ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [1/4] git commit: ARGUS-17: implementation to update Argus policies for HBase GRANT/REVOKE
Date Thu, 28 Aug 2014 14:45:57 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master 1ed94eca4 -> d59e0ee41


ARGUS-17: implementation to update Argus policies for HBase GRANT/REVOKE 

Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/593540f6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/593540f6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/593540f6

Branch: refs/heads/master
Commit: 593540f6f78bedf5206cb34fe4703858fb955ea1
Parents: 895f0f2
Author: mneethiraj <mneethiraj@hortonworks.com>
Authored: Wed Aug 27 18:44:36 2014 -0700
Committer: mneethiraj <mneethiraj@hortonworks.com>
Committed: Wed Aug 27 18:44:36 2014 -0700

----------------------------------------------------------------------
 .../admin/client/datatype/GrantRevokeData.java  |  34 +-
 .../authorization/utils/StringUtil.java         |   4 +
 .../conf/xasecure-hbase-security-changes.cfg    |   4 +-
 hbase-agent/conf/xasecure-hbase-security.xml    |  12 +-
 .../hbase/XaSecureAuthorizationCoprocessor.java | 350 +++++++----
 .../XaSecureAuthorizationCoprocessorBase.java   | 597 +++++++++++++++++++
 .../security/access/XaAccessControlLists.java   |  12 +
 .../hive/authorizer/XaSecureHiveAuthorizer.java |   9 +-
 8 files changed, 883 insertions(+), 139 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/593540f6/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
b/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
index 117ae08..223b4dd 100644
--- a/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
+++ b/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
@@ -102,12 +102,12 @@ public class GrantRevokeData implements java.io.Serializable {
 	}
 
 
-	public void setHiveData(String        grantor,
-							String        repositoryName,
-							String        databases,
-							String        tables,
-							String        columns,
-							List<PermMap> permMapList) {
+	public void setHiveData(String  grantor,
+							String  repositoryName,
+							String  databases,
+							String  tables,
+							String  columns,
+							PermMap permMap) {
 		this.grantor         = grantor;
 		this.repositoryName = repositoryName;
 		this.repositoryType = "hive";
@@ -116,18 +116,15 @@ public class GrantRevokeData implements java.io.Serializable {
 		this.columns        = columns;
 		this.isAuditEnabled = true;
 		this.isEnabled      = true;
-
-		for(PermMap permMap : permMapList) {
-			this.permMapList.add(permMap);
-		}
+		this.permMapList.add(permMap);
 	}
 
-	public void setHBaseData(String        grantor,
-							 String        repositoryName,
-							 String        tables,
-							 String        columns,
-							 String        columnFamilies,
-							 List<PermMap> permMapList) {
+	public void setHBaseData(String  grantor,
+							 String  repositoryName,
+							 String  tables,
+							 String  columns,
+							 String  columnFamilies,
+							 PermMap permMap) {
 		this.grantor         = grantor;
 		this.repositoryName = repositoryName;
 		this.repositoryType = "hbase";
@@ -136,10 +133,7 @@ public class GrantRevokeData implements java.io.Serializable {
 		this.columnFamilies = columnFamilies;
 		this.isAuditEnabled = true;
 		this.isEnabled      = true;
-
-		for(PermMap permMap : permMapList) {
-			this.permMapList.add(permMap);
-		}
+		this.permMapList.add(permMap);
 	}
 	
 	public String toJson() {

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/593540f6/agents-common/src/main/java/com/xasecure/authorization/utils/StringUtil.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/com/xasecure/authorization/utils/StringUtil.java
b/agents-common/src/main/java/com/xasecure/authorization/utils/StringUtil.java
index 9d663bf..c199ddd 100644
--- a/agents-common/src/main/java/com/xasecure/authorization/utils/StringUtil.java
+++ b/agents-common/src/main/java/com/xasecure/authorization/utils/StringUtil.java
@@ -237,6 +237,10 @@ public class StringUtil {
 		return str == null ? null : str.toLowerCase();
 	}
 
+	public static byte[] getBytes(String str) {
+		return str == null ? null : str.getBytes();
+	}
+
 	public static Date getUTCDate() {
 	    Calendar local  = Calendar.getInstance();
 	    int      offset = local.getTimeZone().getOffset(local.getTimeInMillis());

