Examples with UserPermission org.apache.hadoop.hbase.security.access.UserPermission used on opensource projects

Search in sources :

Example 6 with UserPermission

use of org.apache.hadoop.hbase.security.access.UserPermission in project hbase by apache.

the class MasterRpcServices method grant.

@Override
public GrantResponse grant(RpcController controller, GrantRequest request) throws ServiceException {
    try {
        server.checkInitialized();
        if (server.cpHost != null && hasAccessControlServiceCoprocessor(server.cpHost)) {
            final UserPermission perm = ShadedAccessControlUtil.toUserPermission(request.getUserPermission());
            boolean mergeExistingPermissions = request.getMergeExistingPermissions();
            server.cpHost.preGrant(perm, mergeExistingPermissions);
            try (Table table = server.getConnection().getTable(PermissionStorage.ACL_TABLE_NAME)) {
                PermissionStorage.addUserPermission(getConfiguration(), perm, table, mergeExistingPermissions);
            }
            server.cpHost.postGrant(perm, mergeExistingPermissions);
            User caller = RpcServer.getRequestUser().orElse(null);
            if (AUDITLOG.isTraceEnabled()) {
                // audit log should store permission changes in addition to auth results
                String remoteAddress = RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("");
                AUDITLOG.trace("User {} (remote address: {}) granted permission {}", caller, remoteAddress, perm);
            }
            return GrantResponse.getDefaultInstance();
        } else {
            throw new DoNotRetryIOException(new UnsupportedOperationException(AccessController.class.getName() + " is not loaded"));
        }
    } catch (IOException ioe) {
        throw new ServiceException(ioe);
    }
}
Also used : Table(org.apache.hadoop.hbase.client.Table) InputUser(org.apache.hadoop.hbase.security.access.AccessChecker.InputUser) User(org.apache.hadoop.hbase.security.User) AccessController(org.apache.hadoop.hbase.security.access.AccessController) ServiceException(org.apache.hbase.thirdparty.com.google.protobuf.ServiceException) DoNotRetryIOException(org.apache.hadoop.hbase.DoNotRetryIOException) ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString) IOException(java.io.IOException) DoNotRetryIOException(org.apache.hadoop.hbase.DoNotRetryIOException) UserPermission(org.apache.hadoop.hbase.security.access.UserPermission)

Example 7 with UserPermission

use of org.apache.hadoop.hbase.security.access.UserPermission in project hbase by apache.

the class MasterRpcServices method getUserPermissions.

@Override
public GetUserPermissionsResponse getUserPermissions(RpcController controller, GetUserPermissionsRequest request) throws ServiceException {
    try {
        server.checkInitialized();
        if (server.cpHost != null && hasAccessControlServiceCoprocessor(server.cpHost)) {
            final String userName = request.hasUserName() ? request.getUserName().toStringUtf8() : null;
            String namespace = request.hasNamespaceName() ? request.getNamespaceName().toStringUtf8() : null;
            TableName table = request.hasTableName() ? ProtobufUtil.toTableName(request.getTableName()) : null;
            byte[] cf = request.hasColumnFamily() ? request.getColumnFamily().toByteArray() : null;
            byte[] cq = request.hasColumnQualifier() ? request.getColumnQualifier().toByteArray() : null;
            Type permissionType = request.hasType() ? request.getType() : null;
            server.getMasterCoprocessorHost().preGetUserPermissions(userName, namespace, table, cf, cq);
            List<UserPermission> perms = null;
            if (permissionType == Type.Table) {
                boolean filter = (cf != null || userName != null) ? true : false;
                perms = PermissionStorage.getUserTablePermissions(server.getConfiguration(), table, cf, cq, userName, filter);
            } else if (permissionType == Type.Namespace) {
                perms = PermissionStorage.getUserNamespacePermissions(server.getConfiguration(), namespace, userName, userName != null ? true : false);
            } else {
                perms = PermissionStorage.getUserPermissions(server.getConfiguration(), null, null, null, userName, userName != null ? true : false);
                // Skip super users when filter user is specified
                if (userName == null) {
                    // will help in avoiding any leakage of information about being superusers.
                    for (String user : Superusers.getSuperUsers()) {
                        perms.add(new UserPermission(user, Permission.newBuilder().withActions(Action.values()).build()));
                    }
                }
            }
            server.getMasterCoprocessorHost().postGetUserPermissions(userName, namespace, table, cf, cq);
            AccessControlProtos.GetUserPermissionsResponse response = ShadedAccessControlUtil.buildGetUserPermissionsResponse(perms);
            return response;
        } else {
            throw new DoNotRetryIOException(new UnsupportedOperationException(AccessController.class.getName() + " is not loaded"));
        }
    } catch (IOException ioe) {
        throw new ServiceException(ioe);
    }
}
Also used : DoNotRetryIOException(org.apache.hadoop.hbase.DoNotRetryIOException) ByteString(org.apache.hbase.thirdparty.com.google.protobuf.ByteString) IOException(java.io.IOException) DoNotRetryIOException(org.apache.hadoop.hbase.DoNotRetryIOException) GetUserPermissionsResponse(org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.GetUserPermissionsResponse) TableName(org.apache.hadoop.hbase.TableName) AccessControlProtos(org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos) RegionSpecifierType(org.apache.hadoop.hbase.shaded.protobuf.generated.HBaseProtos.RegionSpecifier.RegionSpecifierType) MasterSwitchType(org.apache.hadoop.hbase.client.MasterSwitchType) LockType(org.apache.hadoop.hbase.procedure2.LockType) ServerType(org.apache.hadoop.hbase.util.DNS.ServerType) Type(org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.Permission.Type) AccessController(org.apache.hadoop.hbase.security.access.AccessController) ServiceException(org.apache.hbase.thirdparty.com.google.protobuf.ServiceException) UserPermission(org.apache.hadoop.hbase.security.access.UserPermission)

Example 8 with UserPermission

use of org.apache.hadoop.hbase.security.access.UserPermission in project hbase by apache.

the class TestThriftHBaseServiceHandler method testPerformTablePermissions.

