private static VisibilityLabelsResponse setOrClearAuths(Connection connection, final String[] auths, final String user, final boolean setOrClear) throws IOException, ServiceException, Throwable { try (Table table = connection.getTable(LABELS_TABLE_NAME)) { Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse> callable = new Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse>() { ServerRpcController controller = new ServerRpcController(); BlockingRpcCallback<VisibilityLabelsResponse> rpcCallback = new BlockingRpcCallback<VisibilityLabelsResponse>(); public VisibilityLabelsResponse call(VisibilityLabelsService service) throws IOException { SetAuthsRequest.Builder setAuthReqBuilder = SetAuthsRequest.newBuilder(); setAuthReqBuilder.setUser(ByteStringer.wrap(Bytes.toBytes(user))); for (String auth : auths) { if (auth.length() > 0) { setAuthReqBuilder.addAuth(ByteStringer.wrap(Bytes.toBytes(auth))); } } if (setOrClear) { service.setAuths(controller, setAuthReqBuilder.build(), rpcCallback); } else { service.clearAuths(controller, setAuthReqBuilder.build(), rpcCallback); } VisibilityLabelsResponse response = rpcCallback.get(); if (controller.failedOnException()) { throw controller.getFailedOn(); } return response; } }; Map<byte[], VisibilityLabelsResponse> result = table.coprocessorService( VisibilityLabelsService.class, HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, callable); return result.values().iterator().next(); // There will be exactly one region for labels // table and so one entry in result Map. } }
private static VisibilityLabelsResponse setOrClearAuths(Configuration conf, final String[] auths, final String user, final boolean setOrClear) throws IOException, ServiceException, Throwable { // TODO: Make it so caller passes in a Connection rather than have us do this expensive // setup each time. This class only used in test and shell at moment though. try (Connection connection = ConnectionFactory.createConnection(conf)) { try (Table table = connection.getTable(LABELS_TABLE_NAME)) { Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse> callable = new Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse>() { ServerRpcController controller = new ServerRpcController(); BlockingRpcCallback<VisibilityLabelsResponse> rpcCallback = new BlockingRpcCallback<VisibilityLabelsResponse>(); public VisibilityLabelsResponse call(VisibilityLabelsService service) throws IOException { SetAuthsRequest.Builder setAuthReqBuilder = SetAuthsRequest.newBuilder(); setAuthReqBuilder.setUser(ByteStringer.wrap(Bytes.toBytes(user))); for (String auth : auths) { if (auth.length() > 0) { setAuthReqBuilder.addAuth(ByteStringer.wrap(Bytes.toBytes(auth))); } } if (setOrClear) { service.setAuths(controller, setAuthReqBuilder.build(), rpcCallback); } else { service.clearAuths(controller, setAuthReqBuilder.build(), rpcCallback); } VisibilityLabelsResponse response = rpcCallback.get(); if (controller.failedOnException()) { throw controller.getFailedOn(); } return response; } }; Map<byte[], VisibilityLabelsResponse> result = table.coprocessorService( VisibilityLabelsService.class, HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, callable); return result.values().iterator().next(); // There will be exactly one region for labels // table and so one entry in result Map. } } }
private static VisibilityLabelsResponse setOrClearAuths(Configuration conf, final String[] auths, final String user, final boolean setOrClear) throws IOException, ServiceException, Throwable { HTable ht = null; try { ht = new HTable(conf, LABELS_TABLE_NAME.getName()); Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse> callable = new Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse>() { ServerRpcController controller = new ServerRpcController(); BlockingRpcCallback<VisibilityLabelsResponse> rpcCallback = new BlockingRpcCallback<VisibilityLabelsResponse>(); public VisibilityLabelsResponse call(VisibilityLabelsService service) throws IOException { SetAuthsRequest.Builder setAuthReqBuilder = SetAuthsRequest.newBuilder(); setAuthReqBuilder.setUser(HBaseZeroCopyByteString.wrap(Bytes.toBytes(user))); for (String auth : auths) { if (auth.length() > 0) { setAuthReqBuilder.addAuth(HBaseZeroCopyByteString.wrap(Bytes.toBytes(auth))); } } if (setOrClear) { service.setAuths(controller, setAuthReqBuilder.build(), rpcCallback); } else { service.clearAuths(controller, setAuthReqBuilder.build(), rpcCallback); } return rpcCallback.get(); } }; Map<byte[], VisibilityLabelsResponse> result = ht.coprocessorService( VisibilityLabelsService.class, HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, callable); return result.values().iterator().next(); // There will be exactly one region for labels // table and so one entry in result Map. } finally { if (ht != null) { ht.close(); } } }
