hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From e...@apache.org
Subject hbase git commit: HBASE-12745 Visibility Labels: support visibility labels for user groups. (Addendum for BC between 0.98 and branch-1)
Date Mon, 26 Jan 2015 02:13:58 GMT
Repository: hbase
Updated Branches:
  refs/heads/branch-1.0 fbcc2f37f -> 8a2f52f1e


HBASE-12745 Visibility Labels:  support visibility labels for user groups. (Addendum for BC
between 0.98 and branch-1)


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/8a2f52f1
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/8a2f52f1
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/8a2f52f1

Branch: refs/heads/branch-1.0
Commit: 8a2f52f1eee43b1be89fd6c43f80d01e19210208
Parents: fbcc2f3
Author: Enis Soztutar <enis@apache.org>
Authored: Sun Jan 25 18:11:06 2015 -0800
Committer: Enis Soztutar <enis@apache.org>
Committed: Sun Jan 25 18:12:20 2015 -0800

----------------------------------------------------------------------
 .../DefaultVisibilityLabelServiceImpl.java      | 21 +++++++++++++++++
 .../visibility/VisibilityLabelService.java      | 24 ++++++++++++++++++++
 .../ExpAsStringVisibilityLabelServiceImpl.java  | 20 ++++++++++++++++
 3 files changed, 65 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/8a2f52f1/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefaultVisibilityLabelServiceImpl.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefaultVisibilityLabelServiceImpl.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefaultVisibilityLabelServiceImpl.java
index 6b9a358..5b05d23 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefaultVisibilityLabelServiceImpl.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/DefaultVisibilityLabelServiceImpl.java
@@ -324,6 +324,13 @@ public class DefaultVisibilityLabelServiceImpl implements VisibilityLabelService
   }
 
   @Override
+  @Deprecated
+  public List<String> getAuths(byte[] user, boolean systemCall)
+      throws IOException {
+    return getUserAuths(user, systemCall);
+  }
+
+  @Override
   public List<String> getUserAuths(byte[] user, boolean systemCall)
       throws IOException {
     assert (labelsRegion != null || systemCall);
@@ -536,6 +543,20 @@ public class DefaultVisibilityLabelServiceImpl implements VisibilityLabelService
   }
 
   @Override
+  @Deprecated
+  public boolean havingSystemAuth(byte[] user) throws IOException {
+    // Implementation for backward compatibility
+    if (this.superUsers.contains(Bytes.toString(user))) {
+      return true;
+    }
+    List<String> auths = this.getUserAuths(user, true);
+    if (LOG.isTraceEnabled()) {
+      LOG.trace("The auths for user " + Bytes.toString(user) + " are " + auths);
+    }
+    return auths.contains(SYSTEM_LABEL);
+  }
+
+  @Override
   public boolean havingSystemAuth(User user) throws IOException {
     // A super user has 'system' auth.
     if (isSystemOrSuperUser(user)) {

http://git-wip-us.apache.org/repos/asf/hbase/blob/8a2f52f1/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelService.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelService.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelService.java
index 8ddd47e..e01f986 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelService.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelService.java
@@ -80,6 +80,18 @@ public interface VisibilityLabelService extends Configurable {
    * @param systemCall
    *          Whether a system or user originated call.
    * @return Visibility labels authorized for the given user.
+   * @deprecated Use {@link#getUserAuths(byte[], boolean)}
+   */
+  @Deprecated
+  List<String> getAuths(byte[] user, boolean systemCall) throws IOException;
+
+  /**
+   * Retrieve the visibility labels for the user.
+   * @param user
+   *          Name of the user whose authorization to be retrieved
+   * @param systemCall
+   *          Whether a system or user originated call.
+   * @return Visibility labels authorized for the given user.
    */
   List<String> getUserAuths(byte[] user, boolean systemCall) throws IOException;
 
@@ -135,6 +147,18 @@ public interface VisibilityLabelService extends Configurable {
    * @param user
    *          User for whom system auth check to be done.
    * @return true if the given user is having system/super auth
+   * @deprecated Use {@link#havingSystemAuth(User)}
+   */
+  @Deprecated
+  boolean havingSystemAuth(byte[] user) throws IOException;
+
+  /**
+   * System checks for user auth during admin operations. (ie. Label add, set/clear auth).
The
+   * operation is allowed only for users having system auth. Also during read, if the requesting
+   * user has system auth, he can view all the data irrespective of its labels.
+   * @param user
+   *          User for whom system auth check to be done.
+   * @return true if the given user is having system/super auth
    */
   boolean havingSystemAuth(User user) throws IOException;
 

http://git-wip-us.apache.org/repos/asf/hbase/blob/8a2f52f1/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/ExpAsStringVisibilityLabelServiceImpl.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/ExpAsStringVisibilityLabelServiceImpl.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/ExpAsStringVisibilityLabelServiceImpl.java
index e8ba08b..be5588d 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/ExpAsStringVisibilityLabelServiceImpl.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/ExpAsStringVisibilityLabelServiceImpl.java
@@ -149,6 +149,12 @@ public class ExpAsStringVisibilityLabelServiceImpl implements VisibilityLabelSer
   }
 
   @Override
+  @Deprecated
+  public List<String> getAuths(byte[] user, boolean systemCall) throws IOException
{
+    return getUserAuths(user, systemCall);
+  }
+
+  @Override
   public List<String> getUserAuths(byte[] user, boolean systemCall) throws IOException
{
     assert (labelsRegion != null || systemCall);
     List<String> auths = new ArrayList<String>();
@@ -431,6 +437,20 @@ public class ExpAsStringVisibilityLabelServiceImpl implements VisibilityLabelSer
   }
 
   @Override
+  @Deprecated
+  public boolean havingSystemAuth(byte[] user) throws IOException {
+    // Implementation for backward compatibility
+    if (this.superUsers.contains(Bytes.toString(user))) {
+      return true;
+    }
+    List<String> auths = this.getUserAuths(user, true);
+    if (LOG.isTraceEnabled()) {
+      LOG.trace("The auths for user " + Bytes.toString(user) + " are " + auths);
+    }
+    return auths.contains(SYSTEM_LABEL);
+  }
+
+  @Override
   public boolean havingSystemAuth(User user) throws IOException {
     if (isSystemOrSuperUser(user)) {
       return true;


Mime
View raw message