HBASE-10892 [Shell] Add support for globs in user_permission (Esteban Gutierrez)

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1590172 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Andrew Kyle Purtell 2014-04-25 22:34:16 +00:00
parent fe298e08d3
commit 4d1fc21500
2 changed files with 57 additions and 29 deletions

View File

@ -58,7 +58,8 @@ module Hbase
if (isNamespace?(table_name)) if (isNamespace?(table_name))
# Namespace should exist first. # Namespace should exist first.
namespace_name = table_name[1...table_name.length] namespace_name = table_name[1...table_name.length]
raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless namespace_exists?(namespace_name) raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless
namespace_exists?(namespace_name)
# invoke cp endpoint to perform access controlse # invoke cp endpoint to perform access controlse
org.apache.hadoop.hbase.protobuf.ProtobufUtil.grant( org.apache.hadoop.hbase.protobuf.ProtobufUtil.grant(
@ -148,7 +149,7 @@ module Hbase
end end
#---------------------------------------------------------------------------------------------- #----------------------------------------------------------------------------------------------
def user_permission(table_name=nil) def user_permission(table_regex=nil)
security_available? security_available?
begin begin
@ -160,44 +161,69 @@ module Hbase
protocol = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos:: protocol = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos::
AccessControlService.newBlockingStub(service) AccessControlService.newBlockingStub(service)
if (table_name != nil) if (table_regex == '')
#check if namespace is passed. table_regex = nil
if (isNamespace?(table_name)) end
# Namespace should exist first.
namespace_name = table_name[1...table_name.length] # handle simple glob '*' but if '.' is passed before '*' then assume regex
raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless namespace_exists?(namespace_name) if /\*/.match(table_regex) && !/\.\*/.match(table_regex)
# invoke cp endpoint to perform access controls table_regex = table_regex.gsub(/\*/, '.*')
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions( end
protocol, namespace_name.to_java_bytes)
else all_perms = []
raise(ArgumentError, "Can't find table: #{table_name}") unless exists?(table_name) tables = []
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(
protocol, org.apache.hadoop.hbase.TableName.valueOf(table_name)) if table_regex != nil
end
htds = @admin.listTables(table_regex)
htds.each { |t|
tables << t.getTableName().toString()
}
tables.each { |t|
if (isNamespace?(t))
# Namespace should exist first.
namespace_name = t[1...t.length]
raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless namespace_exists?(namespace_name)
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(
protocol, org.apache.hadoop.hbase.TableName.valueOf(t))
else
raise(ArgumentError, "Can't find table: #{t}") unless exists?(t)
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(
protocol, org.apache.hadoop.hbase.TableName.valueOf(t))
end
all_perms << perms
}
else else
perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(protocol) perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(protocol)
all_perms << perms
end end
ensure ensure
meta_table.close() meta_table.close()
end end
res = {} res = {}
count = 0 count = 0
perms.each do |value| all_perms.each do |this_perms|
user_name = String.from_java_bytes(value.getUser) this_perms.each do |value|
table = (value.getTableName != nil) ? value.getTableName.getNameAsString() : '' user_name = String.from_java_bytes(value.getUser)
family = (value.getFamily != nil) ? org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getFamily) : '' table = (value.getTableName != nil) ? value.getTableName.getNameAsString() : ''
qualifier = (value.getQualifier != nil) ? org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getQualifier) : '' family = (value.getFamily != nil) ?
org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getFamily) :
''
qualifier = (value.getQualifier != nil) ?
org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getQualifier) :
''
action = org.apache.hadoop.hbase.security.access.Permission.new value.getActions action = org.apache.hadoop.hbase.security.access.Permission.new value.getActions
if block_given? if block_given?
yield(user_name, "#{table},#{family},#{qualifier}: #{action.to_s}") yield(user_name, "#{table},#{family},#{qualifier}: #{action.to_s}")
else else
res[user_name] ||= {} res[user_name] ||= {}
res[user_name][family + ":" +qualifier] = action res[user_name][family + ":" +qualifier] = action
end
count += 1
end end
count += 1
end end
return ((block_given?) ? count : res) return ((block_given?) ? count : res)

View File

@ -28,6 +28,8 @@ For example:
hbase> user_permission hbase> user_permission
hbase> user_permission 'table1' hbase> user_permission 'table1'
hbase> user_permission 'namespace1:table1' hbase> user_permission 'namespace1:table1'
hbase> user_permission '*'
hbase> user_permission '^[A-C].*'
EOF EOF
end end