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/593540f6/hbase-agent/conf/xasecure-hbase-security-changes.cfg
----------------------------------------------------------------------
diff --git a/hbase-agent/conf/xasecure-hbase-security-changes.cfg b/hbase-agent/conf/xasecure-hbase-security-changes.cfg
index 2544708..4a4d8b0 100644
--- a/hbase-agent/conf/xasecure-hbase-security-changes.cfg
+++ b/hbase-agent/conf/xasecure-hbase-security-changes.cfg
@@ -7,4 +7,6 @@ xasecure.hbase.policymgr.url							%POLICY_MGR_URL%/service/assets/policyList/%R
 xasecure.hbase.policymgr.url.saveAsFile				   	/tmp/hbase_%REPOSITORY_NAME%_json  						
		mod create-if-not-exists
 xasecure.hbase.policymgr.url.laststoredfile				%POLICY_CACHE_FILE_PATH%/hbase_%REPOSITORY_NAME%_json
				mod create-if-not-exists
 xasecure.hbase.policymgr.url.reloadIntervalInMillis 	30000 																mod create-if-not-exists
-xasecure.hbase.policymgr.ssl.config						/etc/hbase/conf/xasecure-policymgr-ssl.xml					
	mod create-if-not-exists
\ No newline at end of file
+xasecure.hbase.policymgr.ssl.config						/etc/hbase/conf/xasecure-policymgr-ssl.xml					
	mod create-if-not-exists
+xasecure.policymgr.url							        %POLICY_MGR_URL% 													mod create-if-not-exists
+xasecure.policymgr.sslconfig.filename				    /etc/hive/conf/xasecure-policymgr-ssl.xml		
				mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/593540f6/hbase-agent/conf/xasecure-hbase-security.xml
----------------------------------------------------------------------
diff --git a/hbase-agent/conf/xasecure-hbase-security.xml b/hbase-agent/conf/xasecure-hbase-security.xml
index 3324a2d..f335e4a 100644
--- a/hbase-agent/conf/xasecure-hbase-security.xml
+++ b/hbase-agent/conf/xasecure-hbase-security.xml
@@ -48,6 +48,16 @@
 			changes)
 		</description>
 	</property>
+	<property>
+		<name>xasecure.policymgr.url</name>
+		<value>http://policymanagerhost:port</value>
+		<description>Base URL for XASecure PolicyManager</description>
+	</property>
+	<property>
+		<name>xasecure.policymgr.sslconfig.filename</name>
+		<value>/etc/hive/conf/xasecure-policymgr-ssl.xml</value>
+		<description>Path to the file containing SSL details to contact XASecure PolicyManager</description>
+	</property>
 
 
 	<!-- the following properties are used by PEP to show/hide audit information 
@@ -61,4 +71,4 @@
 		</description>
 	</property>
 
-</configuration>
\ No newline at end of file
+</configuration>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/593540f6/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
index 9272a9c..7547e36 100644
--- a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
+++ b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
@@ -26,12 +26,10 @@ import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
-import java.util.NavigableMap;
 import java.util.NavigableSet;
 import java.util.Set;
 import java.util.TimeZone;
 
-import org.apache.commons.codec.binary.Hex;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -39,12 +37,10 @@ import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.Cell;
 import org.apache.hadoop.hbase.CellUtil;
 import org.apache.hadoop.hbase.CoprocessorEnvironment;
-import org.apache.hadoop.hbase.DoNotRetryIOException;
 import org.apache.hadoop.hbase.HColumnDescriptor;
 import org.apache.hadoop.hbase.HRegionInfo;
 import org.apache.hadoop.hbase.HTableDescriptor;
 import org.apache.hadoop.hbase.KeyValue;
-import org.apache.hadoop.hbase.NamespaceDescriptor;
 import org.apache.hadoop.hbase.ServerName;
 import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.client.Append;
@@ -52,22 +48,24 @@ import org.apache.hadoop.hbase.client.Delete;
 import org.apache.hadoop.hbase.client.Durability;
 import org.apache.hadoop.hbase.client.Get;
 import org.apache.hadoop.hbase.client.Increment;
-import org.apache.hadoop.hbase.client.Mutation;
 import org.apache.hadoop.hbase.client.Put;
 import org.apache.hadoop.hbase.client.Result;
 import org.apache.hadoop.hbase.client.Scan;
-import org.apache.hadoop.hbase.coprocessor.BaseRegionObserver;
+import org.apache.hadoop.hbase.coprocessor.CoprocessorException;
+import org.apache.hadoop.hbase.coprocessor.CoprocessorService;
 import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
-import org.apache.hadoop.hbase.coprocessor.MasterObserver;
 import org.apache.hadoop.hbase.coprocessor.ObserverContext;
 import org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment;
 import org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessorEnvironment;
-import org.apache.hadoop.hbase.coprocessor.RegionServerObserver;
 import org.apache.hadoop.hbase.filter.ByteArrayComparable;
 import org.apache.hadoop.hbase.filter.CompareFilter.CompareOp;
 import org.apache.hadoop.hbase.filter.FilterList;
 import org.apache.hadoop.hbase.ipc.RequestContext;
 import org.apache.hadoop.hbase.master.RegionPlan;
+import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
+import org.apache.hadoop.hbase.protobuf.ResponseConverter;
+import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos;
+import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
 import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.SnapshotDescription;
 import org.apache.hadoop.hbase.regionserver.HRegion;
 import org.apache.hadoop.hbase.regionserver.InternalScanner;
@@ -81,6 +79,8 @@ import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.security.access.Permission;
 import org.apache.hadoop.hbase.security.access.Permission.Action;
 import org.apache.hadoop.hbase.security.access.TablePermission;
+import org.apache.hadoop.hbase.security.access.UserPermission;
+import org.apache.hadoop.hbase.security.access.XaAccessControlLists;
 import org.apache.hadoop.hbase.util.Bytes;
 import org.apache.hadoop.hbase.util.Pair;
 
