user_permission.rb

apurtell Fri, 25 Apr 2014 15:34:52 -0700

Author: apurtell
Date: Fri Apr 25 22:34:16 2014
New Revision: 1590172

URL: http://svn.apache.org/r1590172
Log:
HBASE-10892 [Shell] Add support for globs in user_permission (Esteban Gutierrez)


Modified:
    hbase/trunk/hbase-shell/src/main/ruby/hbase/security.rb
    hbase/trunk/hbase-shell/src/main/ruby/shell/commands/user_permission.rb

Modified: hbase/trunk/hbase-shell/src/main/ruby/hbase/security.rb
URL: 
http://svn.apache.org/viewvc/hbase/trunk/hbase-shell/src/main/ruby/hbase/security.rb?rev=1590172&r1=1590171&r2=1590172&view=diff
==============================================================================
--- hbase/trunk/hbase-shell/src/main/ruby/hbase/security.rb (original)
+++ hbase/trunk/hbase-shell/src/main/ruby/hbase/security.rb Fri Apr 25 22:34:16 
2014
@@ -58,7 +58,8 @@ module Hbase
           if (isNamespace?(table_name))
             # Namespace should exist first.
             namespace_name = table_name[1...table_name.length]
-            raise(ArgumentError, "Can't find a namespace: #{namespace_name}") 
unless namespace_exists?(namespace_name)
+            raise(ArgumentError, "Can't find a namespace: #{namespace_name}") 
unless
+              namespace_exists?(namespace_name)
 
             # invoke cp endpoint to perform access controlse
             org.apache.hadoop.hbase.protobuf.ProtobufUtil.grant(
@@ -148,7 +149,7 @@ module Hbase
     end
 
     
#----------------------------------------------------------------------------------------------
-    def user_permission(table_name=nil)
+    def user_permission(table_regex=nil)
       security_available?
 
       begin
@@ -160,44 +161,69 @@ module Hbase
         protocol = 
org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos::
           AccessControlService.newBlockingStub(service)
 
-        if (table_name != nil)
-          #check if namespace is passed.
-          if (isNamespace?(table_name))
-            # Namespace should exist first.
-            namespace_name = table_name[1...table_name.length]
-            raise(ArgumentError, "Can't find a namespace: #{namespace_name}") 
unless namespace_exists?(namespace_name)
-            # invoke cp endpoint to perform access controls
-            perms = 
org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(
-              protocol, namespace_name.to_java_bytes)
-          else
-             raise(ArgumentError, "Can't find table: #{table_name}") unless 
exists?(table_name)
-             perms = 
org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(
-               protocol, org.apache.hadoop.hbase.TableName.valueOf(table_name))
-          end
+        if (table_regex == '')
+          table_regex = nil
+        end
+
+        # handle simple glob '*' but if '.' is passed before '*' then assume 
regex
+        if /\*/.match(table_regex) && !/\.\*/.match(table_regex)
+          table_regex = table_regex.gsub(/\*/, '.*')
+        end
+
+        all_perms = []
+        tables = []
+
+        if table_regex != nil
+
+          htds = @admin.listTables(table_regex)
+          htds.each { |t|
+            tables << t.getTableName().toString()
+          }
+
+          tables.each { |t|
+            if (isNamespace?(t))
+              # Namespace should exist first.
+              namespace_name = t[1...t.length]
+              raise(ArgumentError, "Can't find a namespace: 
#{namespace_name}") unless namespace_exists?(namespace_name)
+              perms = 
org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(
+                protocol, org.apache.hadoop.hbase.TableName.valueOf(t))
+            else
+              raise(ArgumentError, "Can't find table: #{t}") unless exists?(t)
+              perms = 
org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(
+                protocol, org.apache.hadoop.hbase.TableName.valueOf(t))
+            end
+            all_perms << perms
+          }
         else
           perms = 
org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(protocol)
+          all_perms << perms
         end
       ensure
         meta_table.close()
       end
-
       res = {}
       count  = 0
-      perms.each do |value|
-        user_name = String.from_java_bytes(value.getUser)
-        table = (value.getTableName != nil) ? 
value.getTableName.getNameAsString() : ''
-        family = (value.getFamily != nil) ? 
org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getFamily) : ''
-        qualifier = (value.getQualifier != nil) ? 
org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getQualifier) : ''
+      all_perms.each do |this_perms|
+        this_perms.each do |value|
+          user_name = String.from_java_bytes(value.getUser)
+          table = (value.getTableName != nil) ? 
value.getTableName.getNameAsString() : ''
+          family = (value.getFamily != nil) ? 
+            
org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getFamily) :
+            ''
+          qualifier = (value.getQualifier != nil) ?
+            
org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getQualifier) :
+            ''
 
-        action = org.apache.hadoop.hbase.security.access.Permission.new 
value.getActions
+          action = org.apache.hadoop.hbase.security.access.Permission.new 
value.getActions
 
-        if block_given?
-          yield(user_name, "#{table},#{family},#{qualifier}: #{action.to_s}")
-        else
-          res[user_name] ||= {}
-          res[user_name][family + ":" +qualifier] = action
+          if block_given?
+            yield(user_name, "#{table},#{family},#{qualifier}: #{action.to_s}")
+          else
+            res[user_name] ||= {}
+            res[user_name][family + ":" +qualifier] = action
+          end
+          count += 1
         end
-        count += 1
       end
 
       return ((block_given?) ? count : res)

Modified: 
hbase/trunk/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
URL: 
http://svn.apache.org/viewvc/hbase/trunk/hbase-shell/src/main/ruby/shell/commands/user_permission.rb?rev=1590172&r1=1590171&r2=1590172&view=diff
==============================================================================
--- hbase/trunk/hbase-shell/src/main/ruby/shell/commands/user_permission.rb 
(original)
+++ hbase/trunk/hbase-shell/src/main/ruby/shell/commands/user_permission.rb Fri 
Apr 25 22:34:16 2014
@@ -28,6 +28,8 @@ For example:
     hbase> user_permission
     hbase> user_permission 'table1'
     hbase> user_permission 'namespace1:table1'
+    hbase> user_permission '*'
+    hbase> user_permission '^[A-C].*'
 EOF
       end

svn commit: r1590172 - in /hbase/trunk/hbase-shell/src/main/ruby: hbase/security.rb shell/commands/user_permission.rb

Reply via email to