Package org.apache.hadoop.hbase.security.access

Class AccessController

java.lang.Object

org.apache.hadoop.hbase.security.access.AccessController

All Implemented Interfaces:

Coprocessor, BulkLoadObserver, EndpointObserver, MasterCoprocessor, MasterObserver, RegionCoprocessor, RegionObserver, RegionServerCoprocessor, RegionServerObserver, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface

@LimitedPrivate("Configuration")
public class AccessController
extends Object
implements MasterCoprocessor, RegionCoprocessor, RegionServerCoprocessor, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface, MasterObserver, RegionObserver, RegionServerObserver, EndpointObserver, BulkLoadObserver

Provides basic authorization checks for data access and administrative operations.

AccessController performs authorization checks for HBase operations based on:

• the identity of the user performing the operation
• the scope over which the operation is performed, in increasing specificity: global, table, column family, or qualifier
• the type of action being performed (as mapped to Permission.Action values)

If the authorization check fails, an AccessDeniedException will be thrown for the operation.

To perform authorization checks, AccessController relies on the RpcServerEngine being loaded to provide the user identities for remote requests.

The access control lists used for authorization can be manipulated via the exposed AccessControlProtos.AccessControlService Interface implementation, and the associated grant, revoke, and user_permission HBase shell commands.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private static enum	AccessController.OpType

Nested classes/interfaces inherited from interface org.apache.hadoop.hbase.Coprocessor

Coprocessor.State

Nested classes/interfaces inherited from interface org.apache.hadoop.hbase.coprocessor.RegionObserver

RegionObserver.MutationType

Field Summary

Fields

Modifier and Type	Field	Description
private AccessChecker	accessChecker
private boolean	aclRegion	flags if we are running on a region of the _acl_ table
private boolean	aclTabAvailable	if the ACL table is available, only relevant in the master
private static final org.slf4j.Logger	AUDITLOG
private boolean	authorizationEnabled	if we are active, usually false, only true if "hbase.security.authorization" has been set to true in site configuration
private boolean	cellFeaturesEnabled	if we are able to support cell ACLs
private static final String	CHECK_COVERING_PERM
private boolean	compatibleEarlyTermination	if we should terminate access checks early as soon as table or CF grants allow access; pre-0.98 compatible behavior
private boolean	initialized	if we have been successfully initialized
private static final org.slf4j.Logger	LOG
private RegionCoprocessorEnvironment	regionEnv	defined only for Endpoint implementation, so it can have way to access region services
private Map<InternalScanner,String>	scannerOwners	Mapping of scanner instances to the user who created them
private boolean	shouldCheckExecPermission	if we should check EXEC permissions
private Map<TableName,List<UserPermission>>	tableAcls
private static final String	TAG_CHECK_PASSED
private static final byte[]	TRUE
private UserProvider	userProvider	Provider for mapping principal names to Users
private ZKPermissionWatcher	zkPermissionWatcher

Fields inherited from interface org.apache.hadoop.hbase.Coprocessor

PRIORITY_HIGHEST, PRIORITY_LOWEST, PRIORITY_SYSTEM, PRIORITY_USER, VERSION

Constructor Summary

Constructors

Constructor	Description
AccessController()