@@ -88,19 +88,26 @@ import com.google.common.collect.Lists;
 import com.google.common.collect.MapMaker;
 import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
+import com.google.protobuf.RpcCallback;
+import com.google.protobuf.RpcController;
+import com.google.protobuf.Service;
+import com.xasecure.admin.client.XaAdminRESTClient;
+import com.xasecure.admin.client.datatype.GrantRevokeData;
+import com.xasecure.admin.client.datatype.GrantRevokeData.PermMap;
 import com.xasecure.audit.model.EnumRepositoryType;
 import com.xasecure.audit.model.HBaseAuditEvent;
 import com.xasecure.audit.provider.AuditProviderFactory;
 import com.xasecure.authorization.hadoop.config.XaSecureConfiguration;
 import com.xasecure.authorization.hadoop.constants.XaSecureHadoopConstants;
+import com.xasecure.authorization.utils.StringUtil;
 
-public class XaSecureAuthorizationCoprocessor extends BaseRegionObserver implements MasterObserver,
RegionServerObserver {
-	private static final Log AUDIT = LogFactory.getLog("xaaudit." + XaSecureAuthorizationCoprocessor.class.getName());
+public class XaSecureAuthorizationCoprocessor extends XaSecureAuthorizationCoprocessorBase
implements AccessControlService.Interface, CoprocessorService {
 	private static final Log LOG = LogFactory.getLog(XaSecureAuthorizationCoprocessor.class.getName());
 	private static final String XaSecureModuleName = XaSecureConfiguration.getInstance().get(XaSecureHadoopConstants.AUDITLOG_XASECURE_MODULE_ACL_NAME_PROP
, XaSecureHadoopConstants.DEFAULT_XASECURE_MODULE_ACL_NAME) ;
 	private static final short  accessGrantedFlag  = 1;
 	private static final short  accessDeniedFlag   = 0;
 	private static final String repositoryName          = XaSecureConfiguration.getInstance().get(XaSecureHadoopConstants.AUDITLOG_REPOSITORY_NAME_PROP);
+	private static final String GROUP_PREFIX = "@";
 
 		
 	private static final String SUPERUSER_CONFIG_PROP = "hbase.superuser";
@@ -477,6 +484,8 @@ public class XaSecureAuthorizationCoprocessor extends BaseRegionObserver
impleme
 	}
 	@Override
 	public void postStartMaster(ObserverContext<MasterCoprocessorEnvironment> ctx) throws
IOException {
+		XaAccessControlLists.init(ctx.getEnvironment().getMasterServices());
+
 		auditEvent("startMaster", (String) null, null, null, null, null, getActiveUser(), accessGrantedFlag);
 	}
 	@Override
@@ -859,87 +868,6 @@ public class XaSecureAuthorizationCoprocessor extends BaseRegionObserver
impleme
 			
