@Override public List<Tag> createVisibilityExpTags(String visExpression, boolean withSerializationFormat, boolean checkAuths) throws IOException { Set<Integer> auths = new HashSet<>(); if (checkAuths) { User user = VisibilityUtils.getActiveUser(); auths.addAll(this.labelsCache.getUserAuthsAsOrdinals(user.getShortName())); auths.addAll(this.labelsCache.getGroupAuthsAsOrdinals(user.getGroupNames())); } return VisibilityUtils.createVisibilityExpTags(visExpression, withSerializationFormat, checkAuths, auths, labelsCache); }
throw ioe; this.scanLabelGenerators = VisibilityUtils.getScanLabelGenerators(this.conf); if (e.getRegion().getRegionInfo().getTable().equals(LABELS_TABLE_NAME)) { this.labelsRegion = e.getRegion(); if (labels.size() > 0) { byte[] serialized = VisibilityUtils.getDataToWriteToZooKeeper(labels); this.labelsCache.writeToZookeeper(serialized, true); this.labelsCache.refreshLabelsCache(serialized); byte[] serialized = VisibilityUtils.getUserAuthsDataToWriteToZooKeeper(userAuths); this.labelsCache.writeToZookeeper(serialized, false); this.labelsCache.refreshUserAuthsCache(serialized);
checkAuths(auths, labelOrdinal, identifier, checkAuths); } else { identifier = lNode.getIdentifier(); labelOrdinal = ordinalProvider.getLabelOrdinal(identifier); checkAuths(auths, labelOrdinal, identifier, checkAuths); labelOrdinal = -1 * labelOrdinal; // Store NOT node as -ve ordinal. List<ExpressionNode> childExps = ((NonLeafExpressionNode) node).getChildExps(); for (ExpressionNode child : childExps) { getLabelOrdinals(child, labelOrdinals, auths, checkAuths, ordinalProvider);
getLabelOrdinals(node, labelOrdinals, auths, checkAuths, ordinalProvider); writeLabelOrdinalsToStream(labelOrdinals, dos); tags.add(new ArrayBackedTag(VISIBILITY_TAG_TYPE, baos.toByteArray())); baos.reset(); if (nlNode.getOperator() == Operator.OR) { for (ExpressionNode child : nlNode.getChildExps()) { getLabelOrdinals(child, labelOrdinals, auths, checkAuths, ordinalProvider); writeLabelOrdinalsToStream(labelOrdinals, dos); tags.add(new ArrayBackedTag(VISIBILITY_TAG_TYPE, baos.toByteArray())); baos.reset(); getLabelOrdinals(nlNode, labelOrdinals, auths, checkAuths, ordinalProvider); writeLabelOrdinalsToStream(labelOrdinals, dos); tags.add(new ArrayBackedTag(VISIBILITY_TAG_TYPE, baos.toByteArray())); baos.reset();
protected boolean isReadFromSystemAuthUser() throws IOException { User user = VisibilityUtils.getActiveUser(); return havingSystemAuth(user); }
@Override public List<Tag> createVisibilityExpTags(String visExpression) throws IOException { VisibilityLabelOrdinalProvider provider = new VisibilityLabelOrdinalProvider() { @Override public int getLabelOrdinal(String label) { Integer ordinal = null; ordinal = labels.get(label); if (ordinal != null) { return ordinal.intValue(); } return VisibilityConstants.NON_EXIST_LABEL_ORDINAL; } @Override public String getLabel(int ordinal) { // Unused throw new UnsupportedOperationException( "getLabel should not be used in VisibilityExpressionResolver"); } }; return VisibilityUtils.createVisibilityExpTags(visExpression, true, false, null, provider); } }