Method Summary

Modifier and Type	Method	Description
private static void	addCellPermissions(byte[] perms, Map<byte[],List<Cell>> familyMap)
private boolean	checkCoveringPermission(User user, AccessController.OpType request, RegionCoprocessorEnvironment e, byte[] row, Map<byte[],? extends Collection<?>> familyMap, long opTs, Permission.Action... actions)	Determine if cell ACLs covered by the operation grant access.
private void	checkForReservedTagPresence(User user, Mutation m)
void	checkLockPermissions(ObserverContext<?> ctx, String namespace, TableName tableName, RegionInfo[] regionInfos, String reason)
void	checkPermissions(com.google.protobuf.RpcController controller, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest request, com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsResponse> done)	Deprecated. since 2.2.0 and will be removed 4.0.0.
private void	checkSystemOrSuperUser(User activeUser)
private static void	createACLTable(Admin admin)	Create the ACL table
private Cell	createNewCellWithTags(Mutation mutation, Cell oldCell, Cell newCell)
private User	getActiveUser(ObserverContext<?> ctx)	Returns the active user to which authorization checks should be applied.
AuthManager	getAuthManager()
Optional<BulkLoadObserver>	getBulkLoadObserver()
Optional<EndpointObserver>	getEndpointObserver()
Optional<MasterObserver>	getMasterObserver()
Region	getRegion()
private Region	getRegion(RegionCoprocessorEnvironment e)
Optional<RegionObserver>	getRegionObserver()	Observer/Service Getters
Optional<RegionServerObserver>	getRegionServerObserver()
Iterable<com.google.protobuf.Service>	getServices()	Coprocessor endpoints providing protobuf services should override this method.
private TableName	getTableName(RegionCoprocessorEnvironment e)
private TableName	getTableName(Region region)
void	getUserPermissions(com.google.protobuf.RpcController controller, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GetUserPermissionsRequest request, com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GetUserPermissionsResponse> done)	Deprecated. since 2.2.0 and will be removed in 4.0.0.
void	grant(com.google.protobuf.RpcController controller, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantRequest request, com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantResponse> done)	Deprecated. since 2.2.0 and will be removed in 4.0.0.
private boolean	hasFamilyQualifierPermission(User user, Permission.Action perm, RegionCoprocessorEnvironment env, Map<byte[],? extends Collection<byte[]>> familyMap)	Returns true if the current user is allowed the given action over at least one of the column qualifiers in the given column families.
void	hasPermission(com.google.protobuf.RpcController controller, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.HasPermissionRequest request, com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.HasPermissionResponse> done)	Deprecated. since 2.2.0 and will be removed in 4.0.0.
private void	initialize(RegionCoprocessorEnvironment e)
private void	internalPreRead(ObserverContext<RegionCoprocessorEnvironment> c, Query query, AccessController.OpType opType)
static boolean	isCellAuthorizationSupported(org.apache.hadoop.conf.Configuration conf)
private Map<byte[],? extends Collection<byte[]>>	makeFamilyMap(byte[] family, byte[] qualifier)
private AuthResult	permissionGranted(AccessController.OpType opType, User user, RegionCoprocessorEnvironment e, Map<byte[],? extends Collection<?>> families, Permission.Action... actions)	Check the current user for authorization to perform a specific action against the given set of row data.
void	postAbortProcedure(ObserverContext<MasterCoprocessorEnvironment> ctx)	Called after a abortProcedure request has been processed.
List<Pair<Cell,Cell>>	postAppendBeforeWAL(ObserverContext<RegionCoprocessorEnvironment> ctx, Mutation mutation, List<Pair<Cell,Cell>> cellPairs)	Called after a list of new cells has been created during an append operation, but before they are committed to the WAL or memstore.
void	postCompletedCreateTableAction(ObserverContext<MasterCoprocessorEnvironment> c, TableDescriptor desc, RegionInfo[] regions)	Called after the createTable operation has been requested.
ReplicationEndpoint	postCreateReplicationEndPoint(ObserverContext<RegionServerCoprocessorEnvironment> ctx, ReplicationEndpoint endpoint)	This will be called after the replication endpoint is instantiated.
void	postDelete(ObserverContext<RegionCoprocessorEnvironment> c, Delete delete, WALEdit edit, Durability durability)	Called after the client deletes a value.
void	postDeleteNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx, String namespace)	Called after the deleteNamespace operation has been requested.
void	postDeleteTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName)	Called after the deleteTable operation has been requested.
void	postEndpointInvocation(ObserverContext<RegionCoprocessorEnvironment> ctx, com.google.protobuf.Service service, String methodName, com.google.protobuf.Message request, com.google.protobuf.Message.Builder responseBuilder)	Called after an Endpoint service method is invoked.
void	postGetTableDescriptors(ObserverContext<MasterCoprocessorEnvironment> ctx, List<TableName> tableNamesList, List<TableDescriptor> descriptors, String regex)	Called after a getTableDescriptors request has been processed.
void	postGetTableNames(ObserverContext<MasterCoprocessorEnvironment> ctx, List<TableDescriptor> descriptors, String regex)	Called after a getTableNames request has been processed.
List<Pair<Cell,Cell>>	postIncrementBeforeWAL(ObserverContext<RegionCoprocessorEnvironment> ctx, Mutation mutation, List<Pair<Cell,Cell>> cellPairs)	Called after a list of new cells has been created during an increment operation, but before they are committed to the WAL or memstore.
void	postListNamespaceDescriptors(ObserverContext<MasterCoprocessorEnvironment> ctx, List<NamespaceDescriptor> descriptors)	Called after a listNamespaceDescriptors request has been processed.
void	postListNamespaces(ObserverContext<MasterCoprocessorEnvironment> ctx, List<String> namespaces)	Called after a listNamespaces request has been processed.
void	postModifyTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName, TableDescriptor htd)	Called after the modifyTable operation has been requested.
void	postOpen(ObserverContext<RegionCoprocessorEnvironment> c)	Called after the region is reported as open to the master.
void	postPut(ObserverContext<RegionCoprocessorEnvironment> c, Put put, WALEdit edit, Durability durability)	Called after the client stores a value.
void	postRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)	This will be called after executing user request to roll a region server WAL.
void	postScannerClose(ObserverContext<RegionCoprocessorEnvironment> c, InternalScanner s)	Called after the client closes a scanner.
RegionScanner	postScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c, Scan scan, RegionScanner s)	Called after the client opens a new scanner.
void	postStartMaster(ObserverContext<MasterCoprocessorEnvironment> ctx)	Called immediately after an active master instance has completed initialization.
void	postTruncateTable(ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName)	Called after the truncateTable operation has been requested.
void	preAbortProcedure(ObserverContext<MasterCoprocessorEnvironment> ctx, long procId)	Called before a abortProcedure request has been processed.
void	preAddReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx, String peerId, ReplicationPeerConfig peerConfig)	Called before add a replication peer
Result	preAppend(ObserverContext<RegionCoprocessorEnvironment> c, Append append)	Called before Append.
void	preAssign(ObserverContext<MasterCoprocessorEnvironment> c, RegionInfo regionInfo)	Called prior to assigning a specific region.
void	preBalance(ObserverContext<MasterCoprocessorEnvironment> c, BalanceRequest request)	Called prior to requesting rebalancing of the cluster regions, though after the initial checks for regions in transition and the balance switch flag.
void	preBalanceSwitch(ObserverContext<MasterCoprocessorEnvironment> c, boolean newValue)	Called prior to modifying the flag used to enable/disable region balancing.
void	preBatchMutate(ObserverContext<RegionCoprocessorEnvironment> c, MiniBatchOperationInProgress<Mutation> miniBatchOp)	This will be called for every batch mutation operation happening at the server.
void	preBulkLoadHFile(ObserverContext<RegionCoprocessorEnvironment> ctx, List<Pair<byte[],String>> familyPaths)	Verifies user has CREATE or ADMIN privileges on the Column Families involved in the bulkLoadHFile request.
boolean	preCheckAndDelete(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOperator op, ByteArrayComparable comparator, Delete delete, boolean result)	Called before checkAndDelete.
boolean	preCheckAndDeleteAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOperator op, ByteArrayComparable comparator, Delete delete, boolean result)	Called before checkAndDelete but after acquiring rowock.
boolean	preCheckAndPut(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOperator op, ByteArrayComparable comparator, Put put, boolean result)	Called before checkAndPut.
boolean	preCheckAndPutAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOperator opp, ByteArrayComparable comparator, Put put, boolean result)	Called before checkAndPut but after acquiring rowlock.
void	preCleanupBulkLoad(ObserverContext<RegionCoprocessorEnvironment> ctx)	Authorization security check for SecureBulkLoadProtocol.cleanupBulkLoad()
void	preClearCompactionQueues(ObserverContext<RegionServerCoprocessorEnvironment> ctx)	This will be called before clearing compaction queues
void	preClearDeadServers(ObserverContext<MasterCoprocessorEnvironment> ctx)	Called before clear dead region servers.
void	preClearRegionBlockCache(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
void	preCloneSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx, SnapshotDescription snapshot, TableDescriptor hTableDescriptor)	Called before a snapshot is cloned.
void	preClose(ObserverContext<RegionCoprocessorEnvironment> c, boolean abortRequested)	Called before the region is reported as closed to the master.
InternalScanner	preCompact(ObserverContext<RegionCoprocessorEnvironment> c, Store store, InternalScanner scanner, ScanType scanType, CompactionLifeCycleTracker tracker, CompactionRequest request)	Called prior to writing the StoreFiles selected for compaction into a new StoreFile.
void	preCreateNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx, NamespaceDescriptor ns)	Called before a new namespace is created by HMaster.
void	preCreateTable(ObserverContext<MasterCoprocessorEnvironment> c, TableDescriptor desc, RegionInfo[] regions)	Observer implementations
void	preDecommissionRegionServers(ObserverContext<MasterCoprocessorEnvironment> ctx, List<ServerName> servers, boolean offload)	Called before decommission region servers.
void	preDelete(ObserverContext<RegionCoprocessorEnvironment> c, Delete delete, WALEdit edit, Durability durability)	Called before the client deletes a value.
void	preDeleteNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx, String namespace)	Called before HMaster deletes a namespace
void	preDeleteSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx, SnapshotDescription snapshot)	Called before a snapshot is deleted.
void	preDeleteTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName)	Called before HMaster deletes a table.
void	preDisableReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx, String peerId)	Called before disable a replication peer
void	preDisableTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName)	Called prior to disabling a table.
void	preEnableReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx, String peerId)	Called before enable a replication peer
void	preEnableTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName)	Called prior to enabling a table.
com.google.protobuf.Message	preEndpointInvocation(ObserverContext<RegionCoprocessorEnvironment> ctx, com.google.protobuf.Service service, String methodName, com.google.protobuf.Message request)	Called before an Endpoint service method is invoked.
void	preExecuteProcedures(ObserverContext<RegionServerCoprocessorEnvironment> ctx)	This will be called before executing procedures
boolean	preExists(ObserverContext<RegionCoprocessorEnvironment> c, Get get, boolean exists)	Called before the client tests for existence using a Get.
void	preFlush(ObserverContext<RegionCoprocessorEnvironment> c, FlushLifeCycleTracker tracker)	Called before the memstore is flushed to disk.
void	preGetLocks(ObserverContext<MasterCoprocessorEnvironment> ctx)	Called before a getLocks request has been processed.
void	preGetNamespaceDescriptor(ObserverContext<MasterCoprocessorEnvironment> ctx, String namespace)	Called before a getNamespaceDescriptor request has been processed.
void	preGetOp(ObserverContext<RegionCoprocessorEnvironment> c, Get get, List<Cell> result)	Called before the client performs a Get
void	preGetProcedures(ObserverContext<MasterCoprocessorEnvironment> ctx)	Called before a getProcedures request has been processed.
void	preGetReplicationPeerConfig(ObserverContext<MasterCoprocessorEnvironment> ctx, String peerId)	Called before get the configured ReplicationPeerConfig for the specified peer
void	preGetTableDescriptors(ObserverContext<MasterCoprocessorEnvironment> ctx, List<TableName> tableNamesList, List<TableDescriptor> descriptors, String regex)	Called before a getTableDescriptors request has been processed.
void	preGetUserPermissions(ObserverContext<MasterCoprocessorEnvironment> ctx, String userName, String namespace, TableName tableName, byte[] family, byte[] qualifier)	Called before getting user permissions.
private void	preGetUserPermissions(User caller, String userName, String namespace, TableName tableName, byte[] family, byte[] qualifier)
void	preGrant(ObserverContext<MasterCoprocessorEnvironment> ctx, UserPermission userPermission, boolean mergeExistingPermissions)	Called before granting user permissions.
private void	preGrantOrRevoke(User caller, String request, UserPermission userPermission)
void	preHasUserPermissions(ObserverContext<MasterCoprocessorEnvironment> ctx, String userName, List<Permission> permissions)
private void	preHasUserPermissions(User caller, String userName, List<Permission> permissions)
Result	preIncrement(ObserverContext<RegionCoprocessorEnvironment> c, Increment increment)	Called before Increment.
void	preIsRpcThrottleEnabled(ObserverContext<MasterCoprocessorEnvironment> ctx)	Called before getting if is rpc throttle enabled.
void	preListDecommissionedRegionServers(ObserverContext<MasterCoprocessorEnvironment> ctx)	Called before list decommissioned region servers.
void	preListReplicationPeers(ObserverContext<MasterCoprocessorEnvironment> ctx, String regex)	Called before list replication peers.
void	preListSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx, SnapshotDescription snapshot)	Called before listSnapshots request has been processed.
void	preLockHeartbeat(ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName, String description)	Called before heartbeat to a lock.
void	preMergeRegions(ObserverContext<MasterCoprocessorEnvironment> ctx, RegionInfo[] regionsToMerge)	Called before merge regions request.
String	preModifyColumnFamilyStoreFileTracker(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName, byte[] family, String dstSFT)	Called prior to modifying a family's store file tracker.
void	preModifyNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx, NamespaceDescriptor ns)	Called prior to modifying a namespace's properties.
TableDescriptor	preModifyTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName, TableDescriptor currentDesc, TableDescriptor newDesc)	Called prior to modifying a table's properties.
String	preModifyTableStoreFileTracker(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName, String dstSFT)	Called prior to modifying a table's store file tracker.
void	preMove(ObserverContext<MasterCoprocessorEnvironment> c, RegionInfo region, ServerName srcServer, ServerName destServer)	Called prior to moving a given region from one region server to another.
void	preOpen(ObserverContext<RegionCoprocessorEnvironment> c)	Called before the region is reported as open to the master.
void	prePrepareBulkLoad(ObserverContext<RegionCoprocessorEnvironment> ctx)	Authorization check for SecureBulkLoadProtocol.prepareBulkLoad()
void	prePut(ObserverContext<RegionCoprocessorEnvironment> c, Put put, WALEdit edit, Durability durability)	Called before the client stores a value.
void	preRecommissionRegionServer(ObserverContext<MasterCoprocessorEnvironment> ctx, ServerName server, List<byte[]> encodedRegionNames)	Called before recommission region server.
void	preRegionOffline(ObserverContext<MasterCoprocessorEnvironment> c, RegionInfo regionInfo)	Called prior to marking a given region as offline.
void	preRemoveReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx, String peerId)	Called before remove a replication peer
void	preReplicateLogEntries(ObserverContext<RegionServerCoprocessorEnvironment> ctx)	This will be called before executing replication request to shipping log entries.
void	preRequestLock(ObserverContext<MasterCoprocessorEnvironment> ctx, String namespace, TableName tableName, RegionInfo[] regionInfos, String description)	Called before new LockProcedure is queued.
void	preRestoreSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx, SnapshotDescription snapshot, TableDescriptor hTableDescriptor)	Called before a snapshot is restored.
void	preRevoke(ObserverContext<MasterCoprocessorEnvironment> ctx, UserPermission userPermission)	Called before revoking user permissions.
void	preRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)	This will be called before executing user request to roll a region server WAL.
void	preScannerClose(ObserverContext<RegionCoprocessorEnvironment> c, InternalScanner s)	Called before the client closes a scanner.
boolean	preScannerNext(ObserverContext<RegionCoprocessorEnvironment> c, InternalScanner s, List<Result> result, int limit, boolean hasNext)	Called before the client asks for the next row on a scanner.
void	preScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c, Scan scan)	Called before the client opens a new scanner.
void	preSetNamespaceQuota(ObserverContext<MasterCoprocessorEnvironment> ctx, String namespace, GlobalQuotaSettings quotas)	Called before the quota for the namespace is stored.
void	preSetRegionServerQuota(ObserverContext<MasterCoprocessorEnvironment> ctx, String regionServer, GlobalQuotaSettings quotas)	Called before the quota for the region server is stored.
void	preSetSplitOrMergeEnabled(ObserverContext<MasterCoprocessorEnvironment> ctx, boolean newValue, MasterSwitchType switchType)	Called prior to setting split / merge switch Supports Coprocessor 'bypass'.
void	preSetTableQuota(ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName, GlobalQuotaSettings quotas)	Called before the quota for the table is stored.
void	preSetUserQuota(ObserverContext<MasterCoprocessorEnvironment> ctx, String userName, String namespace, GlobalQuotaSettings quotas)	Called before the quota for the user on the specified namespace is stored.
void	preSetUserQuota(ObserverContext<MasterCoprocessorEnvironment> ctx, String userName, GlobalQuotaSettings quotas)	Called before the quota for the user is stored.
void	preSetUserQuota(ObserverContext<MasterCoprocessorEnvironment> ctx, String userName, TableName tableName, GlobalQuotaSettings quotas)	Called before the quota for the user on the specified table is stored.
void	preShutdown(ObserverContext<MasterCoprocessorEnvironment> c)	Called prior to shutting down the full HBase cluster, including this HMaster process.
void	preSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx, SnapshotDescription snapshot, TableDescriptor hTableDescriptor)	Called before a new snapshot is taken.
void	preSplitRegion(ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName, byte[] splitRow)	Called before the split region procedure is called.
void	preStopMaster(ObserverContext<MasterCoprocessorEnvironment> c)	Called immediately prior to stopping this HMaster process.
void	preStopRegionServer(ObserverContext<RegionServerCoprocessorEnvironment> ctx)	Called before stopping region server.
void	preSwitchExceedThrottleQuota(ObserverContext<MasterCoprocessorEnvironment> ctx, boolean enable)	Called before switching exceed throttle quota state.
void	preSwitchRpcThrottle(ObserverContext<MasterCoprocessorEnvironment> ctx, boolean enable)	Called before switching rpc throttle enabled state.
void	preTableFlush(ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName)	Called before the table memstore is flushed to disk.
void	preTruncateTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName)	Called before HMaster truncates a table.
void	preUnassign(ObserverContext<MasterCoprocessorEnvironment> c, RegionInfo regionInfo)	Called prior to unassigning a given region.
void	preUpdateMasterConfiguration(ObserverContext<MasterCoprocessorEnvironment> ctx, org.apache.hadoop.conf.Configuration preReloadConf)
void	preUpdateRegionServerConfiguration(ObserverContext<RegionServerCoprocessorEnvironment> ctx, org.apache.hadoop.conf.Configuration preReloadConf)	Called before reloading the RegionServer's Configuration from disk
void	preUpdateReplicationPeerConfig(ObserverContext<MasterCoprocessorEnvironment> ctx, String peerId, ReplicationPeerConfig peerConfig)	Called before update peerConfig for the specified peer
void	requireAccess(ObserverContext<?> ctx, String request, TableName tableName, Permission.Action... permissions)
void	requireGlobalPermission(ObserverContext<?> ctx, String request, Permission.Action perm, String namespace)
void	requireGlobalPermission(ObserverContext<?> ctx, String request, Permission.Action perm, TableName tableName, Map<byte[],? extends Collection<byte[]>> familyMap)
void	requireNamespacePermission(ObserverContext<?> ctx, String request, String namespace, Permission.Action... permissions)
void	requireNamespacePermission(ObserverContext<?> ctx, String request, String namespace, TableName tableName, Map<byte[],? extends Collection<byte[]>> familyMap, Permission.Action... permissions)
void	requirePermission(ObserverContext<?> ctx, String request, Permission.Action perm)
void	requirePermission(ObserverContext<?> ctx, String request, TableName tableName, byte[] family, byte[] qualifier, Permission.Action... permissions)
private void	requireScannerOwner(InternalScanner s)	Verify, when servicing an RPC, that the caller is the scanner owner.
void	requireTablePermission(ObserverContext<?> ctx, String request, TableName tableName, byte[] family, byte[] qualifier, Permission.Action... permissions)
void	revoke(com.google.protobuf.RpcController controller, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeRequest request, com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeResponse> done)	Deprecated. since 2.2.0 and will be removed in 4.0.0.
void	start(CoprocessorEnvironment env)	Called by the CoprocessorEnvironment during it's own startup to initialize the coprocessor.
void	stop(CoprocessorEnvironment env)	Called by the CoprocessorEnvironment during it's own shutdown to stop the coprocessor.
private void	updateACL(RegionCoprocessorEnvironment e, Map<byte[],List<Cell>> familyMap)	Writes all table ACLs for the tables in the given Map up into ZooKeeper znodes.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.hadoop.hbase.coprocessor.MasterObserver

