public FeedUserAuthScanLabelGenerator() { this.labelsCache = VisibilityLabelsCache.get(); }
/** * Creates the singleton instance, if not yet present, and returns the same. * @param watcher * @param conf * @return Singleton instance of VisibilityLabelsCache * @throws IOException */ public synchronized static VisibilityLabelsCache createAndGet(ZKWatcher watcher, Configuration conf) throws IOException { // VisibilityLabelService#init() for different regions (in same RS) passes same instance of // watcher as all get the instance from RS. // watcher != instance.zkVisibilityWatcher.getWatcher() - This check is needed only in UTs with // RS restart. It will be same JVM in which RS restarts and instance will be not null. But the // watcher associated with existing instance will be stale as the restarted RS will have new // watcher with it. if (instance == null || watcher != instance.zkVisibilityWatcher.getWatcher()) { instance = new VisibilityLabelsCache(watcher, conf); } return instance; }
@Override public List<String> getLabels(User user, Authorizations authorizations) { String userName = user.getShortName(); if (authorizations != null) { LOG.warn("Dropping authorizations requested by user " + userName + ": " + authorizations); } Set<String> auths = new HashSet<>(); auths.addAll(this.labelsCache.getUserAuths(userName)); auths.addAll(this.labelsCache.getGroupAuths(user.getGroupNames())); return new ArrayList<>(auths); }
@Override public List<Tag> createVisibilityExpTags(String visExpression, boolean withSerializationFormat, boolean checkAuths) throws IOException { Set<Integer> auths = new HashSet<>(); if (checkAuths) { User user = VisibilityUtils.getActiveUser(); auths.addAll(this.labelsCache.getUserAuthsAsOrdinals(user.getShortName())); auths.addAll(this.labelsCache.getGroupAuthsAsOrdinals(user.getGroupNames())); } return VisibilityUtils.createVisibilityExpTags(visExpression, withSerializationFormat, checkAuths, auths, labelsCache); }
assert (labelsRegion != null || systemCall); if (systemCall || labelsRegion == null) { return this.labelsCache.getUserAuths(Bytes.toString(user)); Cell cell = results.get(0); int ordinal = PrivateCellUtil.getRowAsInt(cell); String label = this.labelsCache.getLabel(ordinal); if (label != null) { auths.add(label);
labelsCache = VisibilityLabelsCache.createAndGet(zk, this.conf); } catch (IOException ioe) { LOG.error("Error creating VisibilityLabelsCache", ioe); this.labelsCache.writeToZookeeper(serialized, true); this.labelsCache.refreshLabelsCache(serialized); this.labelsCache.writeToZookeeper(serialized, false); this.labelsCache.refreshUserAuthsCache(serialized);
assert (labelsRegion != null || systemCall); if (systemCall || labelsRegion == null) { return this.labelsCache.getGroupAuths(groups); Cell cell = results.get(0); int ordinal = PrivateCellUtil.getRowAsInt(cell); String label = this.labelsCache.getLabel(ordinal); if (label != null) { auths.add(label);
int labelsCount = this.labelsCache.getLabelsCount(); final BitSet bs = new BitSet(labelsCount + 1); // ordinal is index 1 based if (authLabels != null) { for (String authLabel : authLabels) { int labelOrdinal = this.labelsCache.getLabelOrdinal(authLabel); if (labelOrdinal != 0) { bs.set(labelOrdinal);
String authLabelStr = Bytes.toString(authLabel); if (currentAuths.contains(authLabelStr)) { int labelOrdinal = this.labelsCache.getLabelOrdinal(authLabelStr); assert labelOrdinal > 0; Delete d = new Delete(Bytes.toBytes(labelOrdinal));
public List<String> getGroupAuths(String[] groups) { this.lock.readLock().lock(); try { List<String> auths = EMPTY_LIST; Set<Integer> authOrdinals = getGroupAuthsAsOrdinals(groups); if (!authOrdinals.equals(EMPTY_SET)) { auths = new ArrayList<>(authOrdinals.size()); for (Integer authOrdinal : authOrdinals) { auths.add(ordinalVsLabels.get(authOrdinal)); } } return auths; } finally { this.lock.readLock().unlock(); } }
