Examples with OperationStatus org.apache.hadoop.hbase.regionserver.OperationStatus used on opensource projects

Example 6 with OperationStatus

use of org.apache.hadoop.hbase.regionserver.OperationStatus in project hbase by apache.

the class DefaultVisibilityLabelServiceImpl method addLabels.

@Override
public OperationStatus[] addLabels(List<byte[]> labels) throws IOException {
    assert labelsRegion != null;
    OperationStatus[] finalOpStatus = new OperationStatus[labels.size()];
    List<Mutation> puts = new ArrayList<>(labels.size());
    int i = 0;
    for (byte[] label : labels) {
        String labelStr = Bytes.toString(label);
        if (this.labelsCache.getLabelOrdinal(labelStr) > 0) {
            finalOpStatus[i] = new OperationStatus(OperationStatusCode.FAILURE, new LabelAlreadyExistsException("Label '" + labelStr + "' already exists"));
        } else {
            Put p = new Put(Bytes.toBytes(ordinalCounter.get()));
            p.addImmutable(LABELS_TABLE_FAMILY, LABEL_QUALIFIER, label, LABELS_TABLE_TAGS);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Adding the label " + labelStr);
            }
            puts.add(p);
            ordinalCounter.incrementAndGet();
        }
        i++;
    }
    if (mutateLabelsRegion(puts, finalOpStatus)) {
        updateZk(true);
    }
    return finalOpStatus;
}

Example 7 with OperationStatus

use of org.apache.hadoop.hbase.regionserver.OperationStatus in project hbase by apache.

the class VisibilityController method addLabels.

/****************************** VisibilityEndpoint service related methods ******************************/
@Override
public synchronized void addLabels(RpcController controller, VisibilityLabelsRequest request, RpcCallback<VisibilityLabelsResponse> done) {
    VisibilityLabelsResponse.Builder response = VisibilityLabelsResponse.newBuilder();
    List<VisibilityLabel> visLabels = request.getVisLabelList();
    if (!initialized) {
        setExceptionResults(visLabels.size(), new VisibilityControllerNotReadyException("VisibilityController not yet initialized!"), response);
    } else {
        List<byte[]> labels = new ArrayList<>(visLabels.size());
        try {
            if (authorizationEnabled) {
                checkCallingUserAuth();
            }
            RegionActionResult successResult = RegionActionResult.newBuilder().build();
            for (VisibilityLabel visLabel : visLabels) {
                byte[] label = visLabel.getLabel().toByteArray();
                labels.add(label);
                // Just mark as success. Later it will get reset
                response.addResult(successResult);
            // based on the result from
            // visibilityLabelService.addLabels ()
            }
            if (!labels.isEmpty()) {
                OperationStatus[] opStatus = this.visibilityLabelService.addLabels(labels);
                logResult(true, "addLabels", "Adding labels allowed", null, labels, null);
                int i = 0;
                for (OperationStatus status : opStatus) {
                    while (response.getResult(i) != successResult) i++;
                    if (status.getOperationStatusCode() != SUCCESS) {
                        RegionActionResult.Builder failureResultBuilder = RegionActionResult.newBuilder();
                        failureResultBuilder.setException(buildException(new DoNotRetryIOException(status.getExceptionMsg())));
                        response.setResult(i, failureResultBuilder.build());
                    }
                    i++;
                }
            }
        } catch (AccessDeniedException e) {
            logResult(false, "addLabels", e.getMessage(), null, labels, null);
            LOG.error("User is not having required permissions to add labels", e);
            setExceptionResults(visLabels.size(), e, response);
        } catch (IOException e) {
            LOG.error(e);
            setExceptionResults(visLabels.size(), e, response);
        }
    }
    done.run(response.build());
}

Example 8 with OperationStatus

use of org.apache.hadoop.hbase.regionserver.OperationStatus in project hbase by apache.

the class VisibilityController method clearAuths.

