HBASE-10892 [Shell] Add support for globs in user_permission (Esteban Gutierrez)
git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1590172 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
fe298e08d3
commit
4d1fc21500
|
@ -58,7 +58,8 @@ module Hbase
|
||||||
if (isNamespace?(table_name))
|
if (isNamespace?(table_name))
|
||||||
# Namespace should exist first.
|
# Namespace should exist first.
|
||||||
namespace_name = table_name[1...table_name.length]
|
namespace_name = table_name[1...table_name.length]
|
||||||
raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless namespace_exists?(namespace_name)
|
raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless
|
||||||
|
namespace_exists?(namespace_name)
|
||||||
|
|
||||||
# invoke cp endpoint to perform access controlse
|
# invoke cp endpoint to perform access controlse
|
||||||
org.apache.hadoop.hbase.protobuf.ProtobufUtil.grant(
|
org.apache.hadoop.hbase.protobuf.ProtobufUtil.grant(
|
||||||
|
@ -148,7 +149,7 @@ module Hbase
|
||||||
end
|
end
|
||||||
|
|
||||||
#----------------------------------------------------------------------------------------------
|
#----------------------------------------------------------------------------------------------
|
||||||
def user_permission(table_name=nil)
|
def user_permission(table_regex=nil)
|
||||||
security_available?
|
security_available?
|
||||||
|
|
||||||
begin
|
begin
|
||||||
|
@ -160,34 +161,58 @@ module Hbase
|
||||||
protocol = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos::
|
protocol = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos::
|
||||||
AccessControlService.newBlockingStub(service)
|
AccessControlService.newBlockingStub(service)
|
||||||
|
|
||||||
if (table_name != nil)
|
if (table_regex == '')
|
||||||
#check if namespace is passed.
|
table_regex = nil
|
||||||
if (isNamespace?(table_name))
|
|
||||||
# Namespace should exist first.
|
|
||||||
namespace_name = table_name[1...table_name.length]
|
|
||||||
raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless namespace_exists?(namespace_name)
|
|
||||||
# invoke cp endpoint to perform access controls
|
|
||||||
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(
|
|
||||||
protocol, namespace_name.to_java_bytes)
|
|
||||||
else
|
|
||||||
raise(ArgumentError, "Can't find table: #{table_name}") unless exists?(table_name)
|
|
||||||
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(
|
|
||||||
protocol, org.apache.hadoop.hbase.TableName.valueOf(table_name))
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# handle simple glob '*' but if '.' is passed before '*' then assume regex
|
||||||
|
if /\*/.match(table_regex) && !/\.\*/.match(table_regex)
|
||||||
|
table_regex = table_regex.gsub(/\*/, '.*')
|
||||||
|
end
|
||||||
|
|
||||||
|
all_perms = []
|
||||||
|
tables = []
|
||||||
|
|
||||||
|
if table_regex != nil
|
||||||
|
|
||||||
|
htds = @admin.listTables(table_regex)
|
||||||
|
htds.each { |t|
|
||||||
|
tables << t.getTableName().toString()
|
||||||
|
}
|
||||||
|
|
||||||
|
tables.each { |t|
|
||||||
|
if (isNamespace?(t))
|
||||||
|
# Namespace should exist first.
|
||||||
|
namespace_name = t[1...t.length]
|
||||||
|
raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless namespace_exists?(namespace_name)
|
||||||
|
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(
|
||||||
|
protocol, org.apache.hadoop.hbase.TableName.valueOf(t))
|
||||||
|
else
|
||||||
|
raise(ArgumentError, "Can't find table: #{t}") unless exists?(t)
|
||||||
|
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(
|
||||||
|
protocol, org.apache.hadoop.hbase.TableName.valueOf(t))
|
||||||
|
end
|
||||||
|
all_perms << perms
|
||||||
|
}
|
||||||
else
|
else
|
||||||
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(protocol)
|
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(protocol)
|
||||||
|
all_perms << perms
|
||||||
end
|
end
|
||||||
ensure
|
ensure
|
||||||
meta_table.close()
|
meta_table.close()
|
||||||
end
|
end
|
||||||
|
|
||||||
res = {}
|
res = {}
|
||||||
count = 0
|
count = 0
|
||||||
perms.each do |value|
|
all_perms.each do |this_perms|
|
||||||
|
this_perms.each do |value|
|
||||||
user_name = String.from_java_bytes(value.getUser)
|
user_name = String.from_java_bytes(value.getUser)
|
||||||
table = (value.getTableName != nil) ? value.getTableName.getNameAsString() : ''
|
table = (value.getTableName != nil) ? value.getTableName.getNameAsString() : ''
|
||||||
family = (value.getFamily != nil) ? org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getFamily) : ''
|
family = (value.getFamily != nil) ?
|
||||||
qualifier = (value.getQualifier != nil) ? org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getQualifier) : ''
|
org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getFamily) :
|
||||||
|
''
|
||||||
|
qualifier = (value.getQualifier != nil) ?
|
||||||
|
org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getQualifier) :
|
||||||
|
''
|
||||||
|
|
||||||
action = org.apache.hadoop.hbase.security.access.Permission.new value.getActions
|
action = org.apache.hadoop.hbase.security.access.Permission.new value.getActions
|
||||||
|
|
||||||
|
@ -199,6 +224,7 @@ module Hbase
|
||||||
end
|
end
|
||||||
count += 1
|
count += 1
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
return ((block_given?) ? count : res)
|
return ((block_given?) ? count : res)
|
||||||
end
|
end
|
||||||
|
|
|
@ -28,6 +28,8 @@ For example:
|
||||||
hbase> user_permission
|
hbase> user_permission
|
||||||
hbase> user_permission 'table1'
|
hbase> user_permission 'table1'
|
||||||
hbase> user_permission 'namespace1:table1'
|
hbase> user_permission 'namespace1:table1'
|
||||||
|
hbase> user_permission '*'
|
||||||
|
hbase> user_permission '^[A-C].*'
|
||||||
EOF
|
EOF
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue