HBASE-12745 Visibility Labels: support visibility labels for user groups. (Addendum for BC between 0.98 and branch-1)
This commit is contained in:
Enis Soztutar
parent
bfae8d541c
commit
0a50a7a472
|
|
@ -323,6 +323,13 @@ public class DefaultVisibilityLabelServiceImpl implements VisibilityLabelService
|
||||||
return updateZk;
|
return updateZk;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
@Deprecated
|
||||||
|
public List<String> getAuths(byte[] user, boolean systemCall)
|
||||||
|
throws IOException {
|
||||||
|
return getUserAuths(user, systemCall);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<String> getUserAuths(byte[] user, boolean systemCall)
|
public List<String> getUserAuths(byte[] user, boolean systemCall)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
|
|
@ -535,6 +542,20 @@ public class DefaultVisibilityLabelServiceImpl implements VisibilityLabelService
|
||||||
return havingSystemAuth(user);
|
return havingSystemAuth(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
@Deprecated
|
||||||
|
public boolean havingSystemAuth(byte[] user) throws IOException {
|
||||||
|
// Implementation for backward compatibility
|
||||||
|
if (this.superUsers.contains(Bytes.toString(user))) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
List<String> auths = this.getUserAuths(user, true);
|
||||||
|
if (LOG.isTraceEnabled()) {
|
||||||
|
LOG.trace("The auths for user " + Bytes.toString(user) + " are " + auths);
|
||||||
|
}
|
||||||
|
return auths.contains(SYSTEM_LABEL);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean havingSystemAuth(User user) throws IOException {
|
public boolean havingSystemAuth(User user) throws IOException {
|
||||||
// A super user has 'system' auth.
|
// A super user has 'system' auth.
|
||||||
|
|
|
||||||
|
|
@ -73,6 +73,18 @@ public interface VisibilityLabelService extends Configurable {
|
||||||
*/
|
*/
|
||||||
OperationStatus[] clearAuths(byte[] user, List<byte[]> authLabels) throws IOException;
|
OperationStatus[] clearAuths(byte[] user, List<byte[]> authLabels) throws IOException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Retrieve the visibility labels for the user.
|
||||||
|
* @param user
|
||||||
|
* Name of the user whose authorization to be retrieved
|
||||||
|
* @param systemCall
|
||||||
|
* Whether a system or user originated call.
|
||||||
|
* @return Visibility labels authorized for the given user.
|
||||||
|
* @deprecated Use {@link#getUserAuths(byte[], boolean)}
|
||||||
|
*/
|
||||||
|
@Deprecated
|
||||||
|
List<String> getAuths(byte[] user, boolean systemCall) throws IOException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Retrieve the visibility labels for the user.
|
* Retrieve the visibility labels for the user.
|
||||||
* @param user
|
* @param user
|
||||||
|
|
@ -128,6 +140,18 @@ public interface VisibilityLabelService extends Configurable {
|
||||||
VisibilityExpEvaluator getVisibilityExpEvaluator(Authorizations authorizations)
|
VisibilityExpEvaluator getVisibilityExpEvaluator(Authorizations authorizations)
|
||||||
throws IOException;
|
throws IOException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* System checks for user auth during admin operations. (ie. Label add, set/clear auth). The
|
||||||
|
* operation is allowed only for users having system auth. Also during read, if the requesting
|
||||||
|
* user has system auth, he can view all the data irrespective of its labels.
|
||||||
|
* @param user
|
||||||
|
* User for whom system auth check to be done.
|
||||||
|
* @return true if the given user is having system/super auth
|
||||||
|
* @deprecated Use {@link#havingSystemAuth(User)}
|
||||||
|
*/
|
||||||
|
@Deprecated
|
||||||
|
boolean havingSystemAuth(byte[] user) throws IOException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* System checks for user auth during admin operations. (ie. Label add, set/clear auth). The
|
* System checks for user auth during admin operations. (ie. Label add, set/clear auth). The
|
||||||
* operation is allowed only for users having system auth. Also during read, if the requesting
|
* operation is allowed only for users having system auth. Also during read, if the requesting
|
||||||
|
|
|
||||||
|
|
@ -148,6 +148,12 @@ public class ExpAsStringVisibilityLabelServiceImpl implements VisibilityLabelSer
|
||||||
return finalOpStatus;
|
return finalOpStatus;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
@Deprecated
|
||||||
|
public List<String> getAuths(byte[] user, boolean systemCall) throws IOException {
|
||||||
|
return getUserAuths(user, systemCall);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<String> getUserAuths(byte[] user, boolean systemCall) throws IOException {
|
public List<String> getUserAuths(byte[] user, boolean systemCall) throws IOException {
|
||||||
assert (labelsRegion != null || systemCall);
|
assert (labelsRegion != null || systemCall);
|
||||||
|
|
@ -430,6 +436,20 @@ public class ExpAsStringVisibilityLabelServiceImpl implements VisibilityLabelSer
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
@Deprecated
|
||||||
|
public boolean havingSystemAuth(byte[] user) throws IOException {
|
||||||
|
// Implementation for backward compatibility
|
||||||
|
if (this.superUsers.contains(Bytes.toString(user))) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
List<String> auths = this.getUserAuths(user, true);
|
||||||
|
if (LOG.isTraceEnabled()) {
|
||||||
|
LOG.trace("The auths for user " + Bytes.toString(user) + " are " + auths);
|
||||||
|
}
|
||||||
|
return auths.contains(SYSTEM_LABEL);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean havingSystemAuth(User user) throws IOException {
|
public boolean havingSystemAuth(User user) throws IOException {
|
||||||
if (isSystemOrSuperUser(user)) {
|
if (isSystemOrSuperUser(user)) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue