View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.hadoop.hbase.mapreduce;
19  
20  import static org.apache.hadoop.hbase.security.visibility.VisibilityConstants.LABELS_TABLE_FAMILY;
21  import static org.apache.hadoop.hbase.security.visibility.VisibilityConstants.LABELS_TABLE_NAME;
22  import static org.apache.hadoop.hbase.security.visibility.VisibilityConstants.LABEL_QUALIFIER;
23  
24  import java.io.IOException;
25  import java.util.HashMap;
26  import java.util.List;
27  import java.util.Map;
28  
29  import org.apache.commons.logging.Log;
30  import org.apache.commons.logging.LogFactory;
31  import org.apache.hadoop.conf.Configuration;
32  import org.apache.hadoop.hbase.TableNotFoundException;
33  import org.apache.hadoop.hbase.Tag;
34  import org.apache.hadoop.hbase.classification.InterfaceAudience;
35  import org.apache.hadoop.hbase.client.Connection;
36  import org.apache.hadoop.hbase.client.ConnectionFactory;
37  import org.apache.hadoop.hbase.client.Result;
38  import org.apache.hadoop.hbase.client.ResultScanner;
39  import org.apache.hadoop.hbase.client.Scan;
40  import org.apache.hadoop.hbase.client.Table;
41  import org.apache.hadoop.hbase.security.visibility.Authorizations;
42  import org.apache.hadoop.hbase.security.visibility.VisibilityConstants;
43  import org.apache.hadoop.hbase.security.visibility.VisibilityLabelOrdinalProvider;
44  import org.apache.hadoop.hbase.security.visibility.VisibilityUtils;
45  import org.apache.hadoop.hbase.util.Bytes;
46  
47  /**
48   * This implementation creates tags by expanding expression using label ordinal. Labels will be
49   * serialized in sorted order of it's ordinal.
50   */
51  @InterfaceAudience.Private
52  public class DefaultVisibilityExpressionResolver implements VisibilityExpressionResolver {
53    private static final Log LOG = LogFactory.getLog(DefaultVisibilityExpressionResolver.class);
54  
55    private Configuration conf;
56    private final Map<String, Integer> labels = new HashMap<String, Integer>();
57  
58    @Override
59    public Configuration getConf() {
60      return this.conf;
61    }
62  
63    @Override
64    public void setConf(Configuration conf) {
65      this.conf = conf;
66    }
67  
68    @Override
69    public void init() {
70      // Reading all the labels and ordinal.
71      // This scan should be done by user with global_admin privileges.. Ensure that it works
72      Table labelsTable = null;
73      Connection connection = null;
74      try {
75        connection = ConnectionFactory.createConnection(conf);
76        try {
77          labelsTable = connection.getTable(LABELS_TABLE_NAME);
78        } catch (TableNotFoundException e) {
79          // Just return with out doing any thing. When the VC is not used we wont be having 'labels'
80          // table in the cluster.
81          return;
82        } catch (IOException e) {
83          LOG.error("Error opening 'labels' table", e);
84          return;
85        }
86        Scan scan = new Scan();
87        scan.setAuthorizations(new Authorizations(VisibilityUtils.SYSTEM_LABEL));
88        scan.addColumn(LABELS_TABLE_FAMILY, LABEL_QUALIFIER);
89        ResultScanner scanner = null;
90        try {
91          scanner = labelsTable.getScanner(scan);
92          Result next = null;
93          while ((next = scanner.next()) != null) {
94            byte[] row = next.getRow();
95            byte[] value = next.getValue(LABELS_TABLE_FAMILY, LABEL_QUALIFIER);
96            labels.put(Bytes.toString(value), Bytes.toInt(row));
97          }
98        } catch (IOException e) {
99          LOG.error("Error scanning 'labels' table", e);
100       } finally {
101         if (scanner != null) scanner.close();
102       }
103     } catch (IOException ioe) {
104       LOG.error("Failed reading 'labels' tags", ioe);
105       return;
106     } finally {
107       if (labelsTable != null) {
108         try {
109           labelsTable.close();
110         } catch (IOException ioe) {
111           LOG.warn("Error closing 'labels' table", ioe);
112         }
113       }
114       if (connection != null)
115         try {
116           connection.close();
117         } catch (IOException ioe) {
118           LOG.warn("Failed close of temporary connection", ioe);
119         }
120     }
121   }
122 
123   @Override
124   public List<Tag> createVisibilityExpTags(String visExpression) throws IOException {
125     VisibilityLabelOrdinalProvider provider = new VisibilityLabelOrdinalProvider() {
126       @Override
127       public int getLabelOrdinal(String label) {
128         Integer ordinal = null;
129         ordinal = labels.get(label);
130         if (ordinal != null) {
131           return ordinal.intValue();
132         }
133         return VisibilityConstants.NON_EXIST_LABEL_ORDINAL;
134       }
135 
136       @Override
137       public String getLabel(int ordinal) {
138         // Unused
139         throw new UnsupportedOperationException(
140             "getLabel should not be used in VisibilityExpressionResolver");
141       }
142     };
143     return VisibilityUtils.createVisibilityExpTags(visExpression, true, false, null, provider);
144   }
145 }