protected void updateZk(boolean labelAddition) throws IOException { // We will add to zookeeper here. // TODO we should add the delta only to zk. Else this will be a very heavy op and when there are // so many labels and auth in the system, we will end up adding lots of data to zk. Most // possibly we will exceed zk node data limit! Pair<Map<String, Integer>, Map<String, List<Integer>>> labelsAndUserAuths = extractLabelsAndAuths(getExistingLabelsWithAuths()); Map<String, Integer> existingLabels = labelsAndUserAuths.getFirst(); Map<String, List<Integer>> userAuths = labelsAndUserAuths.getSecond(); if (labelAddition) { byte[] serialized = VisibilityUtils.getDataToWriteToZooKeeper(existingLabels); this.labelsCache.writeToZookeeper(serialized, true); } else { byte[] serialized = VisibilityUtils.getUserAuthsDataToWriteToZooKeeper(userAuths); this.labelsCache.writeToZookeeper(serialized, false); } }
s.addColumn(LABELS_TABLE_FAMILY, user); Filter filter = VisibilityUtils.createVisibilityLabelFilter(this.labelsRegion, new Authorizations(SYSTEM_LABEL)); s.setFilter(filter);
if (timestamp <= triple.getThird()) { List<Tag> putVisTags = new ArrayList<>(); Byte putCellVisTagsFormat = VisibilityUtils.extractVisibilityTags(cell, putVisTags); boolean matchFound = VisibilityLabelServiceManager.getInstance() .getVisibilityLabelService().matchVisibility(putVisTags, putCellVisTagsFormat, if (!VisibilityUtils.isVisibilityTagsPresent(cell) && timestamp <= familyStamp) { if (!VisibilityUtils.isVisibilityTagsPresent(cell) && timestamp <= familyStamp) { if (timestamp == triple.getThird()) { List<Tag> putVisTags = new ArrayList<>(); Byte putCellVisTagsFormat = VisibilityUtils.extractVisibilityTags(cell, putVisTags); boolean matchFound = VisibilityLabelServiceManager.getInstance() .getVisibilityLabelService().matchVisibility(putVisTags, putCellVisTagsFormat, if (!VisibilityUtils.isVisibilityTagsPresent(cell)) { if (!VisibilityUtils.isVisibilityTagsPresent(cell)) { List<Tag> putVisTags = new ArrayList<>(); Byte putCellVisTagsFormat = VisibilityUtils.extractVisibilityTags(cell, putVisTags); boolean matchFound = VisibilityLabelServiceManager.getInstance() .getVisibilityLabelService().matchVisibility(putVisTags, putCellVisTagsFormat, if (!VisibilityUtils.isVisibilityTagsPresent(cell)) { if (!VisibilityUtils.isVisibilityTagsPresent(cell)) {
private TagInfo(Cell c) { tags = new ArrayList<>(); format = VisibilityUtils.extractVisibilityTags(c, tags); }
@Override public void init(RegionCoprocessorEnvironment e) throws IOException { this.scanLabelGenerators = VisibilityUtils.getScanLabelGenerators(this.conf); if (e.getRegion().getRegionInfo().getTable().equals(LABELS_TABLE_NAME)) { this.labelsRegion = e.getRegion(); } }
visTags.clear(); nonVisTags.clear(); Byte serializationFormat = VisibilityUtils.extractAndPartitionTags(cell, visTags, nonVisTags); if (!visTags.isEmpty()) {
private boolean isSystemOrSuperUser() throws IOException { return Superusers.isSuperUser(VisibilityUtils.getActiveUser()); }
@Override public List<Tag> createVisibilityExpTags(String visExpression) throws IOException { VisibilityLabelOrdinalProvider provider = new VisibilityLabelOrdinalProvider() { @Override public int getLabelOrdinal(String label) { Integer ordinal = null; ordinal = labels.get(label); if (ordinal != null) { return ordinal.intValue(); } return VisibilityConstants.NON_EXIST_LABEL_ORDINAL; } @Override public String getLabel(int ordinal) { // Unused throw new UnsupportedOperationException( "getLabel should not be used in VisibilityExpressionResolver"); } }; return VisibilityUtils.createVisibilityExpTags(visExpression, true, false, null, provider); } }