@Test
public void testPerformTablePermissions() throws Throwable {
    // initialize fake objects.
    String fakeUser = "user";
    TAccessControlEntity tce = new TAccessControlEntity();
    tce.setActions("R");
    tce.setTableName(Bytes.toString(tableAname));
    tce.setScope(TPermissionScope.TABLE);
    tce.setUsername(fakeUser);
    ThriftHBaseServiceHandler handler = createHandler();
    handler.grant(tce);
    List<UserPermission> permissionList = AccessControlClient.getUserPermissions(UTIL.getConnection(), Bytes.toString(tableAname), fakeUser);
    // we only grant one R permission
    assertEquals(permissionList.size(), 1);
    Permission.Action[] actions = permissionList.get(0).getPermission().getActions();
    assertEquals(actions.length, 1);
    assertEquals(actions[0], Permission.Action.READ);
    // than revoke the permission
    handler.revoke(tce);
    permissionList = AccessControlClient.getUserPermissions(UTIL.getConnection(), Bytes.toString(tableAname), fakeUser);
    // it should return an empty list
    assertEquals(0, permissionList.size());
}
Also used : TAccessControlEntity(org.apache.hadoop.hbase.thrift2.generated.TAccessControlEntity) UserPermission(org.apache.hadoop.hbase.security.access.UserPermission) Test(org.junit.Test)

Example 9 with UserPermission

use of org.apache.hadoop.hbase.security.access.UserPermission in project ranger by apache.

the class HBaseRangerAuthorizationTest method testGetUserPermission.

@Test
public void testGetUserPermission() throws Throwable {
    final Configuration conf = HBaseConfiguration.create();
    conf.set("hbase.zookeeper.quorum", "localhost");
    conf.set("hbase.zookeeper.property.clientPort", "" + port);
    conf.set("zookeeper.znode.parent", "/hbase-unsecure");
    String user = "IT";
    UserGroupInformation ugi = UserGroupInformation.createUserForTesting(user, new String[] { "IT" });
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                AccessControlClient.getUserPermissions(conn, "temp");
                Assert.fail();
            } catch (Throwable e) {
            // expected
            }
            return null;
        }
    });
    user = "QA";
    ugi = UserGroupInformation.createUserForTesting(user, new String[] { "QA" });
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        public Void run() throws Exception {
            List<UserPermission> userPermissions;
            try (Connection conn = ConnectionFactory.createConnection(conf)) {
                userPermissions = AccessControlClient.getUserPermissions(conn, "@test_namespace");
            } catch (Throwable e) {
                throw new Exception(e);
            }
            boolean found = false;
            for (UserPermission namespacePermission : userPermissions) {
                if (namespacePermission.getPermission() instanceof NamespacePermission) {
                    found = StringUtils.equals(namespacePermission.getUser(), "@QA");
                    if (found) {
                        break;
                    }
                }
            }
            Assert.assertTrue("QA is not found", found);
            return null;
        }
    });
    List<UserPermission> userPermissions;
    try (Connection conn = ConnectionFactory.createConnection(conf)) {
        userPermissions = AccessControlClient.getUserPermissions(conn, "temp5");
    } catch (Throwable e) {
        throw new Exception(e);
    }
    UserPermission userPermission = new UserPermission("@IT", Permission.newBuilder(TableName.valueOf("temp5")).withActions(Permission.Action.READ, Permission.Action.WRITE, Permission.Action.EXEC).build());
    Assert.assertTrue("@IT permission should be there", userPermissions.contains(userPermission));
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) HBaseConfiguration(org.apache.hadoop.hbase.HBaseConfiguration) Connection(org.apache.hadoop.hbase.client.Connection) List(java.util.List) IOException(java.io.IOException) NamespacePermission(org.apache.hadoop.hbase.security.access.NamespacePermission) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) UserPermission(org.apache.hadoop.hbase.security.access.UserPermission) Test(org.junit.Test)

Aggregations

UserPermission (org.apache.hadoop.hbase.security.access.UserPermission)9 IOException (java.io.IOException)4 User (org.apache.hadoop.hbase.security.User)4 Test (org.junit.Test)4 DoNotRetryIOException (org.apache.hadoop.hbase.DoNotRetryIOException)3 TableName (org.apache.hadoop.hbase.TableName)3 AccessController (org.apache.hadoop.hbase.security.access.AccessController)3 ByteString (org.apache.hbase.thirdparty.com.google.protobuf.ByteString)3 ServiceException (org.apache.hbase.thirdparty.com.google.protobuf.ServiceException)3 Table (org.apache.hadoop.hbase.client.Table)2 InputUser (org.apache.hadoop.hbase.security.access.AccessChecker.InputUser)2 TAccessControlEntity (org.apache.hadoop.hbase.thrift2.generated.TAccessControlEntity)2 ByteString (com.google.protobuf.ByteString)1 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Configuration (org.apache.hadoop.conf.Configuration)1 HBaseConfiguration (org.apache.hadoop.hbase.HBaseConfiguration)1 HColumnDescriptor (org.apache.hadoop.hbase.HColumnDescriptor)1 HTableDescriptor (org.apache.hadoop.hbase.HTableDescriptor)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial