hbase git commit: HBASE-21485 Add more debug logs for remote procedure execution
Repository: hbase
Updated Branches:
refs/heads/branch-2 6ab0fbb1f -> 37540b541
HBASE-21485 Add more debug logs for remote procedure execution
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/37540b54
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/37540b54
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/37540b54
Branch: refs/heads/branch-2
Commit: 37540b541d9bdb416f31fa78e34c029cb3b95cf8
Parents: 6ab0fbb
Author: zhangduo
Authored: Fri Nov 16 11:18:58 2018 +0800
Committer: zhangduo
Committed: Fri Nov 16 14:47:24 2018 +0800
--
.../java/org/apache/hadoop/hbase/master/HMaster.java | 2 ++
.../apache/hadoop/hbase/regionserver/RSRpcServices.java | 3 +++
.../regionserver/RemoteProcedureResultReporter.java | 2 ++
.../hbase/regionserver/handler/RSProcedureHandler.java | 11 ++-
4 files changed, 13 insertions(+), 5 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/hbase/blob/37540b54/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
--
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
index ce5e1c9..995cb5d 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
@@ -3864,6 +3864,7 @@ public class HMaster extends HRegionServer implements
MasterServices {
}
public void remoteProcedureCompleted(long procId) {
+LOG.debug("Remote procedure done, pid={}", procId);
RemoteProcedure procedure =
getRemoteProcedure(procId);
if (procedure != null) {
procedure.remoteOperationCompleted(procedureExecutor.getEnvironment());
@@ -3871,6 +3872,7 @@ public class HMaster extends HRegionServer implements
MasterServices {
}
public void remoteProcedureFailed(long procId, RemoteProcedureException
error) {
+LOG.debug("Remote procedure failed, pid={}", procId, error);
RemoteProcedure procedure =
getRemoteProcedure(procId);
if (procedure != null) {
procedure.remoteOperationFailed(procedureExecutor.getEnvironment(),
error);
http://git-wip-us.apache.org/repos/asf/hbase/blob/37540b54/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
--
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
index 5b29d27..d8967c4 100644
---
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
+++
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
@@ -3640,10 +3640,13 @@ public class RSRpcServices implements
HBaseRPCErrorHandler,
callable =
Class.forName(request.getProcClass()).asSubclass(RSProcedureCallable.class)
.getDeclaredConstructor().newInstance();
} catch (Exception e) {
+ LOG.warn("Failed to instantiating remote procedure {}, pid={}",
request.getProcClass(),
+request.getProcId(), e);
regionServer.remoteProcedureComplete(request.getProcId(), e);
return;
}
callable.init(request.getProcData().toByteArray(), regionServer);
+LOG.debug("Executing remote procedure {}, pid={}", callable.getClass(),
request.getProcId());
regionServer.executeProcedure(request.getProcId(), callable);
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/37540b54/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java
--
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java
index ac3e95a..efb044a 100644
---
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java
+++
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java
@@ -57,9 +57,11 @@ class RemoteProcedureResultReporter extends Thread {
public void complete(long procId, Throwable error) {
RemoteProcedureResult.Builder builder =
RemoteProcedureResult.newBuilder().setProcId(procId);
if (error != null) {
+ LOG.debug("Failed to complete execution of proc pid={}", procId, error);
builder.setStatus(RemoteProcedureResult.Status.ERROR).setError(
ForeignExceptionUtil.toProtoForeignException(server.getServerName().toString(),
error));
} else {
+
hbase git commit: HBASE-21485 Add more debug logs for remote procedure execution
Repository: hbase
Updated Branches:
refs/heads/branch-2.1 d0c2e60e3 -> e5758e86a
HBASE-21485 Add more debug logs for remote procedure execution
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/e5758e86
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/e5758e86
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/e5758e86
Branch: refs/heads/branch-2.1
Commit: e5758e86a80ad74610295699abb20709aac1c225
Parents: d0c2e60
Author: zhangduo
Authored: Fri Nov 16 11:18:58 2018 +0800
Committer: zhangduo
Committed: Fri Nov 16 14:32:27 2018 +0800
--
.../java/org/apache/hadoop/hbase/master/HMaster.java | 2 ++
.../regionserver/RemoteProcedureResultReporter.java | 2 ++
.../hbase/regionserver/handler/RSProcedureHandler.java | 11 ++-
3 files changed, 10 insertions(+), 5 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/hbase/blob/e5758e86/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
--
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
index c8ba7ae..810bf07 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
@@ -3809,6 +3809,7 @@ public class HMaster extends HRegionServer implements
MasterServices {
}
public void remoteProcedureCompleted(long procId) {
+LOG.debug("Remote procedure done, pid={}", procId);
RemoteProcedure procedure =
getRemoteProcedure(procId);
if (procedure != null) {
procedure.remoteOperationCompleted(procedureExecutor.getEnvironment());
@@ -3816,6 +3817,7 @@ public class HMaster extends HRegionServer implements
MasterServices {
}
public void remoteProcedureFailed(long procId, RemoteProcedureException
error) {
+LOG.debug("Remote procedure failed, pid={}", procId, error);
RemoteProcedure procedure =
getRemoteProcedure(procId);
if (procedure != null) {
procedure.remoteOperationFailed(procedureExecutor.getEnvironment(),
error);
http://git-wip-us.apache.org/repos/asf/hbase/blob/e5758e86/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java
--
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java
index ac3e95a..efb044a 100644
---
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java
+++
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java
@@ -57,9 +57,11 @@ class RemoteProcedureResultReporter extends Thread {
public void complete(long procId, Throwable error) {
RemoteProcedureResult.Builder builder =
RemoteProcedureResult.newBuilder().setProcId(procId);
if (error != null) {
+ LOG.debug("Failed to complete execution of proc pid={}", procId, error);
builder.setStatus(RemoteProcedureResult.Status.ERROR).setError(
ForeignExceptionUtil.toProtoForeignException(server.getServerName().toString(),
error));
} else {
+ LOG.debug("Successfully complete execution of proc pid={}", procId);
builder.setStatus(RemoteProcedureResult.Status.SUCCESS);
}
results.add(builder.build());
http://git-wip-us.apache.org/repos/asf/hbase/blob/e5758e86/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/handler/RSProcedureHandler.java
--
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/handler/RSProcedureHandler.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/handler/RSProcedureHandler.java
index d2175d0..ddff13f 100644
---
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/handler/RSProcedureHandler.java
+++
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/handler/RSProcedureHandler.java
@@ -42,13 +42,14 @@ public class RSProcedureHandler extends EventHandler {
@Override
public void process() {
-Exception error = null;
+Throwable error = null;
try {
callable.call();
-} catch (Exception e) {
- LOG.error("Catch exception when call RSProcedureCallable: ", e);
- error = e;
+} catch (Throwable t) {
+ LOG.error("Error when call RSProcedureCallable: ", t);
+ error = t;
+} finally {
+ ((HRegionServer) server).remoteProcedureComplete(procId, error);
}
-
hbase git commit: HBASE-21485 Add more debug logs for remote procedure execution
Repository: hbase
Updated Branches:
refs/heads/master a81987593 -> 43a10df70
HBASE-21485 Add more debug logs for remote procedure execution
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/43a10df7
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/43a10df7
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/43a10df7
Branch: refs/heads/master
Commit: 43a10df70fcf36999ce28e1ba0ac06e0d62ccaf1
Parents: a819875
Author: zhangduo
Authored: Fri Nov 16 11:18:58 2018 +0800
Committer: zhangduo
Committed: Fri Nov 16 14:30:59 2018 +0800
--
.../java/org/apache/hadoop/hbase/master/HMaster.java | 2 ++
.../apache/hadoop/hbase/regionserver/RSRpcServices.java | 3 +++
.../regionserver/RemoteProcedureResultReporter.java | 2 ++
.../hbase/regionserver/handler/RSProcedureHandler.java | 11 ++-
4 files changed, 13 insertions(+), 5 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/hbase/blob/43a10df7/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
--
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
index df744b6..31dc208 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
@@ -3888,6 +3888,7 @@ public class HMaster extends HRegionServer implements
MasterServices {
}
public void remoteProcedureCompleted(long procId) {
+LOG.debug("Remote procedure done, pid={}", procId);
RemoteProcedure procedure =
getRemoteProcedure(procId);
if (procedure != null) {
procedure.remoteOperationCompleted(procedureExecutor.getEnvironment());
@@ -3895,6 +3896,7 @@ public class HMaster extends HRegionServer implements
MasterServices {
}
public void remoteProcedureFailed(long procId, RemoteProcedureException
error) {
+LOG.debug("Remote procedure failed, pid={}", procId, error);
RemoteProcedure procedure =
getRemoteProcedure(procId);
if (procedure != null) {
procedure.remoteOperationFailed(procedureExecutor.getEnvironment(),
error);
http://git-wip-us.apache.org/repos/asf/hbase/blob/43a10df7/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
--
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
index 17c582d..df84dcf 100644
---
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
+++
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
@@ -3734,10 +3734,13 @@ public class RSRpcServices implements
HBaseRPCErrorHandler,
callable =
Class.forName(request.getProcClass()).asSubclass(RSProcedureCallable.class)
.getDeclaredConstructor().newInstance();
} catch (Exception e) {
+ LOG.warn("Failed to instantiating remote procedure {}, pid={}",
request.getProcClass(),
+request.getProcId(), e);
regionServer.remoteProcedureComplete(request.getProcId(), e);
return;
}
callable.init(request.getProcData().toByteArray(), regionServer);
+LOG.debug("Executing remote procedure {}, pid={}", callable.getClass(),
request.getProcId());
regionServer.executeProcedure(request.getProcId(), callable);
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/43a10df7/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java
--
diff --git
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java
index ac3e95a..efb044a 100644
---
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java
+++
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java
@@ -57,9 +57,11 @@ class RemoteProcedureResultReporter extends Thread {
public void complete(long procId, Throwable error) {
RemoteProcedureResult.Builder builder =
RemoteProcedureResult.newBuilder().setProcId(procId);
if (error != null) {
+ LOG.debug("Failed to complete execution of proc pid={}", procId, error);
builder.setStatus(RemoteProcedureResult.Status.ERROR).setError(
ForeignExceptionUtil.toProtoForeignException(server.getServerName().toString(),
error));
} else {
+
hbase git commit: HBASE-21460 correct Document Configurable Bucket Sizes in bucketCache
Repository: hbase Updated Branches: refs/heads/master 130057f13 -> a81987593 HBASE-21460 correct Document Configurable Bucket Sizes in bucketCache Signed-off-by: tedyu Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/a8198759 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/a8198759 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/a8198759 Branch: refs/heads/master Commit: a8198759390984bb06701b40d1bbdfb90e251e14 Parents: 130057f Author: utf7 Authored: Thu Nov 15 23:31:42 2018 +0800 Committer: tedyu Committed: Thu Nov 15 07:52:42 2018 -0800 -- src/main/asciidoc/_chapters/architecture.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hbase/blob/a8198759/src/main/asciidoc/_chapters/architecture.adoc -- diff --git a/src/main/asciidoc/_chapters/architecture.adoc b/src/main/asciidoc/_chapters/architecture.adoc index e1905bc..17e9e13 100644 --- a/src/main/asciidoc/_chapters/architecture.adoc +++ b/src/main/asciidoc/_chapters/architecture.adoc @@ -950,14 +950,14 @@ In the above, we set the BucketCache to be 4G. We configured the on-heap LruBlockCache have 20% (0.2) of the RegionServer's heap size (0.2 * 5G = 1G). In other words, you configure the L1 LruBlockCache as you would normally (as if there were no L2 cache present). link:https://issues.apache.org/jira/browse/HBASE-10641[HBASE-10641] introduced the ability to configure multiple sizes for the buckets of the BucketCache, in HBase 0.98 and newer. -To configurable multiple bucket sizes, configure the new property `hfile.block.cache.sizes` (instead of `hfile.block.cache.size`) to a comma-separated list of block sizes, ordered from smallest to largest, with no spaces. +To configurable multiple bucket sizes, configure the new property `hbase.bucketcache.bucket.sizes` to a comma-separated list of block sizes, ordered from smallest to largest, with no spaces. The goal is to optimize the bucket sizes based on your data access patterns. The following example configures buckets of size 4096 and 8192. [source,xml] - hfile.block.cache.sizes + hbase.bucketcache.bucket.sizes 4096,8192
[44/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html
--
diff --git
a/devapidocs/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html
b/devapidocs/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html
index 8989ba1..e6df984 100644
---
a/devapidocs/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html
+++
b/devapidocs/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html
@@ -18,7 +18,7 @@
catch(err) {
}
//-->
-var methods =
{"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":6};
+var methods =
{"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":6,"i11":10};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance
Methods"],4:["t3","Abstract Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
@@ -303,13 +303,21 @@ implements Check whether we still need to make the call to RS.
+
+protected boolean
+waitInitialized(MasterProcedureEnvenv)
+The Procedure.doAcquireLock(Object,
ProcedureStore) will be split into two steps, first, it will
+ call us to determine whether we need to wait for initialization, second, it
will call
+ Procedure.acquireLock(Object)
to actually handle the lock for this procedure.
+
+
Methods inherited from classorg.apache.hadoop.hbase.procedure2.Procedure
-acquireLock,
addStackIndex,
afterReplay,
beforeReplay,
bypass,
compareTo,
completionCleanup,
doExecute,
doRollback,
elapsedTime,
getChildrenLatch,
getException,
getLastUpdate,
getNonceKey,
getOwner,
getParentProcId,
getProcedureMetrics, getProcId,
getProcIdHashCode,
getProcName,
getResult,
getRootProcedureId,
getRootProcId,
getStackIndexes,
getState,
getSubmittedTime,
getTimeout,
getTimeoutTimestamp,
hasChildren,
hasException,
hasLock,
hasOwner,
hasParent,
hasTimeout,
haveSameParent,
holdLock,
incChildrenLatch,
isBypass,
isFailed,
isFinished,
isInitializing,
isLockedWhenLoading,
isRunnable,
isSuccess,
isWaiting,
isYieldAfterExecutionStep,
releaseLock,
removeStackIndex,
setAbortFailure,
setChildrenLatch,
setFailure,
setFailure,
setLastUpdate,
setNonceKey,
setOwner,
setOwner,
setParentProcId,
setProcId, setResult,
setRootProcId,
setStackIndexes,
setState,
setSubmittedTime,
setTimeout,
setTimeoutFailure,
shouldWaitClientAck,
skipPersistence,
toString,
toStringClass,
toStringClassDetails,
toStringDetails,
toStringSimpleSB,
toStringState,
updateMetricsOnFinish,
updateMetricsOnSubmit,
updateTimestamp,
waitInitialized,
wasExecuted
+acquireLock,
addStackIndex,
afterReplay,
beforeReplay,
bypass,
compareTo,
completionCleanup,
doExecute,
doRollback,
elapsedTime,
getChildrenLatch,
getException,
getLastUpdate,
getNonceKey,
getOwner,
getParentProcId,
getProcedureMetrics, getProcId,
getProcIdHashCode,
getProcName,
getResult,
getRootProcedureId,
getRootProcId,
getStackIndexes,
getState,
getSubmittedTime,
getTimeout,
getTimeoutTimestamp,
hasChildren,
hasException,
hasLock,
hasOwner,
hasParent,
hasTimeout,
haveSameParent,
holdLock,
incChildrenLatch,
isBypass,
isFailed,
isFinished,
isInitializing,
isLockedWhenLoading,
isRunnable,
isSuccess,
isWaiting,
isYieldAfterExecutionStep,
releaseLock,
removeStackIndex,
setAbortFailure,
setChildrenLatch,
setFailure,
setFailure,
setLastUpdate,
setNonceKey,
setOwner,
setOwner,
setParentProcId,
setProcId, setResult,
setRootProcId,
setStackIndexes,
setState,
setSubmittedTime,
setTimeout,
setTimeoutFailure,
shouldWaitClientAck,
skipPersistence,
toString,
toStringClass,
toStringClassDetails,
toStringDetails,
toStringSimpleSB,
toStringState,
updateMetricsOnFinish,
updateMetricsOnSubmit,
updateTimestamp,
wasExecuted
@@ -491,13 +499,38 @@ implements
+
+
+
+
+waitInitialized
+protectedbooleanwaitInitialized(MasterProcedureEnvenv)
+Description copied from
class:Procedure
+The Procedure.doAcquireLock(Object,
ProcedureStore) will be split into two steps, first, it will
+ call us to determine whether we need to wait for initialization, second, it
will call
+ Procedure.acquireLock(Object)
to actually handle the lock for this procedure.
+
+ This is because that when master restarts, we need to restore the lock state
for all the
+ procedures to not break the semantic if Procedure.holdLock(Object)
is true. But the
+ ProcedureExecutor will be
started before the master finish initialization(as it is part
+ of the initialization!), so we need to split the code into two steps, and
when restore, we just
+ restore the lock part and ignore the waitInitialized part. Otherwise there
will be dead lock.
+
+Overrides:
+waitInitializedin
classProcedureMasterProcedureEnv
+Returns:
+true means we
[32/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/class-use/AuthManager.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/AuthManager.html b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/AuthManager.html new file mode 100644 index 000..6dfcacd --- /dev/null +++ b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/AuthManager.html @@ -0,0 +1,249 @@ +http://www.w3.org/TR/html4/loose.dtd;> + + + + + +Uses of Class org.apache.hadoop.hbase.security.access.AuthManager (Apache HBase 3.0.0-SNAPSHOT API) + + + + + + + +JavaScript is disabled on your browser. + + + + + +Skip navigation links + + + + +Overview +Package +Class +Use +Tree +Deprecated +Index +Help + + + + +Prev +Next + + +Frames +NoFrames + + +AllClasses + + + + + + + + + + +Uses of Classorg.apache.hadoop.hbase.security.access.AuthManager + + + + + +Packages that use AuthManager + +Package +Description + + + +org.apache.hadoop.hbase.security.access + + + + + + + + + + +Uses of AuthManager in org.apache.hadoop.hbase.security.access + +Fields in org.apache.hadoop.hbase.security.access declared as AuthManager + +Modifier and Type +Field and Description + + + +private AuthManager +AccessChecker.authManager + + +private AuthManager +ZKPermissionWatcher.authManager + + +private AuthManager +AccessControlFilter.authManager + + + + +Fields in org.apache.hadoop.hbase.security.access with type parameters of type AuthManager + +Modifier and Type +Field and Description + + + +private static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">MapZKWatcher,AuthManager +AuthManager.managerMap + + +private static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">MapAuthManager,https://docs.oracle.com/javase/8/docs/api/java/lang/Integer.html?is-external=true; title="class or interface in java.lang">Integer +AuthManager.refCount + + + + +Methods in org.apache.hadoop.hbase.security.access that return AuthManager + +Modifier and Type +Method and Description + + + +AuthManager +AccessChecker.getAuthManager() + + +AuthManager +AccessController.getAuthManager() + + +static AuthManager +AuthManager.getOrCreate(ZKWatcherwatcher, + org.apache.hadoop.conf.Configurationconf) +Returns a AuthManager from the cache. + + + + + +Methods in org.apache.hadoop.hbase.security.access with parameters of type AuthManager + +Modifier and Type +Method and Description + + + +static void +AuthManager.release(AuthManagerinstance) +Releases the resources for the given AuthManager if the reference count is down to 0. + + + + + +Constructors in org.apache.hadoop.hbase.security.access with parameters of type AuthManager + +Constructor and Description + + + +AccessControlFilter(AuthManagermgr, + Userugi, + TableNametableName, + AccessControlFilter.Strategystrategy, + https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">MapByteRange,https://docs.oracle.com/javase/8/docs/api/java/lang/Integer.html?is-external=true; title="class or interface in java.lang">IntegercfVsMaxVersions) + + +ZKPermissionWatcher(ZKWatcherwatcher, + AuthManagerauthManager, + org.apache.hadoop.conf.Configurationconf) + + + + + + + + + + + + +Skip navigation links + + + + +Overview +Package +Class +Use +Tree +Deprecated +Index +Help + + + + +Prev +Next + + +Frames +NoFrames + + +AllClasses + + + + + + + + + +Copyright 20072018 https://www.apache.org/;>The Apache Software Foundation. All rights reserved. + + http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/class-use/GlobalPermission.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/GlobalPermission.html b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/GlobalPermission.html new file mode 100644
[47/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/AuthUtil.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/AuthUtil.html b/devapidocs/org/apache/hadoop/hbase/AuthUtil.html index 86e2a30..cb321b1 100644 --- a/devapidocs/org/apache/hadoop/hbase/AuthUtil.html +++ b/devapidocs/org/apache/hadoop/hbase/AuthUtil.html @@ -152,7 +152,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html an example of configuring a user of this Auth Chore to run on a secure cluster. - This class will be internal use only from 2.2.0 version, and will transparently work + This class will be internal used only from 2.2.0 version, and will transparently work for kerberized applications. For more, please refer http://hbase.apache.org/book.html#hbase.secure.configuration;>Client-side Configuration for Secure Operation http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/backup/package-tree.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/backup/package-tree.html b/devapidocs/org/apache/hadoop/hbase/backup/package-tree.html index 155a44c..38f7cc7 100644 --- a/devapidocs/org/apache/hadoop/hbase/backup/package-tree.html +++ b/devapidocs/org/apache/hadoop/hbase/backup/package-tree.html @@ -169,8 +169,8 @@ org.apache.hadoop.hbase.backup.BackupType org.apache.hadoop.hbase.backup.BackupRestoreConstants.BackupCommand -org.apache.hadoop.hbase.backup.BackupInfo.BackupState org.apache.hadoop.hbase.backup.BackupInfo.BackupPhase +org.apache.hadoop.hbase.backup.BackupInfo.BackupState http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/class-use/Cell.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/class-use/Cell.html b/devapidocs/org/apache/hadoop/hbase/class-use/Cell.html index a2e2524..320a52a 100644 --- a/devapidocs/org/apache/hadoop/hbase/class-use/Cell.html +++ b/devapidocs/org/apache/hadoop/hbase/class-use/Cell.html @@ -8234,11 +8234,11 @@ service. boolean -TableAuthManager.authorize(Useruser, - TableNametable, - Cellcell, - Permission.Actionaction) -Authorize a user for a given KV. +AuthManager.authorizeCell(Useruser, + TableNametable, + Cellcell, + Permission.Actionaction) +Check if user has given action privilige in cell scope. @@ -8255,7 +8255,7 @@ service. Cellcell) -private static Pairhttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission +private static Pairhttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,Permission AccessControlLists.parsePermissionRecord(byte[]entryName, Cellkv, byte[]cf,
[21/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html
new file mode 100644
index 000..4d5cbc9
--- /dev/null
+++
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html
@@ -0,0 +1,680 @@
+http://www.w3.org/TR/html4/loose.dtd;>
+
+
+Source code
+
+
+
+
+001/**
+002 * Licensed to the Apache Software
Foundation (ASF) under one
+003 * or more contributor license
agreements. See the NOTICE file
+004 * distributed with this work for
additional information
+005 * regarding copyright ownership. The
ASF licenses this file
+006 * to you under the Apache License,
Version 2.0 (the
+007 * "License"); you may not use this file
except in compliance
+008 * with the License. You may obtain a
copy of the License at
+009 *
+010 *
http://www.apache.org/licenses/LICENSE-2.0
+011 *
+012 * Unless required by applicable law or
agreed to in writing, software
+013 * distributed under the License is
distributed on an "AS IS" BASIS,
+014 * WITHOUT WARRANTIES OR CONDITIONS OF
ANY KIND, either express or implied.
+015 * See the License for the specific
language governing permissions and
+016 * limitations under the License.
+017 */
+018
+019package
org.apache.hadoop.hbase.security.access;
+020
+021import java.io.Closeable;
+022import java.io.IOException;
+023import java.util.HashMap;
+024import java.util.HashSet;
+025import java.util.List;
+026import java.util.Map;
+027import java.util.Set;
+028import
java.util.concurrent.ConcurrentHashMap;
+029import
java.util.concurrent.atomic.AtomicLong;
+030
+031import
org.apache.hadoop.conf.Configuration;
+032import
org.apache.hadoop.hbase.AuthUtil;
+033import org.apache.hadoop.hbase.Cell;
+034import
org.apache.hadoop.hbase.TableName;
+035import
org.apache.hadoop.hbase.exceptions.DeserializationException;
+036import
org.apache.hadoop.hbase.log.HBaseMarkers;
+037import
org.apache.hadoop.hbase.security.Superusers;
+038import
org.apache.hadoop.hbase.security.User;
+039import
org.apache.hadoop.hbase.security.UserProvider;
+040import
org.apache.hadoop.hbase.util.Bytes;
+041import
org.apache.hadoop.hbase.zookeeper.ZKWatcher;
+042import
org.apache.yetus.audience.InterfaceAudience;
+043import
org.apache.zookeeper.KeeperException;
+044import org.slf4j.Logger;
+045import org.slf4j.LoggerFactory;
+046
+047import
org.apache.hbase.thirdparty.com.google.common.annotations.VisibleForTesting;
+048import
org.apache.hbase.thirdparty.com.google.common.collect.ListMultimap;
+049import
org.apache.hbase.thirdparty.com.google.common.collect.Lists;
+050
+051/**
+052 * Performs authorization checks for a
given user's assigned permissions.
+053 * p
+054 * There're following scopes:
bGlobal/b, bNamespace/b,
bTable/b, bFamily/b,
+055 * bQualifier/b,
bCell/b.
+056 * Generally speaking, higher scopes
can overrides lower scopes,
+057 * except for Cell permission can be
granted even a user has not permission on specified table,
+058 * which means the user can get/scan
only those granted cells parts.
+059 * /p
+060 * e.g, if user A has global permission
R(ead), he can
+061 * read table T without checking table
scope permission, so authorization checks alway starts from
+062 * Global scope.
+063 * p
+064 * For each scope, not only user but
also groups he belongs to will be checked.
+065 * /p
+066 */
+067@InterfaceAudience.Private
+068public final class AuthManager implements
Closeable {
+069
+070 /**
+071 * Cache of permissions, it is thread
safe.
+072 * @param T T extends
Permission
+073 */
+074 private static class
PermissionCacheT extends Permission {
+075private final Object mutex = new
Object();
+076private MapString,
SetT cache = new HashMap();
+077
+078void put(String name, T perm) {
+079 synchronized (mutex) {
+080SetT perms =
cache.getOrDefault(name, new HashSet());
+081perms.add(perm);
+082cache.put(name, perms);
+083 }
+084}
+085
+086SetT get(String name) {
+087 synchronized (mutex) {
+088return cache.get(name);
+089 }
+090}
+091
+092void clear() {
+093 synchronized (mutex) {
+094for (Map.EntryString,
SetT entry : cache.entrySet()) {
+095 entry.getValue().clear();
+096}
+097cache.clear();
+098 }
+099}
+100 }
+101
PermissionCacheNamespacePermission NS_NO_PERMISSION = new
PermissionCache();
+102 PermissionCacheTablePermission
TBL_NO_PERMISSION = new PermissionCache();
+103
+104 /**
+105 * Cache for global permission.
+106 * Since every user/group can only have
one global permission, no need to user
[45/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/client/Consistency.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/client/Consistency.html b/devapidocs/org/apache/hadoop/hbase/client/Consistency.html index 7f3f29c..63443a9 100644 --- a/devapidocs/org/apache/hadoop/hbase/client/Consistency.html +++ b/devapidocs/org/apache/hadoop/hbase/client/Consistency.html @@ -253,7 +253,7 @@ the order they are declared. values -public staticConsistency[]values() +public staticConsistency[]values() Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: @@ -273,7 +273,7 @@ for (Consistency c : Consistency.values()) valueOf -public staticConsistencyvalueOf(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringname) +public staticConsistencyvalueOf(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringname) Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/client/IsolationLevel.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/client/IsolationLevel.html b/devapidocs/org/apache/hadoop/hbase/client/IsolationLevel.html index 1e48eae..dc80206 100644 --- a/devapidocs/org/apache/hadoop/hbase/client/IsolationLevel.html +++ b/devapidocs/org/apache/hadoop/hbase/client/IsolationLevel.html @@ -256,7 +256,7 @@ the order they are declared. values -public staticIsolationLevel[]values() +public staticIsolationLevel[]values() Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: @@ -276,7 +276,7 @@ for (IsolationLevel c : IsolationLevel.values()) valueOf -public staticIsolationLevelvalueOf(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringname) +public staticIsolationLevelvalueOf(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringname) Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/client/class-use/Result.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/client/class-use/Result.html b/devapidocs/org/apache/hadoop/hbase/client/class-use/Result.html index 013a9e9..1e001cf 100644 --- a/devapidocs/org/apache/hadoop/hbase/client/class-use/Result.html +++ b/devapidocs/org/apache/hadoop/hbase/client/class-use/Result.html @@ -2206,7 +2206,7 @@ service. -private static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission +private static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,UserPermission AccessControlLists.parsePermissions(byte[]entryName, Resultresult, byte[]cf, http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/client/class-use/Table.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/client/class-use/Table.html b/devapidocs/org/apache/hadoop/hbase/client/class-use/Table.html index 634818a..df03300 100644 --- a/devapidocs/org/apache/hadoop/hbase/client/class-use/Table.html +++ b/devapidocs/org/apache/hadoop/hbase/client/class-use/Table.html @@ -860,7 +860,7 @@ service. AccessControlClient.getAccessControlServiceStub(Tableht) -(package private) static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission +(package private) static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in
[14/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/UserPermission.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/UserPermission.html
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/UserPermission.html
index da23956..abb7072 100644
---
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/UserPermission.html
+++
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/UserPermission.html
@@ -26,191 +26,164 @@
018
019package
org.apache.hadoop.hbase.security.access;
020
-021import java.io.DataInput;
-022import java.io.DataOutput;
-023import java.io.IOException;
-024
-025import
org.apache.hadoop.hbase.TableName;
-026import
org.apache.yetus.audience.InterfaceAudience;
-027import org.slf4j.Logger;
-028import org.slf4j.LoggerFactory;
-029import
org.apache.hadoop.hbase.util.Bytes;
-030
-031/**
-032 * Represents an authorization for access
over the given table, column family
-033 * plus qualifier, for the given user.
-034 */
-035@InterfaceAudience.Private
-036public class UserPermission extends
TablePermission {
-037 private static final Logger LOG =
LoggerFactory.getLogger(UserPermission.class);
-038
-039 private byte[] user;
-040
-041 /** Nullary constructor for Writable,
do not use */
-042 public UserPermission() {
-043super();
+021import java.util.Objects;
+022
+023import
org.apache.hadoop.hbase.TableName;
+024import
org.apache.yetus.audience.InterfaceAudience;
+025
+026/**
+027 * UserPermission consists of a user name
and a permission.
+028 * Permission can be one of [Global,
Namespace, Table] permission.
+029 */
+030@InterfaceAudience.Private
+031public class UserPermission {
+032
+033 private String user;
+034 private Permission permission;
+035
+036 /**
+037 * Construct a global user
permission.
+038 * @param user user name
+039 * @param assigned assigned actions
+040 */
+041 public UserPermission(String user,
Permission.Action... assigned) {
+042this.user = user;
+043this.permission = new
GlobalPermission(assigned);
044 }
045
046 /**
-047 * Creates a new instance for the given
user.
-048 * @param user the user
-049 * @param assigned the list of allowed
actions
+047 * Construct a global user
permission.
+048 * @param user user name
+049 * @param actionCode action codes
050 */
-051 public UserPermission(byte[] user,
Action... assigned) {
-052super(null, null, null, assigned);
-053this.user = user;
+051 public UserPermission(String user,
byte[] actionCode) {
+052this.user = user;
+053this.permission = new
GlobalPermission(actionCode);
054 }
055
056 /**
-057 * Creates a new instance for the given
user,
-058 * matching the actions with the given
codes.
-059 * @param user the user
-060 * @param actionCodes the list of
allowed action codes
+057 * Construct a namespace user
permission.
+058 * @param user user name
+059 * @param namespace namespace
+060 * @param assigned assigned actions
061 */
-062 public UserPermission(byte[] user,
byte[] actionCodes) {
-063super(null, null, null,
actionCodes);
-064this.user = user;
+062 public UserPermission(String user,
String namespace, Permission.Action... assigned) {
+063this.user = user;
+064this.permission = new
NamespacePermission(namespace, assigned);
065 }
066
067 /**
-068 * Creates a new instance for the given
user.
-069 * @param user the user
-070 * @param namespace
-071 * @param assigned the list of allowed
actions
+068 * Construct a table user permission.
+069 * @param user user name
+070 * @param tableName table name
+071 * @param assigned assigned actions
072 */
-073 public UserPermission(byte[] user,
String namespace, Action... assigned) {
-074super(namespace, assigned);
-075this.user = user;
+073 public UserPermission(String user,
TableName tableName, Permission.Action... assigned) {
+074this.user = user;
+075this.permission = new
TablePermission(tableName, assigned);
076 }
077
078 /**
-079 * Creates a new instance for the given
user,
-080 * matching the actions with the given
codes.
-081 * @param user the user
-082 * @param namespace
-083 * @param actionCodes the list of
allowed action codes
+079 * Construct a table:family user
permission.
+080 * @param user user name
+081 * @param tableName table name
+082 * @param family family name of table
+083 * @param assigned assigned actions
084 */
-085 public UserPermission(byte[] user,
String namespace, byte[] actionCodes) {
-086super(namespace, actionCodes);
-087this.user = user;
+085 public UserPermission(String user,
TableName tableName, byte[] family,
+086Permission.Action... assigned) {
+087this(user, tableName, family, null,
assigned);
088 }
089
090 /**
-091 *
[24/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlUtil.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlUtil.html
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlUtil.html
index 69565e9..3e1345c 100644
---
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlUtil.html
+++
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlUtil.html
@@ -55,7 +55,7 @@
047 private AccessControlUtil() {}
048
049 /**
-050 * Create a request to grant user
permissions.
+050 * Create a request to grant user table
permissions.
051 *
052 * @param username the short user name
who to grant permissions
053 * @param tableName optional table name
the permissions apply
@@ -96,7 +96,7 @@
088 }
089
090 /**
-091 * Create a request to grant user
permissions.
+091 * Create a request to grant user
namespace permissions.
092 *
093 * @param username the short user name
who to grant permissions
094 * @param namespace optional table name
the permissions apply
@@ -127,7 +127,7 @@
119 }
120
121 /**
-122 * Create a request to revoke user
permissions.
+122 * Create a request to revoke user
global permissions.
123 *
124 * @param username the short user name
whose permissions to be revoked
125 * @param actions the permissions to be
revoked
@@ -153,7 +153,7 @@
145 }
146
147 /**
-148 * Create a request to revoke user
permissions.
+148 * Create a request to revoke user
namespace permissions.
149 *
150 * @param username the short user name
whose permissions to be revoked
151 * @param namespace optional table name
the permissions apply
@@ -184,7 +184,7 @@
176 }
177
178 /**
-179 * Create a request to grant user
permissions.
+179 * Create a request to grant user
global permissions.
180 *
181 * @param username the short user name
who to grant permissions
182 * @param actions the permissions to be
granted
@@ -248,669 +248,661 @@
240return result;
241 }
242
-243
-244 /**
-245 * Converts a Permission proto to a
client Permission object.
-246 *
-247 * @param proto the protobuf
Permission
-248 * @return the converted Permission
-249 */
-250 public static Permission
toPermission(AccessControlProtos.Permission proto) {
-251if (proto.getType() !=
AccessControlProtos.Permission.Type.Global) {
-252 return toTablePermission(proto);
-253} else {
-254 ListPermission.Action
actions = toPermissionActions(
-255
proto.getGlobalPermission().getActionList());
-256 return new
Permission(actions.toArray(new Permission.Action[actions.size()]));
-257}
-258 }
-259
-260 /**
-261 * Converts a TablePermission proto to
a client TablePermission object.
-262 * @param proto the protobuf
TablePermission
-263 * @return the converted
TablePermission
-264 */
-265 public static TablePermission
toTablePermission(AccessControlProtos.TablePermission proto) {
-266ListPermission.Action actions
= toPermissionActions(proto.getActionList());
-267TableName table = null;
-268byte[] qualifier = null;
-269byte[] family = null;
-270if (!proto.hasTableName()) {
-271 throw new
IllegalStateException("TableName cannot be empty");
-272}
-273table =
ProtobufUtil.toTableName(proto.getTableName());
-274if (proto.hasFamily()) {
-275 family =
proto.getFamily().toByteArray();
-276}
-277if (proto.hasQualifier()) {
-278 qualifier =
proto.getQualifier().toByteArray();
-279}
-280return new TablePermission(table,
family, qualifier,
-281actions.toArray(new
Permission.Action[actions.size()]));
-282 }
-283
-284 /**
-285 * Converts a Permission proto to a
client TablePermission object.
