Example #1
0
  /**
   * Returns a new {@code PermissionCache} initialized with permission assignments from the {@code
   * hbase.superuser} configuration key.
   */
  private PermissionCache<Permission> initGlobal(Configuration conf) throws IOException {
    UserProvider userProvider = UserProvider.instantiate(conf);
    User user = userProvider.getCurrent();
    if (user == null) {
      throw new IOException(
          "Unable to obtain the current user, "
              + "authorization checks for internal operations will not work correctly!");
    }
    PermissionCache<Permission> newCache = new PermissionCache<Permission>();
    String currentUser = user.getShortName();

    // the system user is always included
    List<String> superusers =
        Lists.asList(
            currentUser, conf.getStrings(AccessControlLists.SUPERUSER_CONF_KEY, new String[0]));
    if (superusers != null) {
      for (String name : superusers) {
        if (AccessControlLists.isGroupPrincipal(name)) {
          newCache.putGroup(
              AccessControlLists.getGroupName(name), new Permission(Permission.Action.values()));
        } else {
          newCache.putUser(name, new Permission(Permission.Action.values()));
        }
      }
    }
    return newCache;
  }
Example #2
0
  /**
   * Updates the internal permissions cache for a single table, splitting the permissions listed
   * into separate caches for users and groups to optimize group lookups.
   *
   * @param table
   * @param tablePerms
   */
  private void updateTableCache(byte[] table, ListMultimap<String, TablePermission> tablePerms) {
    PermissionCache<TablePermission> newTablePerms = new PermissionCache<TablePermission>();

    for (Map.Entry<String, TablePermission> entry : tablePerms.entries()) {
      if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
        newTablePerms.putGroup(AccessControlLists.getGroupName(entry.getKey()), entry.getValue());
      } else {
        newTablePerms.putUser(entry.getKey(), entry.getValue());
      }
    }

    tableCache.put(table, newTablePerms);
  }
Example #3
0
 public void writeToZooKeeper(byte[] table, PermissionCache<TablePermission> tablePerms) {
   byte[] serialized = new byte[0];
   if (tablePerms != null) {
     serialized = AccessControlLists.writePermissionsAsBytes(tablePerms.getAllPermissions(), conf);
   }
   zkperms.writeToZookeeper(table, serialized);
 }
Example #4
0
 /**
  * Updates the internal global permissions cache
  *
  * @param userPerms
  */
 private void updateGlobalCache(ListMultimap<String, TablePermission> userPerms) {
   PermissionCache<Permission> newCache = null;
   try {
     newCache = initGlobal(conf);
     for (Map.Entry<String, TablePermission> entry : userPerms.entries()) {
       if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
         newCache.putGroup(
             AccessControlLists.getGroupName(entry.getKey()),
             new Permission(entry.getValue().getActions()));
       } else {
         newCache.putUser(entry.getKey(), new Permission(entry.getValue().getActions()));
       }
     }
     globalCache = newCache;
   } catch (IOException e) {
     // Never happens
     LOG.error("Error occured while updating the global cache", e);
   }
 }
Example #5
0
 public void refreshCacheFromWritable(byte[] table, byte[] data) throws IOException {
   if (data != null && data.length > 0) {
     DataInput in = new DataInputStream(new ByteArrayInputStream(data));
     ListMultimap<String, TablePermission> perms = AccessControlLists.readPermissions(in, conf);
     if (perms != null) {
       if (Bytes.equals(table, AccessControlLists.ACL_GLOBAL_NAME)) {
         updateGlobalCache(perms);
       } else {
         updateTableCache(table, perms);
       }
     }
   } else {
     LOG.debug("Skipping permission cache refresh because writable data is empty");
   }
 }