public List<String> getUserAuths(String user) { this.lock.readLock().lock(); try { List<String> auths = EMPTY_LIST; Set<Integer> authOrdinals = getUserAuthsAsOrdinals(user); if (!authOrdinals.equals(EMPTY_SET)) { auths = new ArrayList<>(authOrdinals.size()); for (Integer authOrdinal : authOrdinals) { auths.add(ordinalVsLabels.get(authOrdinal)); } } return auths; } finally { this.lock.readLock().unlock(); } }
ZooKeeperWatcher zk = e.getRegionServerServices().getZooKeeper(); try { labelsCache = VisibilityLabelsCache.createAndGet(zk, this.conf); } catch (IOException ioe) { LOG.error("Error creating VisibilityLabelsCache", ioe); this.labelsCache.writeToZookeeper(serialized, true); this.labelsCache.refreshLabelsCache(serialized); this.labelsCache.writeToZookeeper(serialized, false); this.labelsCache.refreshUserAuthsCache(serialized);
@Override public List<Tag> createVisibilityExpTags(String visExpression, boolean withSerializationFormat, boolean checkAuths) throws IOException { Set<Integer> auths = new HashSet<Integer>(); if (checkAuths) { User user = VisibilityUtils.getActiveUser(); auths.addAll(this.labelsCache.getUserAuthsAsOrdinals(user.getShortName())); auths.addAll(this.labelsCache.getGroupAuthsAsOrdinals(user.getGroupNames())); } return VisibilityUtils.createVisibilityExpTags(visExpression, withSerializationFormat, checkAuths, auths, labelsCache); }
assert (labelsRegion != null || systemCall); if (systemCall || labelsRegion == null) { return this.labelsCache.getUserAuths(Bytes.toString(user)); Cell cell = results.get(0); int ordinal = Bytes.toInt(cell.getRowArray(), cell.getRowOffset(), cell.getRowLength()); String label = this.labelsCache.getLabel(ordinal); if (label != null) { auths.add(label);
assert (labelsRegion != null || systemCall); if (systemCall || labelsRegion == null) { return this.labelsCache.getGroupAuths(groups); Cell cell = results.get(0); int ordinal = Bytes.toInt(cell.getRowArray(), cell.getRowOffset(), cell.getRowLength()); String label = this.labelsCache.getLabel(ordinal); if (label != null) { auths.add(label);
int labelsCount = this.labelsCache.getLabelsCount(); final BitSet bs = new BitSet(labelsCount + 1); // ordinal is index 1 based if (authLabels != null) { for (String authLabel : authLabels) { int labelOrdinal = this.labelsCache.getLabelOrdinal(authLabel); if (labelOrdinal != 0) { bs.set(labelOrdinal);
for (byte[] label : labels) { String labelStr = Bytes.toString(label); if (this.labelsCache.getLabelOrdinal(labelStr) > 0) { finalOpStatus[i] = new OperationStatus(OperationStatusCode.FAILURE, new LabelAlreadyExistsException("Label '" + labelStr + "' already exists"));
public List<String> getGroupAuths(String[] groups) { this.lock.readLock().lock(); try { List<String> auths = EMPTY_LIST; Set<Integer> authOrdinals = getGroupAuthsAsOrdinals(groups); if (!authOrdinals.equals(EMPTY_SET)) { auths = new ArrayList<String>(authOrdinals.size()); for (Integer authOrdinal : authOrdinals) { auths.add(ordinalVsLabels.get(authOrdinal)); } } return auths; } finally { this.lock.readLock().unlock(); } }
public List<String> getUserAuths(String user) { this.lock.readLock().lock(); try { List<String> auths = EMPTY_LIST; Set<Integer> authOrdinals = getUserAuthsAsOrdinals(user); if (!authOrdinals.equals(EMPTY_SET)) { auths = new ArrayList<String>(authOrdinals.size()); for (Integer authOrdinal : authOrdinals) { auths.add(ordinalVsLabels.get(authOrdinal)); } } return auths; } finally { this.lock.readLock().unlock(); } }