HBASE-10892 [Shell] Add support for globs in user_permission (Esteban Gutierrez)

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1590172 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Andrew Kyle Purtell 2014-04-25 22:34:16 +00:00
parent fe298e08d3
commit 4d1fc21500
2 changed files with 57 additions and 29 deletions

View File

@ -58,7 +58,8 @@ module Hbase
if (isNamespace?(table_name)) if (isNamespace?(table_name))
# Namespace should exist first. # Namespace should exist first.
namespace_name = table_name[1...table_name.length] namespace_name = table_name[1...table_name.length]
raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless namespace_exists?(namespace_name) raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless
namespace_exists?(namespace_name)
# invoke cp endpoint to perform access controlse # invoke cp endpoint to perform access controlse
org.apache.hadoop.hbase.protobuf.ProtobufUtil.grant( org.apache.hadoop.hbase.protobuf.ProtobufUtil.grant(
@ -148,7 +149,7 @@ module Hbase
end end
#---------------------------------------------------------------------------------------------- #----------------------------------------------------------------------------------------------
def user_permission(table_name=nil) def user_permission(table_regex=nil)
security_available? security_available?
begin begin
@ -160,34 +161,58 @@ module Hbase
protocol = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos:: protocol = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos::
AccessControlService.newBlockingStub(service) AccessControlService.newBlockingStub(service)
if (table_name != nil) if (table_regex == '')
#check if namespace is passed. table_regex = nil
if (isNamespace?(table_name))
# Namespace should exist first.
namespace_name = table_name[1...table_name.length]
raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless namespace_exists?(namespace_name)
# invoke cp endpoint to perform access controls
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(
protocol, namespace_name.to_java_bytes)
else
raise(ArgumentError, "Can't find table: #{table_name}") unless exists?(table_name)
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(
protocol, org.apache.hadoop.hbase.TableName.valueOf(table_name))
end end
# handle simple glob '*' but if '.' is passed before '*' then assume regex
if /\*/.match(table_regex) && !/\.\*/.match(table_regex)
table_regex = table_regex.gsub(/\*/, '.*')
end
all_perms = []
tables = []
if table_regex != nil
htds = @admin.listTables(table_regex)
htds.each { |t|
tables << t.getTableName().toString()
}
tables.each { |t|
if (isNamespace?(t))
# Namespace should exist first.
namespace_name = t[1...t.length]
raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless namespace_exists?(namespace_name)
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(
protocol, org.apache.hadoop.hbase.TableName.valueOf(t))
else
raise(ArgumentError, "Can't find table: #{t}") unless exists?(t)
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(
protocol, org.apache.hadoop.hbase.TableName.valueOf(t))
end
all_perms << perms
}
else else
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(protocol) perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(protocol)
all_perms << perms
end end
ensure ensure
meta_table.close() meta_table.close()
end end
res = {} res = {}
count = 0 count = 0
perms.each do |value| all_perms.each do |this_perms|
this_perms.each do |value|
user_name = String.from_java_bytes(value.getUser) user_name = String.from_java_bytes(value.getUser)
table = (value.getTableName != nil) ? value.getTableName.getNameAsString() : '' table = (value.getTableName != nil) ? value.getTableName.getNameAsString() : ''
family = (value.getFamily != nil) ? org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getFamily) : '' family = (value.getFamily != nil) ?
qualifier = (value.getQualifier != nil) ? org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getQualifier) : '' org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getFamily) :
''
qualifier = (value.getQualifier != nil) ?
org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getQualifier) :
''
action = org.apache.hadoop.hbase.security.access.Permission.new value.getActions action = org.apache.hadoop.hbase.security.access.Permission.new value.getActions
@ -199,6 +224,7 @@ module Hbase
end end
count += 1 count += 1
end end
end
return ((block_given?) ? count : res) return ((block_given?) ? count : res)
end end

View File

@ -28,6 +28,8 @@ For example:
hbase> user_permission hbase> user_permission
hbase> user_permission 'table1' hbase> user_permission 'table1'
hbase> user_permission 'namespace1:table1' hbase> user_permission 'namespace1:table1'
hbase> user_permission '*'
hbase> user_permission '^[A-C].*'
EOF EOF
end end