-286 * @param proto the protobuf
Permission
-287 * @return the converted
TablePermission
-288 */
-289 public static TablePermission
toTablePermission(AccessControlProtos.Permission proto) {
-290if(proto.getType() ==
AccessControlProtos.Permission.Type.Global) {
-291
AccessControlProtos.GlobalPermission perm = proto.getGlobalPermission();
-292 ListPermission.Action
actions = toPermissionActions(perm.getActionList());
-293
-294 return new TablePermission(null,
null, null,
-295 actions.toArray(new
Permission.Action[actions.size()]));
-296}
-297if(proto.getType() ==
AccessControlProtos.Permission.Type.Namespace) {
-298
AccessControlProtos.NamespacePermission perm =
proto.getNamespacePermission();
-299 ListPermission.Action
actions = toPermissionActions(perm.getActionList());
-300
-301 if(!proto.hasNamespacePermission())
{
-302throw new
IllegalStateException("Namespace must not be empty in NamespacePermission");
-303 }
-304
[42/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlUtil.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlUtil.html b/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlUtil.html index a644a4a..6691b7d 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlUtil.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlUtil.html @@ -50,7 +50,7 @@ var activeTableTab = "activeTableTab"; PrevClass -NextClass +NextClass Frames @@ -164,7 +164,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html buildGrantRequest(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringusername, booleanmergeExistingPermissions, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action...actions) -Create a request to grant user permissions. +Create a request to grant user global permissions. @@ -173,7 +173,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace, booleanmergeExistingPermissions, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action...actions) -Create a request to grant user permissions. +Create a request to grant user namespace permissions. @@ -184,14 +184,14 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html byte[]qualifier, booleanmergeExistingPermissions, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action...actions) -Create a request to grant user permissions. +Create a request to grant user table permissions. static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeRequest buildRevokeRequest(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringusername, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action...actions) -Create a request to revoke user permissions. +Create a request to revoke user global permissions. @@ -199,7 +199,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html buildRevokeRequest(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringusername, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action...actions) -Create a request to revoke user permissions. +Create a request to revoke user namespace permissions. @@ -209,7 +209,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html byte[]family, byte[]qualifier, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action...actions) -Create a request to revoke user permissions. +Create a request to revoke user table permissions. @@ -349,35 +349,35 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html +static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,Permission +toPermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissionsproto) +Convert a protobuf UserTablePermissions to a ListMultimapUsername, Permission + + + static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission toPermission(Permissionperm) Convert a client Permission to a Permission proto - + static Permission.Action toPermissionAction(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Actionaction) Converts a Permission.Action proto to a client Permission.Action object. - + static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action toPermissionAction(Permission.Actionaction) Convert a client Permission.Action to a Permission.Action proto - + static https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">ListPermission.Action toPermissionActions(https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in
[27/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html b/devapidocs/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html index 44628e7..18eaf1f 100644 --- a/devapidocs/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html +++ b/devapidocs/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html @@ -110,7 +110,7 @@ var activeTableTab = "activeTableTab"; @InterfaceAudience.Private -public class RestoreSnapshotHelper +public class RestoreSnapshotHelper extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">Object Helper to Restore/Clone a Snapshot @@ -467,7 +467,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html LOG -private static finalorg.slf4j.Logger LOG +private static finalorg.slf4j.Logger LOG @@ -476,7 +476,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html regionsMap -private finalhttps://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Mapbyte[],byte[] regionsMap +private finalhttps://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Mapbyte[],byte[] regionsMap @@ -485,7 +485,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html parentsMap -private finalhttps://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Maphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,Pairhttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String parentsMap +private finalhttps://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Maphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,Pairhttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String parentsMap @@ -494,7 +494,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html monitor -private finalForeignExceptionDispatcher monitor +private finalForeignExceptionDispatcher monitor @@ -503,7 +503,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html status -private finalMonitoredTask status +private finalMonitoredTask status @@ -512,7 +512,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html snapshotManifest -private finalSnapshotManifest snapshotManifest +private finalSnapshotManifest snapshotManifest @@ -521,7 +521,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html snapshotDesc -private finalorg.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotDescription snapshotDesc +private finalorg.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotDescription snapshotDesc @@ -530,7 +530,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html snapshotTable -private finalTableName snapshotTable +private finalTableName snapshotTable @@ -539,7 +539,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html tableDesc -private finalTableDescriptor tableDesc +private finalTableDescriptor tableDesc @@ -548,7 +548,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html rootDir -private finalorg.apache.hadoop.fs.Path rootDir +private finalorg.apache.hadoop.fs.Path rootDir @@ -557,7 +557,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html tableDir -private finalorg.apache.hadoop.fs.Path tableDir +private finalorg.apache.hadoop.fs.Path tableDir @@ -566,7 +566,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html conf -private finalorg.apache.hadoop.conf.Configuration conf +private finalorg.apache.hadoop.conf.Configuration conf @@ -575,7 +575,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html fs -private finalorg.apache.hadoop.fs.FileSystem fs +private finalorg.apache.hadoop.fs.FileSystem fs @@ -584,7 +584,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
[26/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html
b/devapidocs/src-html/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html
index daf2583..25ef9bf 100644
---
a/devapidocs/src-html/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html
+++
b/devapidocs/src-html/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html
@@ -116,75 +116,87 @@
108 }
109
110 @Override
-111 protected void
rollback(MasterProcedureEnv env) throws IOException, InterruptedException {
-112throw new
UnsupportedOperationException();
-113 }
-114
-115 @Override
-116 protected boolean
abort(MasterProcedureEnv env) {
-117return false;
-118 }
-119
-120 /**
-121 * Check whether we still need to make
the call to RS.
-122 * p/
-123 * Usually this will not happen if we
do not allow assigning a already onlined region. But if we
-124 * have something wrong in the
RSProcedureDispatcher, where we have already sent the request to
-125 * RS, but then we tell the upper layer
the remote call is failed due to rpc timeout or connection
-126 * closed or anything else, then this
issue can still happen. So here we add a check to make it
-127 * more robust.
-128 */
-129 protected abstract boolean
shouldDispatch(RegionStateNode regionNode);
+111 protected boolean
waitInitialized(MasterProcedureEnv env) {
+112if
(TableName.isMetaTableName(getTableName())) {
+113 return false;
+114}
+115// First we need meta to be loaded,
and second, if meta is not online then we will likely to
+116// fail when updating meta so we wait
until it is assigned.
+117AssignmentManager am =
env.getAssignmentManager();
+118return am.waitMetaLoaded(this) ||
am.waitMetaAssigned(this, region);
+119 }
+120
+121 @Override
+122 protected void
rollback(MasterProcedureEnv env) throws IOException, InterruptedException {
+123throw new
UnsupportedOperationException();
+124 }
+125
+126 @Override
+127 protected boolean
abort(MasterProcedureEnv env) {
+128return false;
+129 }
130
-131 @Override
-132 protected
ProcedureMasterProcedureEnv[] execute(MasterProcedureEnv env)
-133 throws ProcedureYieldException,
ProcedureSuspendedException, InterruptedException {
-134if (dispatched) {
-135 // we are done, the parent
procedure will check whether we are succeeded.
-136 return null;
-137}
-138RegionStateNode regionNode =
getRegionNode(env);
-139regionNode.lock();
-140try {
-141 if (!shouldDispatch(regionNode))
{
-142return null;
-143 }
-144 // The code which wakes us up also
needs to lock the RSN so here we do not need to synchronize
-145 // on the event.
-146 ProcedureEvent? event =
regionNode.getProcedureEvent();
-147 try {
-148
env.getRemoteDispatcher().addOperationToNode(targetServer, this);
-149 } catch
(FailedRemoteDispatchException e) {
-150LOG.warn("Can not add remote
operation {} for region {} to server {}, this usually " +
-151 "because the server is alread
dead, give up and mark the procedure as complete, " +
-152 "the parent procedure will take
care of this.", this, region, targetServer, e);
-153return null;
-154 }
-155 dispatched = true;
-156 event.suspend();
-157 event.suspendIfNotReady(this);
-158 throw new
ProcedureSuspendedException();
-159} finally {
-160 regionNode.unlock();
-161}
-162 }
-163
-164 @Override
-165 protected void
serializeStateData(ProcedureStateSerializer serializer) throws IOException {
-166
serializer.serialize(RegionRemoteProcedureBaseStateData.newBuilder()
-167
.setRegion(ProtobufUtil.toRegionInfo(region))
-168
.setTargetServer(ProtobufUtil.toServerName(targetServer)).setDispatched(dispatched).build());
-169 }
-170
-171 @Override
-172 protected void
deserializeStateData(ProcedureStateSerializer serializer) throws IOException
{
-173RegionRemoteProcedureBaseStateData
data =
-174
serializer.deserialize(RegionRemoteProcedureBaseStateData.class);
-175region =
ProtobufUtil.toRegionInfo(data.getRegion());
-176targetServer =
ProtobufUtil.toServerName(data.getTargetServer());
-177dispatched = data.getDispatched();
-178 }
-179}
+131 /**
+132 * Check whether we still need to make
the call to RS.
+133 * p/
+134 * This could happen when master
restarts. Since we do not know whether a request has already been
+135 * sent to the region server after we
add a remote operation to the dispatcher, so the safe way is
+136 * to not persist the dispatched field
and try to add the remote operation again. But it is
+137 *
[35/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.html
--
diff --git
a/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.html
b/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.html
deleted file mode 100644
index 08041b5..000
--- a/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.html
+++ /dev/null
@@ -1,1290 +0,0 @@
-http://www.w3.org/TR/html4/loose.dtd;>
-
-
-
-
-
-TableAuthManager (Apache HBase 3.0.0-SNAPSHOT API)
-
-
-
-
-
-var methods =
{"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10,"i13":10,"i14":10,"i15":9,"i16":10,"i17":9,"i18":10,"i19":10,"i20":10,"i21":10,"i22":10,"i23":10,"i24":10,"i25":10,"i26":10,"i27":9,"i28":10,"i29":10,"i30":10,"i31":10,"i32":10,"i33":10,"i34":10,"i35":10,"i36":10,"i37":10,"i38":10,"i39":10};
-var tabs = {65535:["t0","All Methods"],1:["t1","Static
Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]};
-var altColor = "altColor";
-var rowColor = "rowColor";
-var tableTab = "tableTab";
-var activeTableTab = "activeTableTab";
-
-
-JavaScript is disabled on your browser.
-
-
-
-
-
-Skip navigation links
-
-
-
-
-Overview
-Package
-Class
-Use
-Tree
-Deprecated
-Index
-Help
-
-
-
-
-PrevClass
-NextClass
-
-
-Frames
-NoFrames
-
-
-AllClasses
-
-
-
-
-
-
-
-Summary:
-Nested|
-Field|
-Constr|
-Method
-
-
-Detail:
-Field|
-Constr|
-Method
-
-
-
-
-
-
-
-
-org.apache.hadoop.hbase.security.access
-Class TableAuthManager
-
-
-
-https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">java.lang.Object
-
-
-org.apache.hadoop.hbase.security.access.TableAuthManager
-
-
-
-
-
-
-
-All Implemented Interfaces:
-https://docs.oracle.com/javase/8/docs/api/java/io/Closeable.html?is-external=true;
title="class or interface in java.io">Closeable, https://docs.oracle.com/javase/8/docs/api/java/lang/AutoCloseable.html?is-external=true;
title="class or interface in java.lang">AutoCloseable
-
-
-
-@InterfaceAudience.Private
-public class TableAuthManager
-extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">Object
-implements https://docs.oracle.com/javase/8/docs/api/java/io/Closeable.html?is-external=true;
title="class or interface in java.io">Closeable
-Performs authorization checks for a given user's assigned
permissions
-
-
-
-
-
-
-
-
-
-
-
-Nested Class Summary
-
-Nested Classes
-
-Modifier and Type
-Class and Description
-
-
-private static class
-TableAuthManager.PermissionCacheT extends Permission
-
-
-
-
-
-
-
-
-
-Field Summary
-
-Fields
-
-Modifier and Type
-Field and Description
-
-
-private
org.apache.hadoop.conf.Configuration
-conf
-
-
-private TableAuthManager.PermissionCachePermission
-globalCache
-Cache of global permissions
-
-
-
-private static org.slf4j.Logger
-LOG
-
-
-private static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true;
title="class or interface in java.util">MapZKWatcher,TableAuthManager
-managerMap
-
-
-private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/atomic/AtomicLong.html?is-external=true;
title="class or interface in
java.util.concurrent.atomic">AtomicLong
-mtime
-
-
-private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentSkipListMap.html?is-external=true;
title="class or interface in
java.util.concurrent">ConcurrentSkipListMaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String,TableAuthManager.PermissionCacheTablePermission
-nsCache
-
-
-private static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true;
title="class or interface in java.util">MapTableAuthManager,https://docs.oracle.com/javase/8/docs/api/java/lang/Integer.html?is-external=true;
title="class or interface in java.lang">Integer
-refCount
-
-
-private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentSkipListMap.html?is-external=true;
title="class or interface in
java.util.concurrent">ConcurrentSkipListMapTableName,TableAuthManager.PermissionCacheTablePermission
-tableCache
-
-
-private ZKPermissionWatcher
-zkperms
-
-
-
-
-
-
-
-
-
-Constructor Summary
-
-Constructors
-
-Modifier
-Constructor and Description
-
-
-private
[23/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.OpType.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.OpType.html
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.OpType.html
index 25b7848..5c428b5 100644
---
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.OpType.html
+++
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.OpType.html
@@ -245,20 +245,20 @@
237return regionEnv != null ?
regionEnv.getRegion() : null;
238 }
239
-240 public TableAuthManager
getAuthManager() {
+240 public AuthManager getAuthManager() {
241return
accessChecker.getAuthManager();
242 }
243
244 private void
initialize(RegionCoprocessorEnvironment e) throws IOException {
245final Region region =
e.getRegion();
246Configuration conf =
e.getConfiguration();
-247Mapbyte[],
ListMultimapString, TablePermission tables =
AccessControlLists.loadAll(region);
+247Mapbyte[],
ListMultimapString, UserPermission tables =
AccessControlLists.loadAll(region);
248// For each table, write out the
table's permissions to the respective
249// znode for that table.
-250for (Map.Entrybyte[],
ListMultimapString,TablePermission t:
+250for (Map.Entrybyte[],
ListMultimapString, UserPermission t:
251 tables.entrySet()) {
252 byte[] entry = t.getKey();
-253
ListMultimapString,TablePermission perms = t.getValue();
+253 ListMultimapString,
UserPermission perms = t.getValue();
254 byte[] serialized =
AccessControlLists.writePermissionsAsBytes(perms, conf);
255
getAuthManager().getZKPermissionWatcher().writeToZookeeper(entry,
serialized);
256}
@@ -294,7 +294,7 @@
286try (Table t =
e.getConnection().getTable(AccessControlLists.ACL_TABLE_NAME)) {
287 for (byte[] entry : entries) {
288currentEntry = entry;
-289ListMultimapString,
TablePermission perms =
+289ListMultimapString,
UserPermission perms =
290
AccessControlLists.getPermissions(conf, entry, t, null, null, null, false);
291byte[] serialized =
AccessControlLists.writePermissionsAsBytes(perms, conf);
292zkw.writeToZookeeper(entry,
serialized);
@@ -338,7 +338,7 @@
330}
331
332// 2. check for the table-level, if
successful we can short-circuit
-333if (getAuthManager().authorize(user,
tableName, (byte[])null, permRequest)) {
+333if
(getAuthManager().authorizeUserTable(user, tableName, permRequest)) {
334 return AuthResult.allow(request,
"Table permission granted", user,
335permRequest, tableName,
families);
336}
@@ -348,7 +348,7 @@
340 // all families must pass
341 for (Map.Entrybyte [], ?
