org.apache.hadoop.hbase.security.visibility
Class VisibilityUtils

java.lang.Object
  extended by org.apache.hadoop.hbase.security.visibility.VisibilityUtils

@InterfaceAudience.Private
public class VisibilityUtils
extends Object

Utility method to support visibility


Field Summary
static Tag SORTED_ORDINAL_SERIALIZATION_FORMAT_TAG
           
static String SYSTEM_LABEL
           
static String VISIBILITY_LABEL_GENERATOR_CLASS
           
 
Constructor Summary
VisibilityUtils()
           
 
Method Summary
static List<Tag> createVisibilityExpTags(String visExpression, boolean withSerializationFormat, boolean checkAuths, Set<Integer> auths, VisibilityLabelOrdinalProvider ordinalProvider)
           
static Filter createVisibilityLabelFilter(HRegion region, Authorizations authorizations)
           
static Byte extractAndPartitionTags(Cell cell, List<Tag> visTags, List<Tag> nonVisTags)
          Extracts and partitions the visibility tags and nonVisibility Tags
static Byte extractVisibilityTags(Cell cell, List<Tag> tags)
          Extract the visibility tags of the given Cell into the given List
static User getActiveUser()
           
static byte[] getDataToWriteToZooKeeper(Map<String,Integer> existingLabels)
          Creates the labels data to be written to zookeeper.
static List<ScanLabelGenerator> getScanLabelGenerators(org.apache.hadoop.conf.Configuration conf)
           
static Pair<List<String>,List<String>> getSystemAndSuperUsers(org.apache.hadoop.conf.Configuration conf)
          Get the super users and groups defined in the configuration.
static byte[] getUserAuthsDataToWriteToZooKeeper(Map<String,List<Integer>> userAuths)
          Creates the user auth data to be written to zookeeper.
static boolean isVisibilityTagsPresent(Cell cell)
           
static List<VisibilityLabelsProtos.VisibilityLabel> readLabelsFromZKData(byte[] data)
          Reads back from the zookeeper.
static VisibilityLabelsProtos.MultiUserAuthorizations readUserAuthsFromZKData(byte[] data)
          Reads back User auth data written to zookeeper.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

VISIBILITY_LABEL_GENERATOR_CLASS

public static final String VISIBILITY_LABEL_GENERATOR_CLASS
See Also:
Constant Field Values

SYSTEM_LABEL

public static final String SYSTEM_LABEL
See Also:
Constant Field Values

SORTED_ORDINAL_SERIALIZATION_FORMAT_TAG

public static final Tag SORTED_ORDINAL_SERIALIZATION_FORMAT_TAG
Constructor Detail

VisibilityUtils

public VisibilityUtils()
Method Detail

getDataToWriteToZooKeeper

public static byte[] getDataToWriteToZooKeeper(Map<String,Integer> existingLabels)
Creates the labels data to be written to zookeeper.

Parameters:
existingLabels -
Returns:
Bytes form of labels and their ordinal details to be written to zookeeper.

getSystemAndSuperUsers

public static Pair<List<String>,List<String>> getSystemAndSuperUsers(org.apache.hadoop.conf.Configuration conf)
                                                              throws IOException
Get the super users and groups defined in the configuration. The user running the hbase server is always included.

Parameters:
conf -
Returns:
Pair of super user list and super group list.
Throws:
IOException

getUserAuthsDataToWriteToZooKeeper

public static byte[] getUserAuthsDataToWriteToZooKeeper(Map<String,List<Integer>> userAuths)
Creates the user auth data to be written to zookeeper.

Parameters:
userAuths -
Returns:
Bytes form of user auths details to be written to zookeeper.

readLabelsFromZKData

public static List<VisibilityLabelsProtos.VisibilityLabel> readLabelsFromZKData(byte[] data)
                                                                         throws DeserializationException
Reads back from the zookeeper. The data read here is of the form written by writeToZooKeeper(Map entries).

Parameters:
data -
Returns:
Labels and their ordinal details
Throws:
DeserializationException

readUserAuthsFromZKData

public static VisibilityLabelsProtos.MultiUserAuthorizations readUserAuthsFromZKData(byte[] data)
                                                                              throws DeserializationException
Reads back User auth data written to zookeeper.

Parameters:
data -
Returns:
User auth details
Throws:
DeserializationException

getScanLabelGenerators

public static List<ScanLabelGenerator> getScanLabelGenerators(org.apache.hadoop.conf.Configuration conf)
Parameters:
conf - The configuration to use
Returns:
Stack of ScanLabelGenerator instances. ScanLabelGenerator classes can be specified in Configuration as comma separated list using key "hbase.regionserver.scan.visibility.label.generator.class"
Throws:
IllegalArgumentException - when any of the specified ScanLabelGenerator class can not be loaded.

extractVisibilityTags

public static Byte extractVisibilityTags(Cell cell,
                                         List<Tag> tags)
Extract the visibility tags of the given Cell into the given List

Parameters:
cell - - the cell
tags - - the array that will be populated if visibility tags are present
Returns:
The visibility tags serialization format

extractAndPartitionTags

public static Byte extractAndPartitionTags(Cell cell,
                                           List<Tag> visTags,
                                           List<Tag> nonVisTags)
Extracts and partitions the visibility tags and nonVisibility Tags

Parameters:
cell - - the cell for which we would extract and partition the visibility and non visibility tags
visTags - - all the visibilty tags of type TagType.VISIBILITY_TAG_TYPE would be added to this list
nonVisTags - - all the non visibility tags would be added to this list
Returns:
- the serailization format of the tag. Can be null if no tags are found or if there is no visibility tag found

isVisibilityTagsPresent

public static boolean isVisibilityTagsPresent(Cell cell)

createVisibilityLabelFilter

public static Filter createVisibilityLabelFilter(HRegion region,
                                                 Authorizations authorizations)
                                          throws IOException
Throws:
IOException

getActiveUser

public static User getActiveUser()
                          throws IOException
Returns:
User who called RPC method. For non-RPC handling, falls back to system user
Throws:
IOException - When there is IOE in getting the system user (During non-RPC handling).

createVisibilityExpTags

public static List<Tag> createVisibilityExpTags(String visExpression,
                                                boolean withSerializationFormat,
                                                boolean checkAuths,
                                                Set<Integer> auths,
                                                VisibilityLabelOrdinalProvider ordinalProvider)
                                         throws IOException
Throws:
IOException


Copyright © 2015 The Apache Software Foundation. All rights reserved.