 		}
 	}
-	@Override
-	public void postAddColumnHandler(ObserverContext<MasterCoprocessorEnvironment> aMctx,
TableName aTableName,HColumnDescriptor aHColDesc) throws IOException {
-	}
-	@Override
-	public void postCreateNamespace(ObserverContext<MasterCoprocessorEnvironment> aMctx,
NamespaceDescriptor aNamespaceDesc) throws IOException {
-	}
-	@Override
-	public void postCreateTableHandler(ObserverContext<MasterCoprocessorEnvironment> aMctx,
HTableDescriptor arg1, HRegionInfo[] aRegionInfoList) throws IOException {
-	}
-	@Override
-	public void postDeleteColumnHandler(ObserverContext<MasterCoprocessorEnvironment>
aMctx, TableName aTableName, byte[] aColumnFamilyName) throws IOException {
-	}
-	@Override
-	public void postDeleteNamespace(ObserverContext<MasterCoprocessorEnvironment> aMctx,
String arg1) throws IOException {
-	}
-	@Override
-	public void postDeleteTableHandler(ObserverContext<MasterCoprocessorEnvironment> aMctx,
TableName aTableName) throws IOException {
-	}
-	@Override
-	public void postDisableTableHandler(ObserverContext<MasterCoprocessorEnvironment>
aMctx, TableName aTableName) throws IOException {
-	}
-	@Override
-	public void postEnableTableHandler(ObserverContext<MasterCoprocessorEnvironment> aMctx,
TableName aTableName) throws IOException {
-	}
-	@Override
-	public void postGetTableDescriptors(ObserverContext<MasterCoprocessorEnvironment>
aMctx, List<HTableDescriptor> aHTableDescList) throws IOException {
-	}
-	@Override
-	public void postModifyColumnHandler(ObserverContext<MasterCoprocessorEnvironment>
aMctx, TableName aTableName,HColumnDescriptor aHColDesc) throws IOException {
-	}
-	@Override
-	public void postModifyNamespace(ObserverContext<MasterCoprocessorEnvironment> aMctx,NamespaceDescriptor
aNamespaceDesc) throws IOException {
-	}
-	@Override
-	public void postModifyTableHandler(ObserverContext<MasterCoprocessorEnvironment> aMctx,
TableName aTableName,HTableDescriptor aHTableDesc) throws IOException {
-	}
-	@Override
-	public void postRegionOffline(ObserverContext<MasterCoprocessorEnvironment> aMctx,
HRegionInfo aHRegInfo) throws IOException {
-	}
-	@Override
-	public void preAddColumnHandler(ObserverContext<MasterCoprocessorEnvironment> aMctx,
TableName aTableName,HColumnDescriptor aHColDesc) throws IOException {
-	}
-	@Override
-	public void preCreateNamespace(ObserverContext<MasterCoprocessorEnvironment> aMctx,NamespaceDescriptor
aNamespaceDesc) throws IOException {
-	}
-	@Override
-	public void preCreateTableHandler(ObserverContext<MasterCoprocessorEnvironment> aMctx,HTableDescriptor
aHTableDesc, HRegionInfo[] aHRegInfoList) throws IOException {
-	}
-	@Override
-	public void preDeleteColumnHandler(ObserverContext<MasterCoprocessorEnvironment> aMctx,
TableName aTableName,byte[] aColumnFamilyName) throws IOException {
-	}
-	@Override
-	public void preDeleteNamespace(ObserverContext<MasterCoprocessorEnvironment> aMctx,
String aNamespaceName) throws IOException {
-	}
-	@Override
-	public void preDeleteTableHandler(ObserverContext<MasterCoprocessorEnvironment> aMctx,
TableName aTableName) throws IOException {
-	}
-	@Override
-	public void preDisableTableHandler(ObserverContext<MasterCoprocessorEnvironment> aMctx,
TableName aTableName) throws IOException {
-	}
-	@Override
-	public void preEnableTableHandler(ObserverContext<MasterCoprocessorEnvironment> aMctx,
TableName aTableName) throws IOException {
-	}
-	@Override
-	public void preGetTableDescriptors(ObserverContext<MasterCoprocessorEnvironment> aMctx,List<TableName>
aTableNameList, List<HTableDescriptor> aHTableDescList) throws IOException {
-	}
-	@Override
-	public void preMasterInitialization(ObserverContext<MasterCoprocessorEnvironment>
aMctx) throws IOException {
-	}
-	@Override
-	public void preModifyColumnHandler(ObserverContext<MasterCoprocessorEnvironment> aMctx,
TableName aTableName, HColumnDescriptor aHColDesc) throws IOException {
-	}
-	@Override
-	public void preModifyNamespace(ObserverContext<MasterCoprocessorEnvironment> aMctx,
NamespaceDescriptor aNamespaceDesc) throws IOException {
-	}
-	@Override
-	public void preModifyTableHandler(ObserverContext<MasterCoprocessorEnvironment> aMctx,
TableName aTableName, HTableDescriptor aHTableDesc) throws IOException {
-	}
-	@Override
-	public void preRegionOffline(ObserverContext<MasterCoprocessorEnvironment> aMctx,
HRegionInfo aHRegInfo) throws IOException {
-	}
 	
 	public static Date getUTCDate() {
 		Calendar local=Calendar.getInstance();
@@ -950,35 +878,235 @@ public class XaSecureAuthorizationCoprocessor extends BaseRegionObserver
impleme
 	    return utc.getTime();
 	}
 	