private static VisibilityLabelsResponse setOrClearAuths(Connection connection, final String[] auths, final String user, final boolean setOrClear) throws IOException, ServiceException, Throwable { try (Table table = connection.getTable(LABELS_TABLE_NAME)) { Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse> callable = new Batch.Call<VisibilityLabelsService, VisibilityLabelsResponse>() { ServerRpcController controller = new ServerRpcController(); CoprocessorRpcUtils.BlockingRpcCallback<VisibilityLabelsResponse> rpcCallback = new CoprocessorRpcUtils.BlockingRpcCallback<>(); @Override public VisibilityLabelsResponse call(VisibilityLabelsService service) throws IOException { SetAuthsRequest.Builder setAuthReqBuilder = SetAuthsRequest.newBuilder(); setAuthReqBuilder.setUser(ByteStringer.wrap(Bytes.toBytes(user))); for (String auth : auths) { if (auth.length() > 0) { setAuthReqBuilder.addAuth((ByteString.copyFromUtf8(auth))); } } if (setOrClear) { service.setAuths(controller, setAuthReqBuilder.build(), rpcCallback); } else { service.clearAuths(controller, setAuthReqBuilder.build(), rpcCallback); } VisibilityLabelsResponse response = rpcCallback.get(); if (controller.failedOnException()) { throw controller.getFailedOn(); } return response; } }; Map<byte[], VisibilityLabelsResponse> result = table.coprocessorService( VisibilityLabelsService.class, HConstants.EMPTY_BYTE_ARRAY, HConstants.EMPTY_BYTE_ARRAY, callable); return result.values().iterator().next(); // There will be exactly one region for labels // table and so one entry in result Map. } }
@Override public synchronized void clearAuths(RpcController controller, SetAuthsRequest request, RpcCallback<VisibilityLabelsResponse> done) { VisibilityLabelsResponse.Builder response = VisibilityLabelsResponse.newBuilder(); List<ByteString> auths = request.getAuthList(); if (!initialized) { setExceptionResults(auths.size(), new CoprocessorException( "VisibilityController not yet initialized"), response); } byte[] user = request.getUser().toByteArray(); try { checkCallingUserAuth(); List<String> currentAuths = this.getUserAuthsFromLabelsTable(user); List<Mutation> deletes = new ArrayList<Mutation>(auths.size()); RegionActionResult successResult = RegionActionResult.newBuilder().build(); for (ByteString authBS : auths) { byte[] auth = authBS.toByteArray(); String authStr = Bytes.toString(auth); if (currentAuths.contains(authStr)) { int labelOrdinal = this.visibilityManager.getLabelOrdinal(authStr); assert labelOrdinal > 0; Delete d = new Delete(Bytes.toBytes(labelOrdinal)); d.deleteColumns(LABELS_TABLE_FAMILY, user); deletes.add(d); response.addResult(successResult); } else { // This label is not set for the user. RegionActionResult.Builder failureResultBuilder = RegionActionResult.newBuilder(); failureResultBuilder.setException(ResponseConverter .buildException(new InvalidLabelException("Label '" + authStr + "' is not set for the user " + Bytes.toString(user)))); response.addResult(failureResultBuilder.build()); } } OperationStatus[] opStatus = this.regionEnv.getRegion().batchMutate( deletes.toArray(new Mutation[deletes.size()])); int i = 0; for (OperationStatus status : opStatus) { if (status.getOperationStatusCode() != SUCCESS) { while (response.getResult(i) != successResult) i++; RegionActionResult.Builder failureResultBuilder = RegionActionResult.newBuilder(); failureResultBuilder.setException(ResponseConverter .buildException(new DoNotRetryIOException(status.getExceptionMsg()))); response.setResult(i, failureResultBuilder.build()); } i++; } } catch (IOException e) { LOG.error(e); setExceptionResults(auths.size(), e, response); } done.run(response.build()); }
@Override public void setAuths(RpcController controller, SetAuthsRequest request, RpcCallback<VisibilityLabelsResponse> done) { }
@Override public void clearAuths(RpcController controller, SetAuthsRequest request, RpcCallback<VisibilityLabelsResponse> done) { }