@InterfaceAudience.Private public class DefaultVisibilityLabelServiceImpl extends Object implements VisibilityLabelService
Modifier and Type | Field and Description |
---|---|
private org.apache.hadoop.conf.Configuration |
conf |
private static byte[] |
DUMMY_VALUE |
private static Tag[] |
LABELS_TABLE_TAGS |
private VisibilityLabelsCache |
labelsCache |
private Region |
labelsRegion |
private static org.slf4j.Logger |
LOG |
private AtomicInteger |
ordinalCounter |
private List<ScanLabelGenerator> |
scanLabelGenerators |
private static int |
SYSTEM_LABEL_ORDINAL |
Constructor and Description |
---|
DefaultVisibilityLabelServiceImpl() |
Modifier and Type | Method and Description |
---|---|
OperationStatus[] |
addLabels(List<byte[]> labels)
Adds the set of labels into the system.
|
protected void |
addSystemLabel(Region region,
Map<String,Integer> labels,
Map<String,List<Integer>> userAuths) |
OperationStatus[] |
clearAuths(byte[] user,
List<byte[]> authLabels)
Removes given labels from user's globally authorized list of labels.
|
private static boolean |
compareTagsOrdinals(List<List<Integer>> putVisTags,
List<List<Integer>> deleteVisTags) |
private byte[] |
createModifiedVisExpression(List<Tag> tags) |
List<Tag> |
createVisibilityExpTags(String visExpression,
boolean withSerializationFormat,
boolean checkAuths)
Creates tags corresponding to given visibility expression.
|
byte[] |
encodeVisibilityForReplication(List<Tag> tags,
Byte serializationFormat)
Provides a way to modify the visibility tags of type
TagType
.VISIBILITY_TAG_TYPE, that are part of the cell created from the WALEdits
that are prepared for replication while calling
ReplicationEndpoint
.replicate(). |
protected Pair<Map<String,Integer>,Map<String,List<Integer>>> |
extractLabelsAndAuths(List<List<Cell>> labelDetails) |
org.apache.hadoop.conf.Configuration |
getConf() |
protected List<List<Cell>> |
getExistingLabelsWithAuths() |
List<String> |
getGroupAuths(String[] groups,
boolean systemCall)
Retrieve the visibility labels for the groups.
|
private static void |
getSortedTagOrdinals(List<List<Integer>> fullTagsList,
Tag tag) |
List<String> |
getUserAuths(byte[] user,
boolean systemCall)
Retrieve the visibility labels for the user.
|
VisibilityExpEvaluator |
getVisibilityExpEvaluator(Authorizations authorizations)
Creates VisibilityExpEvaluator corresponding to given Authorizations.
|
boolean |
havingSystemAuth(User user)
System checks for user auth during admin operations.
|
void |
init(RegionCoprocessorEnvironment e)
System calls this after opening of regions.
|
protected boolean |
isReadFromSystemAuthUser() |
List<String> |
listLabels(String regex)
Retrieve the list of visibility labels defined in the system.
|
private static boolean |
matchOrdinalSortedVisibilityTags(List<Tag> putVisTags,
List<Tag> deleteVisTags) |
private static boolean |
matchUnSortedVisibilityTags(List<Tag> putVisTags,
List<Tag> deleteVisTags) |
boolean |
matchVisibility(List<Tag> putVisTags,
Byte putTagsFormat,
List<Tag> deleteVisTags,
Byte deleteTagsFormat)
System uses this for deciding whether a Cell can be deleted by matching visibility expression
in Delete mutation and the cell in consideration.
|
private boolean |
mutateLabelsRegion(List<Mutation> mutations,
OperationStatus[] finalOpStatus)
Adds the mutations to labels region and set the results to the finalOpStatus.
|
OperationStatus[] |
setAuths(byte[] user,
List<byte[]> authLabels)
Sets given labels globally authorized for the user.