-	//
-	//  Generated to support HBase 0.98.4-hadoop2 version
-	//
-	
 	@Override
-	public void postMerge(ObserverContext<RegionServerCoprocessorEnvironment> aRctx,HRegion
reg1, HRegion reg2, HRegion reg3) throws IOException {
+	public void grant(RpcController controller, AccessControlProtos.GrantRequest request, RpcCallback<AccessControlProtos.GrantResponse>
done) {
+		boolean isSuccess = false;
+		
+		GrantRevokeData grData = null;
+
+		try {
+			grData = createGrantData(request);
+
+			XaAdminRESTClient xaAdmin = new XaAdminRESTClient();
+
+		    xaAdmin.grantPrivilege(grData);
+
+		    isSuccess = true;
+		} catch(IOException excp) {
+			LOG.warn("grant() failed", excp);
+
+			ResponseConverter.setControllerException(controller, excp);
+		} catch (Exception excp) {
+			LOG.warn("grant() failed", excp);
+
+			ResponseConverter.setControllerException(controller, new CoprocessorException(excp.getMessage()));
+		} finally {
+			byte[] tableName = grData == null ? null : StringUtil.getBytes(grData.getTables());
+
+			if(accessController.isAudited(tableName)) {
+				byte[] colFamily = grData == null ? null : StringUtil.getBytes(grData.getColumnFamilies());
+				byte[] qualifier = grData == null ? null : StringUtil.getBytes(grData.getColumns());
+
+				// Note: failed return from REST call will be logged as 'DENIED'
+				auditEvent("grant", tableName, colFamily, qualifier, null, null, getActiveUser(), isSuccess
? accessGrantedFlag : accessDeniedFlag);
+			}
+		}
+
+		AccessControlProtos.GrantResponse response = isSuccess ? AccessControlProtos.GrantResponse.getDefaultInstance()
: null;
+
+		done.run(response);
 	}
-	
+
 	@Override
-	public void postMergeCommit(ObserverContext<RegionServerCoprocessorEnvironment> aRctx,
HRegion reg1, HRegion reg2, HRegion reg3) throws IOException {
+	public void revoke(RpcController controller, AccessControlProtos.RevokeRequest request,
RpcCallback<AccessControlProtos.RevokeResponse> done) {
+		boolean isSuccess = false;
+
+		GrantRevokeData grData = null;
+
+		try {
+			grData = createRevokeData(request);
+
+			XaAdminRESTClient xaAdmin = new XaAdminRESTClient();
+
+		    xaAdmin.revokePrivilege(grData);
+
+		    isSuccess = true;
+		} catch(IOException excp) {
+			LOG.warn("grant() failed", excp);
+
+			ResponseConverter.setControllerException(controller, excp);
+		} catch (Exception excp) {
+			LOG.warn("grant() failed", excp);
+
+			ResponseConverter.setControllerException(controller, new CoprocessorException(excp.getMessage()));
+		} finally {
+			byte[] tableName = grData == null ? null : StringUtil.getBytes(grData.getTables());
+
+			if(accessController.isAudited(tableName)) {
+				byte[] colFamily = grData == null ? null : StringUtil.getBytes(grData.getColumnFamilies());
+				byte[] qualifier = grData == null ? null : StringUtil.getBytes(grData.getColumns());
+
+				// Note: failed return from REST call will be logged as 'DENIED'
+				auditEvent("revoke", tableName, colFamily, qualifier, null, null, getActiveUser(), isSuccess
? accessGrantedFlag : accessDeniedFlag);
+			}
+		}
+
+		AccessControlProtos.RevokeResponse response = isSuccess ? AccessControlProtos.RevokeResponse.getDefaultInstance()
: null;
+
+		done.run(response);
 	}
-	
+
 	@Override
-	public void postRollBackMerge(ObserverContext<RegionServerCoprocessorEnvironment>
aRctx, HRegion aReg1, HRegion aReg2) throws IOException {
+	public void checkPermissions(RpcController controller, AccessControlProtos.CheckPermissionsRequest
request, RpcCallback<AccessControlProtos.CheckPermissionsResponse> done) {
+		LOG.warn("checkPermissions(): ");
 	}
-	
+
 	@Override
-	public void preMerge(ObserverContext<RegionServerCoprocessorEnvironment> aRctx, HRegion
reg1, HRegion aReg2) throws IOException {
+	public void getUserPermissions(RpcController controller, AccessControlProtos.GetUserPermissionsRequest
request, RpcCallback<AccessControlProtos.GetUserPermissionsResponse> done) {
+		LOG.warn("getUserPermissions(): ");
 	}
-	
+
 	@Override
-	public void preMergeCommit(ObserverContext<RegionServerCoprocessorEnvironment> aRctx,
HRegion arg1, HRegion arg2, List<Mutation> arg3) throws IOException {
+	public Service getService() {
+	    return AccessControlProtos.AccessControlService.newReflectiveService(this);
 	}
-	
-	@Override
-	public void preRollBackMerge(ObserverContext<RegionServerCoprocessorEnvironment> aRctx,
HRegion arg1, HRegion arg2) throws IOException {
+
+	private GrantRevokeData createGrantData(AccessControlProtos.GrantRequest request) throws
Exception {
+		org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission up   = request.getUserPermission();
+		org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission     perm = up
== null ? null : up.getPermission();
+
+		UserPermission      userPerm  = up == null ? null : ProtobufUtil.toUserPermission(up);
+		Permission.Action[] actions   = userPerm == null ? null : userPerm.getActions();
+		String              userName  = userPerm == null ? null : Bytes.toString(userPerm.getUser());
+		String              tableName = null;
+		String              colFamily = null;
+		String              qualifier = null;
+
+		if(perm == null) {
+			throw new Exception("grant(): invalid data - permission is null");
+		}
+
+		if(StringUtil.isEmpty(userName)) {
+			throw new Exception("grant(): invalid data - username empty");
+		}
+
+		if ((actions == null) || (actions.length == 0)) {
+			throw new Exception("grant(): invalid data - no action specified");
+		}
+
+		switch(perm.getType()) {
+			case Global:
+				tableName = colFamily = qualifier = "*";
+			break;
+
+			case Table:
+				tableName = Bytes.toString(userPerm.getTableName().getName());