protected void updateZk(boolean labelAddition) throws IOException { // We will add to zookeeper here. // TODO we should add the delta only to zk. Else this will be a very heavy op and when there are // so many labels and auth in the system, we will end up adding lots of data to zk. Most // possibly we will exceed zk node data limit! Pair<Map<String, Integer>, Map<String, List<Integer>>> labelsAndUserAuths = extractLabelsAndAuths(getExistingLabelsWithAuths()); Map<String, Integer> existingLabels = labelsAndUserAuths.getFirst(); Map<String, List<Integer>> userAuths = labelsAndUserAuths.getSecond(); if (labelAddition) { byte[] serialized = VisibilityUtils.getDataToWriteToZooKeeper(existingLabels); this.labelsCache.writeToZookeeper(serialized, true); } else { byte[] serialized = VisibilityUtils.getUserAuthsDataToWriteToZooKeeper(userAuths); this.labelsCache.writeToZookeeper(serialized, false); } }
Filter filter = VisibilityUtils.createVisibilityLabelFilter(this.labelsRegion, new Authorizations(SYSTEM_LABEL)); s.setFilter(filter);
getLabelOrdinals(node, labelOrdinals, auths, checkAuths, ordinalProvider); writeLabelOrdinalsToStream(labelOrdinals, dos); tags.add(new Tag(VISIBILITY_TAG_TYPE, baos.toByteArray())); baos.reset(); if (nlNode.getOperator() == Operator.OR) { for (ExpressionNode child : nlNode.getChildExps()) { getLabelOrdinals(child, labelOrdinals, auths, checkAuths, ordinalProvider); writeLabelOrdinalsToStream(labelOrdinals, dos); tags.add(new Tag(VISIBILITY_TAG_TYPE, baos.toByteArray())); baos.reset(); getLabelOrdinals(nlNode, labelOrdinals, auths, checkAuths, ordinalProvider); writeLabelOrdinalsToStream(labelOrdinals, dos); tags.add(new Tag(VISIBILITY_TAG_TYPE, baos.toByteArray())); baos.reset();
if (timestamp <= triple.getThird()) { List<Tag> putVisTags = new ArrayList<Tag>(); Byte putCellVisTagsFormat = VisibilityUtils.extractVisibilityTags(cell, putVisTags); boolean matchFound = VisibilityLabelServiceManager.getInstance() .getVisibilityLabelService().matchVisibility(putVisTags, putCellVisTagsFormat, if (!VisibilityUtils.isVisibilityTagsPresent(cell) && timestamp <= familyStamp) { if (!VisibilityUtils.isVisibilityTagsPresent(cell) && timestamp <= familyStamp) { if (timestamp == triple.getThird()) { List<Tag> putVisTags = new ArrayList<Tag>(); Byte putCellVisTagsFormat = VisibilityUtils.extractVisibilityTags(cell, putVisTags); boolean matchFound = VisibilityLabelServiceManager.getInstance() .getVisibilityLabelService().matchVisibility(putVisTags, putCellVisTagsFormat, if (!VisibilityUtils.isVisibilityTagsPresent(cell)) { if (!VisibilityUtils.isVisibilityTagsPresent(cell)) { List<Tag> putVisTags = new ArrayList<Tag>(); Byte putCellVisTagsFormat = VisibilityUtils.extractVisibilityTags(cell, putVisTags); boolean matchFound = VisibilityLabelServiceManager.getInstance() .getVisibilityLabelService().matchVisibility(putVisTags, putCellVisTagsFormat, if (!VisibilityUtils.isVisibilityTagsPresent(cell)) { if (!VisibilityUtils.isVisibilityTagsPresent(cell)) {
private boolean tagMatched(Cell put, TagInfo delInfo) throws IOException { List<Tag> putVisTags = new ArrayList<>(); Byte putCellVisTagsFormat = VisibilityUtils.extractVisibilityTags(put, putVisTags); return putVisTags.isEmpty() == delInfo.tags.isEmpty() && ( (putVisTags.isEmpty() && delInfo.tags.isEmpty()) || VisibilityLabelServiceManager .getInstance().getVisibilityLabelService() .matchVisibility(putVisTags, putCellVisTagsFormat, delInfo.tags, delInfo.format)); }
@Override public void init(RegionCoprocessorEnvironment e) throws IOException { this.scanLabelGenerators = VisibilityUtils.getScanLabelGenerators(this.conf); if (e.getRegion().getRegionInfo().getTable().equals(LABELS_TABLE_NAME)) { this.labelsRegion = e.getRegion(); } }