@InterfaceAudience.Private public class SnapshotScannerHDFSAclHelper extends Object implements Closeable
Modifier and Type | Class and Description |
---|---|
private static class |
SnapshotScannerHDFSAclHelper.HDFSAclOperation
Inner class used to describe modify or remove what type of acl entries(ACCESS, DEFAULT,
ACCESS_AND_DEFAULT) for files or directories(and child files).
|
(package private) static class |
SnapshotScannerHDFSAclHelper.PathHelper |
Modifier and Type | Field and Description |
---|---|
static String |
ACL_SYNC_TO_HDFS_ENABLE |
static String |
ACL_SYNC_TO_HDFS_THREAD_NUMBER |
private Admin |
admin |
static String |
COMMON_DIRECTORY_PERMISSION |
static String |
COMMON_DIRECTORY_PERMISSION_DEFAULT |
private org.apache.hadoop.conf.Configuration |
conf |
private org.apache.hadoop.fs.FileSystem |
fs |
private static org.slf4j.Logger |
LOG |
private SnapshotScannerHDFSAclHelper.PathHelper |
pathHelper |
private ExecutorService |
pool |
static String |
SNAPSHOT_RESTORE_DIRECTORY_PERMISSION |
static String |
SNAPSHOT_RESTORE_DIRECTORY_PERMISSION_DEFAULT |
static String |
SNAPSHOT_RESTORE_TMP_DIR |
static String |
SNAPSHOT_RESTORE_TMP_DIR_DEFAULT |
Constructor and Description |
---|
SnapshotScannerHDFSAclHelper(org.apache.hadoop.conf.Configuration configuration,
Connection connection) |
Modifier and Type | Method and Description |
---|---|
private static org.apache.hadoop.fs.permission.AclEntry |
aclEntry(org.apache.hadoop.fs.permission.AclEntryScope scope,
String name) |
boolean |
addTableAcl(TableName tableName,
Set<String> users,
String operation)
Add table user acls
|
private boolean |
checkUserPermission(UserPermission userPermission) |
void |
close() |
(package private) boolean |
containReadAction(UserPermission userPermission) |
(package private) void |
createDirIfNotExist(org.apache.hadoop.fs.Path path) |
(package private) void |
createTableDirectories(TableName tableName) |
(package private) void |
deleteEmptyDir(org.apache.hadoop.fs.Path path) |
(package private) List<org.apache.hadoop.fs.Path> |
getGlobalRootPaths()
return paths that user will global permission will visit
|
(package private) List<org.apache.hadoop.fs.Path> |
getNamespaceRootPaths(String namespace)
return paths that user will namespace permission will visit
|
(package private) SnapshotScannerHDFSAclHelper.PathHelper |
getPathHelper() |
(package private) List<org.apache.hadoop.fs.Path> |
getTableRootPaths(TableName tableName,
boolean includeSnapshotPath)
return paths that user will table permission will visit
|
private List<org.apache.hadoop.fs.Path> |
getTableSnapshotPaths(TableName tableName) |
private Set<String> |
getUsersWithGlobalReadAction()
Return users with global read permission
|
(package private) Set<String> |
getUsersWithNamespaceReadAction(String namespace,
boolean includeGlobal)
Return users with namespace read permission
|
private Set<String> |
getUsersWithReadAction(org.apache.hbase.thirdparty.com.google.common.collect.ListMultimap<String,UserPermission> permissionMultimap) |
(package private) Set<String> |
getUsersWithTableReadAction(TableName tableName,
boolean includeNamespace,
boolean includeGlobal)
Return users with table read permission
|
boolean |
grantAcl(UserPermission userPermission,
Set<String> skipNamespaces,
Set<TableName> skipTables)
Set acl when grant user permission
|
private void |
handleGlobalAcl(Set<String> users,
Set<String> skipNamespaces,
Set<TableName> skipTables,
SnapshotScannerHDFSAclHelper.HDFSAclOperation.OperationType operationType) |
private void |
handleGrantOrRevokeAcl(UserPermission userPermission,
SnapshotScannerHDFSAclHelper.HDFSAclOperation.OperationType operationType,
Set<String> skipNamespaces,
Set<TableName> skipTables) |
private CompletableFuture<Void> |
handleHDFSAcl(SnapshotScannerHDFSAclHelper.HDFSAclOperation acl) |
private CompletableFuture<Void> |
handleHDFSAclParallel(List<SnapshotScannerHDFSAclHelper.HDFSAclOperation> operations) |
private CompletableFuture<Void> |
handleHDFSAclSequential(List<SnapshotScannerHDFSAclHelper.HDFSAclOperation> operations) |
private void |
handleNamespaceAccessAcl(String namespace,
Set<String> users,
SnapshotScannerHDFSAclHelper.HDFSAclOperation.OperationType operationType) |
private void |
handleNamespaceAcl(Set<String> namespaces,
Set<String> users,
Set<String> skipNamespaces,
Set<TableName> skipTables,
SnapshotScannerHDFSAclHelper.HDFSAclOperation.OperationType operationType) |
private void |
handleTableAcl(Set<TableName> tableNames,
Set<String> users,
Set<String> skipNamespaces,
Set<TableName> skipTables,
SnapshotScannerHDFSAclHelper.HDFSAclOperation.OperationType operationType) |
static boolean |
isAclSyncToHdfsEnabled(org.apache.hadoop.conf.Configuration conf) |
(package private) boolean |
isAclSyncToHdfsEnabled(TableDescriptor tableDescriptor) |
(package private) boolean |
isNotFamilyOrQualifierPermission(TablePermission tablePermission) |
boolean |
removeNamespaceAccessAcl(TableName tableName,
Set<String> removeUsers,
String operation)
Remove table access acl from namespace dir when delete table
|
boolean |
removeNamespaceDefaultAcl(String namespace,
Set<String> removeUsers)
Remove default acl from namespace archive dir when delete namespace
|
boolean |
removeTableAcl(TableName tableName,
Set<String> users)
Remove table acls when modify table
|
boolean |
removeTableDefaultAcl(TableName tableName,
Set<String> removeUsers)
Remove default acl from table archive dir when delete table
|
boolean |
revokeAcl(UserPermission userPermission,
Set<String> skipNamespaces,
Set<TableName> skipTables)
Remove acl when grant or revoke user permission
|
void |
setCommonDirectoryPermission() |
boolean |
snapshotAcl(SnapshotDescription snapshot)
Set acl when take a snapshot
|
private static final org.slf4j.Logger LOG
public static final String ACL_SYNC_TO_HDFS_ENABLE
public static final String ACL_SYNC_TO_HDFS_THREAD_NUMBER
public static final String SNAPSHOT_RESTORE_TMP_DIR
public static final String SNAPSHOT_RESTORE_TMP_DIR_DEFAULT
public static final String COMMON_DIRECTORY_PERMISSION
public static final String COMMON_DIRECTORY_PERMISSION_DEFAULT
public static final String SNAPSHOT_RESTORE_DIRECTORY_PERMISSION
public static final String SNAPSHOT_RESTORE_DIRECTORY_PERMISSION_DEFAULT
private final org.apache.hadoop.conf.Configuration conf
private org.apache.hadoop.fs.FileSystem fs
private SnapshotScannerHDFSAclHelper.PathHelper pathHelper
private ExecutorService pool
public SnapshotScannerHDFSAclHelper(org.apache.hadoop.conf.Configuration configuration, Connection connection) throws IOException
IOException
public void close()
close
in interface Closeable
close
in interface AutoCloseable
public void setCommonDirectoryPermission() throws IOException
IOException
public boolean grantAcl(UserPermission userPermission, Set<String> skipNamespaces, Set<TableName> skipTables)
userPermission
- the user and permissionskipNamespaces
- the namespace set to skip set acl because already setskipTables
- the table set to skip set acl because already setpublic boolean revokeAcl(UserPermission userPermission, Set<String> skipNamespaces, Set<TableName> skipTables)
userPermission
- the user and permissionskipNamespaces
- the namespace set to skip remove aclskipTables
- the table set to skip remove aclpublic boolean snapshotAcl(SnapshotDescription snapshot)
snapshot
- the snapshot descpublic boolean removeNamespaceAccessAcl(TableName tableName, Set<String> removeUsers, String operation)
tableName
- the tableremoveUsers
- the users whose access acl will be removedpublic boolean removeNamespaceDefaultAcl(String namespace, Set<String> removeUsers)
namespace
- the namespaceremoveUsers
- the users whose default acl will be removedpublic boolean removeTableDefaultAcl(TableName tableName, Set<String> removeUsers)
tableName
- the table nameremoveUsers
- the users whose default acl will be removedpublic boolean addTableAcl(TableName tableName, Set<String> users, String operation)