extends Collection? family : families.entrySet()) {
342// a) check for family level
access
-343if
(getAuthManager().authorize(user, tableName, family.getKey(),
+343if
(getAuthManager().authorizeUserTable(user, tableName, family.getKey(),
344permRequest)) {
345 continue; // family-level
permission overrides per-qualifier
346}
@@ -359,17 +359,17 @@
351// for each qualifier of the
family
352Setbyte[] familySet =
(Setbyte[])family.getValue();
353for (byte[] qualifier :
familySet) {
-354 if
(!getAuthManager().authorize(user, tableName, family.getKey(),
-355
qualifier, permRequest)) {
+354 if
(!getAuthManager().authorizeUserTable(user, tableName,
+355family.getKey(),
qualifier, permRequest)) {
356return
AuthResult.deny(request, "Failed qualifier check", user,
-357permRequest,
tableName, makeFamilyMap(family.getKey(), qualifier));
+357 permRequest, tableName,
makeFamilyMap(family.getKey(), qualifier));
358 }
359}
360 } else if (family.getValue()
instanceof List) { // ListCell
361ListCell cellList =
(ListCell)family.getValue();
362for (Cell cell : cellList)
{
-363 if
(!getAuthManager().authorize(user, tableName, family.getKey(),
-364
CellUtil.cloneQualifier(cell), permRequest)) {
+363 if
(!getAuthManager().authorizeUserTable(user, tableName, family.getKey(),
+364
CellUtil.cloneQualifier(cell), permRequest)) {
365return
AuthResult.deny(request, "Failed qualifier check", user, permRequest,
366 tableName,
makeFamilyMap(family.getKey(), CellUtil.cloneQualifier(cell)));
367 }
@@ -378,7 +378,7 @@
370} else {
371 // no qualifiers and
family-level check already failed
[01/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
Repository: hbase-site
Updated Branches:
refs/heads/asf-site 733988183 -> 68eae6230
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.PingCoprocessor.html
--
diff --git
a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.PingCoprocessor.html
b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.PingCoprocessor.html
index 5062e9b..23b4be7 100644
---
a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.PingCoprocessor.html
+++
b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.PingCoprocessor.html
@@ -282,7 +282,7 @@
274 public static void tearDownAfterClass()
throws Exception {
275cleanUp();
276TEST_UTIL.shutdownMiniCluster();
-277int total =
TableAuthManager.getTotalRefCount();
+277int total =
AuthManager.getTotalRefCount();
278assertTrue("Unexpected reference
count: " + total, total == 0);
279 }
280
@@ -1642,12 +1642,12 @@
1634 }
1635
1636 UserPermission ownerperm =
-1637 new
UserPermission(Bytes.toBytes(USER_OWNER.getName()), tableName, null,
Action.values());
+1637 new
UserPermission(USER_OWNER.getName(), tableName, Action.values());
1638 assertTrue("Owner should have all
permissions on table",
1639
hasFoundUserPermission(ownerperm, perms));
1640
1641 User user =
User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new
String[0]);
-1642 byte[] userName =
Bytes.toBytes(user.getShortName());
+1642 String userName =
user.getShortName();
1643
1644 UserPermission up =
1645 new UserPermission(userName,
tableName, family1, qualifier, Permission.Action.READ);
@@ -1733,7 +1733,7 @@
1725 }
1726
1727 UserPermission newOwnerperm =
-1728 new
UserPermission(Bytes.toBytes(newOwner.getName()), tableName, null,
Action.values());
+1728 new
UserPermission(newOwner.getName(), tableName, Action.values());
1729 assertTrue("New owner should have
all permissions on table",
1730
hasFoundUserPermission(newOwnerperm, perms));
1731} finally {
@@ -1757,1888 +1757,1898 @@
1749
1750CollectionString superUsers
= Superusers.getSuperUsers();
1751ListUserPermission
adminPerms = new ArrayList(superUsers.size() + 1);
-1752adminPerms.add(new
UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()),
-1753 AccessControlLists.ACL_TABLE_NAME,
null, null, Bytes.toBytes("ACRW")));
-1754
-1755for(String user: superUsers) {
-1756 adminPerms.add(new
UserPermission(Bytes.toBytes(user), AccessControlLists.ACL_TABLE_NAME,
-1757 null, null,
Action.values()));
-1758}
-1759assertTrue("Only super users, global
users and user admin has permission on table hbase:acl " +
-1760"per setup", perms.size() == 5 +
superUsers.size()
-1761
hasFoundUserPermission(adminPerms, perms));
-1762 }
-1763
-1764 /** global operations */
-1765 private void
verifyGlobal(AccessTestAction action) throws Exception {
-1766verifyAllowed(action, SUPERUSER);
-1767
-1768verifyDenied(action, USER_CREATE,
USER_RW, USER_NONE, USER_RO);
-1769 }
-1770
-1771 @Test
-1772 public void testCheckPermissions()
throws Exception {
-1773//
--
-1774// test global permissions
-1775AccessTestAction globalAdmin = new
AccessTestAction() {
-1776 @Override
-1777 public Void run() throws Exception
{
-1778checkGlobalPerms(TEST_UTIL,
Permission.Action.ADMIN);
-1779return null;
-1780 }
-1781};
-1782// verify that only superuser can
admin
-1783verifyGlobal(globalAdmin);
-1784
-1785//
--
-1786// test multiple permissions
-1787AccessTestAction globalReadWrite =
new AccessTestAction() {
-1788 @Override
-1789 public Void run() throws Exception
{
-1790checkGlobalPerms(TEST_UTIL,
Permission.Action.READ, Permission.Action.WRITE);
-1791return null;
-1792 }
-1793};
+1752adminPerms.add(new
UserPermission(USER_ADMIN.getShortName(), Bytes.toBytes("ACRW")));
+1753for(String user: superUsers) {
+1754 // Global permission
+1755 adminPerms.add(new
UserPermission(user, Action.values()));
+1756}
+1757assertTrue("Only super users, global
users and user admin has permission on table hbase:acl " +
+1758"per setup", perms.size() == 5 +
superUsers.size()
+1759
hasFoundUserPermission(adminPerms, perms));
+1760 }
+1761
+1762 /** global operations */
+1763 private void
verifyGlobal(AccessTestAction action) throws Exception {
+1764verifyAllowed(action, SUPERUSER);
+1765
+1766verifyDenied(action, USER_CREATE,
USER_RW,
[48/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/index-all.html -- diff --git a/devapidocs/index-all.html b/devapidocs/index-all.html index 036587e..fe6b567 100644 --- a/devapidocs/index-all.html +++ b/devapidocs/index-all.html @@ -642,7 +642,7 @@ For Writable -AccessControlFilter(TableAuthManager, User, TableName, AccessControlFilter.Strategy, MapByteRange, Integer) - Constructor for class org.apache.hadoop.hbase.security.access.AccessControlFilter +AccessControlFilter(AuthManager, User, TableName, AccessControlFilter.Strategy, MapByteRange, Integer) - Constructor for class org.apache.hadoop.hbase.security.access.AccessControlFilter AccessControlFilter.Strategy - Enum in org.apache.hadoop.hbase.security.access @@ -698,6 +698,11 @@ accessToken - Variable in class org.apache.hadoop.hbase.rest.client.RemoteAdmin +accessUserTable(User, TableName, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.AuthManager + +Checks if the user has access to the full table or at least a family/qualifier + for the specified action. + ack - Variable in class org.apache.hadoop.hbase.util.RegionMover ack - Variable in class org.apache.hadoop.hbase.util.RegionMover.RegionMoverBuilder @@ -4531,8 +4536,18 @@ authManager - Variable in class org.apache.hadoop.hbase.security.access.AccessControlFilter +AuthManager - Class in org.apache.hadoop.hbase.security.access + +Performs authorization checks for a given user's assigned permissions. + +AuthManager(ZKWatcher, Configuration) - Constructor for class org.apache.hadoop.hbase.security.access.AuthManager + authManager - Variable in class org.apache.hadoop.hbase.security.access.ZKPermissionWatcher +AuthManager.PermissionCacheT extends Permission - Class in org.apache.hadoop.hbase.security.access + +Cache of permissions, it is thread safe. + authMethod - Variable in class org.apache.hadoop.hbase.ipc.RpcConnection authMethod - Variable in class org.apache.hadoop.hbase.ipc.ServerRpcConnection @@ -4597,48 +4612,44 @@ Authorize the incoming client connection. -authorize(ListPermission, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager - -Authorizes a global permission - -authorize(User, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager - -Authorize a global permission based on ACLs for the given user and the - user's groups. - -authorize(ListTablePermission, TableName, byte[], byte[], Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager - -authorize(User, TableName, Cell, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager +authorizeCell(User, TableName, Cell, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.AuthManager -Authorize a user for a given KV. +Check if user has given action privilige in cell scope. -authorize(User, String, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager +authorizeConnection() - Method in class org.apache.hadoop.hbase.ipc.ServerRpcConnection -authorize(ListTablePermission, String, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager +authorizeFamily(SetTablePermission, TableName, byte[], Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.AuthManager -authorize(User, TableName, byte[], byte[], Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager +authorizeGlobal(GlobalPermission, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.AuthManager -authorize(User, TableName, byte[], Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager +authorizeNamespace(SetNamespacePermission, String, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.AuthManager -authorizeConnection() - Method in class org.apache.hadoop.hbase.ipc.ServerRpcConnection +authorizeTable(SetTablePermission, TableName, byte[], byte[], Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.AuthManager -authorizeGroup(String, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager +authorizeUserFamily(User, TableName, byte[], Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.AuthManager -Checks global authorization for a given action for a group, based on the stored - permissions. +Check if user has given action privilige in table:family scope. -authorizeGroup(String, TableName, byte[], byte[], Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager +authorizeUserGlobal(User, Permission.Action) - Method in class
[50/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/checkstyle-aggregate.html
--
diff --git a/checkstyle-aggregate.html b/checkstyle-aggregate.html
index 0ee5ffc..fdbae97 100644
--- a/checkstyle-aggregate.html
+++ b/checkstyle-aggregate.html
@@ -7,7 +7,7 @@
-
+
Apache HBase Checkstyle Results
@@ -291,10 +291,10 @@
Warnings
Errors
-3806
+3809
0
0
-15073
+14996
Files
@@ -8232,12 +8232,12 @@
org/apache/hadoop/hbase/security/access/AccessControlLists.java
0
0
-16
+13
org/apache/hadoop/hbase/security/access/AccessControlUtil.java
0
0
-40
+36
org/apache/hadoop/hbase/security/access/AccessController.java
0
@@ -8252,7 +8252,7 @@
org/apache/hadoop/hbase/security/access/Permission.java
0
0
-7
+2
org/apache/hadoop/hbase/security/access/SecureTestUtil.java
0
@@ -8262,62 +8262,52 @@
org/apache/hadoop/hbase/security/access/ShadedAccessControlUtil.java
0
0
-49
+46
-org/apache/hadoop/hbase/security/access/TableAuthManager.java
-0
-0
-43
-
org/apache/hadoop/hbase/security/access/TablePermission.java
0
0
-10
-
+1
+
org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java
0
0
1
-
+
org/apache/hadoop/hbase/security/access/TestAccessController.java
0
0
-17
-
+16
+
org/apache/hadoop/hbase/security/access/TestAccessController2.java
0
0
3
-
+
org/apache/hadoop/hbase/security/access/TestCellACLWithMultipleVersions.java
0
0
1
-
+
org/apache/hadoop/hbase/security/access/TestCellACLs.java
0
0
2
-
+
org/apache/hadoop/hbase/security/access/TestNamespaceCommands.java
0
0
2
-
+
org/apache/hadoop/hbase/security/access/TestTablePermissions.java
0
0
-13
-
+7
+
org/apache/hadoop/hbase/security/access/TestWithDisabledAuthorization.java
0
0
5
-
-org/apache/hadoop/hbase/security/access/UserPermission.java
-0
-0
-3
org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
0
@@ -9729,7 +9719,7 @@
http://checkstyle.sourceforge.net/config_blocks.html#NeedBraces;>NeedBraces
-1792
+1779
Error
coding
@@ -9754,7 +9744,7 @@
design
http://checkstyle.sourceforge.net/config_design.html#FinalClass;>FinalClass
-51
+50
Error
@@ -9796,7 +9786,7 @@
sortStaticImportsAlphabetically: true
groups:
*,org.apache.hbase.thirdparty,org.apache.hadoop.hbase.shaded
option: top
-1145
+1142
Error
@@ -9819,24 +9809,24 @@
caseIndent: 2
basicOffset: 2
lineWrappingIndentation: 2
-4805
+4803
Error
javadoc
http://checkstyle.sourceforge.net/config_javadoc.html#JavadocTagContinuationIndentation;>JavadocTagContinuationIndentation
offset: 2
-731
+730
Error
http://checkstyle.sourceforge.net/config_javadoc.html#NonEmptyAtclauseDescription;>NonEmptyAtclauseDescription
-3494
+3453
Error
misc
http://checkstyle.sourceforge.net/config_misc.html#ArrayTypeStyle;>ArrayTypeStyle
-144
+139
Error
@@ -9849,7 +9839,7 @@
max: 100
ignorePattern: ^package.*|^import.*|a
href|href|http://|https://|ftp://|org.apache.thrift.|com.google.protobuf.|hbase.protobuf.generated
-1442
+1431
Error
@@ -19125,7 +19115,7 @@
Error
javadoc
-JavadocTagContinuationIndentation
+NonEmptyAtclauseDescription
Javadoc comment at column 0 has parse error. Details: no viable
alternative at input ' *' while parsing JAVADOC_TAG
117
@@ -46796,7 +46786,7 @@
javadoc
NonEmptyAtclauseDescription
At-clause should have a non-empty description.
-304
+306
org/apache/hadoop/hbase/io/encoding/TestEncodedSeekers.java
@@ -96944,397 +96934,361 @@
indentation
Indentation
'method call rparen' has incorrect indentation level 10, expected level
should be 6.
-185
+184
Error
-sizes
-LineLength
-Line is longer than 100 characters (found 102).
-245
-
-Error
blocks
NeedBraces
'if' construct must use '{}'s.
-334
-
+336
+
Error
blocks
NeedBraces
'if' construct must use '{}'s.
-335
-
+337
+
Error
javadoc
NonEmptyAtclauseDescription
At-clause should have a non-empty description.
-403
-
+413
+
Error
javadoc
NonEmptyAtclauseDescription
At-clause should have a non-empty description.
-405
-
-Error
-sizes
-LineLength
-Line is longer than 100 characters (found 107).
-414
+415
Error
-sizes
-LineLength
-Line is longer than 100 characters (found 106).
-465
-
-Error
blocks
NeedBraces
'if' construct must use '{}'s.
-484
-
+496
+
Error
blocks
NeedBraces
'if' construct must use '{}'s.
-514
-
+526
+
Error
sizes
LineLength
Line is longer than 100 characters (found 102).
-743
-
+752
+
Error
blocks
NeedBraces
'if' construct must use '{}'s.
-818
-
+860
+
Error
sizes
LineLength
Line is longer than 100 characters (found 107).
-855
-
+897
+
Error
misc
ArrayTypeStyle
Array brackets at illegal position.
-867
+909
org/apache/hadoop/hbase/security/access/AccessControlUtil.java
-
+
Severity
Category
Rule
Message
Line
-
+
Error
imports
ImportOrder
Wrong order for 'org.apache.hadoop.hbase.protobuf.ProtobufUtil'
import.
29
-
+
Error
[09/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.ServerManagerForTest.html
--
diff --git
a/testdevapidocs/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.ServerManagerForTest.html
b/testdevapidocs/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.ServerManagerForTest.html
new file mode 100644
index 000..b308bce
--- /dev/null
+++
b/testdevapidocs/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.ServerManagerForTest.html
@@ -0,0 +1,307 @@
+http://www.w3.org/TR/html4/loose.dtd;>
+
+
+
+
+
+TestRegionAssignedToMultipleRegionServers.ServerManagerForTest (Apache
HBase 3.0.0-SNAPSHOT Test API)
+
+
+
+
+
+var methods = {"i0":10};
+var tabs = {65535:["t0","All Methods"],2:["t2","Instance
Methods"],8:["t4","Concrete Methods"]};
+var altColor = "altColor";
+var rowColor = "rowColor";
+var tableTab = "tableTab";
+var activeTableTab = "activeTableTab";
+
+
+JavaScript is disabled on your browser.
+
+
+
+
+
+Skip navigation links
+
+
+
+
+Overview
+Package
+Class
+Use
+Tree
+Deprecated
+Index
+Help
+
+
+
+
+PrevClass
+NextClass
+
+
+Frames
+NoFrames
+
+
+AllClasses
+
+
+
+
+
+
+
+Summary:
+Nested|
+Field|
+Constr|
+Method
+
+
+Detail:
+Field|
+Constr|
+Method
+
+
+
+
+
+
+
+
+org.apache.hadoop.hbase.master.assignment
+Class
TestRegionAssignedToMultipleRegionServers.ServerManagerForTest
+
+
+
+https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">java.lang.Object
+
+
+org.apache.hadoop.hbase.master.ServerManager
+
+
+org.apache.hadoop.hbase.master.assignment.TestRegionAssignedToMultipleRegionServers.ServerManagerForTest
+
+
+
+
+
+
+
+
+
+Enclosing class:
+TestRegionAssignedToMultipleRegionServers
+
+
+
+private static final class TestRegionAssignedToMultipleRegionServers.ServerManagerForTest
+extends org.apache.hadoop.hbase.master.ServerManager
+
+
+
+
+
+
+
+
+
+
+
+Field Summary
+
+
+
+
+Fields inherited from
classorg.apache.hadoop.hbase.master.ServerManager
+FLUSHEDSEQUENCEID_FLUSHER_INTERVAL,
FLUSHEDSEQUENCEID_FLUSHER_INTERVAL_DEFAULT, PERSIST_FLUSHEDSEQUENCEID,
PERSIST_FLUSHEDSEQUENCEID_DEFAULT, WAIT_ON_REGIONSERVERS_INTERVAL,
WAIT_ON_REGIONSERVERS_MAXTOSTART, WAIT_ON_REGIONSERVERS_MINTOSTART,
WAIT_ON_REGIONSERVERS_TIMEOUT
+
+
+
+
+
+
+
+
+Constructor Summary
+
+Constructors
+
+Constructor and Description
+
+
+ServerManagerForTest(org.apache.hadoop.hbase.master.MasterServicesmaster)
+
+
+
+
+
+
+
+
+
+Method Summary
+
+All MethodsInstance MethodsConcrete Methods
+
+Modifier and Type
+Method and Description
+
+
+https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true;
title="class or interface in
java.util">Listorg.apache.hadoop.hbase.ServerName
+createDestinationServersList()
+
+
+
+
+
+
+Methods inherited from
classorg.apache.hadoop.hbase.master.ServerManager
+addServerToDrainList, areDeadServersInProgress,
closeRegionSilentlyAndWait, countOfRegionServers, createDestinationServersList,
expireServer, getAverageLoad, getDeadServers, getDrainingServersList,
getFlushedSequenceIdByRegion, getInfoPort, getLastFlushedSequenceId, getLoad,
getOnlineServers, getOnlineServersList, getOnlineServersListWithPredicator,
getRsAdmin, getVersion, getVersionNumber, isClusterShutdown,
isRegionInServerManagerStates, isServerDead, isServerOnline,
loadLastFlushedSequenceIds, moveFromOnlineToDeadServers, regionServerReport,
registerListener, removeDeletedRegionFromLoadedFlushedSequenceIds,
removeRegion, removeRegions, removeServerFromDrainList, sendRegionWarmup,
shutdownCluster, startChore, stop, unregisterListener,
waitForRegionServers
+
+
+
+
+
+Methods inherited from classjava.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">Object
+https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone--;
title="class or interface in java.lang">clone, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals-java.lang.Object-;
title="class or interface in java.lang">equals, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize--;
title="class or interface in java.lang">finalize,
[29/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/class-use/TablePermission.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/TablePermission.html b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/TablePermission.html index c7df26c..e71aa27 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/TablePermission.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/TablePermission.html @@ -95,22 +95,6 @@ Uses of TablePermission in org.apache.hadoop.hbase.security.access - -Subclasses of TablePermission in org.apache.hadoop.hbase.security.access - -Modifier and Type -Class and Description - - - -class -UserPermission -Represents an authorization for access over the given table, column family - plus qualifier, for the given user. - - - - Fields in org.apache.hadoop.hbase.security.access with type parameters of type TablePermission @@ -119,12 +103,14 @@ -private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentSkipListMap.html?is-external=true; title="class or interface in java.util.concurrent">ConcurrentSkipListMaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TableAuthManager.PermissionCacheTablePermission -TableAuthManager.nsCache +private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentHashMap.html?is-external=true; title="class or interface in java.util.concurrent">ConcurrentHashMapTableName,AuthManager.PermissionCacheTablePermission +AuthManager.tableCache +Cache for table permission. + -private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentSkipListMap.html?is-external=true; title="class or interface in java.util.concurrent">ConcurrentSkipListMapTableName,TableAuthManager.PermissionCacheTablePermission -TableAuthManager.tableCache +(package private) AuthManager.PermissionCacheTablePermission +AuthManager.TBL_NO_PERMISSION @@ -137,18 +123,6 @@ static TablePermission -ShadedAccessControlUtil.toTablePermission(org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.Permissionproto) -Converts a Permission shaded proto to a client TablePermission object. - - - -static TablePermission -AccessControlUtil.toTablePermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permissionproto) -Converts a Permission proto to a client TablePermission object. - - - -static TablePermission AccessControlUtil.toTablePermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermissionproto) Converts a TablePermission proto to a client TablePermission object. @@ -156,108 +130,6 @@ -Methods in org.apache.hadoop.hbase.security.access that return types with arguments of type TablePermission - -Modifier and Type -Method and Description - - - -static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission -AccessControlLists.getNamespacePermissions(org.apache.hadoop.conf.Configurationconf, - https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace) - - -private TableAuthManager.PermissionCacheTablePermission -TableAuthManager.getNamespacePermissions(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace) - - -(package private) static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission -AccessControlLists.getPermissions(org.apache.hadoop.conf.Configurationconf, - byte[]entryName, - Tablet, - byte[]cf, - byte[]cq, - https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser, - booleanhasFilterUser) -Reads user permission assignments stored in the l: column family of the first - table row in _acl_. - - - -static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission -AccessControlLists.getTablePermissions(org.apache.hadoop.conf.Configurationconf, - TableNametableName) - - -private TableAuthManager.PermissionCacheTablePermission -TableAuthManager.getTablePermissions(TableNametable) - - -(package private) static
[16/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TableAuthManager.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TableAuthManager.html
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TableAuthManager.html
deleted file mode 100644
index 2e68b22..000
---
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TableAuthManager.html
+++ /dev/null
@@ -1,859 +0,0 @@
-http://www.w3.org/TR/html4/loose.dtd;>
-
-
-Source code
-
-
-
-
-001/**
-002 * Licensed to the Apache Software
Foundation (ASF) under one
-003 * or more contributor license
agreements. See the NOTICE file
-004 * distributed with this work for
additional information
-005 * regarding copyright ownership. The
ASF licenses this file
-006 * to you under the Apache License,
Version 2.0 (the
-007 * "License"); you may not use this file
except in compliance
-008 * with the License. You may obtain a
copy of the License at
-009 *
-010 *
http://www.apache.org/licenses/LICENSE-2.0
-011 *
-012 * Unless required by applicable law or
agreed to in writing, software
-013 * distributed under the License is
distributed on an "AS IS" BASIS,
-014 * WITHOUT WARRANTIES OR CONDITIONS OF
ANY KIND, either express or implied.