postAddReplicationPeer, postAddRSGroup, postAssign, postBalance, postBalanceRSGroup, postBalanceSwitch, postClearDeadServers, postCloneSnapshot, postCompletedDeleteTableAction, postCompletedDisableTableAction, postCompletedEnableTableAction, postCompletedMergeRegionsAction, postCompletedModifyTableAction, postCompletedModifyTableAction, postCompletedSnapshotAction, postCompletedSplitRegionAction, postCompletedTruncateTableAction, postCreateNamespace, postCreateTable, postDecommissionRegionServers, postDeleteSnapshot, postDisableReplicationPeer, postDisableTable, postEnableReplicationPeer, postEnableTable, postGetClusterMetrics, postGetLocks, postGetNamespaceDescriptor, postGetProcedures, postGetReplicationPeerConfig, postGetUserPermissions, postGrant, postHasUserPermissions, postIsRpcThrottleEnabled, postListDecommissionedRegionServers, postListReplicationPeers, postListSnapshot, postLockHeartbeat, postMasterStoreFlush, postMergeRegions, postMergeRegionsCommitAction, postModifyColumnFamilyStoreFileTracker, postModifyNamespace, postModifyNamespace, postModifyTable, postModifyTableStoreFileTracker, postMove, postMoveServers, postMoveServersAndTables, postMoveTables, postRecommissionRegionServer, postRegionOffline, postRemoveReplicationPeer, postRemoveRSGroup, postRemoveServers, postRenameRSGroup, postRequestLock, postRestoreSnapshot, postRevoke, postRollBackMergeRegionsAction, postRollBackSplitRegionAction, postSetNamespaceQuota, postSetRegionServerQuota, postSetSplitOrMergeEnabled, postSetTableQuota, postSetUserQuota, postSetUserQuota, postSetUserQuota, postSnapshot, postSwitchExceedThrottleQuota, postSwitchRpcThrottle, postTableFlush, postTruncateRegion, postTruncateRegionAction, postUnassign, postUnassign, postUpdateMasterConfiguration, postUpdateReplicationPeerConfig, postUpdateRSGroupConfig, preAddRSGroup, preBalanceRSGroup, preCreateTableAction, preCreateTableRegionsInfos, preDeleteTableAction, preDisableTableAction, preEnableTableAction, preGetClusterMetrics, preGetTableNames, preListNamespaceDescriptors, preListNamespaces, preMasterInitialization, preMasterStoreFlush, preMergeRegionsAction, preMergeRegionsCommitAction, preModifyNamespace, preModifyTable, preModifyTableAction, preModifyTableAction, preMoveServers, preMoveServersAndTables, preMoveTables, preRemoveRSGroup, preRemoveServers, preRenameRSGroup, preSplitRegionAction, preSplitRegionAfterMETAAction, preSplitRegionBeforeMETAAction, preTruncateRegion, preTruncateRegionAction, preTruncateTableAction, preUnassign, preUpdateRSGroupConfig

Methods inherited from interface org.apache.hadoop.hbase.coprocessor.RegionObserver

postAppend, postAppend, postBatchMutate, postBatchMutateIndispensably, postBulkLoadHFile, postCheckAndDelete, postCheckAndDelete, postCheckAndMutate, postCheckAndPut, postCheckAndPut, postClose, postCloseRegionOperation, postCommitStoreFile, postCompact, postCompactSelection, postDelete, postExists, postFlush, postFlush, postGetOp, postIncrement, postIncrement, postInstantiateDeleteTracker, postMemStoreCompaction, postMutationBeforeWAL, postPut, postReplayWALs, postScannerFilterRow, postScannerNext, postStartRegionOperation, postStoreFileReaderOpen, postWALRestore, preAppend, preAppendAfterRowLock, preCheckAndDelete, preCheckAndDeleteAfterRowLock, preCheckAndMutate, preCheckAndMutateAfterRowLock, preCheckAndPut, preCheckAndPutAfterRowLock, preCommitStoreFile, preCompactScannerOpen, preCompactSelection, preDelete, preFlush, preFlushScannerOpen, preIncrement, preIncrementAfterRowLock, preMemStoreCompaction, preMemStoreCompactionCompact, preMemStoreCompactionCompactScannerOpen, prePrepareTimeStampForDeleteVersion, prePut, preReplayWALs, preStoreFileReaderOpen, preStoreScannerOpen, preWALAppend, preWALRestore

Methods inherited from interface org.apache.hadoop.hbase.coprocessor.RegionServerObserver

postClearCompactionQueues, postClearRegionBlockCache, postExecuteProcedures, postReplicateLogEntries, postReplicationSinkBatchMutate, postUpdateRegionServerConfiguration, preReplicationSinkBatchMutate

Field Details

LOG

private static final org.slf4j.Logger LOG

AUDITLOG

private static final org.slf4j.Logger AUDITLOG

CHECK_COVERING_PERM

private static final String CHECK_COVERING_PERM

See Also:

• Constant Field Values

TAG_CHECK_PASSED

private static final String TAG_CHECK_PASSED

See Also:

• Constant Field Values

TRUE

private static final byte[] TRUE

accessChecker

private AccessChecker accessChecker

zkPermissionWatcher

private ZKPermissionWatcher zkPermissionWatcher

aclRegion

private boolean aclRegion

flags if we are running on a region of the _acl_ table

regionEnv

private RegionCoprocessorEnvironment regionEnv

defined only for Endpoint implementation, so it can have way to access region services

scannerOwners

private Map<InternalScanner,String> scannerOwners

Mapping of scanner instances to the user who created them

tableAcls

private Map<TableName,List<UserPermission>> tableAcls

userProvider

private UserProvider userProvider

Provider for mapping principal names to Users

authorizationEnabled

private boolean authorizationEnabled

if we are active, usually false, only true if "hbase.security.authorization" has been set to true in site configuration

cellFeaturesEnabled

private boolean cellFeaturesEnabled

if we are able to support cell ACLs

shouldCheckExecPermission

private boolean shouldCheckExecPermission

if we should check EXEC permissions

compatibleEarlyTermination

private boolean compatibleEarlyTermination

if we should terminate access checks early as soon as table or CF grants allow access; pre-0.98 compatible behavior

initialized

private volatile boolean initialized

if we have been successfully initialized

aclTabAvailable

private volatile boolean aclTabAvailable

if the ACL table is available, only relevant in the master

Constructor Details

AccessController

public AccessController()

Method Details

isCellAuthorizationSupported

public static boolean isCellAuthorizationSupported(org.apache.hadoop.conf.Configuration conf)

getRegion

public Region getRegion()

getAuthManager

public AuthManager getAuthManager()

initialize

private void initialize(RegionCoprocessorEnvironment e)
                 throws IOException

Throws:

IOException

updateACL

private void updateACL(RegionCoprocessorEnvironment e,
 Map<byte[],List<Cell>> familyMap)

Writes all table ACLs for the tables in the given Map up into ZooKeeper znodes. This is called to synchronize ACL changes following _acl_ table updates.

permissionGranted

private AuthResult permissionGranted(AccessController.OpType opType,
 User user,
 RegionCoprocessorEnvironment e,
 Map<byte[],? extends Collection<?>> families,
 Permission.Action... actions)

Check the current user for authorization to perform a specific action against the given set of row data.

Parameters:

opType - the operation type

user - the user

e - the coprocessor environment

families - the map of column families to qualifiers present in the request

actions - the desired actions

Returns:

an authorization result

requireAccess

public void requireAccess(ObserverContext<?> ctx,
 String request,
 TableName tableName,
 Permission.Action... permissions)
                   throws IOException

Throws:

IOException

requirePermission

public void requirePermission(ObserverContext<?> ctx,
 String request,
 Permission.Action perm)
                       throws IOException

Throws:

IOException

requireGlobalPermission

public void requireGlobalPermission(ObserverContext<?> ctx,
 String request,
 Permission.Action perm,
 TableName tableName,
 Map<byte[],? extends Collection<byte[]>> familyMap)
                             throws IOException

Throws:

IOException

requireGlobalPermission

public void requireGlobalPermission(ObserverContext<?> ctx,
 String request,
 Permission.Action perm,
 String namespace)
                             throws IOException

Throws:

IOException

requireNamespacePermission

public void requireNamespacePermission(ObserverContext<?> ctx,
 String request,
 String namespace,
 Permission.Action... permissions)
                                throws IOException

Throws:

IOException

requireNamespacePermission

public void requireNamespacePermission(ObserverContext<?> ctx,
 String request,
 String namespace,
 TableName tableName,
 Map<byte[],? extends Collection<byte[]>> familyMap,
 Permission.Action... permissions)
                                throws IOException

Throws:

IOException

requirePermission

public void requirePermission(ObserverContext<?> ctx,
 String request,
 TableName tableName,
 byte[] family,
 byte[] qualifier,
 Permission.Action... permissions)
                       throws IOException

Throws:

IOException

requireTablePermission

public void requireTablePermission(ObserverContext<?> ctx,
 String request,
 TableName tableName,
 byte[] family,
 byte[] qualifier,
 Permission.Action... permissions)
                            throws IOException

Throws:

IOException

checkLockPermissions

public void checkLockPermissions(ObserverContext<?> ctx,
 String namespace,
 TableName tableName,
 RegionInfo[] regionInfos,
 String reason)
                          throws IOException

Throws:

IOException

hasFamilyQualifierPermission

private boolean hasFamilyQualifierPermission(User user,
 Permission.Action perm,
 RegionCoprocessorEnvironment env,
 Map<byte[],? extends Collection<byte[]>> familyMap)
                                      throws IOException

Returns true if the current user is allowed the given action over at least one of the column qualifiers in the given column families.

Throws:

IOException

checkCoveringPermission

private boolean checkCoveringPermission(User user,
 AccessController.OpType request,
 RegionCoprocessorEnvironment e,
 byte[] row,
 Map<byte[],? extends Collection<?>> familyMap,
 long opTs,
 Permission.Action... actions)
                                 throws IOException

Determine if cell ACLs covered by the operation grant access. This is expensive.

Returns:

false if cell ACLs failed to grant access, true otherwise

Throws:

IOException

addCellPermissions

private static void addCellPermissions(byte[] perms,
 Map<byte[],List<Cell>> familyMap)

checkForReservedTagPresence

private void checkForReservedTagPresence(User user,
 Mutation m)
                                  throws IOException

Throws:

IOException

start

public void start(CoprocessorEnvironment env)
           throws IOException

Description copied from interface: Coprocessor

Called by the CoprocessorEnvironment during it's own startup to initialize the coprocessor.

Specified by:

start in interface Coprocessor

Throws:

IOException

stop

public void stop(CoprocessorEnvironment env)

Description copied from interface: Coprocessor

Called by the CoprocessorEnvironment during it's own shutdown to stop the coprocessor.

Specified by:

stop in interface Coprocessor

getRegionObserver

public Optional<RegionObserver> getRegionObserver()

Observer/Service Getters

Specified by:

getRegionObserver in interface RegionCoprocessor

getMasterObserver

public Optional<MasterObserver> getMasterObserver()

Specified by:

getMasterObserver in interface MasterCoprocessor

getEndpointObserver

public Optional<EndpointObserver> getEndpointObserver()

Specified by:

getEndpointObserver in interface RegionCoprocessor

getBulkLoadObserver

public Optional<BulkLoadObserver> getBulkLoadObserver()

Specified by:

getBulkLoadObserver in interface RegionCoprocessor

getRegionServerObserver

public Optional<RegionServerObserver> getRegionServerObserver()

Specified by:

getRegionServerObserver in interface RegionServerCoprocessor

getServices

public Iterable<com.google.protobuf.Service> getServices()

Description copied from interface: Coprocessor

Coprocessor endpoints providing protobuf services should override this method.

Specified by:

getServices in interface Coprocessor

Returns:

Iterable of Services or empty collection. Implementations should never return null.

preCreateTable

public void preCreateTable(ObserverContext<MasterCoprocessorEnvironment> c,
 TableDescriptor desc,
 RegionInfo[] regions)
                    throws IOException

Observer implementations

Specified by:

preCreateTable in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

desc - the TableDescriptor for the table

regions - the initial regions created for the table

Throws:

IOException

postCompletedCreateTableAction

public void postCompletedCreateTableAction(ObserverContext<MasterCoprocessorEnvironment> c,
 TableDescriptor desc,
 RegionInfo[] regions)
                                    throws IOException

Description copied from interface: MasterObserver

Called after the createTable operation has been requested. Called as part of create table RPC call. Called as part of create table procedure and it is async to the create RPC call.

Specified by:

postCompletedCreateTableAction in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

desc - the TableDescriptor for the table

regions - the initial regions created for the table

Throws:

IOException

preDeleteTable

public void preDeleteTable(ObserverContext<MasterCoprocessorEnvironment> c,
 TableName tableName)
                    throws IOException

Description copied from interface: MasterObserver

Called before HMaster deletes a table. Called as part of delete table RPC call.

Specified by:

preDeleteTable in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

tableName - the name of the table

Throws:

IOException

postDeleteTable

public void postDeleteTable(ObserverContext<MasterCoprocessorEnvironment> c,
 TableName tableName)
                     throws IOException

Description copied from interface: MasterObserver

Called after the deleteTable operation has been requested. Called as part of delete table RPC call.

Specified by:

postDeleteTable in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

tableName - the name of the table

Throws:

IOException

preTruncateTable

public void preTruncateTable(ObserverContext<MasterCoprocessorEnvironment> c,
 TableName tableName)
                      throws IOException

Description copied from interface: MasterObserver

Called before HMaster truncates a table. Called as part of truncate table RPC call.

Specified by:

preTruncateTable in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

tableName - the name of the table

Throws:

IOException

postTruncateTable

public void postTruncateTable(ObserverContext<MasterCoprocessorEnvironment> ctx,
 TableName tableName)
                       throws IOException

Description copied from interface: MasterObserver

Called after the truncateTable operation has been requested. Called as part of truncate table RPC call. The truncate is synchronous, so this method will be called when the truncate operation is terminated.

Specified by:

postTruncateTable in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

tableName - the name of the table

Throws:

IOException

preModifyTable

public TableDescriptor preModifyTable(ObserverContext<MasterCoprocessorEnvironment> c,
 TableName tableName,
 TableDescriptor currentDesc,
 TableDescriptor newDesc)
                               throws IOException

Description copied from interface: MasterObserver

Called prior to modifying a table's properties. Called as part of modify table RPC call.

Specified by:

preModifyTable in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

tableName - the name of the table

currentDesc - current TableDescriptor of the table

newDesc - after modify operation, table will have this descriptor

Throws:

IOException

postModifyTable

public void postModifyTable(ObserverContext<MasterCoprocessorEnvironment> c,
 TableName tableName,
 TableDescriptor htd)
                     throws IOException

Description copied from interface: MasterObserver

Called after the modifyTable operation has been requested. Called as part of modify table RPC call.

Specified by:

postModifyTable in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

tableName - the name of the table

htd - current TableDescriptor of the table

Throws:

IOException

preModifyTableStoreFileTracker

public String preModifyTableStoreFileTracker(ObserverContext<MasterCoprocessorEnvironment> c,
 TableName tableName,
 String dstSFT)
                                      throws IOException

Description copied from interface: MasterObserver

Called prior to modifying a table's store file tracker. Called as part of modify table store file tracker RPC call.

Specified by:

preModifyTableStoreFileTracker in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

tableName - the name of the table

dstSFT - the store file tracker

Returns:

the store file tracker

Throws:

IOException

preModifyColumnFamilyStoreFileTracker

public String preModifyColumnFamilyStoreFileTracker(ObserverContext<MasterCoprocessorEnvironment> c,
 TableName tableName,
 byte[] family,
 String dstSFT)
                                             throws IOException

Description copied from interface: MasterObserver

Called prior to modifying a family's store file tracker. Called as part of modify family store file tracker RPC call.

Specified by:

preModifyColumnFamilyStoreFileTracker in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

tableName - the name of the table

family - the column family

dstSFT - the store file tracker

Returns:

the store file tracker

Throws:

IOException

preEnableTable

public void preEnableTable(ObserverContext<MasterCoprocessorEnvironment> c,
 TableName tableName)
                    throws IOException

Description copied from interface: MasterObserver

Called prior to enabling a table. Called as part of enable table RPC call.

Specified by:

preEnableTable in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

tableName - the name of the table

Throws:

IOException

preDisableTable

public void preDisableTable(ObserverContext<MasterCoprocessorEnvironment> c,
 TableName tableName)
                     throws IOException

Description copied from interface: MasterObserver

Called prior to disabling a table. Called as part of disable table RPC call.

Specified by:

preDisableTable in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

tableName - the name of the table

Throws:

IOException

preAbortProcedure

public void preAbortProcedure(ObserverContext<MasterCoprocessorEnvironment> ctx,
 long procId)
                       throws IOException

Description copied from interface: MasterObserver

Called before a abortProcedure request has been processed.

Specified by:

preAbortProcedure in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

procId - the Id of the procedure

Throws:

IOException

postAbortProcedure

public void postAbortProcedure(ObserverContext<MasterCoprocessorEnvironment> ctx)
                        throws IOException

Description copied from interface: MasterObserver

Called after a abortProcedure request has been processed.

Specified by:

postAbortProcedure in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

Throws:

IOException

preGetProcedures

public void preGetProcedures(ObserverContext<MasterCoprocessorEnvironment> ctx)
                      throws IOException

Description copied from interface: MasterObserver

Called before a getProcedures request has been processed.

Specified by:

preGetProcedures in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

Throws:

IOException

preGetLocks

public void preGetLocks(ObserverContext<MasterCoprocessorEnvironment> ctx)
                 throws IOException

Description copied from interface: MasterObserver

Called before a getLocks request has been processed.

Specified by:

preGetLocks in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

Throws:

IOException - if something went wrong

preMove

public void preMove(ObserverContext<MasterCoprocessorEnvironment> c,
 RegionInfo region,
 ServerName srcServer,
 ServerName destServer)
             throws IOException

Description copied from interface: MasterObserver

Called prior to moving a given region from one region server to another.

Specified by:

preMove in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

region - the RegionInfo

srcServer - the source ServerName

destServer - the destination ServerName

Throws:

IOException

preAssign

public void preAssign(ObserverContext<MasterCoprocessorEnvironment> c,
 RegionInfo regionInfo)
               throws IOException

Description copied from interface: MasterObserver

Called prior to assigning a specific region.

Specified by:

preAssign in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

regionInfo - the regionInfo of the region

Throws:

IOException

preUnassign

public void preUnassign(ObserverContext<MasterCoprocessorEnvironment> c,
 RegionInfo regionInfo)
                 throws IOException

Description copied from interface: MasterObserver

Called prior to unassigning a given region.