tableName
- the tableusers
- the table users with READ permissionpublic boolean removeTableAcl(TableName tableName, Set<String> users)
tableName
- the tableusers
- the table users with READ permissionprivate void handleGrantOrRevokeAcl(UserPermission userPermission, SnapshotScannerHDFSAclHelper.HDFSAclOperation.OperationType operationType, Set<String> skipNamespaces, Set<TableName> skipTables) throws ExecutionException, InterruptedException, IOException
private void handleGlobalAcl(Set<String> users, Set<String> skipNamespaces, Set<TableName> skipTables, SnapshotScannerHDFSAclHelper.HDFSAclOperation.OperationType operationType) throws ExecutionException, InterruptedException, IOException
private void handleNamespaceAcl(Set<String> namespaces, Set<String> users, Set<String> skipNamespaces, Set<TableName> skipTables, SnapshotScannerHDFSAclHelper.HDFSAclOperation.OperationType operationType) throws ExecutionException, InterruptedException, IOException
private void handleTableAcl(Set<TableName> tableNames, Set<String> users, Set<String> skipNamespaces, Set<TableName> skipTables, SnapshotScannerHDFSAclHelper.HDFSAclOperation.OperationType operationType) throws ExecutionException, InterruptedException, IOException
private void handleNamespaceAccessAcl(String namespace, Set<String> users, SnapshotScannerHDFSAclHelper.HDFSAclOperation.OperationType operationType) throws ExecutionException, InterruptedException
void createTableDirectories(TableName tableName) throws IOException
IOException
List<org.apache.hadoop.fs.Path> getGlobalRootPaths()
List<org.apache.hadoop.fs.Path> getNamespaceRootPaths(String namespace)
namespace
- the namespaceList<org.apache.hadoop.fs.Path> getTableRootPaths(TableName tableName, boolean includeSnapshotPath) throws IOException
tableName
- the tableincludeSnapshotPath
- true if return table snapshots paths, otherwise falseIOException
- if an error occurredprivate List<org.apache.hadoop.fs.Path> getTableSnapshotPaths(TableName tableName) throws IOException
IOException
private Set<String> getUsersWithGlobalReadAction() throws IOException
IOException
- if an error occurredSet<String> getUsersWithNamespaceReadAction(String namespace, boolean includeGlobal) throws IOException
namespace
- the namespaceincludeGlobal
- true if include users with global read actionIOException
- if an error occurredSet<String> getUsersWithTableReadAction(TableName tableName, boolean includeNamespace, boolean includeGlobal) throws IOException
tableName
- the tableincludeNamespace
- true if include users with namespace read actionincludeGlobal
- true if include users with global read actionIOException
- if an error occurredprivate Set<String> getUsersWithReadAction(org.apache.hbase.thirdparty.com.google.common.collect.ListMultimap<String,UserPermission> permissionMultimap)
private boolean checkUserPermission(UserPermission userPermission)
boolean containReadAction(UserPermission userPermission)
boolean isNotFamilyOrQualifierPermission(TablePermission tablePermission)
public static boolean isAclSyncToHdfsEnabled(org.apache.hadoop.conf.Configuration conf)
boolean isAclSyncToHdfsEnabled(TableDescriptor tableDescriptor)
SnapshotScannerHDFSAclHelper.PathHelper getPathHelper()
private CompletableFuture<Void> handleHDFSAcl(SnapshotScannerHDFSAclHelper.HDFSAclOperation acl)
private CompletableFuture<Void> handleHDFSAclSequential(List<SnapshotScannerHDFSAclHelper.HDFSAclOperation> operations)
private CompletableFuture<Void> handleHDFSAclParallel(List<SnapshotScannerHDFSAclHelper.HDFSAclOperation> operations)
private static org.apache.hadoop.fs.permission.AclEntry aclEntry(org.apache.hadoop.fs.permission.AclEntryScope scope, String name)
void createDirIfNotExist(org.apache.hadoop.fs.Path path) throws IOException
IOException
void deleteEmptyDir(org.apache.hadoop.fs.Path path) throws IOException
IOException
Copyright © 2007–2020 The Apache Software Foundation. All rights reserved.