-015 * See the License for the specific
language governing permissions and
-016 * limitations under the License.
-017 */
-018
-019package
org.apache.hadoop.hbase.security.access;
-020
-021import static
org.apache.hadoop.hbase.util.CollectionUtils.computeIfAbsent;
-022
-023import
org.apache.hbase.thirdparty.com.google.common.annotations.VisibleForTesting;
-024import
org.apache.hbase.thirdparty.com.google.common.collect.ArrayListMultimap;
-025import
org.apache.hbase.thirdparty.com.google.common.collect.ListMultimap;
-026import
org.apache.hbase.thirdparty.com.google.common.collect.Lists;
-027
-028import java.io.Closeable;
-029import java.io.IOException;
-030import java.util.HashMap;
-031import java.util.List;
-032import java.util.Map;
-033import
java.util.concurrent.ConcurrentSkipListMap;
-034import
java.util.concurrent.atomic.AtomicLong;
-035
-036import
org.apache.hadoop.conf.Configuration;
-037import
org.apache.hadoop.hbase.AuthUtil;
-038import org.apache.hadoop.hbase.Cell;
-039import
org.apache.hadoop.hbase.TableName;
-040import
org.apache.hadoop.hbase.zookeeper.ZKWatcher;
-041import
org.apache.yetus.audience.InterfaceAudience;
-042import
org.apache.hadoop.hbase.exceptions.DeserializationException;
-043import
org.apache.hadoop.hbase.log.HBaseMarkers;
-044import
org.apache.hadoop.hbase.security.Superusers;
-045import
org.apache.hadoop.hbase.security.User;
-046import
org.apache.hadoop.hbase.security.UserProvider;
-047import
org.apache.hadoop.hbase.util.Bytes;
-048import
org.apache.zookeeper.KeeperException;
-049import org.slf4j.Logger;
-050import org.slf4j.LoggerFactory;
-051
-052/**
-053 * Performs authorization checks for a
given user's assigned permissions
-054 */
-055@InterfaceAudience.Private
-056public class TableAuthManager implements
Closeable {
-057 private static class
PermissionCacheT extends Permission {
-058/** Cache of user permissions */
-059private ListMultimapString,T
userCache = ArrayListMultimap.create();
-060/** Cache of group permissions */
-061private ListMultimapString,T
groupCache = ArrayListMultimap.create();
-062
-063public ListT getUser(String
user) {
-064 return userCache.get(user);
-065}
-066
-067public void putUser(String user, T
perm) {
-068 userCache.put(user, perm);
-069}
-070
-071public ListT
replaceUser(String user, Iterable? extends T perms) {
-072 return
userCache.replaceValues(user, perms);
-073}
-074
-075public ListT getGroup(String
group) {
-076 return groupCache.get(group);
-077}
-078
-079public void putGroup(String group, T
perm) {
-080 groupCache.put(group, perm);
-081}
-082
-083public ListT
replaceGroup(String group, Iterable? extends T perms) {
-084 return
groupCache.replaceValues(group, perms);
-085}
-086
-087/**
-088 * Returns a combined map of user and
group permissions, with group names
-089 * distinguished according to {@link
AuthUtil#isGroupPrincipal(String)}.
-090 */
-091public ListMultimapString,T
getAllPermissions() {
-092 ListMultimapString,T tmp =
ArrayListMultimap.create();
-093 tmp.putAll(userCache);
-094 for (String group :
groupCache.keySet()) {
-095
tmp.putAll(AuthUtil.toGroupEntry(group), groupCache.get(group));
-096 }
-097 return tmp;
-098}
-099 }
-100
-101 private static final Logger LOG =
LoggerFactory.getLogger(TableAuthManager.class);
-102
-103 /** Cache of global permissions */
-104 private volatile
PermissionCachePermission globalCache;
-105
-106 private
hbase-site git commit: INFRA-10751 Empty commit
Repository: hbase-site Updated Branches: refs/heads/asf-site 68eae6230 -> 921a91b8f INFRA-10751 Empty commit Project: http://git-wip-us.apache.org/repos/asf/hbase-site/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase-site/commit/921a91b8 Tree: http://git-wip-us.apache.org/repos/asf/hbase-site/tree/921a91b8 Diff: http://git-wip-us.apache.org/repos/asf/hbase-site/diff/921a91b8 Branch: refs/heads/asf-site Commit: 921a91b8f3420d3cab90c2d37a5c1fc9f75ecd6c Parents: 68eae62 Author: jenkins Authored: Thu Nov 15 14:54:47 2018 + Committer: jenkins Committed: Thu Nov 15 14:54:47 2018 + -- --
[36/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.PermissionCache.html
--
diff --git
a/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.PermissionCache.html
b/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.PermissionCache.html
deleted file mode 100644
index 9edfa17..000
---
a/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.PermissionCache.html
+++ /dev/null
@@ -1,428 +0,0 @@
-http://www.w3.org/TR/html4/loose.dtd;>
-
-
-
-
-
-TableAuthManager.PermissionCache (Apache HBase 3.0.0-SNAPSHOT
API)
-
-
-
-
-
-var methods = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10};
-var tabs = {65535:["t0","All Methods"],2:["t2","Instance
Methods"],8:["t4","Concrete Methods"]};
-var altColor = "altColor";
-var rowColor = "rowColor";
-var tableTab = "tableTab";
-var activeTableTab = "activeTableTab";
-
-
-JavaScript is disabled on your browser.
-
-
-
-
-
-Skip navigation links
-
-
-
-
-Overview
-Package
-Class
-Use
-Tree
-Deprecated
-Index
-Help
-
-
-
-
-PrevClass
-NextClass
-
-
-Frames
-NoFrames
-
-
-AllClasses
-
-
-
-
-
-
-
-Summary:
-Nested|
-Field|
-Constr|
-Method
-
-
-Detail:
-Field|
-Constr|
-Method
-
-
-
-
-
-
-
-
-org.apache.hadoop.hbase.security.access
-Class
TableAuthManager.PermissionCacheT extends Permission
-
-
-
-https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">java.lang.Object
-
-
-org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCacheT
-
-
-
-
-
-
-
-Enclosing class:
-TableAuthManager
-
-
-
-private static class TableAuthManager.PermissionCacheT
extends Permission
-extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">Object
-
-
-
-
-
-
-
-
-
-
-
-Field Summary
-
-Fields
-
-Modifier and Type
-Field and Description
-
-
-private
org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String,T
-groupCache
-Cache of group permissions
-
-
-
-private
org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String,T
-userCache
-Cache of user permissions
-
-
-
-
-
-
-
-
-
-
-Constructor Summary
-
-Constructors
-
-Modifier
-Constructor and Description
-
-
-private
-PermissionCache()
-
-
-
-
-
-
-
-
-
-Method Summary
-
-All MethodsInstance MethodsConcrete Methods
-
-Modifier and Type
-Method and Description
-
-
-org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String,T
-getAllPermissions()
-Returns a combined map of user and group permissions, with
group names
- distinguished according to AuthUtil.isGroupPrincipal(String).
-
-
-
-https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true;
title="class or interface in java.util">ListT
-getGroup(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in
java.lang">Stringgroup)
-
-
-https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true;
title="class or interface in java.util">ListT
-getUser(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">Stringuser)
-
-
-void
-putGroup(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">Stringgroup,
-Tperm)
-
-
-void
-putUser(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">Stringuser,
- Tperm)
-
-
-https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true;
title="class or interface in java.util">ListT
-replaceGroup(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">Stringgroup,
-https://docs.oracle.com/javase/8/docs/api/java/lang/Iterable.html?is-external=true;
title="class or interface in java.lang">Iterable? extends Tperms)
-
-
[18/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.html
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.html
index 042bf4a..cb2cfdc 100644
---
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.html
+++
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.html
@@ -30,194 +30,226 @@
022import java.io.DataOutput;
023import java.io.IOException;
024import java.util.Arrays;
-025import java.util.Map;
-026
-027import
org.apache.yetus.audience.InterfaceAudience;
-028import org.slf4j.Logger;
-029import org.slf4j.LoggerFactory;
-030import
org.apache.hadoop.hbase.util.Bytes;
-031import
org.apache.hadoop.io.VersionedWritable;
-032
-033import
org.apache.hbase.thirdparty.com.google.common.collect.Maps;
-034
-035/**
-036 * Base permissions instance representing
the ability to perform a given set
-037 * of actions.
-038 *
-039 * @see TablePermission
-040 */
-041@InterfaceAudience.Public
-042public class Permission extends
VersionedWritable {
-043 protected static final byte VERSION =
0;
-044
-045 @InterfaceAudience.Public
-046 public enum Action {
-047READ('R'), WRITE('W'), EXEC('X'),
CREATE('C'), ADMIN('A');
-048
-049private final byte code;
-050Action(char code) {
-051 this.code = (byte)code;
-052}
-053
-054public byte code() { return code; }
-055 }
-056
-057 private static final Logger LOG =
LoggerFactory.getLogger(Permission.class);
-058 protected static final
MapByte,Action ACTION_BY_CODE = Maps.newHashMap();
-059
-060 protected Action[] actions;
+025import java.util.EnumSet;
+026import java.util.Map;
+027
+028import
org.apache.yetus.audience.InterfaceAudience;
+029import org.slf4j.Logger;
+030import org.slf4j.LoggerFactory;
+031import
org.apache.hadoop.hbase.util.Bytes;
+032import
org.apache.hadoop.io.VersionedWritable;
+033
+034import
org.apache.hbase.thirdparty.com.google.common.collect.ImmutableMap;
+035
+036/**
+037 * Base permissions instance representing
the ability to perform a given set
+038 * of actions.
+039 *
+040 * @see TablePermission
+041 */
+042@InterfaceAudience.Public
+043public class Permission extends
VersionedWritable {
+044 protected static final byte VERSION =
0;
+045
+046 @InterfaceAudience.Public
+047 public enum Action {
+048READ('R'), WRITE('W'), EXEC('X'),
CREATE('C'), ADMIN('A');
+049
+050private final byte code;
+051Action(char code) {
+052 this.code = (byte) code;
+053}
+054
+055public byte code() { return code; }
+056 }
+057
+058 @InterfaceAudience.Private
+059 protected enum Scope {
+060GLOBAL('G'), NAMESPACE('N'),
TABLE('T'), EMPTY('E');
061
-062 static {
-063for (Action a : Action.values()) {
-064 ACTION_BY_CODE.put(a.code(), a);
+062private final byte code;
+063Scope(char code) {
+064 this.code = (byte) code;
065}
-066 }
-067
-068 /** Empty constructor for Writable
implementation. bDo not use./b */
-069 public Permission() {
-070super();
-071 }
-072
-073 public Permission(Action... assigned)
{
-074if (assigned != null
assigned.length 0) {
-075 actions = Arrays.copyOf(assigned,
assigned.length);
-076}
-077 }
-078
-079 public Permission(byte[] actionCodes)
{
-080if (actionCodes != null) {
-081 Action acts[] = new
Action[actionCodes.length];
-082 int j = 0;
-083 for (int i=0;
iactionCodes.length; i++) {
-084byte b = actionCodes[i];
-085Action a =
ACTION_BY_CODE.get(b);
-086if (a == null) {
-087 LOG.error("Ignoring unknown
action code '"+
-088 Bytes.toStringBinary(new
byte[]{b})+"'");
-089 continue;
-090}
-091acts[j++] = a;
-092 }
-093 this.actions = Arrays.copyOf(acts,
j);
-094}
+066
+067public byte code() {
+068 return code;
+069}
+070 }
+071
+072 private static final Logger LOG =
LoggerFactory.getLogger(Permission.class);
+073
+074 protected static final MapByte,
Action ACTION_BY_CODE;
+075 protected static final MapByte,
Scope SCOPE_BY_CODE;
+076
+077 protected EnumSetAction actions
= EnumSet.noneOf(Action.class);
+078 protected Scope scope = Scope.EMPTY;
+079
+080 static {
+081ACTION_BY_CODE = ImmutableMap.of(
+082 Action.READ.code, Action.READ,
+083 Action.WRITE.code, Action.WRITE,
+084 Action.EXEC.code, Action.EXEC,
+085 Action.CREATE.code,
Action.CREATE,
+086 Action.ADMIN.code, Action.ADMIN
+087);
+088
+089SCOPE_BY_CODE = ImmutableMap.of(
+090 Scope.GLOBAL.code, Scope.GLOBAL,
+091 Scope.NAMESPACE.code,
Scope.NAMESPACE,
+092 Scope.TABLE.code, Scope.TABLE,
+093 Scope.EMPTY.code, Scope.EMPTY
+094);
095 }
096
-097 public
[12/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html
b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html
index cbae28e..aec5920 100644
---
a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html
+++
b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html
@@ -64,825 +64,827 @@
056import
org.apache.hadoop.hbase.regionserver.HRegionFileSystem;
057import
org.apache.hadoop.hbase.regionserver.StoreFileInfo;
058import
org.apache.hadoop.hbase.security.access.AccessControlClient;
-059import
org.apache.hadoop.hbase.security.access.ShadedAccessControlUtil;
-060import
org.apache.hadoop.hbase.security.access.TablePermission;
-061import
org.apache.hadoop.hbase.util.Bytes;
-062import
org.apache.hadoop.hbase.util.FSUtils;
-063import
org.apache.hadoop.hbase.util.ModifyRegionUtils;
-064import
org.apache.hadoop.hbase.util.Pair;
-065import org.apache.hadoop.io.IOUtils;
-066import
org.apache.yetus.audience.InterfaceAudience;
-067import org.slf4j.Logger;
-068import org.slf4j.LoggerFactory;
-069import
org.apache.hbase.thirdparty.com.google.common.collect.ListMultimap;
-070import
org.apache.hadoop.hbase.shaded.protobuf.ProtobufUtil;
-071import
org.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotDescription;
-072import
org.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotRegionManifest;
-073
-074/**
-075 * Helper to Restore/Clone a Snapshot
-076 *
-077 * pThe helper assumes that a
table is already created, and by calling restore()
-078 * the content present in the snapshot
will be restored as the new content of the table.
-079 *
-080 * pClone from Snapshot: If the
target table is empty, the restore operation
-081 * is just a "clone operation", where the
only operations are:
-082 * ul
-083 * lifor each region in the
snapshot create a new region
-084 *(note that the region will have a
different name, since the encoding contains the table name)
-085 * lifor each file in the region
create a new HFileLink to point to the original file.
-086 * lirestore the logs, if any
-087 * /ul
-088 *
-089 * pRestore from Snapshot:
-090 * ul
-091 * lifor each region in the
table verify which are available in the snapshot and which are not
-092 *ul
-093 *liif the region is not
present in the snapshot, remove it.