Specified by:

preUnassign in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

Throws:

IOException

preRegionOffline

public void preRegionOffline(ObserverContext<MasterCoprocessorEnvironment> c,
 RegionInfo regionInfo)
                      throws IOException

Description copied from interface: MasterObserver

Called prior to marking a given region as offline.

Specified by:

preRegionOffline in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

Throws:

IOException

preSetSplitOrMergeEnabled

public void preSetSplitOrMergeEnabled(ObserverContext<MasterCoprocessorEnvironment> ctx,
 boolean newValue,
 MasterSwitchType switchType)
                               throws IOException

Description copied from interface: MasterObserver

Called prior to setting split / merge switch Supports Coprocessor 'bypass'.

Specified by:

preSetSplitOrMergeEnabled in interface MasterObserver

Parameters:

ctx - the coprocessor instance's environment

newValue - the new value submitted in the call

switchType - type of switch

Throws:

IOException

preBalance

public void preBalance(ObserverContext<MasterCoprocessorEnvironment> c,
 BalanceRequest request)
                throws IOException

Description copied from interface: MasterObserver

Called prior to requesting rebalancing of the cluster regions, though after the initial checks for regions in transition and the balance switch flag.

Specified by:

preBalance in interface MasterObserver

Parameters:

c - the environment to interact with the framework and master

request - the request used to trigger the balancer

Throws:

IOException

preBalanceSwitch

public void preBalanceSwitch(ObserverContext<MasterCoprocessorEnvironment> c,
 boolean newValue)
                      throws IOException

Description copied from interface: MasterObserver

Called prior to modifying the flag used to enable/disable region balancing.

Specified by:

preBalanceSwitch in interface MasterObserver

Parameters:

c - the coprocessor instance's environment

Throws:

IOException

preShutdown

public void preShutdown(ObserverContext<MasterCoprocessorEnvironment> c)
                 throws IOException

Description copied from interface: MasterObserver

Called prior to shutting down the full HBase cluster, including this HMaster process.

Specified by:

preShutdown in interface MasterObserver

Throws:

IOException

preStopMaster

public void preStopMaster(ObserverContext<MasterCoprocessorEnvironment> c)
                   throws IOException

Description copied from interface: MasterObserver

Called immediately prior to stopping this HMaster process.

Specified by:

preStopMaster in interface MasterObserver

Throws:

IOException

postStartMaster

public void postStartMaster(ObserverContext<MasterCoprocessorEnvironment> ctx)
                     throws IOException

Description copied from interface: MasterObserver

Called immediately after an active master instance has completed initialization. Will not be called on standby master instances unless they take over the active role.

Specified by:

postStartMaster in interface MasterObserver

Throws:

IOException

createACLTable

private static void createACLTable(Admin admin)
                            throws IOException

Create the ACL table

Throws:

IOException

preSnapshot

public void preSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx,
 SnapshotDescription snapshot,
 TableDescriptor hTableDescriptor)
                 throws IOException

Description copied from interface: MasterObserver

Called before a new snapshot is taken. Called as part of snapshot RPC call.

Specified by:

preSnapshot in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

snapshot - the SnapshotDescriptor for the snapshot

hTableDescriptor - the TableDescriptor of the table to snapshot

Throws:

IOException

preListSnapshot

public void preListSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx,
 SnapshotDescription snapshot)
                     throws IOException

Description copied from interface: MasterObserver

Called before listSnapshots request has been processed.

Specified by:

preListSnapshot in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

snapshot - the SnapshotDescriptor of the snapshot to list

Throws:

IOException

preCloneSnapshot

public void preCloneSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx,
 SnapshotDescription snapshot,
 TableDescriptor hTableDescriptor)
                      throws IOException

Description copied from interface: MasterObserver

Called before a snapshot is cloned. Called as part of restoreSnapshot RPC call.

Specified by:

preCloneSnapshot in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

snapshot - the SnapshotDescriptor for the snapshot

hTableDescriptor - the TableDescriptor of the table to create

Throws:

IOException

preRestoreSnapshot

public void preRestoreSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx,
 SnapshotDescription snapshot,
 TableDescriptor hTableDescriptor)
                        throws IOException

Description copied from interface: MasterObserver

Called before a snapshot is restored. Called as part of restoreSnapshot RPC call.

Specified by:

preRestoreSnapshot in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

snapshot - the SnapshotDescriptor for the snapshot

hTableDescriptor - the TableDescriptor of the table to restore

Throws:

IOException

preDeleteSnapshot

public void preDeleteSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx,
 SnapshotDescription snapshot)
                       throws IOException

Description copied from interface: MasterObserver

Called before a snapshot is deleted. Called as part of deleteSnapshot RPC call.

Specified by:

preDeleteSnapshot in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

snapshot - the SnapshotDescriptor of the snapshot to delete

Throws:

IOException

preCreateNamespace

public void preCreateNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx,
 NamespaceDescriptor ns)
                        throws IOException

Description copied from interface: MasterObserver

Called before a new namespace is created by HMaster.

Specified by:

preCreateNamespace in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

ns - the NamespaceDescriptor for the table

Throws:

IOException

preDeleteNamespace

public void preDeleteNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String namespace)
                        throws IOException

Description copied from interface: MasterObserver

Called before HMaster deletes a namespace

Specified by:

preDeleteNamespace in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

namespace - the name of the namespace

Throws:

IOException

postDeleteNamespace

public void postDeleteNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String namespace)
                         throws IOException

Description copied from interface: MasterObserver

Called after the deleteNamespace operation has been requested.

Specified by:

postDeleteNamespace in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

namespace - the name of the namespace

Throws:

IOException

preModifyNamespace

public void preModifyNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx,
 NamespaceDescriptor ns)
                        throws IOException

Description copied from interface: MasterObserver

Called prior to modifying a namespace's properties.

Specified by:

preModifyNamespace in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

ns - after modify operation, namespace will have this descriptor

Throws:

IOException

preGetNamespaceDescriptor

public void preGetNamespaceDescriptor(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String namespace)
                               throws IOException

Description copied from interface: MasterObserver

Called before a getNamespaceDescriptor request has been processed.

Specified by:

preGetNamespaceDescriptor in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

namespace - the name of the namespace

Throws:

IOException

postListNamespaces

public void postListNamespaces(ObserverContext<MasterCoprocessorEnvironment> ctx,
 List<String> namespaces)
                        throws IOException

Description copied from interface: MasterObserver

Called after a listNamespaces request has been processed.

Specified by:

postListNamespaces in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

namespaces - the list of namespaces about to be returned

Throws:

IOException - if something went wrong

postListNamespaceDescriptors

public void postListNamespaceDescriptors(ObserverContext<MasterCoprocessorEnvironment> ctx,
 List<NamespaceDescriptor> descriptors)
                                  throws IOException

Description copied from interface: MasterObserver

Called after a listNamespaceDescriptors request has been processed.

Specified by:

postListNamespaceDescriptors in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

descriptors - the list of descriptors about to be returned

Throws:

IOException

preTableFlush

public void preTableFlush(ObserverContext<MasterCoprocessorEnvironment> ctx,
 TableName tableName)
                   throws IOException

Description copied from interface: MasterObserver

Called before the table memstore is flushed to disk.

Specified by:

preTableFlush in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

tableName - the name of the table

Throws:

IOException

preSplitRegion

public void preSplitRegion(ObserverContext<MasterCoprocessorEnvironment> ctx,
 TableName tableName,
 byte[] splitRow)
                    throws IOException

Description copied from interface: MasterObserver

Called before the split region procedure is called.

Specified by:

preSplitRegion in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

tableName - the table where the region belongs to

splitRow - split point

Throws:

IOException

preClearDeadServers

public void preClearDeadServers(ObserverContext<MasterCoprocessorEnvironment> ctx)
                         throws IOException

Description copied from interface: MasterObserver

Called before clear dead region servers.

Specified by:

preClearDeadServers in interface MasterObserver

Throws:

IOException

preDecommissionRegionServers

public void preDecommissionRegionServers(ObserverContext<MasterCoprocessorEnvironment> ctx,
 List<ServerName> servers,
 boolean offload)
                                  throws IOException

Description copied from interface: MasterObserver

Called before decommission region servers.

Specified by:

preDecommissionRegionServers in interface MasterObserver

Throws:

IOException

preListDecommissionedRegionServers

public void preListDecommissionedRegionServers(ObserverContext<MasterCoprocessorEnvironment> ctx)
                                        throws IOException

Description copied from interface: MasterObserver

Called before list decommissioned region servers.

Specified by:

preListDecommissionedRegionServers in interface MasterObserver

Throws:

IOException

preRecommissionRegionServer

public void preRecommissionRegionServer(ObserverContext<MasterCoprocessorEnvironment> ctx,
 ServerName server,
 List<byte[]> encodedRegionNames)
                                 throws IOException

Description copied from interface: MasterObserver

Called before recommission region server.

Specified by:

preRecommissionRegionServer in interface MasterObserver

Throws:

IOException

preOpen

public void preOpen(ObserverContext<RegionCoprocessorEnvironment> c)
             throws IOException

Description copied from interface: RegionObserver

Called before the region is reported as open to the master.

Specified by:

preOpen in interface RegionObserver

Parameters:

c - the environment provided by the region server

Throws:

IOException

postOpen

public void postOpen(ObserverContext<RegionCoprocessorEnvironment> c)

Description copied from interface: RegionObserver

Called after the region is reported as open to the master.

Specified by:

postOpen in interface RegionObserver

Parameters:

c - the environment provided by the region server

preFlush

public void preFlush(ObserverContext<RegionCoprocessorEnvironment> c,
 FlushLifeCycleTracker tracker)
              throws IOException

Description copied from interface: RegionObserver

Called before the memstore is flushed to disk.

Specified by:

preFlush in interface RegionObserver

Parameters:

c - the environment provided by the region server

tracker - tracker used to track the life cycle of a flush

Throws:

IOException

preCompact

public InternalScanner preCompact(ObserverContext<RegionCoprocessorEnvironment> c,
 Store store,
 InternalScanner scanner,
 ScanType scanType,
 CompactionLifeCycleTracker tracker,
 CompactionRequest request)
                           throws IOException

Description copied from interface: RegionObserver

Called prior to writing the StoreFiles selected for compaction into a new StoreFile.

To override or modify the compaction process, implementing classes can wrap the provided InternalScanner with a custom implementation that is returned from this method. The custom scanner can then inspect Cells from the wrapped scanner, applying its own policy to what gets written.

If implementations are wrapping the passed in InternalScanner, they can also have their implementation implement Shipper and delegate to the original scanner. This will cause compactions to free up memory as they progress, which is especially important for people using off-heap memory pools.

