Class VisibilityUtils
java.lang.Object
org.apache.hadoop.hbase.security.visibility.VisibilityUtils
Utility method to support visibility
-
Field Summary
Modifier and TypeFieldDescriptionprivate static final String
private static final ExpressionExpander
private static final ExpressionParser
private static final org.slf4j.Logger
static final Tag
static final String
static final String
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprivate static void
checkAuths
(Set<Integer> auths, int labelOrdinal, String identifier, boolean checkAuths) createVisibilityExpTags
(String visExpression, boolean withSerializationFormat, boolean checkAuths, Set<Integer> auths, VisibilityLabelOrdinalProvider ordinalProvider) static Filter
createVisibilityLabelFilter
(Region region, Authorizations authorizations) static Byte
Extracts and partitions the visibility tags and nonVisibility Tagsstatic Byte
extractVisibilityTags
(Cell cell, List<Tag> tags) Extract the visibility tags of the given Cell into the given Liststatic User
static byte[]
getDataToWriteToZooKeeper
(Map<String, Integer> existingLabels) Creates the labels data to be written to zookeeper.private static void
getLabelOrdinals
(ExpressionNode node, List<Integer> labelOrdinals, Set<Integer> auths, boolean checkAuths, VisibilityLabelOrdinalProvider ordinalProvider) static List<ScanLabelGenerator>
getScanLabelGenerators
(org.apache.hadoop.conf.Configuration conf) static byte[]
getUserAuthsDataToWriteToZooKeeper
(Map<String, List<Integer>> userAuths) Creates the user auth data to be written to zookeeper.static boolean
isVisibilityTagsPresent
(Cell cell) static List<org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabel>
readLabelsFromZKData
(byte[] data) Reads back from the zookeeper.static org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.MultiUserAuthorizations
readUserAuthsFromZKData
(byte[] data) Reads back User auth data written to zookeeper.private static void
writeLabelOrdinalsToStream
(List<Integer> labelOrdinals, DataOutputStream dos) This will sort the passed labels in ascending oder and then will write one after the other to the passed stream.
-
Field Details
-
LOG
-
VISIBILITY_LABEL_GENERATOR_CLASS
- See Also:
-
SYSTEM_LABEL
- See Also:
-
SORTED_ORDINAL_SERIALIZATION_FORMAT_TAG
-
COMMA
- See Also:
-
EXP_PARSER
-
EXP_EXPANDER
-
-
Constructor Details
-
VisibilityUtils
public VisibilityUtils()
-
-
Method Details
-
getDataToWriteToZooKeeper
Creates the labels data to be written to zookeeper.- Returns:
- Bytes form of labels and their ordinal details to be written to zookeeper.
-
getUserAuthsDataToWriteToZooKeeper
Creates the user auth data to be written to zookeeper.- Returns:
- Bytes form of user auths details to be written to zookeeper.
-
readLabelsFromZKData
public static List<org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabel> readLabelsFromZKData(byte[] data) throws DeserializationException Reads back from the zookeeper. The data read here is of the form written by writeToZooKeeper(Map<byte[], Integer> entries).- Returns:
- Labels and their ordinal details
- Throws:
DeserializationException
-
readUserAuthsFromZKData
public static org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.MultiUserAuthorizations readUserAuthsFromZKData(byte[] data) throws DeserializationException Reads back User auth data written to zookeeper.- Returns:
- User auth details
- Throws:
DeserializationException
-
getScanLabelGenerators
public static List<ScanLabelGenerator> getScanLabelGenerators(org.apache.hadoop.conf.Configuration conf) - Parameters:
conf
- The configuration to use- Returns:
- Stack of ScanLabelGenerator instances. ScanLabelGenerator classes can be specified in Configuration as comma separated list using key "hbase.regionserver.scan.visibility.label.generator.class" when any of the specified ScanLabelGenerator class can not be loaded.
-
extractVisibilityTags
Extract the visibility tags of the given Cell into the given List- Parameters:
cell
- - the celltags
- - the array that will be populated if visibility tags are present- Returns:
- The visibility tags serialization format
-
extractAndPartitionTags
Extracts and partitions the visibility tags and nonVisibility Tags- Parameters:
cell
- - the cell for which we would extract and partition the visibility and non visibility tags - all the visibilty tags of type TagType.VISIBILITY_TAG_TYPE would be added to this listnonVisTags
- - all the non visibility tags would be added to this list- Returns:
- - the serailization format of the tag. Can be null if no tags are found or if there is no visibility tag found
-
isVisibilityTagsPresent
-
createVisibilityLabelFilter
public static Filter createVisibilityLabelFilter(Region region, Authorizations authorizations) throws IOException - Throws:
IOException
-
getActiveUser
- Returns:
- User who called RPC method. For non-RPC handling, falls back to system user
- Throws:
IOException
- When there is IOE in getting the system user (During non-RPC handling).
-
createVisibilityExpTags
public static List<Tag> createVisibilityExpTags(String visExpression, boolean withSerializationFormat, boolean checkAuths, Set<Integer> auths, VisibilityLabelOrdinalProvider ordinalProvider) throws IOException - Throws:
IOException
-
getLabelOrdinals
private static void getLabelOrdinals(ExpressionNode node, List<Integer> labelOrdinals, Set<Integer> auths, boolean checkAuths, VisibilityLabelOrdinalProvider ordinalProvider) throws IOException, InvalidLabelException - Throws:
IOException
InvalidLabelException
-
writeLabelOrdinalsToStream
private static void writeLabelOrdinalsToStream(List<Integer> labelOrdinals, DataOutputStream dos) throws IOException This will sort the passed labels in ascending oder and then will write one after the other to the passed stream. Unsorted label ordinals Stream where to write the labels. When IOE during writes to Stream.- Throws:
IOException
-
checkAuths
private static void checkAuths(Set<Integer> auths, int labelOrdinal, String identifier, boolean checkAuths) throws IOException - Throws:
IOException
-