+				colFamily = Bytes.toString(userPerm.getFamily());
+				qualifier = Bytes.toString(userPerm.getQualifier());
+			break;
+
+			case Namespace:
+			default:
+				LOG.warn("grant(): ignoring type '" + perm.getType().name() + "'");
+			break;
+		}
+		
+		if(StringUtil.isEmpty(tableName) && StringUtil.isEmpty(colFamily) && StringUtil.isEmpty(qualifier))
{
+			throw new Exception("grant(): table/columnFamily/columnQualifier not specified");
+		}
+
+		PermMap permMap = new PermMap();
+
+		if(userName.startsWith(GROUP_PREFIX)) {
+			permMap.addGroup(userName.substring(GROUP_PREFIX.length()));
+		} else {
+			permMap.addUser(userName);
+		}
+
+		for (int i = 0; i < actions.length; i++) {
+			switch(actions[i].code()) {
+				case 'R':
+				case 'W':
+				case 'C':
+				case 'A':
+					permMap.addPerm(actions[i].name());
+				break;
+
+				default:
+					LOG.warn("grant(): ignoring action '" + actions[i].name() + "' for user '" + userName
+ "'");
+			}
+		}
+
+		User   activeUser = getActiveUser();
+		String grantor    = activeUser != null ? activeUser.getShortName() : null;
+
+		GrantRevokeData grData = new GrantRevokeData();
+
+		grData.setHBaseData(grantor, repositoryName,  tableName,  qualifier, colFamily, permMap);
+
+		return grData;
+	}
+
+	private GrantRevokeData createRevokeData(AccessControlProtos.RevokeRequest request) throws
Exception {
+		org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission up   = request.getUserPermission();
+		org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission     perm = up
== null ? null : up.getPermission();
+
+		UserPermission      userPerm  = up == null ? null : ProtobufUtil.toUserPermission(up);
+		String              userName  = userPerm == null ? null : Bytes.toString(userPerm.getUser());
+		String              tableName = null;
+		String              colFamily = null;
+		String              qualifier = null;
+
+		if(perm == null) {
+			throw new Exception("revoke(): invalid data - permission is null");
+		}
+
+		if(StringUtil.isEmpty(userName)) {
+			throw new Exception("revoke(): invalid data - username empty");
+		}
+
+		switch(perm.getType()) {
+			case Global :
+				tableName = colFamily = qualifier = "*";
+			break;
+
+			case Table :
+				tableName = Bytes.toString(userPerm.getTableName().getName());
+				colFamily = Bytes.toString(userPerm.getFamily());
+				qualifier = Bytes.toString(userPerm.getQualifier());
+			break;
+
+			case Namespace:
+			default:
+				LOG.warn("revoke(): ignoring type '" + perm.getType().name() + "'");
+			break;
+		}
+		
+		if(StringUtil.isEmpty(tableName) && StringUtil.isEmpty(colFamily) && StringUtil.isEmpty(qualifier))
{
+			throw new Exception("revoke(): table/columnFamily/columnQualifier not specified");
+		}
+
+		PermMap permMap = new PermMap();
+
+		if(userName.startsWith(GROUP_PREFIX)) {
+			permMap.addGroup(userName.substring(GROUP_PREFIX.length()));
+		} else {
+			permMap.addUser(userName);
+		}
+
+		// revoke removes all permissions
+		permMap.addPerm(Permission.Action.READ.name());
+		permMap.addPerm(Permission.Action.WRITE.name());
+		permMap.addPerm(Permission.Action.CREATE.name());
+		permMap.addPerm(Permission.Action.ADMIN.name());
+
+		User   activeUser = getActiveUser();
+		String grantor    = activeUser != null ? activeUser.getShortName() : null;
+
+		GrantRevokeData grData = new GrantRevokeData();
+
+		grData.setHBaseData(grantor, repositoryName,  tableName,  qualifier, colFamily, permMap);
+
+		return grData;
 	}
-	
-	
-	
-	
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/593540f6/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessorBase.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessorBase.java
b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessorBase.java
new file mode 100644
index 0000000..a80d141
--- /dev/null
+++ b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessorBase.java
@@ -0,0 +1,597 @@
+package com.xasecure.authorization.hbase;
+
+import java.io.IOException;
+import java.util.List;
+
+import org.apache.hadoop.hbase.HColumnDescriptor;
+import org.apache.hadoop.hbase.HRegionInfo;
+import org.apache.hadoop.hbase.HTableDescriptor;
+import org.apache.hadoop.hbase.NamespaceDescriptor;
+import org.apache.hadoop.hbase.ServerName;
+import org.apache.hadoop.hbase.TableName;
+import org.apache.hadoop.hbase.client.Mutation;
+import org.apache.hadoop.hbase.coprocessor.BaseRegionObserver;
+import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
+import org.apache.hadoop.hbase.coprocessor.MasterObserver;
+import org.apache.hadoop.hbase.coprocessor.ObserverContext;
+import org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessorEnvironment;
+import org.apache.hadoop.hbase.coprocessor.RegionServerObserver;
+import org.apache.hadoop.hbase.master.RegionPlan;
+import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.SnapshotDescription;
+import org.apache.hadoop.hbase.regionserver.HRegion;
+
+public class XaSecureAuthorizationCoprocessorBase extends BaseRegionObserver
+		implements MasterObserver, RegionServerObserver {
+
+	@Override
+	public void preStopRegionServer(
+			ObserverContext<RegionServerCoprocessorEnvironment> env)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preMerge(
+			ObserverContext<RegionServerCoprocessorEnvironment> ctx,
+			HRegion regionA, HRegion regionB) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postMerge(
+			ObserverContext<RegionServerCoprocessorEnvironment> c,
+			HRegion regionA, HRegion regionB, HRegion mergedRegion)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preMergeCommit(
+			ObserverContext<RegionServerCoprocessorEnvironment> ctx,