Keep in mind that when Shipper.shipped() is called, any cell references you maintain in your implementation may get corrupted. As such you should make sure to deep clone any cells that you need to keep reference to across invocations of shipped.

Specified by:

preCompact in interface RegionObserver

Parameters:

c - the environment provided by the region server

store - the store being compacted

scanner - the scanner over existing data used in the store file rewriting

scanType - type of Scan

tracker - tracker used to track the life cycle of a compaction

request - the requested compaction

Returns:

the scanner to use during compaction. Should not be null unless the implementation is writing new store files on its own.

Throws:

IOException

internalPreRead

private void internalPreRead(ObserverContext<RegionCoprocessorEnvironment> c,
 Query query,
 AccessController.OpType opType)
                      throws IOException

Throws:

IOException

preGetOp

public void preGetOp(ObserverContext<RegionCoprocessorEnvironment> c,
 Get get,
 List<Cell> result)
              throws IOException

Description copied from interface: RegionObserver

Called before the client performs a Get

Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.

Specified by:

preGetOp in interface RegionObserver

Parameters:

c - the environment provided by the region server

get - the Get request

result - The result to return to the client if default processing is bypassed. Can be modified. Will not be used if default processing is not bypassed.

Throws:

IOException

preExists

public boolean preExists(ObserverContext<RegionCoprocessorEnvironment> c,
 Get get,
 boolean exists)
                  throws IOException

Description copied from interface: RegionObserver

Called before the client tests for existence using a Get.

Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.

Specified by:

preExists in interface RegionObserver

Parameters:

c - the environment provided by the region server

get - the Get request

exists - the result returned by the region server

Returns:

the value to return to the client if bypassing default processing

Throws:

IOException

prePut

public void prePut(ObserverContext<RegionCoprocessorEnvironment> c,
 Put put,
 WALEdit edit,
 Durability durability)
            throws IOException

Description copied from interface: RegionObserver

Called before the client stores a value.

Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.

Note: Do not retain references to any Cells in 'put' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.

Specified by:

prePut in interface RegionObserver

Parameters:

c - the environment provided by the region server

put - The Put object

edit - The WALEdit object that will be written to the wal

durability - Persistence guarantee for this Put

Throws:

IOException

postPut

public void postPut(ObserverContext<RegionCoprocessorEnvironment> c,
 Put put,
 WALEdit edit,
 Durability durability)

Description copied from interface: RegionObserver

Called after the client stores a value.

Note: Do not retain references to any Cells in 'put' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.

Specified by:

postPut in interface RegionObserver

Parameters:

c - the environment provided by the region server

put - The Put object

edit - The WALEdit object for the wal

durability - Persistence guarantee for this Put

preDelete

public void preDelete(ObserverContext<RegionCoprocessorEnvironment> c,
 Delete delete,
 WALEdit edit,
 Durability durability)
               throws IOException

Description copied from interface: RegionObserver

Called before the client deletes a value.

Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.

Note: Do not retain references to any Cells in 'delete' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.

Specified by:

preDelete in interface RegionObserver

Parameters:

c - the environment provided by the region server

delete - The Delete object

edit - The WALEdit object for the wal

durability - Persistence guarantee for this Delete

Throws:

IOException

preBatchMutate

public void preBatchMutate(ObserverContext<RegionCoprocessorEnvironment> c,
 MiniBatchOperationInProgress<Mutation> miniBatchOp)
                    throws IOException

Description copied from interface: RegionObserver

This will be called for every batch mutation operation happening at the server. This will be called after acquiring the locks on the mutating rows and after applying the proper timestamp for each Mutation at the server. The batch may contain Put/Delete/Increment/Append. By setting OperationStatus of Mutations (MiniBatchOperationInProgress.setOperationStatus(int, OperationStatus)), RegionObserver can make Region to skip these Mutations.

Note: Do not retain references to any Cells in Mutations beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.

Specified by:

preBatchMutate in interface RegionObserver

Parameters:

c - the environment provided by the region server

miniBatchOp - batch of Mutations getting applied to region.

Throws:

IOException

postDelete

public void postDelete(ObserverContext<RegionCoprocessorEnvironment> c,
 Delete delete,
 WALEdit edit,
 Durability durability)
                throws IOException

Description copied from interface: RegionObserver

Called after the client deletes a value.

Note: Do not retain references to any Cells in 'delete' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.

Specified by:

postDelete in interface RegionObserver

Parameters:

c - the environment provided by the region server

delete - The Delete object

edit - The WALEdit object for the wal

durability - Persistence guarantee for this Delete

Throws:

IOException

preCheckAndPut

public boolean preCheckAndPut(ObserverContext<RegionCoprocessorEnvironment> c,
 byte[] row,
 byte[] family,
 byte[] qualifier,
 CompareOperator op,
 ByteArrayComparable comparator,
 Put put,
 boolean result)
                       throws IOException

Description copied from interface: RegionObserver

Called before checkAndPut.

Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.

Note: Do not retain references to any Cells in 'put' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.

Specified by:

preCheckAndPut in interface RegionObserver

Parameters:

c - the environment provided by the region server

row - row to check

family - column family

qualifier - column qualifier

op - the comparison operation

comparator - the comparator

put - data to put if check succeeds

result - the default value of the result

Returns:

the return value to return to client if bypassing default processing

Throws:

IOException

preCheckAndPutAfterRowLock

public boolean preCheckAndPutAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c,
 byte[] row,
 byte[] family,
 byte[] qualifier,
 CompareOperator opp,
 ByteArrayComparable comparator,
 Put put,
 boolean result)
                                   throws IOException

Description copied from interface: RegionObserver

Called before checkAndPut but after acquiring rowlock.

Note: Caution to be taken for not doing any long time operation in this hook. Row will be locked for longer time. Trying to acquire lock on another row, within this, can lead to potential deadlock.

Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.

Note: Do not retain references to any Cells in 'put' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.

Specified by:

preCheckAndPutAfterRowLock in interface RegionObserver

Parameters:

c - the environment provided by the region server

row - row to check

family - column family

qualifier - column qualifier

opp - the comparison operation

comparator - the comparator

put - data to put if check succeeds

result - the default value of the result

Returns:

the return value to return to client if bypassing default processing

Throws:

IOException

preCheckAndDelete

public boolean preCheckAndDelete(ObserverContext<RegionCoprocessorEnvironment> c,
 byte[] row,
 byte[] family,
 byte[] qualifier,
 CompareOperator op,
 ByteArrayComparable comparator,
 Delete delete,
 boolean result)
                          throws IOException

Description copied from interface: RegionObserver

Called before checkAndDelete.

Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.

Note: Do not retain references to any Cells in 'delete' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.

Specified by:

preCheckAndDelete in interface RegionObserver

Parameters:

c - the environment provided by the region server

row - row to check

family - column family

qualifier - column qualifier

op - the comparison operation

comparator - the comparator

delete - delete to commit if check succeeds

result - the default value of the result

Returns:

the value to return to client if bypassing default processing

Throws:

IOException

preCheckAndDeleteAfterRowLock

public boolean preCheckAndDeleteAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c,
 byte[] row,
 byte[] family,
 byte[] qualifier,
 CompareOperator op,
 ByteArrayComparable comparator,
 Delete delete,
 boolean result)
                                      throws IOException

Description copied from interface: RegionObserver

Called before checkAndDelete but after acquiring rowock.

Note: Caution to be taken for not doing any long time operation in this hook. Row will be locked for longer time. Trying to acquire lock on another row, within this, can lead to potential deadlock.

Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.

Note: Do not retain references to any Cells in 'delete' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.

Specified by:

preCheckAndDeleteAfterRowLock in interface RegionObserver

Parameters:

c - the environment provided by the region server

row - row to check

family - column family

qualifier - column qualifier

op - the comparison operation

comparator - the comparator

delete - delete to commit if check succeeds

result - the default value of the result

Returns:

the value to return to client if bypassing default processing

Throws:

IOException

preAppend

public Result preAppend(ObserverContext<RegionCoprocessorEnvironment> c,
 Append append)
                 throws IOException

Description copied from interface: RegionObserver

Called before Append.

Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.

Note: Do not retain references to any Cells in 'append' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.

Specified by:

preAppend in interface RegionObserver

Parameters:

c - the environment provided by the region server

append - Append object

Returns:

result to return to the client if bypassing default processing

Throws:

IOException

preIncrement

public Result preIncrement(ObserverContext<RegionCoprocessorEnvironment> c,
 Increment increment)
                    throws IOException

Description copied from interface: RegionObserver

Called before Increment.

Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.

Note: Do not retain references to any Cells in 'increment' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.

Specified by:

preIncrement in interface RegionObserver

Parameters:

c - the environment provided by the region server

increment - increment object

Returns:

result to return to the client if bypassing default processing

Throws:

IOException

postIncrementBeforeWAL

public List<Pair<Cell,Cell>> postIncrementBeforeWAL(ObserverContext<RegionCoprocessorEnvironment> ctx,
 Mutation mutation,
 List<Pair<Cell,Cell>> cellPairs)
                                             throws IOException

Description copied from interface: RegionObserver

Called after a list of new cells has been created during an increment operation, but before they are committed to the WAL or memstore.

Specified by:

postIncrementBeforeWAL in interface RegionObserver

Parameters:

ctx - the environment provided by the region server

mutation - the current mutation

cellPairs - a list of cell pair. The first cell is old cell which may be null. And the second cell is the new cell.

Returns:

a list of cell pair, possibly changed.

Throws:

IOException

postAppendBeforeWAL

public List<Pair<Cell,Cell>> postAppendBeforeWAL(ObserverContext<RegionCoprocessorEnvironment> ctx,
 Mutation mutation,
 List<Pair<Cell,Cell>> cellPairs)
                                          throws IOException

Description copied from interface: RegionObserver

Called after a list of new cells has been created during an append operation, but before they are committed to the WAL or memstore.

Specified by:

postAppendBeforeWAL in interface RegionObserver

Parameters:

ctx - the environment provided by the region server

mutation - the current mutation

cellPairs - a list of cell pair. The first cell is old cell which may be null. And the second cell is the new cell.

Returns:

a list of cell pair, possibly changed.

Throws:

IOException

createNewCellWithTags

private Cell createNewCellWithTags(Mutation mutation,
 Cell oldCell,
 Cell newCell)

preScannerOpen

public void preScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c,
 Scan scan)
                    throws IOException

Description copied from interface: RegionObserver

Called before the client opens a new scanner.

Note: Do not retain references to any Cells returned by scanner, beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.

Specified by:

preScannerOpen in interface RegionObserver

Parameters:

c - the environment provided by the region server

scan - the Scan specification

Throws:

IOException

postScannerOpen

public RegionScanner postScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c,
 Scan scan,
 RegionScanner s)
                              throws IOException

Description copied from interface: RegionObserver

Called after the client opens a new scanner.

Note: Do not retain references to any Cells returned by scanner, beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.