|
void |
setConf(org.apache.hadoop.conf.Configuration conf) |
private static List<List<Integer>> |
sortTagsBasedOnOrdinal(List<Tag> tags) |
protected void |
updateZk(boolean labelAddition) |
private static final org.slf4j.Logger LOG
private static final int SYSTEM_LABEL_ORDINAL
private static final Tag[] LABELS_TABLE_TAGS
private static final byte[] DUMMY_VALUE
private AtomicInteger ordinalCounter
private org.apache.hadoop.conf.Configuration conf
private Region labelsRegion
private VisibilityLabelsCache labelsCache
private List<ScanLabelGenerator> scanLabelGenerators
public DefaultVisibilityLabelServiceImpl()
public void setConf(org.apache.hadoop.conf.Configuration conf)
setConf
in interface org.apache.hadoop.conf.Configurable
public org.apache.hadoop.conf.Configuration getConf()
getConf
in interface org.apache.hadoop.conf.Configurable
public void init(RegionCoprocessorEnvironment e) throws IOException
VisibilityLabelService
init
in interface VisibilityLabelService
e
- the region coprocessor envIOException
protected List<List<Cell>> getExistingLabelsWithAuths() throws IOException
IOException
protected Pair<Map<String,Integer>,Map<String,List<Integer>>> extractLabelsAndAuths(List<List<Cell>> labelDetails)
protected void addSystemLabel(Region region, Map<String,Integer> labels, Map<String,List<Integer>> userAuths) throws IOException
IOException
public OperationStatus[] addLabels(List<byte[]> labels) throws IOException
VisibilityLabelService
addLabels
in interface VisibilityLabelService
labels
- Labels to add to the system.IOException
public OperationStatus[] setAuths(byte[] user, List<byte[]> authLabels) throws IOException
VisibilityLabelService
setAuths
in interface VisibilityLabelService
user
- The authorizing userauthLabels
- Labels which are getting authorized for the userIOException
public OperationStatus[] clearAuths(byte[] user, List<byte[]> authLabels) throws IOException
VisibilityLabelService
clearAuths
in interface VisibilityLabelService
user
- The user whose authorization to be removedauthLabels
- Labels which are getting removed from authorization setIOException
private boolean mutateLabelsRegion(List<Mutation> mutations, OperationStatus[] finalOpStatus) throws IOException
mutations
- finalOpStatus
- IOException
public List<String> getUserAuths(byte[] user, boolean systemCall) throws IOException
VisibilityLabelService
getUserAuths
in interface VisibilityLabelService
user
- Name of the user whose authorization to be retrievedsystemCall
- Whether a system or user originated call.IOException
public List<String> getGroupAuths(String[] groups, boolean systemCall) throws IOException
VisibilityLabelService
getGroupAuths
in interface VisibilityLabelService
groups
- Name of the groups whose authorization to be retrievedsystemCall
- Whether a system or user originated call.IOException
public List<String> listLabels(String regex) throws IOException
VisibilityLabelService
listLabels
in interface VisibilityLabelService
regex
- The regular expression to filter which labels are returned.IOException
public List<Tag> createVisibilityExpTags(String visExpression, boolean withSerializationFormat, boolean checkAuths) throws IOException
VisibilityLabelService
createVisibilityExpTags
in interface VisibilityLabelService
visExpression
- The Expression for which corresponding Tags to be created.withSerializationFormat
- specifies whether a tag, denoting the serialization version
of the tags, to be added in the list. When this is true make sure to add the
serialization format Tag also. The format tag value should be byte type.checkAuths
- denotes whether to check individual labels in visExpression against user's
global auth label.IOException
protected void updateZk(boolean labelAddition) throws IOException
IOException
public VisibilityExpEvaluator getVisibilityExpEvaluator(Authorizations authorizations) throws IOException
VisibilityLabelService
getVisibilityExpEvaluator
in interface VisibilityLabelService
authorizations
- Authorizations for the read requestIOException
protected boolean isReadFromSystemAuthUser() throws IOException
IOException
public boolean havingSystemAuth(User user) throws IOException
VisibilityLabelService
havingSystemAuth
in interface VisibilityLabelService
user
- User for whom system auth check to be done.IOException
public boolean matchVisibility(List<Tag> putVisTags, Byte putTagsFormat, List<Tag> deleteVisTags, Byte deleteTagsFormat) throws IOException
VisibilityLabelService
matchVisibility
in interface VisibilityLabelService
putVisTags
- The visibility tags present in the Put mutationputTagsFormat
- The serialization format for the Put visibility tags. A null
value for
this format means the tags are written with unsorted label ordinalsdeleteVisTags
- - The visibility tags in the delete mutation (the specified Cell Visibility)deleteTagsFormat
- The serialization format for the Delete visibility tags. A null
value for
this format means the tags are written with unsorted label ordinalsIOException
VisibilityConstants.SORTED_ORDINAL_SERIALIZATION_FORMAT
private static boolean matchUnSortedVisibilityTags(List<Tag> putVisTags, List<Tag> deleteVisTags) throws IOException
putVisTags
- Visibility tags in Put MutationdeleteVisTags
- Visibility tags in Delete MutationIOException
private static boolean matchOrdinalSortedVisibilityTags(List<Tag> putVisTags, List<Tag> deleteVisTags)
putVisTags
- Visibility tags in Put MutationdeleteVisTags
- Visibility tags in Delete Mutationprivate static List<List<Integer>> sortTagsBasedOnOrdinal(List<Tag> tags) throws IOException
IOException
private static void getSortedTagOrdinals(List<List<Integer>> fullTagsList, Tag tag) throws IOException
IOException
private static boolean compareTagsOrdinals(List<List<Integer>> putVisTags, List<List<Integer>> deleteVisTags)
public byte[] encodeVisibilityForReplication(List<Tag> tags, Byte serializationFormat) throws IOException
VisibilityLabelService
TagType
.VISIBILITY_TAG_TYPE, that are part of the cell created from the WALEdits
that are prepared for replication while calling
ReplicationEndpoint
.replicate().
VisibilityReplicationEndpoint
calls this API to provide an opportunity to modify the visibility tags
before replicating.encodeVisibilityForReplication
in interface VisibilityLabelService
tags
- the visibility tags associated with the cellserializationFormat
- the serialization format associated with the tagIOException
private byte[] createModifiedVisExpression(List<Tag> tags) throws IOException
tags
- - all the visibility tags associated with the current CellIOException
Copyright © 2007–2020 The Apache Software Foundation. All rights reserved.