+			HRegion regionA, HRegion regionB, List<Mutation> metaEntries)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postMergeCommit(
+			ObserverContext<RegionServerCoprocessorEnvironment> ctx,
+			HRegion regionA, HRegion regionB, HRegion mergedRegion)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preRollBackMerge(
+			ObserverContext<RegionServerCoprocessorEnvironment> ctx,
+			HRegion regionA, HRegion regionB) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postRollBackMerge(
+			ObserverContext<RegionServerCoprocessorEnvironment> ctx,
+			HRegion regionA, HRegion regionB) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preCreateTable(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			HTableDescriptor desc, HRegionInfo[] regions) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postCreateTable(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			HTableDescriptor desc, HRegionInfo[] regions) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preCreateTableHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			HTableDescriptor desc, HRegionInfo[] regions) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postCreateTableHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			HTableDescriptor desc, HRegionInfo[] regions) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preDeleteTable(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postDeleteTable(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preDeleteTableHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postDeleteTableHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preModifyTable(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, HTableDescriptor htd) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postModifyTable(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, HTableDescriptor htd) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preModifyTableHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, HTableDescriptor htd) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postModifyTableHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, HTableDescriptor htd) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preAddColumn(ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, HColumnDescriptor column) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postAddColumn(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, HColumnDescriptor column) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preAddColumnHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, HColumnDescriptor column) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postAddColumnHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, HColumnDescriptor column) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preModifyColumn(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, HColumnDescriptor descriptor)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postModifyColumn(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, HColumnDescriptor descriptor)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preModifyColumnHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, HColumnDescriptor descriptor)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postModifyColumnHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, HColumnDescriptor descriptor)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preDeleteColumn(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, byte[] c) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postDeleteColumn(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, byte[] c) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preDeleteColumnHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, byte[] c) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postDeleteColumnHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName, byte[] c) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preEnableTable(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postEnableTable(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preEnableTableHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postEnableTableHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preDisableTable(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postDisableTable(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preDisableTableHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postDisableTableHandler(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			TableName tableName) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preMove(ObserverContext<MasterCoprocessorEnvironment> ctx,
+			HRegionInfo region, ServerName srcServer, ServerName destServer)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postMove(ObserverContext<MasterCoprocessorEnvironment> ctx,
+			HRegionInfo region, ServerName srcServer, ServerName destServer)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preAssign(ObserverContext<MasterCoprocessorEnvironment> ctx,
+			HRegionInfo regionInfo) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postAssign(ObserverContext<MasterCoprocessorEnvironment> ctx,
+			HRegionInfo regionInfo) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preUnassign(ObserverContext<MasterCoprocessorEnvironment> ctx,
+			HRegionInfo regionInfo, boolean force) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postUnassign(ObserverContext<MasterCoprocessorEnvironment> ctx,
+			HRegionInfo regionInfo, boolean force) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preRegionOffline(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			HRegionInfo regionInfo) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postRegionOffline(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			HRegionInfo regionInfo) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preBalance(ObserverContext<MasterCoprocessorEnvironment> ctx)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postBalance(ObserverContext<MasterCoprocessorEnvironment> ctx,