Specified by:

postScannerOpen in interface RegionObserver

Parameters:

c - the environment provided by the region server

scan - the Scan specification

s - if not null, the base scanner

Returns:

the scanner instance to use

Throws:

IOException

preScannerNext

public boolean preScannerNext(ObserverContext<RegionCoprocessorEnvironment> c,
 InternalScanner s,
 List<Result> result,
 int limit,
 boolean hasNext)
                       throws IOException

Description copied from interface: RegionObserver

Called before the client asks for the next row on a scanner.

Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.

Note: Do not retain references to any Cells returned by scanner, beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.

Specified by:

preScannerNext in interface RegionObserver

Parameters:

c - the environment provided by the region server

s - the scanner

result - The result to return to the client if default processing is bypassed. Can be modified. Will not be returned if default processing is not bypassed.

limit - the maximum number of results to return

hasNext - the 'has more' indication

Returns:

'has more' indication that should be sent to client

Throws:

IOException

preScannerClose

public void preScannerClose(ObserverContext<RegionCoprocessorEnvironment> c,
 InternalScanner s)
                     throws IOException

Description copied from interface: RegionObserver

Called before the client closes a scanner.

Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.

Specified by:

preScannerClose in interface RegionObserver

Parameters:

c - the environment provided by the region server

s - the scanner

Throws:

IOException

postScannerClose

public void postScannerClose(ObserverContext<RegionCoprocessorEnvironment> c,
 InternalScanner s)
                      throws IOException

Description copied from interface: RegionObserver

Called after the client closes a scanner.

Specified by:

postScannerClose in interface RegionObserver

Parameters:

c - the environment provided by the region server

s - the scanner

Throws:

IOException

requireScannerOwner

private void requireScannerOwner(InternalScanner s)
                          throws AccessDeniedException

Verify, when servicing an RPC, that the caller is the scanner owner. If so, we assume that access control is correctly enforced based on the checks performed in preScannerOpen()

Throws:

AccessDeniedException

preBulkLoadHFile

public void preBulkLoadHFile(ObserverContext<RegionCoprocessorEnvironment> ctx,
 List<Pair<byte[],String>> familyPaths)
                      throws IOException

Verifies user has CREATE or ADMIN privileges on the Column Families involved in the bulkLoadHFile request. Specific Column Write privileges are presently ignored.

Specified by:

preBulkLoadHFile in interface RegionObserver

Parameters:

ctx - the environment provided by the region server

familyPaths - pairs of { CF, HFile path } submitted for bulk load. Adding or removing from this list will add or remove HFiles to be bulk loaded.

Throws:

IOException

prePrepareBulkLoad

public void prePrepareBulkLoad(ObserverContext<RegionCoprocessorEnvironment> ctx)
                        throws IOException

Authorization check for SecureBulkLoadProtocol.prepareBulkLoad()

Specified by:

prePrepareBulkLoad in interface BulkLoadObserver

Parameters:

ctx - the context

Throws:

IOException

preCleanupBulkLoad

public void preCleanupBulkLoad(ObserverContext<RegionCoprocessorEnvironment> ctx)
                        throws IOException

Authorization security check for SecureBulkLoadProtocol.cleanupBulkLoad()

Specified by:

preCleanupBulkLoad in interface BulkLoadObserver

Parameters:

ctx - the context

Throws:

IOException

preEndpointInvocation

public com.google.protobuf.Message preEndpointInvocation(ObserverContext<RegionCoprocessorEnvironment> ctx,
 com.google.protobuf.Service service,
 String methodName,
 com.google.protobuf.Message request)
                                                  throws IOException

Description copied from interface: EndpointObserver

Called before an Endpoint service method is invoked. The request message can be altered by returning a new instance. Throwing an exception will abort the invocation. Calling ObserverContext.bypass() has no effect in this hook.

Specified by:

preEndpointInvocation in interface EndpointObserver

Parameters:

ctx - the environment provided by the region server

service - the endpoint service

methodName - the invoked service method

request - Request message expected by given Service's method (by the name methodName).

Returns:

the possibly modified message

Throws:

IOException

postEndpointInvocation

public void postEndpointInvocation(ObserverContext<RegionCoprocessorEnvironment> ctx,
 com.google.protobuf.Service service,
 String methodName,
 com.google.protobuf.Message request,
 com.google.protobuf.Message.Builder responseBuilder)
                            throws IOException

Description copied from interface: EndpointObserver

Called after an Endpoint service method is invoked. The response message can be altered using the builder.

Specified by:

postEndpointInvocation in interface EndpointObserver

Parameters:

ctx - the environment provided by the region server

service - the endpoint service

methodName - the invoked service method

request - Request message expected by given Service's method (by the name methodName).

responseBuilder - Builder for final response to the client, with original response from Service's method merged into it.

Throws:

IOException

grant

@Deprecated
public void grant(com.google.protobuf.RpcController controller,
 org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantRequest request,
 com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantResponse> done)

Deprecated.

since 2.2.0 and will be removed in 4.0.0. Use Admin.grant(UserPermission, boolean) instead.

Specified by:

grant in interface org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface

See Also:

• Admin.grant(UserPermission, boolean)
• HBASE-21739

revoke

@Deprecated
public void revoke(com.google.protobuf.RpcController controller,
 org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeRequest request,
 com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeResponse> done)

Deprecated.

since 2.2.0 and will be removed in 4.0.0. Use Admin.revoke(UserPermission) instead.

Specified by:

revoke in interface org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface

See Also:

• Admin.revoke(UserPermission)
• HBASE-21739

getUserPermissions

@Deprecated
public void getUserPermissions(com.google.protobuf.RpcController controller,
 org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GetUserPermissionsRequest request,
 com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GetUserPermissionsResponse> done)

Deprecated.

since 2.2.0 and will be removed in 4.0.0. Use Admin.getUserPermissions(GetUserPermissionsRequest) instead.

Specified by:

getUserPermissions in interface org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface

See Also:

• Admin.getUserPermissions(GetUserPermissionsRequest)
• HBASE-21911

checkPermissions

@Deprecated
public void checkPermissions(com.google.protobuf.RpcController controller,
 org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest request,
 com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsResponse> done)

Deprecated.

since 2.2.0 and will be removed 4.0.0. Use Admin.hasUserPermissions(List) instead.

Specified by:

checkPermissions in interface org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface

See Also:

• Admin.hasUserPermissions(List)
• HBASE-22117

getRegion

private Region getRegion(RegionCoprocessorEnvironment e)

getTableName

private TableName getTableName(RegionCoprocessorEnvironment e)

getTableName

private TableName getTableName(Region region)

preClose

public void preClose(ObserverContext<RegionCoprocessorEnvironment> c,
 boolean abortRequested)
              throws IOException

Description copied from interface: RegionObserver

Called before the region is reported as closed to the master.

Specified by:

preClose in interface RegionObserver

Parameters:

c - the environment provided by the region server

abortRequested - true if the region server is aborting

Throws:

IOException

checkSystemOrSuperUser

private void checkSystemOrSuperUser(User activeUser)
                             throws IOException

Throws:

IOException

preStopRegionServer

public void preStopRegionServer(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
                         throws IOException

Description copied from interface: RegionServerObserver

Called before stopping region server.

Specified by:

preStopRegionServer in interface RegionServerObserver

Parameters:

ctx - the environment to interact with the framework and region server.

Throws:

IOException

makeFamilyMap

private Map<byte[],? extends Collection<byte[]>> makeFamilyMap(byte[] family,
 byte[] qualifier)

preGetTableDescriptors

public void preGetTableDescriptors(ObserverContext<MasterCoprocessorEnvironment> ctx,
 List<TableName> tableNamesList,
 List<TableDescriptor> descriptors,
 String regex)
                            throws IOException

Description copied from interface: MasterObserver

Called before a getTableDescriptors request has been processed.

Specified by:

preGetTableDescriptors in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

tableNamesList - the list of table names, or null if querying for all

descriptors - an empty list, can be filled with what to return in coprocessor

regex - regular expression used for filtering the table names

Throws:

IOException

postGetTableDescriptors

public void postGetTableDescriptors(ObserverContext<MasterCoprocessorEnvironment> ctx,
 List<TableName> tableNamesList,
 List<TableDescriptor> descriptors,
 String regex)
                             throws IOException

Description copied from interface: MasterObserver

Called after a getTableDescriptors request has been processed.

Specified by:

postGetTableDescriptors in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

tableNamesList - the list of table names, or null if querying for all

descriptors - the list of descriptors about to be returned

regex - regular expression used for filtering the table names

Throws:

IOException

postGetTableNames

public void postGetTableNames(ObserverContext<MasterCoprocessorEnvironment> ctx,
 List<TableDescriptor> descriptors,
 String regex)
                       throws IOException

Description copied from interface: MasterObserver

Called after a getTableNames request has been processed.

Specified by:

postGetTableNames in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

descriptors - the list of descriptors about to be returned

regex - regular expression used for filtering the table names

Throws:

IOException

preMergeRegions

public void preMergeRegions(ObserverContext<MasterCoprocessorEnvironment> ctx,
 RegionInfo[] regionsToMerge)
                     throws IOException

Description copied from interface: MasterObserver

Called before merge regions request.

Specified by:

preMergeRegions in interface MasterObserver

Parameters:

ctx - coprocessor environment

regionsToMerge - regions to be merged

Throws:

IOException

preRollWALWriterRequest

public void preRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
                             throws IOException

Description copied from interface: RegionServerObserver

This will be called before executing user request to roll a region server WAL.

Specified by:

preRollWALWriterRequest in interface RegionServerObserver

Parameters:

ctx - the environment to interact with the framework and region server.

Throws:

IOException

postRollWALWriterRequest

public void postRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
                              throws IOException

Description copied from interface: RegionServerObserver

This will be called after executing user request to roll a region server WAL.

Specified by:

postRollWALWriterRequest in interface RegionServerObserver

Parameters:

ctx - the environment to interact with the framework and region server.

Throws:

IOException

preSetUserQuota

public void preSetUserQuota(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String userName,
 GlobalQuotaSettings quotas)
                     throws IOException

Description copied from interface: MasterObserver

Called before the quota for the user is stored.

Specified by:

preSetUserQuota in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

userName - the name of user

quotas - the current quota for the user

Throws:

IOException

preSetUserQuota

public void preSetUserQuota(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String userName,
 TableName tableName,
 GlobalQuotaSettings quotas)
                     throws IOException

Description copied from interface: MasterObserver

Called before the quota for the user on the specified table is stored.

Specified by:

preSetUserQuota in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

userName - the name of user

tableName - the name of the table

quotas - the current quota for the user on the table

Throws:

IOException

preSetUserQuota

public void preSetUserQuota(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String userName,
 String namespace,
 GlobalQuotaSettings quotas)
                     throws IOException

Description copied from interface: MasterObserver

Called before the quota for the user on the specified namespace is stored.