-094 *liif the region is present
in the snapshot
-095 * ul
-096 * lifor each file in the
table region verify which are available in the snapshot
-097 *ul
-098 * liif the hfile is not
present in the snapshot, remove it
-099 * liif the hfile is
present, keep it (nothing to do)
-100 */ul
-101 * lifor each file in the
snapshot region but not in the table
-102 *ul
-103 * licreate a new
HFileLink that point to the original file
-104 */ul
-105 * /ul
-106 */ul
-107 * lifor each region in the
snapshot not present in the current table state
-108 *ul
-109 *licreate a new region and
for each file in the region create a new HFileLink
-110 * (This is the same as the clone
operation)
-111 */ul
-112 * lirestore the logs, if any
-113 * /ul
-114 */
-115@InterfaceAudience.Private
-116public class RestoreSnapshotHelper {
-117 private static final Logger LOG =
LoggerFactory.getLogger(RestoreSnapshotHelper.class);
-118
-119 private final Mapbyte[], byte[]
regionsMap = new TreeMap(Bytes.BYTES_COMPARATOR);
-120
-121 private final MapString,
PairString, String parentsMap = new HashMap();
-122
-123 private final
ForeignExceptionDispatcher monitor;
-124 private final MonitoredTask status;
-125
-126 private final SnapshotManifest
snapshotManifest;
-127 private final SnapshotDescription
snapshotDesc;
-128 private final TableName
snapshotTable;
-129
-130 private final TableDescriptor
tableDesc;
-131 private final Path rootDir;
-132 private final Path tableDir;
-133
-134 private final Configuration conf;
-135 private final FileSystem fs;
-136 private final boolean createBackRefs;
-137
-138 public RestoreSnapshotHelper(final
Configuration conf,
-139 final FileSystem fs,
-140 final SnapshotManifest manifest,
-141 final TableDescriptor
tableDescriptor,
-142 final Path rootDir,
-143 final ForeignExceptionDispatcher
monitor,
-144 final MonitoredTask status) {
-145this(conf, fs, manifest,
tableDescriptor, rootDir, monitor, status, true);
-146 }
-147
-148 public RestoreSnapshotHelper(final
Configuration conf,
-149 final FileSystem fs,
-150 final SnapshotManifest manifest,
-151 final TableDescriptor
tableDescriptor,
-152 final Path rootDir,
-153 final
[04/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadAccessTestAction.html
--
diff --git
a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadAccessTestAction.html
b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadAccessTestAction.html
index 5062e9b..23b4be7 100644
---
a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadAccessTestAction.html
+++
b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadAccessTestAction.html
@@ -282,7 +282,7 @@
274 public static void tearDownAfterClass()
throws Exception {
275cleanUp();
276TEST_UTIL.shutdownMiniCluster();
-277int total =
TableAuthManager.getTotalRefCount();
+277int total =
AuthManager.getTotalRefCount();
278assertTrue("Unexpected reference
count: " + total, total == 0);
279 }
280
@@ -1642,12 +1642,12 @@
1634 }
1635
1636 UserPermission ownerperm =
-1637 new
UserPermission(Bytes.toBytes(USER_OWNER.getName()), tableName, null,
Action.values());
+1637 new
UserPermission(USER_OWNER.getName(), tableName, Action.values());
1638 assertTrue("Owner should have all
permissions on table",
1639
hasFoundUserPermission(ownerperm, perms));
1640
1641 User user =
User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new
String[0]);
-1642 byte[] userName =
Bytes.toBytes(user.getShortName());
+1642 String userName =
user.getShortName();
1643
1644 UserPermission up =
1645 new UserPermission(userName,
tableName, family1, qualifier, Permission.Action.READ);
@@ -1733,7 +1733,7 @@
1725 }
1726
1727 UserPermission newOwnerperm =
-1728 new
UserPermission(Bytes.toBytes(newOwner.getName()), tableName, null,
Action.values());
+1728 new
UserPermission(newOwner.getName(), tableName, Action.values());
1729 assertTrue("New owner should have
all permissions on table",
1730
hasFoundUserPermission(newOwnerperm, perms));
1731} finally {
@@ -1757,1888 +1757,1898 @@
1749
1750CollectionString superUsers
= Superusers.getSuperUsers();
1751ListUserPermission
adminPerms = new ArrayList(superUsers.size() + 1);
-1752adminPerms.add(new
UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()),
-1753 AccessControlLists.ACL_TABLE_NAME,
null, null, Bytes.toBytes("ACRW")));
-1754
-1755for(String user: superUsers) {
-1756 adminPerms.add(new
UserPermission(Bytes.toBytes(user), AccessControlLists.ACL_TABLE_NAME,
-1757 null, null,
Action.values()));
-1758}
-1759assertTrue("Only super users, global
users and user admin has permission on table hbase:acl " +
-1760"per setup", perms.size() == 5 +
superUsers.size()
-1761
hasFoundUserPermission(adminPerms, perms));
-1762 }
-1763
-1764 /** global operations */
-1765 private void
verifyGlobal(AccessTestAction action) throws Exception {
-1766verifyAllowed(action, SUPERUSER);
-1767
-1768verifyDenied(action, USER_CREATE,
USER_RW, USER_NONE, USER_RO);
-1769 }
-1770
-1771 @Test
-1772 public void testCheckPermissions()
throws Exception {
-1773//
--
-1774// test global permissions
-1775AccessTestAction globalAdmin = new
AccessTestAction() {
-1776 @Override
-1777 public Void run() throws Exception
{
-1778checkGlobalPerms(TEST_UTIL,
Permission.Action.ADMIN);
-1779return null;
-1780 }
-1781};
-1782// verify that only superuser can
admin
-1783verifyGlobal(globalAdmin);
-1784
-1785//
--
-1786// test multiple permissions
-1787AccessTestAction globalReadWrite =
new AccessTestAction() {
-1788 @Override
-1789 public Void run() throws Exception
{
-1790checkGlobalPerms(TEST_UTIL,
Permission.Action.READ, Permission.Action.WRITE);
-1791return null;
-1792 }
-1793};
+1752adminPerms.add(new
UserPermission(USER_ADMIN.getShortName(), Bytes.toBytes("ACRW")));
+1753for(String user: superUsers) {
+1754 // Global permission
+1755 adminPerms.add(new
UserPermission(user, Action.values()));
+1756}
+1757assertTrue("Only super users, global
users and user admin has permission on table hbase:acl " +
+1758"per setup", perms.size() == 5 +
superUsers.size()
+1759
hasFoundUserPermission(adminPerms, perms));
+1760 }
+1761
+1762 /** global operations */
+1763 private void
verifyGlobal(AccessTestAction action) throws Exception {
+1764verifyAllowed(action, SUPERUSER);
+1765
+1766verifyDenied(action, USER_CREATE,
USER_RW, USER_NONE, USER_RO);
+1767 }
+1768
+1769 @Test
[05/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/src-html/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.AssignmentManagerForTest.html
--
diff --git
a/testdevapidocs/src-html/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.AssignmentManagerForTest.html
b/testdevapidocs/src-html/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.AssignmentManagerForTest.html
new file mode 100644
index 000..8ba5775
--- /dev/null
+++
b/testdevapidocs/src-html/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.AssignmentManagerForTest.html
@@ -0,0 +1,252 @@
+http://www.w3.org/TR/html4/loose.dtd;>
+
+
+Source code
+
+
+
+
+001/**
+002 * Licensed to the Apache Software
Foundation (ASF) under one
+003 * or more contributor license
agreements. See the NOTICE file
+004 * distributed with this work for
additional information
+005 * regarding copyright ownership. The
ASF licenses this file
+006 * to you under the Apache License,
Version 2.0 (the
+007 * "License"); you may not use this file
except in compliance
+008 * with the License. You may obtain a
copy of the License at
+009 *
+010 *
http://www.apache.org/licenses/LICENSE-2.0
+011 *
+012 * Unless required by applicable law or
agreed to in writing, software
+013 * distributed under the License is
distributed on an "AS IS" BASIS,
+014 * WITHOUT WARRANTIES OR CONDITIONS OF
ANY KIND, either express or implied.
+015 * See the License for the specific
language governing permissions and
+016 * limitations under the License.
+017 */
+018package
org.apache.hadoop.hbase.master.assignment;
+019
+020import static
org.junit.Assert.assertNotNull;
+021import static
org.junit.Assert.assertNull;
+022
+023import java.io.IOException;
+024import java.util.ArrayList;
+025import java.util.List;
+026import
java.util.concurrent.CountDownLatch;
+027import
org.apache.hadoop.conf.Configuration;
+028import
org.apache.hadoop.hbase.HBaseClassTestRule;
+029import
org.apache.hadoop.hbase.HBaseTestingUtility;
+030import
org.apache.hadoop.hbase.HConstants;
+031import
org.apache.hadoop.hbase.PleaseHoldException;
+032import
org.apache.hadoop.hbase.ServerName;
+033import
org.apache.hadoop.hbase.StartMiniClusterOption;
+034import
org.apache.hadoop.hbase.TableName;
+035import
org.apache.hadoop.hbase.client.RegionInfo;
+036import
org.apache.hadoop.hbase.master.HMaster;
+037import
org.apache.hadoop.hbase.master.MasterServices;
+038import
org.apache.hadoop.hbase.master.RegionPlan;
+039import
org.apache.hadoop.hbase.master.ServerManager;
+040import
org.apache.hadoop.hbase.regionserver.HRegionServer;
+041import
org.apache.hadoop.hbase.testclassification.MasterTests;
+042import
org.apache.hadoop.hbase.testclassification.MediumTests;
+043import
org.apache.hadoop.hbase.util.Bytes;
+044import
org.apache.zookeeper.KeeperException;
+045import org.junit.AfterClass;
+046import org.junit.BeforeClass;
+047import org.junit.ClassRule;
+048import org.junit.Test;
+049import
org.junit.experimental.categories.Category;
+050
+051import
org.apache.hadoop.hbase.shaded.protobuf.generated.RegionServerStatusProtos.RegionStateTransition.TransitionCode;
+052import
org.apache.hadoop.hbase.shaded.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionRequest;
+053import
org.apache.hadoop.hbase.shaded.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionResponse;
+054
+055@Category({ MasterTests.class,
MediumTests.class })
+056public class
TestRegionAssignedToMultipleRegionServers {
+057
+058 @ClassRule
+059 public static final HBaseClassTestRule
CLASS_RULE =
+060
HBaseClassTestRule.forClass(TestRegionAssignedToMultipleRegionServers.class);
+061
+062 private static final
ListServerName EXCLUDE_SERVERS = new ArrayList();
+063
+064 private static boolean HALT = false;
+065
+066 private static boolean KILL = false;
+067
+068 private static CountDownLatch ARRIVE;
+069
+070 private static final class
ServerManagerForTest extends ServerManager {
+071
+072public
ServerManagerForTest(MasterServices master) {
+073 super(master);
+074}
+075
+076@Override
+077public ListServerName
createDestinationServersList() {
+078 return
super.createDestinationServersList(EXCLUDE_SERVERS);
+079}
+080 }
+081
+082 private static final class
AssignmentManagerForTest extends AssignmentManager {
+083
+084public
AssignmentManagerForTest(MasterServices master) {
+085 super(master);
+086}
+087
+088@Override
+089public
ReportRegionStateTransitionResponse reportRegionStateTransition(
+090
ReportRegionStateTransitionRequest req) throws PleaseHoldException {
+091 if
(req.getTransition(0).getTransitionCode() == TransitionCode.OPENED) {
+092if (ARRIVE != null) {
+093
[51/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
Published site at 130057f13774f6b213cdb06952c805a29d59396e. Project: http://git-wip-us.apache.org/repos/asf/hbase-site/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase-site/commit/68eae623 Tree: http://git-wip-us.apache.org/repos/asf/hbase-site/tree/68eae623 Diff: http://git-wip-us.apache.org/repos/asf/hbase-site/diff/68eae623 Branch: refs/heads/asf-site Commit: 68eae6230f127b69a3dd4f5dd11907a95f162e42 Parents: 7339881 Author: jenkins Authored: Thu Nov 15 14:54:22 2018 + Committer: jenkins Committed: Thu Nov 15 14:54:22 2018 + -- acid-semantics.html |4 +- apache_hbase_reference_guide.pdf|4 +- apidocs/org/apache/hadoop/hbase/AuthUtil.html |2 +- .../apache/hadoop/hbase/client/Consistency.html |4 +- .../hadoop/hbase/client/IsolationLevel.html |4 +- .../hadoop/hbase/client/Scan.ReadType.html |4 +- .../hadoop/hbase/filter/Filter.ReturnCode.html |4 +- .../org/apache/hadoop/hbase/AuthUtil.html |2 +- book.html |2 +- bulk-loads.html |4 +- checkstyle-aggregate.html | 6844 -- checkstyle.rss | 90 +- coc.html|4 +- dependencies.html |4 +- dependency-convergence.html |4 +- dependency-info.html|4 +- dependency-management.html |4 +- devapidocs/allclasses-frame.html|7 +- devapidocs/allclasses-noframe.html |7 +- devapidocs/constant-values.html |4 +- devapidocs/index-all.html | 562 +- .../org/apache/hadoop/hbase/AuthUtil.html |2 +- .../hadoop/hbase/backup/package-tree.html |2 +- .../org/apache/hadoop/hbase/class-use/Cell.html | 12 +- .../hadoop/hbase/class-use/TableName.html | 385 +- .../apache/hadoop/hbase/client/Consistency.html |4 +- .../hadoop/hbase/client/IsolationLevel.html |4 +- .../hadoop/hbase/client/class-use/Result.html |2 +- .../hadoop/hbase/client/class-use/Table.html|2 +- .../hadoop/hbase/client/package-tree.html | 24 +- .../class-use/DeserializationException.html | 12 +- .../hadoop/hbase/executor/package-tree.html |2 +- .../hadoop/hbase/filter/package-tree.html |8 +- .../hadoop/hbase/io/hfile/package-tree.html |8 +- .../apache/hadoop/hbase/ipc/package-tree.html |2 +- .../hadoop/hbase/mapreduce/package-tree.html|4 +- .../master/assignment/CloseRegionProcedure.html | 16 +- .../master/assignment/OpenRegionProcedure.html | 16 +- .../assignment/RegionRemoteProcedureBase.html | 61 +- .../hbase/master/balancer/package-tree.html |2 +- .../hadoop/hbase/master/package-tree.html |4 +- .../procedure/class-use/MasterProcedureEnv.html |8 +- .../hbase/master/procedure/package-tree.html|4 +- .../org/apache/hadoop/hbase/package-tree.html | 18 +- .../hadoop/hbase/procedure2/package-tree.html |4 +- .../hadoop/hbase/quotas/package-tree.html |6 +- .../hbase/regionserver/class-use/Region.html|2 +- .../hadoop/hbase/regionserver/package-tree.html | 16 +- .../regionserver/querymatcher/package-tree.html |2 +- .../hadoop/hbase/rest/model/package-tree.html |2 +- .../hbase/security/access/AccessChecker.html| 12 +- .../security/access/AccessControlFilter.html| 12 +- .../security/access/AccessControlLists.html | 244 +- .../security/access/AccessControlUtil.html | 168 +- .../access/AccessController.OpType.html | 30 +- .../hbase/security/access/AccessController.html | 252 +- .../access/AuthManager.PermissionCache.html | 362 + .../hbase/security/access/AuthManager.html | 1134 +++ .../hbase/security/access/AuthResult.html |4 +- .../CoprocessorWhitelistMasterObserver.html |4 +- .../hbase/security/access/GlobalPermission.html | 404 ++ .../security/access/NamespacePermission.html| 564 ++ .../security/access/Permission.Action.html | 24 +- .../hbase/security/access/Permission.Scope.html | 420 ++ .../hbase/security/access/Permission.html | 153 +- .../security/access/SecureBulkLoadEndpoint.html |4 +- .../access/ShadedAccessControlUtil.html | 70 +- .../TableAuthManager.PermissionCache.html | 428 -- .../hbase/security/access/TableAuthManager.html | 1290 .../hbase/security/access/TablePermission.html | 457 +- .../hbase/security/access/UserPermission.html | 385 +- .../security/access/ZKPermissionWatcher.html| 14 +- .../class-use/AccessControlFilter.Strategy.html |2 +-
[39/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.html
--
diff --git
a/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.html
b/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.html
new file mode 100644
index 000..12f8242
--- /dev/null
+++ b/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.html
@@ -0,0 +1,1134 @@
+http://www.w3.org/TR/html4/loose.dtd;>
+
+
+
+
+
+AuthManager (Apache HBase 3.0.0-SNAPSHOT API)
+
+
+
+
+
+var methods =
{"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10,"i13":10,"i14":10,"i15":9,"i16":9,"i17":10,"i18":10,"i19":10,"i20":10,"i21":10,"i22":9,"i23":10,"i24":10,"i25":10,"i26":10,"i27":10,"i28":10};
+var tabs = {65535:["t0","All Methods"],1:["t1","Static
Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]};
+var altColor = "altColor";
+var rowColor = "rowColor";
+var tableTab = "tableTab";
+var activeTableTab = "activeTableTab";
+
+
+JavaScript is disabled on your browser.
+
+
+
+
+
+Skip navigation links
+
+
+
+
+Overview
+Package
+Class
+Use
+Tree
+Deprecated
+Index
+Help
+
+
+
+
+PrevClass
+NextClass
+
+
+Frames
+NoFrames
+
+
+AllClasses
+
+
+
+
+
+
+
+Summary:
+Nested|
+Field|
+Constr|
+Method
+
+
+Detail:
+Field|
+Constr|
+Method
+
+
+
+
+
+
+
+
+org.apache.hadoop.hbase.security.access
+Class AuthManager
+
+
+
+https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">java.lang.Object
+
+
+org.apache.hadoop.hbase.security.access.AuthManager
+
+
+
+
+
+
+
+All Implemented Interfaces:
+https://docs.oracle.com/javase/8/docs/api/java/io/Closeable.html?is-external=true;
title="class or interface in java.io">Closeable, https://docs.oracle.com/javase/8/docs/api/java/lang/AutoCloseable.html?is-external=true;
title="class or interface in java.lang">AutoCloseable
+
+
+
+@InterfaceAudience.Private
+public final class AuthManager
+extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">Object
+implements https://docs.oracle.com/javase/8/docs/api/java/io/Closeable.html?is-external=true;
title="class or interface in java.io">Closeable
+Performs authorization checks for a given user's assigned
permissions.
+
+ There're following scopes: Global, Namespace, Table,
Family,
+ Qualifier, Cell.
+ Generally speaking, higher scopes can overrides lower scopes,
+ except for Cell permission can be granted even a user has not permission on
specified table,
+ which means the user can get/scan only those granted cells parts.
+
+ e.g, if user A has global permission R(ead), he can
+ read table T without checking table scope permission, so authorization checks
alway starts from
+ Global scope.
+
+ For each scope, not only user but also groups he belongs to will be checked.
+
+
+
+
+
+
+
+
+
+
+
+
+Nested Class Summary
+
+Nested Classes
+
+Modifier and Type
+Class and Description
+
+
+private static class
+AuthManager.PermissionCacheT extends Permission
+Cache of permissions, it is thread safe.
+
+
+
+
+
+
+
+
+
+
+Field Summary
+
+Fields
+
+Modifier and Type
+Field and Description
+
+
+private
org.apache.hadoop.conf.Configuration
+conf
+
+
+private https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true;
title="class or interface in java.util">Maphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String,GlobalPermission
+globalCache
+Cache for global permission.
+
+
+
+private static org.slf4j.Logger
+LOG
+
+
+private static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true;
title="class or interface in java.util">MapZKWatcher,AuthManager
+managerMap
+
+
+private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/atomic/AtomicLong.html?is-external=true;
title="class or interface in
java.util.concurrent.atomic">AtomicLong
+mtime
+
+
+private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentHashMap.html?is-external=true;
title="class or interface in java.util.concurrent">ConcurrentHashMaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String,AuthManager.PermissionCacheNamespacePermission
+namespaceCache
+Cache for namespace permission.
[30/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Scope.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Scope.html b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Scope.html new file mode 100644 index 000..5d49142 --- /dev/null +++ b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Scope.html @@ -0,0 +1,210 @@ +http://www.w3.org/TR/html4/loose.dtd;> + + + + + +Uses of Class org.apache.hadoop.hbase.security.access.Permission.Scope (Apache HBase 3.0.0-SNAPSHOT API) + + + + + + + +JavaScript is disabled on your browser. + + + + + +Skip navigation links + + + + +Overview +Package +Class +Use +Tree +Deprecated +Index +Help + + + + +Prev +Next + + +Frames +NoFrames + + +AllClasses + + + + + + + + + + +Uses of Classorg.apache.hadoop.hbase.security.access.Permission.Scope + + + + + +Packages that use Permission.Scope + +Package +Description + + + +org.apache.hadoop.hbase.security.access + + + + + + + + + + +Uses of Permission.Scope in org.apache.hadoop.hbase.security.access + +Fields in org.apache.hadoop.hbase.security.access declared as Permission.Scope + +Modifier and Type +Field and Description + + + +protected Permission.Scope +Permission.scope + + + + +Fields in org.apache.hadoop.hbase.security.access with type parameters of type Permission.Scope + +Modifier and Type +Field and Description + + + +protected static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Maphttps://docs.oracle.com/javase/8/docs/api/java/lang/Byte.html?is-external=true; title="class or interface in java.lang">Byte,Permission.Scope +Permission.SCOPE_BY_CODE + + + + +Methods in org.apache.hadoop.hbase.security.access that return Permission.Scope + +Modifier and Type +Method and Description + + + +Permission.Scope +UserPermission.getAccessScope() +Get this permission access scope. + + + +Permission.Scope +Permission.getAccessScope() + + +static Permission.Scope +Permission.Scope.valueOf(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringname) +Returns the enum constant of this type with the specified name. + + + +static Permission.Scope[] +Permission.Scope.values() +Returns an array containing the constants of this enum type, in +the order they are declared. + + + + + + + + + + + + + +Skip navigation links + + + + +Overview +Package +Class +Use +Tree +Deprecated +Index +Help + + + + +Prev +Next + + +Frames +NoFrames + + +AllClasses + + + + + + + + + +Copyright 20072018 https://www.apache.org/;>The Apache Software Foundation. All rights reserved. + + http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.html b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.html index f16df55..07dc8af 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.html @@ -205,7 +205,9 @@ private static class -TableAuthManager.PermissionCacheT extends Permission +AuthManager.PermissionCacheT extends Permission +Cache of permissions, it is thread safe. + @@ -218,33 +220,36 @@ class -TablePermission -Represents an authorization for access for the given actions, optionally - restricted to the given column family or column qualifier, over the - given table. +GlobalPermission +Represents an authorization for access whole cluster. class -UserPermission -Represents an authorization for access over the given table, column family - plus qualifier, for the given user. +NamespacePermission +Represents an authorization for access for the given namespace. + + + +class +TablePermission +Represents an authorization for access for the given actions, optionally + restricted to
[15/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TablePermission.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TablePermission.html
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TablePermission.html
index d00864b..0eb1c04 100644
---
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TablePermission.html
+++
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TablePermission.html
@@ -39,7 +39,7 @@
031/**
032 * Represents an authorization for access
for the given actions, optionally
033 * restricted to the given column family
or column qualifier, over the
-034 * given table. If the family property
is codenull/code, it implies
+034 * given table. If the family property is
codenull/code, it implies
035 * full table access.
036 */
037@InterfaceAudience.Private
@@ -49,393 +49,278 @@
041 private byte[] family;
042 private byte[] qualifier;
043
-044 //TODO refactor this class
-045 //we need to refacting this into three
classes (Global, Table, Namespace)
-046 private String namespace;
-047
-048 /** Nullary constructor for Writable,
do not use */
-049 public TablePermission() {
-050super();
-051 }
-052
-053 /**
-054 * Create a new permission for the
given table and (optionally) column family,
-055 * allowing the given actions.
-056 * @param table the table
-057 * @param family the family, can be
null if a global permission on the table
-058 * @param assigned the list of allowed
actions
-059 */
-060 public TablePermission(TableName table,
byte[] family, Action... assigned) {
-061this(table, family, null,
assigned);
-062 }
-063
-064 /**
-065 * Creates a new permission for the
given table, restricted to the given
-066 * column family and qualifier,
allowing the assigned actions to be performed.
-067 * @param table the table
-068 * @param family the family, can be
null if a global permission on the table
-069 * @param assigned the list of allowed
actions
-070 */
-071 public TablePermission(TableName table,
byte[] family, byte[] qualifier,
-072 Action... assigned) {
-073super(assigned);
-074this.table = table;
-075this.family = family;
-076this.qualifier = qualifier;
-077 }
-078
-079 /**
-080 * Creates a new permission for the
given table, family and column qualifier,
-081 * allowing the actions matching the
provided byte codes to be performed.
-082 * @param table the table
-083 * @param family the family, can be
null if a global permission on the table
-084 * @param actionCodes the list of
allowed action codes
-085 */
-086 public TablePermission(TableName table,
byte[] family, byte[] qualifier,
-087 byte[] actionCodes) {
-088super(actionCodes);
-089this.table = table;
-090this.family = family;
-091this.qualifier = qualifier;
-092 }
-093
-094 /**
-095 * Creates a new permission for the
given namespace or table, restricted to the given
-096 * column family and qualifier,
allowing the assigned actions to be performed.
-097 * @param namespace
-098 * @param table the table
-099 * @param family the family, can be
null if a global permission on the table
-100 * @param assigned the list of allowed
actions
-101 */
-102 public TablePermission(String
namespace, TableName table, byte[] family, byte[] qualifier,
-103 Action... assigned) {
-104super(assigned);
-105this.namespace = namespace;
-106this.table = table;
-107this.family = family;
-108this.qualifier = qualifier;
-109 }
-110
-111 /**
-112 * Creates a new permission for the
given namespace or table, family and column qualifier,
-113 * allowing the actions matching the
provided byte codes to be performed.
-114 * @param namespace
-115 * @param table the table
-116 * @param family the family, can be
null if a global permission on the table
-117 * @param actionCodes the list of
allowed action codes
-118 */
-119 public TablePermission(String
namespace, TableName table, byte[] family, byte[] qualifier,
-120 byte[] actionCodes) {
-121super(actionCodes);
-122this.namespace = namespace;
+044 /** Nullary constructor for Writable,
do not use */
+045 public TablePermission() {
+046super();
+047this.scope = Scope.EMPTY;
+048 }
+049
+050 /**
+051 * Construct a table permission.
+052 * @param table table name
+053 * @param assigned assigned actions
+054 */
+055 public TablePermission(TableName table,
Action... assigned) {
+056this(table, null, null, assigned);
+057 }
+058
+059 /**
+060 * Construct a table:family
permission.
+061 * @param table table name
+062 * @param family family name
+063 * @param assigned assigned actions
+064 */
+065 public TablePermission(TableName table,
byte[] family, Action... assigned) {
+066
[06/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/src-html/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html
--
diff --git
a/testdevapidocs/src-html/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html
b/testdevapidocs/src-html/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html
index 1222951..6f09c2f 100644
---
a/testdevapidocs/src-html/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html
+++
b/testdevapidocs/src-html/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html
@@ -51,389 +51,414 @@
043import org.apache.hadoop.hbase.Tag;
044import
org.apache.hadoop.hbase.io.ByteArrayOutputStream;
045import
org.apache.hadoop.hbase.io.compress.Compression;
-046import
org.apache.hadoop.hbase.io.hfile.HFileContext;
-047import
org.apache.hadoop.hbase.io.hfile.HFileContextBuilder;
-048import
org.apache.hadoop.hbase.nio.SingleByteBuff;
-049import
org.apache.hadoop.hbase.testclassification.IOTests;
-050import
org.apache.hadoop.hbase.testclassification.LargeTests;
-051import
org.apache.hadoop.hbase.util.Bytes;
-052import
org.apache.hadoop.hbase.util.RedundantKVGenerator;
-053import org.junit.ClassRule;
-054import org.junit.Test;
-055import
org.junit.experimental.categories.Category;
-056import org.junit.runner.RunWith;
-057import org.junit.runners.Parameterized;
-058import
org.junit.runners.Parameterized.Parameters;
-059import org.slf4j.Logger;
-060import org.slf4j.LoggerFactory;
-061
-062/**
-063 * Test all of the data block encoding
algorithms for correctness. Most of the
-064 * class generate data which will test
different branches in code.
-065 */
-066@Category({IOTests.class,
LargeTests.class})
-067@RunWith(Parameterized.class)
-068public class TestDataBlockEncoders {
-069
-070 @ClassRule
-071 public static final HBaseClassTestRule
CLASS_RULE =
-072
HBaseClassTestRule.forClass(TestDataBlockEncoders.class);
-073
-074 private static final Logger LOG =
LoggerFactory.getLogger(TestDataBlockEncoders.class);
+046import
org.apache.hadoop.hbase.io.compress.Compression.Algorithm;
+047import
org.apache.hadoop.hbase.io.hfile.HFileContext;
+048import
org.apache.hadoop.hbase.io.hfile.HFileContextBuilder;
+049import
org.apache.hadoop.hbase.nio.SingleByteBuff;
+050import
org.apache.hadoop.hbase.testclassification.IOTests;
+051import
org.apache.hadoop.hbase.testclassification.LargeTests;
+052import
org.apache.hadoop.hbase.util.Bytes;
+053import
org.apache.hadoop.hbase.util.RedundantKVGenerator;
+054import org.junit.Assert;
+055import org.junit.ClassRule;
+056import org.junit.Test;
+057import
org.junit.experimental.categories.Category;
+058import org.junit.runner.RunWith;
+059import org.junit.runners.Parameterized;
+060import
org.junit.runners.Parameterized.Parameters;
+061import org.slf4j.Logger;
+062import org.slf4j.LoggerFactory;
+063
+064/**
+065 * Test all of the data block encoding
algorithms for correctness. Most of the
+066 * class generate data which will test
different branches in code.
+067 */
+068@Category({IOTests.class,
LargeTests.class})
+069@RunWith(Parameterized.class)
+070public class TestDataBlockEncoders {
+071
+072 @ClassRule
+073 public static final HBaseClassTestRule
CLASS_RULE =
+074
HBaseClassTestRule.forClass(TestDataBlockEncoders.class);
075
-076 private static int NUMBER_OF_KV =
1;
-077 private static int NUM_RANDOM_SEEKS =
1000;
-078
-079 private static int ENCODED_DATA_OFFSET
= HConstants.HFILEBLOCK_HEADER_SIZE
-080 + DataBlockEncoding.ID_SIZE;
-081 static final byte[]
HFILEBLOCK_DUMMY_HEADER = new byte[HConstants.HFILEBLOCK_HEADER_SIZE];
-082
-083 private RedundantKVGenerator generator
= new RedundantKVGenerator();
-084 private Random randomizer = new
Random(42L);
-085
-086 private final boolean
includesMemstoreTS;
-087 private final boolean includesTags;
-088 private final boolean useOffheapData;
-089
-090 @Parameters
-091 public static
CollectionObject[] parameters() {
-092return
HBaseTestingUtility.memStoreTSTagsAndOffheapCombination();
-093 }
-094
-095 public TestDataBlockEncoders(boolean
includesMemstoreTS, boolean includesTag,
-096 boolean useOffheapData) {
-097this.includesMemstoreTS =
includesMemstoreTS;
-098this.includesTags = includesTag;
-099this.useOffheapData =
useOffheapData;
-100 }
-101
-102 private HFileBlockEncodingContext
getEncodingContext(Compression.Algorithm algo,
-103 DataBlockEncoding encoding) {
-104DataBlockEncoder encoder =
encoding.getEncoder();
-105HFileContext meta = new
HFileContextBuilder()
-106
.withHBaseCheckSum(false)
-107
.withIncludesMvcc(includesMemstoreTS)
-108
.withIncludesTags(includesTags)
-109
.withCompression(algo).build();
-110if (encoder != null) {
-111 return
[22/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.html
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.html
index 25b7848..5c428b5 100644
---
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.html
+++
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.html
@@ -245,20 +245,20 @@
237return regionEnv != null ?
regionEnv.getRegion() : null;
238 }
239
-240 public TableAuthManager
getAuthManager() {
+240 public AuthManager getAuthManager() {
241return
accessChecker.getAuthManager();
242 }
243
244 private void
initialize(RegionCoprocessorEnvironment e) throws IOException {
245final Region region =
e.getRegion();
246Configuration conf =
e.getConfiguration();
-247Mapbyte[],
ListMultimapString, TablePermission tables =
AccessControlLists.loadAll(region);
+247Mapbyte[],
ListMultimapString, UserPermission tables =
AccessControlLists.loadAll(region);
248// For each table, write out the
table's permissions to the respective
249// znode for that table.
-250for (Map.Entrybyte[],
ListMultimapString,TablePermission t:
+250for (Map.Entrybyte[],
ListMultimapString, UserPermission t:
251 tables.entrySet()) {
252 byte[] entry = t.getKey();
-253
ListMultimapString,TablePermission perms = t.getValue();
+253 ListMultimapString,
UserPermission perms = t.getValue();
254 byte[] serialized =
AccessControlLists.writePermissionsAsBytes(perms, conf);
255
getAuthManager().getZKPermissionWatcher().writeToZookeeper(entry,
serialized);
256}
@@ -294,7 +294,7 @@
286try (Table t =
e.getConnection().getTable(AccessControlLists.ACL_TABLE_NAME)) {
287 for (byte[] entry : entries) {
288currentEntry = entry;
-289ListMultimapString,
TablePermission perms =
+289ListMultimapString,
UserPermission perms =
290
AccessControlLists.getPermissions(conf, entry, t, null, null, null, false);
291byte[] serialized =
AccessControlLists.writePermissionsAsBytes(perms, conf);
292zkw.writeToZookeeper(entry,
serialized);
@@ -338,7 +338,7 @@
330}
331
332// 2. check for the table-level, if
successful we can short-circuit
-333if (getAuthManager().authorize(user,
tableName, (byte[])null, permRequest)) {
+333if
(getAuthManager().authorizeUserTable(user, tableName, permRequest)) {
334 return AuthResult.allow(request,
"Table permission granted", user,
335permRequest, tableName,
families);
336}
@@ -348,7 +348,7 @@
340 // all families must pass
341 for (Map.Entrybyte [], ?
extends Collection? family : families.entrySet()) {
342// a) check for family level
access
-343if
(getAuthManager().authorize(user, tableName, family.getKey(),
+343if
(getAuthManager().authorizeUserTable(user, tableName, family.getKey(),
344permRequest)) {
345 continue; // family-level
permission overrides per-qualifier
346}
@@ -359,17 +359,17 @@
351// for each qualifier of the
family
352Setbyte[] familySet =
(Setbyte[])family.getValue();
353for (byte[] qualifier :
familySet) {
-354 if
(!getAuthManager().authorize(user, tableName, family.getKey(),
-355
qualifier, permRequest)) {
+354 if
(!getAuthManager().authorizeUserTable(user, tableName,
+355family.getKey(),
qualifier, permRequest)) {
356return
AuthResult.deny(request, "Failed qualifier check", user,
-357permRequest,
tableName, makeFamilyMap(family.getKey(), qualifier));
+357 permRequest, tableName,
makeFamilyMap(family.getKey(), qualifier));
358 }
359}
360 } else if (family.getValue()
instanceof List) { // ListCell
361ListCell cellList =
(ListCell)family.getValue();
362for (Cell cell : cellList)
{
-363 if
(!getAuthManager().authorize(user, tableName, family.getKey(),
-364
CellUtil.cloneQualifier(cell), permRequest)) {
+363 if
(!getAuthManager().authorizeUserTable(user, tableName, family.getKey(),
+364
CellUtil.cloneQualifier(cell), permRequest)) {
365return
AuthResult.deny(request, "Failed qualifier check", user, permRequest,
366 tableName,
makeFamilyMap(family.getKey(), CellUtil.cloneQualifier(cell)));
367 }
@@ -378,7 +378,7 @@
370} else {
371 // no qualifiers and
family-level check already failed
372 return
[02/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html
--
diff --git
a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html
b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html
index 5062e9b..23b4be7 100644
---
a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html
+++
b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html
@@ -282,7 +282,7 @@
274 public static void tearDownAfterClass()
throws Exception {
275cleanUp();
276TEST_UTIL.shutdownMiniCluster();
-277int total =
TableAuthManager.getTotalRefCount();
+277int total =
AuthManager.getTotalRefCount();
278assertTrue("Unexpected reference
count: " + total, total == 0);
279 }
280
@@ -1642,12 +1642,12 @@
1634 }
1635
1636 UserPermission ownerperm =
-1637 new
UserPermission(Bytes.toBytes(USER_OWNER.getName()), tableName, null,
Action.values());
+1637 new
UserPermission(USER_OWNER.getName(), tableName, Action.values());
1638 assertTrue("Owner should have all
permissions on table",
1639
hasFoundUserPermission(ownerperm, perms));
1640
1641 User user =
User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new
String[0]);
-1642 byte[] userName =
Bytes.toBytes(user.getShortName());
+1642 String userName =
user.getShortName();
1643
1644 UserPermission up =
1645 new UserPermission(userName,
tableName, family1, qualifier, Permission.Action.READ);
@@ -1733,7 +1733,7 @@
1725 }
1726
1727 UserPermission newOwnerperm =
-1728 new
UserPermission(Bytes.toBytes(newOwner.getName()), tableName, null,
Action.values());
+1728 new
UserPermission(newOwner.getName(), tableName, Action.values());
1729 assertTrue("New owner should have
all permissions on table",
1730
hasFoundUserPermission(newOwnerperm, perms));
1731} finally {
@@ -1757,1888 +1757,1898 @@
1749
1750CollectionString superUsers
= Superusers.getSuperUsers();
1751ListUserPermission
adminPerms = new ArrayList(superUsers.size() + 1);
-1752adminPerms.add(new
UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()),
-1753 AccessControlLists.ACL_TABLE_NAME,
null, null, Bytes.toBytes("ACRW")));
-1754
-1755for(String user: superUsers) {
-1756 adminPerms.add(new
UserPermission(Bytes.toBytes(user), AccessControlLists.ACL_TABLE_NAME,
-1757 null, null,
Action.values()));
-1758}
-1759assertTrue("Only super users, global
users and user admin has permission on table hbase:acl " +
-1760"per setup", perms.size() == 5 +
superUsers.size()
-1761
hasFoundUserPermission(adminPerms, perms));
-1762 }
-1763
-1764 /** global operations */
-1765 private void
verifyGlobal(AccessTestAction action) throws Exception {
-1766verifyAllowed(action, SUPERUSER);
-1767
-1768verifyDenied(action, USER_CREATE,
USER_RW, USER_NONE, USER_RO);
-1769 }
-1770
-1771 @Test
-1772 public void testCheckPermissions()
throws Exception {
-1773//
--
-1774// test global permissions
-1775AccessTestAction globalAdmin = new
AccessTestAction() {
-1776 @Override
-1777 public Void run() throws Exception
{
-1778checkGlobalPerms(TEST_UTIL,
Permission.Action.ADMIN);
-1779return null;
-1780 }
-1781};
-1782// verify that only superuser can
admin
-1783verifyGlobal(globalAdmin);
-1784
-1785//
--
-1786// test multiple permissions
-1787AccessTestAction globalReadWrite =
new AccessTestAction() {
-1788 @Override
-1789 public Void run() throws Exception
{
-1790checkGlobalPerms(TEST_UTIL,
Permission.Action.READ, Permission.Action.WRITE);
-1791return null;
-1792 }
-1793};
+1752adminPerms.add(new
UserPermission(USER_ADMIN.getShortName(), Bytes.toBytes("ACRW")));
+1753for(String user: superUsers) {
+1754 // Global permission
+1755 adminPerms.add(new
UserPermission(user, Action.values()));
+1756}
+1757assertTrue("Only super users, global
users and user admin has permission on table hbase:acl " +
+1758"per setup", perms.size() == 5 +
superUsers.size()
+1759
hasFoundUserPermission(adminPerms, perms));
+1760 }
+1761
+1762 /** global operations */
+1763 private void
verifyGlobal(AccessTestAction action) throws Exception {
+1764verifyAllowed(action, SUPERUSER);
+1765
+1766verifyDenied(action, USER_CREATE,
USER_RW, USER_NONE, USER_RO);
[20/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.html
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.html
new file mode 100644
index 000..4d5cbc9
--- /dev/null
+++
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.html
@@ -0,0 +1,680 @@
+http://www.w3.org/TR/html4/loose.dtd;>
+
+
+Source code
+
+
+
+
+001/**
+002 * Licensed to the Apache Software
Foundation (ASF) under one
+003 * or more contributor license
agreements. See the NOTICE file
+004 * distributed with this work for
additional information
+005 * regarding copyright ownership. The
ASF licenses this file
+006 * to you under the Apache License,
Version 2.0 (the
+007 * "License"); you may not use this file
except in compliance
+008 * with the License. You may obtain a
copy of the License at
+009 *
+010 *
http://www.apache.org/licenses/LICENSE-2.0
+011 *
+012 * Unless required by applicable law or
agreed to in writing, software
+013 * distributed under the License is
distributed on an "AS IS" BASIS,
+014 * WITHOUT WARRANTIES OR CONDITIONS OF
ANY KIND, either express or implied.
+015 * See the License for the specific
language governing permissions and
+016 * limitations under the License.
