisibility = m.getCellVisibility();
} catch (DeserializationException de) {
miniBatchOp.setOperationStatus(i, new OperationStatus(SANITY_CHECK_FAILURE, de.getMessage()));
continue;
}
boolean sanityFailure = false;
boolean modifiedTagFound = false;
Pair<Boolean, Tag> pair = new Pair<>(false, null);
for (CellScanner cellScanner = m.cellScanner(); cellScanner.advance(); ) {
pair = checkForReservedVisibilityTagPresence(cellScanner.current(), pair);
if (!pair.getFirst()) {
// Don't disallow reserved tags if authorization is disabled
if (authorizationEnabled) {
miniBatchOp.setOperationStatus(i, new OperationStatus(SANITY_CHECK_FAILURE, "Mutation contains cell with reserved type tag"));
sanityFailure = true;
}
break;
} else {
// Indicates that the cell has a the tag which was modified in the src replication cluster
Tag tag = pair.getSecond();
if (cellVisibility == null && tag != null) {
// May need to store only the first one
cellVisibility = new CellVisibility(TagUtil.getValueAsString(tag));
modifiedTagFound = true;
}
}
}
if (!sanityFailure) {
if (cellVisibility != null) {
String labelsExp = cellVisibility.getExpression();
List<Tag> visibilityTags = labelCache.get(labelsExp);
if (visibilityTags == null) {
// Don't check user auths for labels with Mutations when the user is super user
boolean authCheck = authorizationEnabled && checkAuths && !(isSystemOrSuperUser());
try {
visibilityTags = this.visibilityLabelService.createVisibilityExpTags(labelsExp, true, authCheck);
} catch (InvalidLabelException e) {
miniBatchOp.setOperationStatus(i, new OperationStatus(SANITY_CHECK_FAILURE, e.getMessage()));
}
if (visibilityTags != null) {
labelCache.put(labelsExp, visibilityTags);
}
}
if (visibilityTags != null) {
List<Cell> updatedCells = new ArrayList<>();
for (CellScanner cellScanner = m.cellScanner(); cellScanner.advance(); ) {
Cell cell = cellScanner.current();
List<Tag> tags = CellUtil.getTags(cell);
if (modifiedTagFound) {
// Rewrite the tags by removing the modified tags.
removeReplicationVisibilityTag(tags);
}
tags.addAll(visibilityTags);
Cell updatedCell = CellUtil.createCell(cell, tags);
updatedCells.add(updatedCell);
}
m.getFamilyCellMap().clear();
// Clear and add new Cells to the Mutation.
for (Cell cell : updatedCells) {
if (m instanceof Put) {
Put p = (Put) m;
p.add(cell);
} else if (m instanceof Delete) {
Delete d = (Delete) m;
d.addDeleteMarker(cell);
}
}
}
}
}
}
}
Also used :
Delete(org.apache.hadoop.hbase.client.Delete)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
ByteString(com.google.protobuf.ByteString)
CellScanner(org.apache.hadoop.hbase.CellScanner)
ReplicationEndpoint(org.apache.hadoop.hbase.replication.ReplicationEndpoint)
DeserializationException(org.apache.hadoop.hbase.exceptions.DeserializationException)
Put(org.apache.hadoop.hbase.client.Put)
OperationStatus(org.apache.hadoop.hbase.regionserver.OperationStatus)
List(java.util.List)
FilterList(org.apache.hadoop.hbase.filter.FilterList)
ArrayList(java.util.ArrayList)
Mutation(org.apache.hadoop.hbase.client.Mutation)
Tag(org.apache.hadoop.hbase.Tag)
Cell(org.apache.hadoop.hbase.Cell)
Pair(org.apache.hadoop.hbase.util.Pair)
NameBytesPair(org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.NameBytesPair)
Example 3 with OperationStatus
use of org.apache.hadoop.hbase.regionserver.OperationStatus in project hbase by apache.
the class DefaultVisibilityLabelServiceImpl method mutateLabelsRegion.
/**
* Adds the mutations to labels region and set the results to the finalOpStatus. finalOpStatus
* might have some entries in it where the OpStatus is FAILURE. We will leave those and set in
* others in the order.
* @param mutations
* @param finalOpStatus
* @return whether we need a ZK update or not.
*/
private boolean mutateLabelsRegion(List<Mutation> mutations, OperationStatus[] finalOpStatus) throws IOException {
OperationStatus[] opStatus = this.labelsRegion.batchMutate(mutations.toArray(new Mutation[mutations.size()]), HConstants.NO_NONCE, HConstants.NO_NONCE);
int i = 0;
boolean updateZk = false;
for (OperationStatus status : opStatus) {
// Update the zk when atleast one of the mutation was added successfully.
updateZk = updateZk || (status.getOperationStatusCode() == OperationStatusCode.SUCCESS);
for (; i < finalOpStatus.length; i++) {
if (finalOpStatus[i] == null) {
finalOpStatus[i] = status;
break;
}
}
}
return updateZk;
}
Also used :
OperationStatus(org.apache.hadoop.hbase.regionserver.OperationStatus)
Mutation(org.apache.hadoop.hbase.client.Mutation)
Example 4 with OperationStatus
use of org.apache.hadoop.hbase.regionserver.OperationStatus in project hbase by apache.
the class DefaultVisibilityLabelServiceImpl method setAuths.