Specified by:

preSetUserQuota in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

userName - the name of user

namespace - the name of the namespace

quotas - the current quota for the user on the namespace

Throws:

IOException

preSetTableQuota

public void preSetTableQuota(ObserverContext<MasterCoprocessorEnvironment> ctx,
 TableName tableName,
 GlobalQuotaSettings quotas)
                      throws IOException

Description copied from interface: MasterObserver

Called before the quota for the table is stored.

Specified by:

preSetTableQuota in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

tableName - the name of the table

quotas - the current quota for the table

Throws:

IOException

preSetNamespaceQuota

public void preSetNamespaceQuota(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String namespace,
 GlobalQuotaSettings quotas)
                          throws IOException

Description copied from interface: MasterObserver

Called before the quota for the namespace is stored.

Specified by:

preSetNamespaceQuota in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

namespace - the name of the namespace

quotas - the current quota for the namespace

Throws:

IOException

preSetRegionServerQuota

public void preSetRegionServerQuota(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String regionServer,
 GlobalQuotaSettings quotas)
                             throws IOException

Description copied from interface: MasterObserver

Called before the quota for the region server is stored.

Specified by:

preSetRegionServerQuota in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

regionServer - the name of the region server

quotas - the current quota for the region server

Throws:

IOException

postCreateReplicationEndPoint

public ReplicationEndpoint postCreateReplicationEndPoint(ObserverContext<RegionServerCoprocessorEnvironment> ctx,
 ReplicationEndpoint endpoint)

Description copied from interface: RegionServerObserver

This will be called after the replication endpoint is instantiated.

Specified by:

postCreateReplicationEndPoint in interface RegionServerObserver

Parameters:

ctx - the environment to interact with the framework and region server.

endpoint - - the base endpoint for replication

Returns:

the endpoint to use during replication.

preReplicateLogEntries

public void preReplicateLogEntries(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
                            throws IOException

Description copied from interface: RegionServerObserver

This will be called before executing replication request to shipping log entries.

Specified by:

preReplicateLogEntries in interface RegionServerObserver

Parameters:

ctx - the environment to interact with the framework and region server.

Throws:

IOException

preClearCompactionQueues

public void preClearCompactionQueues(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
                              throws IOException

Description copied from interface: RegionServerObserver

This will be called before clearing compaction queues

Specified by:

preClearCompactionQueues in interface RegionServerObserver

Parameters:

ctx - the environment to interact with the framework and region server.

Throws:

IOException

preAddReplicationPeer

public void preAddReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String peerId,
 ReplicationPeerConfig peerConfig)
                           throws IOException

Description copied from interface: MasterObserver

Called before add a replication peer

Specified by:

preAddReplicationPeer in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

peerId - a short name that identifies the peer

peerConfig - configuration for the replication peer

Throws:

IOException

preRemoveReplicationPeer

public void preRemoveReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String peerId)
                              throws IOException

Description copied from interface: MasterObserver

Called before remove a replication peer

Specified by:

preRemoveReplicationPeer in interface MasterObserver

peerId - a short name that identifies the peer

Throws:

IOException

preEnableReplicationPeer

public void preEnableReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String peerId)
                              throws IOException

Description copied from interface: MasterObserver

Called before enable a replication peer

Specified by:

preEnableReplicationPeer in interface MasterObserver

peerId - a short name that identifies the peer

Throws:

IOException

preDisableReplicationPeer

public void preDisableReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String peerId)
                               throws IOException

Description copied from interface: MasterObserver

Called before disable a replication peer

Specified by:

preDisableReplicationPeer in interface MasterObserver

peerId - a short name that identifies the peer

Throws:

IOException

preGetReplicationPeerConfig

public void preGetReplicationPeerConfig(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String peerId)
                                 throws IOException

Description copied from interface: MasterObserver

Called before get the configured ReplicationPeerConfig for the specified peer

Specified by:

preGetReplicationPeerConfig in interface MasterObserver

peerId - a short name that identifies the peer

Throws:

IOException

preUpdateReplicationPeerConfig

public void preUpdateReplicationPeerConfig(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String peerId,
 ReplicationPeerConfig peerConfig)
                                    throws IOException

Description copied from interface: MasterObserver

Called before update peerConfig for the specified peer

Specified by:

preUpdateReplicationPeerConfig in interface MasterObserver

peerId - a short name that identifies the peer

Throws:

IOException

preListReplicationPeers

public void preListReplicationPeers(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String regex)
                             throws IOException

Description copied from interface: MasterObserver

Called before list replication peers.

Specified by:

preListReplicationPeers in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

regex - The regular expression to match peer id

Throws:

IOException

preRequestLock

public void preRequestLock(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String namespace,
 TableName tableName,
 RegionInfo[] regionInfos,
 String description)
                    throws IOException

Description copied from interface: MasterObserver

Called before new LockProcedure is queued.

Specified by:

preRequestLock in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

Throws:

IOException

preLockHeartbeat

public void preLockHeartbeat(ObserverContext<MasterCoprocessorEnvironment> ctx,
 TableName tableName,
 String description)
                      throws IOException

Description copied from interface: MasterObserver

Called before heartbeat to a lock.

Specified by:

preLockHeartbeat in interface MasterObserver

Parameters:

ctx - the environment to interact with the framework and master

Throws:

IOException

preExecuteProcedures

public void preExecuteProcedures(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
                          throws IOException

Description copied from interface: RegionServerObserver

This will be called before executing procedures

Specified by:

preExecuteProcedures in interface RegionServerObserver

Parameters:

ctx - the environment to interact with the framework and region server.

Throws:

IOException

preSwitchRpcThrottle

public void preSwitchRpcThrottle(ObserverContext<MasterCoprocessorEnvironment> ctx,
 boolean enable)
                          throws IOException

Description copied from interface: MasterObserver

Called before switching rpc throttle enabled state.

Specified by:

preSwitchRpcThrottle in interface MasterObserver

Parameters:

ctx - the coprocessor instance's environment

enable - the rpc throttle value

Throws:

IOException

preIsRpcThrottleEnabled

public void preIsRpcThrottleEnabled(ObserverContext<MasterCoprocessorEnvironment> ctx)
                             throws IOException

Description copied from interface: MasterObserver

Called before getting if is rpc throttle enabled.

Specified by:

preIsRpcThrottleEnabled in interface MasterObserver

Parameters:

ctx - the coprocessor instance's environment

Throws:

IOException

preSwitchExceedThrottleQuota

public void preSwitchExceedThrottleQuota(ObserverContext<MasterCoprocessorEnvironment> ctx,
 boolean enable)
                                  throws IOException

Description copied from interface: MasterObserver

Called before switching exceed throttle quota state.

Specified by:

preSwitchExceedThrottleQuota in interface MasterObserver

Parameters:

ctx - the coprocessor instance's environment

enable - the exceed throttle quota value

Throws:

IOException

getActiveUser

private User getActiveUser(ObserverContext<?> ctx)
                    throws IOException

Returns the active user to which authorization checks should be applied. If we are in the context of an RPC call, the remote user is used, otherwise the currently logged in user is used.

Throws:

IOException

hasPermission

@Deprecated
public void hasPermission(com.google.protobuf.RpcController controller,
 org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.HasPermissionRequest request,
 com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.HasPermissionResponse> done)

Deprecated.

since 2.2.0 and will be removed in 4.0.0. Use Admin.hasUserPermissions(String, List) instead.

Specified by:

hasPermission in interface org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface

See Also:

• Admin.hasUserPermissions(String, List)
• HBASE-22117

preGrant

public void preGrant(ObserverContext<MasterCoprocessorEnvironment> ctx,
 UserPermission userPermission,
 boolean mergeExistingPermissions)
              throws IOException

Description copied from interface: MasterObserver

Called before granting user permissions.

Specified by:

preGrant in interface MasterObserver

Parameters:

ctx - the coprocessor instance's environment

userPermission - the user and permissions

mergeExistingPermissions - True if merge with previous granted permissions

Throws:

IOException

preRevoke

public void preRevoke(ObserverContext<MasterCoprocessorEnvironment> ctx,
 UserPermission userPermission)
               throws IOException

Description copied from interface: MasterObserver

Called before revoking user permissions.

Specified by:

preRevoke in interface MasterObserver

Parameters:

ctx - the coprocessor instance's environment

userPermission - the user and permissions

Throws:

IOException

preGrantOrRevoke

private void preGrantOrRevoke(User caller,
 String request,
 UserPermission userPermission)
                       throws IOException

Throws:

IOException

preGetUserPermissions

public void preGetUserPermissions(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String userName,
 String namespace,
 TableName tableName,
 byte[] family,
 byte[] qualifier)
                           throws IOException

Description copied from interface: MasterObserver

Called before getting user permissions.

Specified by:

preGetUserPermissions in interface MasterObserver

Parameters:

ctx - the coprocessor instance's environment

userName - the user name, null if get all user permissions

namespace - the namespace, null if don't get namespace permission

tableName - the table name, null if don't get table permission

family - the table column family, null if don't get table family permission

qualifier - the table column qualifier, null if don't get table qualifier permission

Throws:

IOException - if something went wrong

preGetUserPermissions

private void preGetUserPermissions(User caller,
 String userName,
 String namespace,
 TableName tableName,
 byte[] family,
 byte[] qualifier)
                            throws IOException

Throws:

IOException

preHasUserPermissions

public void preHasUserPermissions(ObserverContext<MasterCoprocessorEnvironment> ctx,
 String userName,
 List<Permission> permissions)
                           throws IOException

Specified by:

preHasUserPermissions in interface MasterObserver

Throws:

IOException

preHasUserPermissions

private void preHasUserPermissions(User caller,
 String userName,
 List<Permission> permissions)
                            throws IOException

Throws:

IOException

preClearRegionBlockCache

public void preClearRegionBlockCache(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
                              throws IOException

Specified by:

preClearRegionBlockCache in interface RegionServerObserver

Throws:

IOException

preUpdateRegionServerConfiguration

public void preUpdateRegionServerConfiguration(ObserverContext<RegionServerCoprocessorEnvironment> ctx,
 org.apache.hadoop.conf.Configuration preReloadConf)
                                        throws IOException

Description copied from interface: RegionServerObserver

Called before reloading the RegionServer's Configuration from disk

Specified by:

preUpdateRegionServerConfiguration in interface RegionServerObserver

Parameters:

ctx - the coprocessor instance's environment

preReloadConf - the Configuration in use prior to reload

Throws:

IOException - if you need to signal an IO error

preUpdateMasterConfiguration

public void preUpdateMasterConfiguration(ObserverContext<MasterCoprocessorEnvironment> ctx,
 org.apache.hadoop.conf.Configuration preReloadConf)
                                  throws IOException

Specified by:

preUpdateMasterConfiguration in interface MasterObserver

Throws:

IOException