You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2014/10/31 22:02:25 UTC
[3/5] git commit: ARGUS-143: HBase plug-in updated to authorize
bulk-load operations.
ARGUS-143: HBase plug-in updated to authorize bulk-load operations.
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/38c35947
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/38c35947
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/38c35947
Branch: refs/heads/argus2ranger
Commit: 38c35947034f2e844d0a425ed11c8b718bbf2438
Parents: f72e61f
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Thu Oct 30 18:25:36 2014 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Thu Oct 30 18:25:36 2014 -0700
----------------------------------------------------------------------
.../hbase/XaSecureAuthorizationCoprocessor.java | 23 ++++++--
.../XaSecureAuthorizationCoprocessorBase.java | 57 +++++++++++++++++++-
pom.xml | 2 +-
3 files changed, 77 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/38c35947/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
index 2353873..4cd2690 100644
--- a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
+++ b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
@@ -84,6 +84,8 @@ import org.apache.hadoop.hbase.protobuf.ResponseConverter;
import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos;
import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService;
import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.SnapshotDescription;
+import org.apache.hadoop.hbase.protobuf.generated.SecureBulkLoadProtos.CleanupBulkLoadRequest;
+import org.apache.hadoop.hbase.protobuf.generated.SecureBulkLoadProtos.PrepareBulkLoadRequest;
import org.apache.hadoop.hbase.regionserver.HRegion;
import org.apache.hadoop.hbase.regionserver.InternalScanner;
import org.apache.hadoop.hbase.regionserver.RegionScanner;
@@ -365,9 +367,12 @@ public class XaSecureAuthorizationCoprocessor extends XaSecureAuthorizationCopro
}
}
protected void requirePermission(String request, Permission.Action perm, RegionCoprocessorEnvironment env, Collection<byte[]> families) throws IOException {
- HashMap<byte[], Set<byte[]>> familyMap = new HashMap<byte[], Set<byte[]>>();
- for (byte[] family : families) {
- familyMap.put(family, null);
+ HashMap<byte[], Set<byte[]>> familyMap = new HashMap<byte[], Set<byte[]>>();
+
+ if(families != null) {
+ for (byte[] family : families) {
+ familyMap.put(family, null);
+ }
}
requirePermission(request, perm, env, familyMap);
}
@@ -958,6 +963,18 @@ public class XaSecureAuthorizationCoprocessor extends XaSecureAuthorizationCopro
public void postMerge(ObserverContext<RegionServerCoprocessorEnvironment> c, HRegion regionA, HRegion regionB, HRegion mergedRegion) throws IOException {
auditEvent("mergeRegions", regionA.getTableDesc().getTableName().getName(), null, null, null, null, getActiveUser(), accessGrantedFlag);
}
+
+ public void prePrepareBulkLoad(ObserverContext<RegionCoprocessorEnvironment> ctx, PrepareBulkLoadRequest request) throws IOException {
+ List<byte[]> cfs = null;
+
+ requirePermission("prePrepareBulkLoad", Permission.Action.WRITE, ctx.getEnvironment(), cfs);
+ }
+
+ public void preCleanupBulkLoad(ObserverContext<RegionCoprocessorEnvironment> ctx, CleanupBulkLoadRequest request) throws IOException {
+ List<byte[]> cfs = null;
+
+ requirePermission("preCleanupBulkLoad", Permission.Action.WRITE, ctx.getEnvironment(), cfs);
+ }
private void auditEvent(String eventName, byte[] tableName, byte[] columnFamilyName, byte[] qualifierName, byte[] row, byte[] value, User user, short accessFlag) {
auditEvent(eventName, Bytes.toString(tableName), Bytes.toString(columnFamilyName), Bytes.toString(qualifierName), row, value, user, accessFlag);
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/38c35947/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessorBase.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessorBase.java b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessorBase.java
index 5da6f15..b60a95b 100644
--- a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessorBase.java
+++ b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessorBase.java
@@ -29,19 +29,24 @@ import org.apache.hadoop.hbase.ServerName;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Mutation;
import org.apache.hadoop.hbase.coprocessor.BaseRegionObserver;
+import org.apache.hadoop.hbase.coprocessor.BulkLoadObserver;
import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
import org.apache.hadoop.hbase.coprocessor.MasterObserver;
import org.apache.hadoop.hbase.coprocessor.ObserverContext;
+import org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment;
import org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessorEnvironment;
import org.apache.hadoop.hbase.coprocessor.RegionServerObserver;
import org.apache.hadoop.hbase.master.RegionPlan;
import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.SnapshotDescription;
+import org.apache.hadoop.hbase.protobuf.generated.SecureBulkLoadProtos.CleanupBulkLoadRequest;
+import org.apache.hadoop.hbase.protobuf.generated.SecureBulkLoadProtos.PrepareBulkLoadRequest;
import org.apache.hadoop.hbase.regionserver.HRegion;
+import org.apache.hadoop.hbase.replication.ReplicationEndpoint;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hadoop.hbase.security.access.Permission.Action;
public class XaSecureAuthorizationCoprocessorBase extends BaseRegionObserver
- implements MasterObserver, RegionServerObserver {
+ implements MasterObserver, RegionServerObserver, BulkLoadObserver {
@Override
public void preStopRegionServer(
@@ -613,4 +618,54 @@ public class XaSecureAuthorizationCoprocessorBase extends BaseRegionObserver
// TODO Auto-generated method stub
}
+
+ public void preRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void postRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void preTableFlush(final ObserverContext<MasterCoprocessorEnvironment> ctx, final TableName tableName) throws IOException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void postTableFlush(ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName) throws IOException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void preTruncateTableHandler(final ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName) throws IOException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void postTruncateTableHandler(final ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName) throws IOException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void preTruncateTable(final ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName) throws IOException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void postTruncateTable(final ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName) throws IOException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public ReplicationEndpoint postCreateReplicationEndPoint(ObserverContext<RegionServerCoprocessorEnvironment> ctx, ReplicationEndpoint endpoint) {
+ return endpoint;
+ }
+
+ public void prePrepareBulkLoad(ObserverContext<RegionCoprocessorEnvironment> ctx, PrepareBulkLoadRequest request) throws IOException {
+ }
+
+ public void preCleanupBulkLoad(ObserverContext<RegionCoprocessorEnvironment> ctx, CleanupBulkLoadRequest request) throws IOException {
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/38c35947/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 05f9236..a7fcc7c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -88,7 +88,7 @@
<hadoop-common.version>3.0.0-SNAPSHOT</hadoop-common.version>
<hadoop.version>3.0.0-SNAPSHOT</hadoop.version>
<hamcrest.all.version>1.3</hamcrest.all.version>
- <hbase.version>0.98.4-hadoop2</hbase.version>
+ <hbase.version>0.99.2-SNAPSHOT</hbase.version>
<hive.version>0.13.0</hive.version>
<javassist.version>3.12.1.GA</javassist.version>
<javax.persistence.version>2.1.0</javax.persistence.version>