@Override
public OperationStatus[] setAuths(byte[] user, List<byte[]> authLabels) throws IOException {
assert labelsRegion != null;
OperationStatus[] finalOpStatus = new OperationStatus[authLabels.size()];
List<Mutation> puts = new ArrayList<>(authLabels.size());
int i = 0;
for (byte[] auth : authLabels) {
String authStr = Bytes.toString(auth);
int labelOrdinal = this.labelsCache.getLabelOrdinal(authStr);
if (labelOrdinal == 0) {
// This label is not yet added. 1st this should be added to the system
finalOpStatus[i] = new OperationStatus(OperationStatusCode.FAILURE, new InvalidLabelException("Label '" + authStr + "' doesn't exists"));
} else {
Put p = new Put(Bytes.toBytes(labelOrdinal));
p.addImmutable(LABELS_TABLE_FAMILY, user, DUMMY_VALUE, LABELS_TABLE_TAGS);
puts.add(p);
}
i++;
}
if (mutateLabelsRegion(puts, finalOpStatus)) {
updateZk(false);
}
return finalOpStatus;
}
Also used :
OperationStatus(org.apache.hadoop.hbase.regionserver.OperationStatus)
ArrayList(java.util.ArrayList)
Mutation(org.apache.hadoop.hbase.client.Mutation)
Put(org.apache.hadoop.hbase.client.Put)
Example 5 with OperationStatus
use of org.apache.hadoop.hbase.regionserver.OperationStatus in project hbase by apache.
the class DefaultVisibilityLabelServiceImpl method clearAuths.
@Override
public OperationStatus[] clearAuths(byte[] user, List<byte[]> authLabels) throws IOException {
assert labelsRegion != null;
OperationStatus[] finalOpStatus = new OperationStatus[authLabels.size()];
List<String> currentAuths;
if (AuthUtil.isGroupPrincipal(Bytes.toString(user))) {
String group = AuthUtil.getGroupName(Bytes.toString(user));
currentAuths = this.getGroupAuths(new String[] { group }, true);
} else {
currentAuths = this.getUserAuths(user, true);
}
List<Mutation> deletes = new ArrayList<>(authLabels.size());
int i = 0;
for (byte[] authLabel : authLabels) {
String authLabelStr = Bytes.toString(authLabel);
if (currentAuths.contains(authLabelStr)) {
int labelOrdinal = this.labelsCache.getLabelOrdinal(authLabelStr);
assert labelOrdinal > 0;
Delete d = new Delete(Bytes.toBytes(labelOrdinal));
d.addColumns(LABELS_TABLE_FAMILY, user);
deletes.add(d);
} else {
// This label is not set for the user.
finalOpStatus[i] = new OperationStatus(OperationStatusCode.FAILURE, new InvalidLabelException("Label '" + authLabelStr + "' is not set for the user " + Bytes.toString(user)));
}
i++;
}
if (mutateLabelsRegion(deletes, finalOpStatus)) {
updateZk(false);
}
return finalOpStatus;
}
Also used :
Delete(org.apache.hadoop.hbase.client.Delete)
OperationStatus(org.apache.hadoop.hbase.regionserver.OperationStatus)
ArrayList(java.util.ArrayList)
Mutation(org.apache.hadoop.hbase.client.Mutation)
Aggregations
OperationStatus (org.apache.hadoop.hbase.regionserver.OperationStatus)11
ArrayList (java.util.ArrayList)8
Mutation (org.apache.hadoop.hbase.client.Mutation)6
IOException (java.io.IOException)4
Put (org.apache.hadoop.hbase.client.Put)4
ByteString (com.google.protobuf.ByteString)3
DoNotRetryIOException (org.apache.hadoop.hbase.DoNotRetryIOException)3
Delete (org.apache.hadoop.hbase.client.Delete)3
RegionActionResult (org.apache.hadoop.hbase.protobuf.generated.ClientProtos.RegionActionResult)3
VisibilityLabelsResponse (org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsResponse)3
AccessDeniedException (org.apache.hadoop.hbase.security.AccessDeniedException)3
List (java.util.List)2
Cell (org.apache.hadoop.hbase.Cell)2
ReplicationEndpoint (org.apache.hadoop.hbase.replication.ReplicationEndpoint)2
HashMap (java.util.HashMap)1
CellScanner (org.apache.hadoop.hbase.CellScanner)1
Tag (org.apache.hadoop.hbase.Tag)1
Scan (org.apache.hadoop.hbase.client.Scan)1
CoprocessorException (org.apache.hadoop.hbase.coprocessor.CoprocessorException)1
DeleteType (org.apache.hadoop.hbase.coprocessor.example.generated.BulkDeleteProtos.BulkDeleteRequest.DeleteType)1