+			List<RegionPlan> plans) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public boolean preBalanceSwitch(
+			ObserverContext<MasterCoprocessorEnvironment> ctx, boolean newValue)
+			throws IOException {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public void postBalanceSwitch(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			boolean oldValue, boolean newValue) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preShutdown(ObserverContext<MasterCoprocessorEnvironment> ctx)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preStopMaster(ObserverContext<MasterCoprocessorEnvironment> ctx)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postStartMaster(
+			ObserverContext<MasterCoprocessorEnvironment> ctx)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preMasterInitialization(
+			ObserverContext<MasterCoprocessorEnvironment> ctx)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx,
+			SnapshotDescription snapshot, HTableDescriptor hTableDescriptor)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx,
+			SnapshotDescription snapshot, HTableDescriptor hTableDescriptor)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preCloneSnapshot(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			SnapshotDescription snapshot, HTableDescriptor hTableDescriptor)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postCloneSnapshot(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			SnapshotDescription snapshot, HTableDescriptor hTableDescriptor)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preRestoreSnapshot(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			SnapshotDescription snapshot, HTableDescriptor hTableDescriptor)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postRestoreSnapshot(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			SnapshotDescription snapshot, HTableDescriptor hTableDescriptor)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preDeleteSnapshot(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			SnapshotDescription snapshot) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postDeleteSnapshot(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			SnapshotDescription snapshot) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preGetTableDescriptors(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			List<TableName> tableNamesList, List<HTableDescriptor> descriptors)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postGetTableDescriptors(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			List<HTableDescriptor> descriptors) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preCreateNamespace(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			NamespaceDescriptor ns) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postCreateNamespace(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			NamespaceDescriptor ns) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preDeleteNamespace(
+			ObserverContext<MasterCoprocessorEnvironment> ctx, String namespace)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postDeleteNamespace(
+			ObserverContext<MasterCoprocessorEnvironment> ctx, String namespace)
+			throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void preModifyNamespace(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			NamespaceDescriptor ns) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void postModifyNamespace(
+			ObserverContext<MasterCoprocessorEnvironment> ctx,
+			NamespaceDescriptor ns) throws IOException {
+		// TODO Auto-generated method stub
+
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/593540f6/hbase-agent/src/main/java/org/apache/hadoop/hbase/security/access/XaAccessControlLists.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/org/apache/hadoop/hbase/security/access/XaAccessControlLists.java
b/hbase-agent/src/main/java/org/apache/hadoop/hbase/security/access/XaAccessControlLists.java
new file mode 100644
index 0000000..e017881
--- /dev/null
+++ b/hbase-agent/src/main/java/org/apache/hadoop/hbase/security/access/XaAccessControlLists.java
@@ -0,0 +1,12 @@
+package org.apache.hadoop.hbase.security.access;
+
+import java.io.IOException;
+
+import org.apache.hadoop.hbase.master.MasterServices;
+import org.apache.hadoop.hbase.security.access.AccessControlLists;
+
+public class XaAccessControlLists {
+	public static void init(MasterServices master) throws IOException {
+		AccessControlLists.init(master);
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/593540f6/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
index 45283b5..247d19e 100644
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
+++ b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
@@ -657,18 +657,15 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase
{
 			}
 		}
 
-		GrantRevokeData grData = new GrantRevokeData();
-
-		List<GrantRevokeData.PermMap> permMapList = new ArrayList<GrantRevokeData.PermMap>();
-		permMapList.add(permMap);
-
 		String grantor = grantorPrincipal != null ? grantorPrincipal.getName() : null;
 
 		if(StringUtil.isEmpty(grantor)) {
 			LOG.warn("grantorPrincipal.getName() is null/empty!");
 		}
 
-		grData.setHiveData(grantor, repositoryName, database, table, columns, permMapList);
+		GrantRevokeData grData = new GrantRevokeData();
+
+		grData.setHiveData(grantor, repositoryName, database, table, columns, permMap);
 
 		return grData;
 	}


Mime
View raw message