@Override
public synchronized void clearAuths(RpcController controller, SetAuthsRequest request, RpcCallback<VisibilityLabelsResponse> done) {
    VisibilityLabelsResponse.Builder response = VisibilityLabelsResponse.newBuilder();
    List<ByteString> auths = request.getAuthList();
    if (!initialized) {
        setExceptionResults(auths.size(), new CoprocessorException("VisibilityController not yet initialized"), response);
    } else {
        byte[] requestUser = request.getUser().toByteArray();
        List<byte[]> labelAuths = new ArrayList<>(auths.size());
        try {
            // When AC is ON, do AC based user auth check
            if (authorizationEnabled && accessControllerAvailable && !isSystemOrSuperUser()) {
                User user = VisibilityUtils.getActiveUser();
                throw new AccessDeniedException("User '" + (user != null ? user.getShortName() : "null") + " is not authorized to perform this action.");
            }
            if (authorizationEnabled) {
                // When AC is not in place the calling user should have
                checkCallingUserAuth();
            // SYSTEM_LABEL auth to do this action.
            }
            for (ByteString authBS : auths) {
                labelAuths.add(authBS.toByteArray());
            }
            OperationStatus[] opStatus = this.visibilityLabelService.clearAuths(requestUser, labelAuths);
            logResult(true, "clearAuths", "Removing authorization for labels allowed", requestUser, labelAuths, null);
            RegionActionResult successResult = RegionActionResult.newBuilder().build();
            for (OperationStatus status : opStatus) {
                if (status.getOperationStatusCode() == SUCCESS) {
                    response.addResult(successResult);
                } else {
                    RegionActionResult.Builder failureResultBuilder = RegionActionResult.newBuilder();
                    failureResultBuilder.setException(buildException(new DoNotRetryIOException(status.getExceptionMsg())));
                    response.addResult(failureResultBuilder.build());
                }
            }
        } catch (AccessDeniedException e) {
            logResult(false, "clearAuths", e.getMessage(), requestUser, labelAuths, null);
            LOG.error("User is not having required permissions to clear authorization", e);
            setExceptionResults(auths.size(), e, response);
        } catch (IOException e) {
            LOG.error(e);
            setExceptionResults(auths.size(), e, response);
        }
    }
    done.run(response.build());
}

Example 9 with OperationStatus

use of org.apache.hadoop.hbase.regionserver.OperationStatus in project hbase by apache.

the class ExpAsStringVisibilityLabelServiceImpl method setAuths.

@Override
public OperationStatus[] setAuths(byte[] user, List<byte[]> authLabels) throws IOException {
    assert labelsRegion != null;
    OperationStatus[] finalOpStatus = new OperationStatus[authLabels.size()];
    Put p = new Put(user);
    for (byte[] auth : authLabels) {
        p.addImmutable(LABELS_TABLE_FAMILY, auth, DUMMY_VALUE);
    }
    this.labelsRegion.put(p);
    // This is a testing impl and so not doing any caching
    for (int i = 0; i < authLabels.size(); i++) {
        finalOpStatus[i] = new OperationStatus(OperationStatusCode.SUCCESS);
    }
    return finalOpStatus;
}

Example 10 with OperationStatus

use of org.apache.hadoop.hbase.regionserver.OperationStatus in project hbase by apache.

the class ExpAsStringVisibilityLabelServiceImpl method clearAuths.

@Override
public OperationStatus[] clearAuths(byte[] user, List<byte[]> authLabels) throws IOException {
    assert labelsRegion != null;
    OperationStatus[] finalOpStatus = new OperationStatus[authLabels.size()];
    List<String> currentAuths;
    if (AuthUtil.isGroupPrincipal(Bytes.toString(user))) {
        String group = AuthUtil.getGroupName(Bytes.toString(user));
        currentAuths = this.getGroupAuths(new String[] { group }, true);
    } else {
        currentAuths = this.getUserAuths(user, true);
    }
    Delete d = new Delete(user);
    int i = 0;
    for (byte[] authLabel : authLabels) {
        String authLabelStr = Bytes.toString(authLabel);
        if (currentAuths.contains(authLabelStr)) {
            d.addColumns(LABELS_TABLE_FAMILY, authLabel);
        } else {
            // This label is not set for the user.
            finalOpStatus[i] = new OperationStatus(OperationStatusCode.FAILURE, new InvalidLabelException("Label '" + authLabelStr + "' is not set for the user " + Bytes.toString(user)));
        }
        i++;
    }
    this.labelsRegion.delete(d);
    // This is a testing impl and so not doing any caching
    for (i = 0; i < authLabels.size(); i++) {
        if (finalOpStatus[i] == null) {
            finalOpStatus[i] = new OperationStatus(OperationStatusCode.SUCCESS);
        }
    }
    return finalOpStatus;
}