/**
* Returns a new {@code PermissionCache} initialized with permission assignments from the {@code
* hbase.superuser} configuration key.
*/
private PermissionCache<Permission> initGlobal(Configuration conf) throws IOException {
UserProvider userProvider = UserProvider.instantiate(conf);
User user = userProvider.getCurrent();
if (user == null) {
throw new IOException(
"Unable to obtain the current user, "
+ "authorization checks for internal operations will not work correctly!");
}
PermissionCache<Permission> newCache = new PermissionCache<Permission>();
String currentUser = user.getShortName();
// the system user is always included
List<String> superusers =
Lists.asList(
currentUser, conf.getStrings(AccessControlLists.SUPERUSER_CONF_KEY, new String[0]));
if (superusers != null) {
for (String name : superusers) {
if (AccessControlLists.isGroupPrincipal(name)) {
newCache.putGroup(
AccessControlLists.getGroupName(name), new Permission(Permission.Action.values()));
} else {
newCache.putUser(name, new Permission(Permission.Action.values()));
}
}
}
return newCache;
}
/**
* Updates the internal permissions cache for a single table, splitting the permissions listed
* into separate caches for users and groups to optimize group lookups.
*
* @param table
* @param tablePerms
*/
private void updateTableCache(byte[] table, ListMultimap<String, TablePermission> tablePerms) {
PermissionCache<TablePermission> newTablePerms = new PermissionCache<TablePermission>();
for (Map.Entry<String, TablePermission> entry : tablePerms.entries()) {
if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
newTablePerms.putGroup(AccessControlLists.getGroupName(entry.getKey()), entry.getValue());
} else {
newTablePerms.putUser(entry.getKey(), entry.getValue());
}
}
tableCache.put(table, newTablePerms);
}
public void writeToZooKeeper(byte[] table, PermissionCache<TablePermission> tablePerms) {
byte[] serialized = new byte[0];
if (tablePerms != null) {
serialized = AccessControlLists.writePermissionsAsBytes(tablePerms.getAllPermissions(), conf);
}
zkperms.writeToZookeeper(table, serialized);
}
/**
* Updates the internal global permissions cache
*
* @param userPerms
*/
private void updateGlobalCache(ListMultimap<String, TablePermission> userPerms) {
PermissionCache<Permission> newCache = null;
try {
newCache = initGlobal(conf);
for (Map.Entry<String, TablePermission> entry : userPerms.entries()) {
if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
newCache.putGroup(
AccessControlLists.getGroupName(entry.getKey()),
new Permission(entry.getValue().getActions()));
} else {
newCache.putUser(entry.getKey(), new Permission(entry.getValue().getActions()));
}
}
globalCache = newCache;
} catch (IOException e) {
// Never happens
LOG.error("Error occured while updating the global cache", e);
}
}
public void refreshCacheFromWritable(byte[] table, byte[] data) throws IOException {
if (data != null && data.length > 0) {
DataInput in = new DataInputStream(new ByteArrayInputStream(data));
ListMultimap<String, TablePermission> perms = AccessControlLists.readPermissions(in, conf);
if (perms != null) {
if (Bytes.equals(table, AccessControlLists.ACL_GLOBAL_NAME)) {
updateGlobalCache(perms);
} else {
updateTableCache(table, perms);
}
}
} else {
LOG.debug("Skipping permission cache refresh because writable data is empty");
}
}