+017 */
+018
+019package
org.apache.hadoop.hbase.security.access;
+020
+021import java.io.Closeable;
+022import java.io.IOException;
+023import java.util.HashMap;
+024import java.util.HashSet;
+025import java.util.List;
+026import java.util.Map;
+027import java.util.Set;
+028import
java.util.concurrent.ConcurrentHashMap;
+029import
java.util.concurrent.atomic.AtomicLong;
+030
+031import
org.apache.hadoop.conf.Configuration;
+032import
org.apache.hadoop.hbase.AuthUtil;
+033import org.apache.hadoop.hbase.Cell;
+034import
org.apache.hadoop.hbase.TableName;
+035import
org.apache.hadoop.hbase.exceptions.DeserializationException;
+036import
org.apache.hadoop.hbase.log.HBaseMarkers;
+037import
org.apache.hadoop.hbase.security.Superusers;
+038import
org.apache.hadoop.hbase.security.User;
+039import
org.apache.hadoop.hbase.security.UserProvider;
+040import
org.apache.hadoop.hbase.util.Bytes;
+041import
org.apache.hadoop.hbase.zookeeper.ZKWatcher;
+042import
org.apache.yetus.audience.InterfaceAudience;
+043import
org.apache.zookeeper.KeeperException;
+044import org.slf4j.Logger;
+045import org.slf4j.LoggerFactory;
+046
+047import
org.apache.hbase.thirdparty.com.google.common.annotations.VisibleForTesting;
+048import
org.apache.hbase.thirdparty.com.google.common.collect.ListMultimap;
+049import
org.apache.hbase.thirdparty.com.google.common.collect.Lists;
+050
+051/**
+052 * Performs authorization checks for a
given user's assigned permissions.
+053 * p
+054 * There're following scopes:
bGlobal/b, bNamespace/b,
bTable/b, bFamily/b,
+055 * bQualifier/b,
bCell/b.
+056 * Generally speaking, higher scopes
can overrides lower scopes,
+057 * except for Cell permission can be
granted even a user has not permission on specified table,
+058 * which means the user can get/scan
only those granted cells parts.
+059 * /p
+060 * e.g, if user A has global permission
R(ead), he can
+061 * read table T without checking table
scope permission, so authorization checks alway starts from
+062 * Global scope.
+063 * p
+064 * For each scope, not only user but
also groups he belongs to will be checked.
+065 * /p
+066 */
+067@InterfaceAudience.Private
+068public final class AuthManager implements
Closeable {
+069
+070 /**
+071 * Cache of permissions, it is thread
safe.
+072 * @param T T extends
Permission
+073 */
+074 private static class
PermissionCacheT extends Permission {
+075private final Object mutex = new
Object();
+076private MapString,
SetT cache = new HashMap();
+077
+078void put(String name, T perm) {
+079 synchronized (mutex) {
+080SetT perms =
cache.getOrDefault(name, new HashSet());
+081perms.add(perm);
+082cache.put(name, perms);
+083 }
+084}
+085
+086SetT get(String name) {
+087 synchronized (mutex) {
+088return cache.get(name);
+089 }
+090}
+091
+092void clear() {
+093 synchronized (mutex) {
+094for (Map.EntryString,
SetT entry : cache.entrySet()) {
+095 entry.getValue().clear();
+096}
+097cache.clear();
+098 }
+099}
+100 }
+101
PermissionCacheNamespacePermission NS_NO_PERMISSION = new
PermissionCache();
+102 PermissionCacheTablePermission
TBL_NO_PERMISSION = new PermissionCache();
+103
+104 /**
+105 * Cache for global permission.
+106 * Since every user/group can only have
one global permission, no need to user PermissionCache.
+107 */
+108 private volatile MapString,
[43/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlLists.html
--
diff --git
a/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlLists.html
b/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlLists.html
index 2e59d6f..22cd830 100644
--- a/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlLists.html
+++ b/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlLists.html
@@ -18,7 +18,7 @@
catch(err) {
}
//-->
-var methods =
{"i0":9,"i1":9,"i2":9,"i3":9,"i4":9,"i5":9,"i6":9,"i7":9,"i8":9,"i9":9,"i10":9,"i11":9,"i12":9,"i13":9,"i14":9,"i15":9,"i16":9,"i17":9,"i18":9,"i19":9,"i20":9,"i21":9,"i22":9,"i23":9,"i24":9,"i25":9,"i26":9,"i27":9,"i28":9,"i29":9,"i30":9,"i31":9,"i32":9,"i33":9};
+var methods =
{"i0":9,"i1":9,"i2":9,"i3":9,"i4":9,"i5":9,"i6":9,"i7":9,"i8":9,"i9":9,"i10":9,"i11":9,"i12":9,"i13":9,"i14":9,"i15":9,"i16":9,"i17":9,"i18":9,"i19":9,"i20":9,"i21":9,"i22":9,"i23":9,"i24":9,"i25":9,"i26":9,"i27":9,"i28":9,"i29":9,"i30":9,"i31":9,"i32":9,"i33":9,"i34":9,"i35":9};
var tabs = {65535:["t0","All Methods"],1:["t1","Static
Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
@@ -266,12 +266,12 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
Cellcell)
-static
org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String,TablePermission
+static
org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String,UserPermission
getNamespacePermissions(org.apache.hadoop.conf.Configurationconf,
https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in
java.lang">Stringnamespace)
-(package private) static
org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String,TablePermission
+(package private) static
org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String,UserPermission
getPermissions(org.apache.hadoop.conf.Configurationconf,
byte[]entryName,
Tablet,
@@ -284,7 +284,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
-static
org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String,TablePermission
+static
org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String,UserPermission
getTablePermissions(org.apache.hadoop.conf.Configurationconf,
TableNametableName)
@@ -337,28 +337,32 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
static boolean
-isNamespaceEntry(byte[]entryName)
+isGlobalEntry(byte[]entryName)
static boolean
-isNamespaceEntry(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in
java.lang">StringentryName)
+isNamespaceEntry(byte[]entryName)
-(package private) static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true;
title="class or interface in
java.util">Mapbyte[],org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String,TablePermission
+static boolean
+isNamespaceEntry(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in
java.lang">StringentryName)
+
+
+(package private) static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true;
title="class or interface in
java.util">Mapbyte[],org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String,UserPermission
loadAll(org.apache.hadoop.conf.Configurationconf)
Load all permissions from the region server holding
_acl_,
primarily intended for testing purposes.
-
-(package private) static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true;
title="class or
[03/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadHelper.html
--
diff --git
a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadHelper.html
b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadHelper.html
index 5062e9b..23b4be7 100644
---
a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadHelper.html
+++
b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadHelper.html
@@ -282,7 +282,7 @@
274 public static void tearDownAfterClass()
throws Exception {
275cleanUp();
276TEST_UTIL.shutdownMiniCluster();
-277int total =
TableAuthManager.getTotalRefCount();
+277int total =
AuthManager.getTotalRefCount();
278assertTrue("Unexpected reference
count: " + total, total == 0);
279 }
280
@@ -1642,12 +1642,12 @@
1634 }
1635
1636 UserPermission ownerperm =
-1637 new
UserPermission(Bytes.toBytes(USER_OWNER.getName()), tableName, null,
Action.values());
+1637 new
UserPermission(USER_OWNER.getName(), tableName, Action.values());
1638 assertTrue("Owner should have all
permissions on table",
1639
hasFoundUserPermission(ownerperm, perms));
1640
1641 User user =
User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new
String[0]);
-1642 byte[] userName =
Bytes.toBytes(user.getShortName());
+1642 String userName =
user.getShortName();
1643
1644 UserPermission up =
1645 new UserPermission(userName,
tableName, family1, qualifier, Permission.Action.READ);
@@ -1733,7 +1733,7 @@
1725 }
1726
1727 UserPermission newOwnerperm =
-1728 new
UserPermission(Bytes.toBytes(newOwner.getName()), tableName, null,
Action.values());
+1728 new
UserPermission(newOwner.getName(), tableName, Action.values());
1729 assertTrue("New owner should have
all permissions on table",
1730
hasFoundUserPermission(newOwnerperm, perms));
1731} finally {
@@ -1757,1888 +1757,1898 @@
1749
1750CollectionString superUsers
= Superusers.getSuperUsers();
1751ListUserPermission
adminPerms = new ArrayList(superUsers.size() + 1);
-1752adminPerms.add(new
UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()),
-1753 AccessControlLists.ACL_TABLE_NAME,
null, null, Bytes.toBytes("ACRW")));
-1754
-1755for(String user: superUsers) {
-1756 adminPerms.add(new
UserPermission(Bytes.toBytes(user), AccessControlLists.ACL_TABLE_NAME,
-1757 null, null,
Action.values()));
-1758}
-1759assertTrue("Only super users, global
users and user admin has permission on table hbase:acl " +
-1760"per setup", perms.size() == 5 +
superUsers.size()
-1761
hasFoundUserPermission(adminPerms, perms));
-1762 }
-1763
-1764 /** global operations */
-1765 private void
verifyGlobal(AccessTestAction action) throws Exception {
-1766verifyAllowed(action, SUPERUSER);
-1767
-1768verifyDenied(action, USER_CREATE,
USER_RW, USER_NONE, USER_RO);
-1769 }
-1770
-1771 @Test
-1772 public void testCheckPermissions()
throws Exception {
-1773//
--
-1774// test global permissions
-1775AccessTestAction globalAdmin = new
AccessTestAction() {
-1776 @Override
-1777 public Void run() throws Exception
{
-1778checkGlobalPerms(TEST_UTIL,
Permission.Action.ADMIN);
-1779return null;
-1780 }
-1781};
-1782// verify that only superuser can
admin
-1783verifyGlobal(globalAdmin);
-1784
-1785//
--
-1786// test multiple permissions
-1787AccessTestAction globalReadWrite =
new AccessTestAction() {
-1788 @Override
-1789 public Void run() throws Exception
{
-1790checkGlobalPerms(TEST_UTIL,
Permission.Action.READ, Permission.Action.WRITE);
-1791return null;
-1792 }
-1793};
+1752adminPerms.add(new
UserPermission(USER_ADMIN.getShortName(), Bytes.toBytes("ACRW")));
+1753for(String user: superUsers) {
+1754 // Global permission
+1755 adminPerms.add(new
UserPermission(user, Action.values()));
+1756}
+1757assertTrue("Only super users, global
users and user admin has permission on table hbase:acl " +
+1758"per setup", perms.size() == 5 +
superUsers.size()
+1759
hasFoundUserPermission(adminPerms, perms));
+1760 }
+1761
+1762 /** global operations */
+1763 private void
verifyGlobal(AccessTestAction action) throws Exception {
+1764verifyAllowed(action, SUPERUSER);
+1765
+1766verifyDenied(action, USER_CREATE,
USER_RW, USER_NONE, USER_RO);
+1767 }
+1768
+1769 @Test
+1770 public void testCheckPermissions()
throws
[40/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html
--
diff --git
a/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html
b/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html
new file mode 100644
index 000..695371fd
--- /dev/null
+++
b/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html
@@ -0,0 +1,362 @@
+http://www.w3.org/TR/html4/loose.dtd;>
+
+
+
+
+
+AuthManager.PermissionCache (Apache HBase 3.0.0-SNAPSHOT API)
+
+
+
+
+
+var methods = {"i0":10,"i1":10,"i2":10};
+var tabs = {65535:["t0","All Methods"],2:["t2","Instance
Methods"],8:["t4","Concrete Methods"]};
+var altColor = "altColor";
+var rowColor = "rowColor";
+var tableTab = "tableTab";
+var activeTableTab = "activeTableTab";
+
+
+JavaScript is disabled on your browser.
+
+
+
+
+
+Skip navigation links
+
+
+
+
+Overview
+Package
+Class
+Use
+Tree
+Deprecated
+Index
+Help
+
+
+
+
+PrevClass
+NextClass
+
+
+Frames
+NoFrames
+
+
+AllClasses
+
+
+
+
+
+
+
+Summary:
+Nested|
+Field|
+Constr|
+Method
+
+
+Detail:
+Field|
+Constr|
+Method
+
+
+
+
+
+
+
+
+org.apache.hadoop.hbase.security.access
+Class
AuthManager.PermissionCacheT extends Permission
+
+
+
+https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">java.lang.Object
+
+
+org.apache.hadoop.hbase.security.access.AuthManager.PermissionCacheT
+
+
+
+
+
+
+
+Type Parameters:
+T - T extends Permission
+
+
+Enclosing class:
+AuthManager
+
+
+
+private static class AuthManager.PermissionCacheT
extends Permission
+extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">Object
+Cache of permissions, it is thread safe.
+
+
+
+
+
+
+
+
+
+
+
+Field Summary
+
+Fields
+
+Modifier and Type
+Field and Description
+
+
+private https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true;
title="class or interface in java.util">Maphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String,https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true;
title="class or interface in java.util">SetT
+cache
+
+
+private https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">Object
+mutex
+
+
+
+
+
+
+
+
+
+Constructor Summary
+
+Constructors
+
+Modifier
+Constructor and Description
+
+
+private
+PermissionCache()
+
+
+
+
+
+
+
+
+
+Method Summary
+
+All MethodsInstance MethodsConcrete Methods
+
+Modifier and Type
+Method and Description
+
+
+(package private) void
+clear()
+
+
+(package private) https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true;
title="class or interface in java.util">SetT
+get(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">Stringname)
+
+
+(package private) void
+put(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">Stringname,
+ Tperm)
+
+
+
+
+
+
+Methods inherited from classjava.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">Object
+https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone--;
title="class or interface in java.lang">clone, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals-java.lang.Object-;
title="class or interface in java.lang">equals, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize--;
title="class or interface in java.lang">finalize, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass--;
title="class or interface in java.lang">getClass, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#hashCode--;
title="class or interface in java.lang">hashCode, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notify--;
title="class or interface in java.lang">notify, https://docs.oracle.com/javase/8/docs/api/ja
va/lang/Object.html?is-external=true#notifyAll--" title="class or interface in
java.lang">notifyAll,
[19/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.Action.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.Action.html
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.Action.html
index 042bf4a..cb2cfdc 100644
---
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.Action.html
+++
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.Action.html
@@ -30,194 +30,226 @@
022import java.io.DataOutput;
023import java.io.IOException;
024import java.util.Arrays;
-025import java.util.Map;
-026
-027import
org.apache.yetus.audience.InterfaceAudience;
-028import org.slf4j.Logger;
-029import org.slf4j.LoggerFactory;
-030import
org.apache.hadoop.hbase.util.Bytes;
-031import
org.apache.hadoop.io.VersionedWritable;
-032
-033import
org.apache.hbase.thirdparty.com.google.common.collect.Maps;
-034
-035/**
-036 * Base permissions instance representing
the ability to perform a given set
-037 * of actions.
-038 *
-039 * @see TablePermission
-040 */
-041@InterfaceAudience.Public
-042public class Permission extends
VersionedWritable {
-043 protected static final byte VERSION =
0;
-044
-045 @InterfaceAudience.Public
-046 public enum Action {
-047READ('R'), WRITE('W'), EXEC('X'),
CREATE('C'), ADMIN('A');
-048
-049private final byte code;
-050Action(char code) {
-051 this.code = (byte)code;
-052}
-053
-054public byte code() { return code; }
-055 }
-056
-057 private static final Logger LOG =
LoggerFactory.getLogger(Permission.class);
-058 protected static final
MapByte,Action ACTION_BY_CODE = Maps.newHashMap();
-059
-060 protected Action[] actions;
+025import java.util.EnumSet;
+026import java.util.Map;
+027
+028import
org.apache.yetus.audience.InterfaceAudience;
+029import org.slf4j.Logger;
+030import org.slf4j.LoggerFactory;
+031import
org.apache.hadoop.hbase.util.Bytes;
+032import
org.apache.hadoop.io.VersionedWritable;
+033
+034import
org.apache.hbase.thirdparty.com.google.common.collect.ImmutableMap;
+035
+036/**
+037 * Base permissions instance representing
the ability to perform a given set
+038 * of actions.
+039 *
+040 * @see TablePermission
+041 */
+042@InterfaceAudience.Public
+043public class Permission extends
VersionedWritable {
+044 protected static final byte VERSION =
0;
+045
+046 @InterfaceAudience.Public
+047 public enum Action {
+048READ('R'), WRITE('W'), EXEC('X'),
CREATE('C'), ADMIN('A');
+049
+050private final byte code;
+051Action(char code) {
+052 this.code = (byte) code;
+053}
+054
+055public byte code() { return code; }
+056 }
+057
+058 @InterfaceAudience.Private
+059 protected enum Scope {
+060GLOBAL('G'), NAMESPACE('N'),
TABLE('T'), EMPTY('E');
061
-062 static {
-063for (Action a : Action.values()) {
-064 ACTION_BY_CODE.put(a.code(), a);
+062private final byte code;
+063Scope(char code) {
+064 this.code = (byte) code;
065}
-066 }
-067
-068 /** Empty constructor for Writable
implementation. bDo not use./b */
-069 public Permission() {
-070super();
-071 }
-072
-073 public Permission(Action... assigned)
{
-074if (assigned != null
assigned.length 0) {
-075 actions = Arrays.copyOf(assigned,
assigned.length);
-076}
-077 }
-078
-079 public Permission(byte[] actionCodes)
{
-080if (actionCodes != null) {
-081 Action acts[] = new
Action[actionCodes.length];
-082 int j = 0;
-083 for (int i=0;
iactionCodes.length; i++) {
-084byte b = actionCodes[i];
-085Action a =
ACTION_BY_CODE.get(b);
-086if (a == null) {
-087 LOG.error("Ignoring unknown
action code '"+
-088 Bytes.toStringBinary(new
byte[]{b})+"'");
-089 continue;
-090}
-091acts[j++] = a;
-092 }
-093 this.actions = Arrays.copyOf(acts,
j);
-094}
+066
+067public byte code() {
+068 return code;
+069}
+070 }
+071
+072 private static final Logger LOG =
LoggerFactory.getLogger(Permission.class);
+073
+074 protected static final MapByte,
Action ACTION_BY_CODE;
+075 protected static final MapByte,
Scope SCOPE_BY_CODE;
+076
+077 protected EnumSetAction actions
= EnumSet.noneOf(Action.class);
+078 protected Scope scope = Scope.EMPTY;
+079
+080 static {
+081ACTION_BY_CODE = ImmutableMap.of(
+082 Action.READ.code, Action.READ,
+083 Action.WRITE.code, Action.WRITE,
+084 Action.EXEC.code, Action.EXEC,
+085 Action.CREATE.code,
Action.CREATE,
+086 Action.ADMIN.code, Action.ADMIN
+087);
+088
+089SCOPE_BY_CODE = ImmutableMap.of(
+090 Scope.GLOBAL.code, Scope.GLOBAL,
+091 Scope.NAMESPACE.code,
Scope.NAMESPACE,
+092 Scope.TABLE.code, Scope.TABLE,
+093 Scope.EMPTY.code, Scope.EMPTY
+094
[37/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/Permission.Scope.html
--
diff --git
a/devapidocs/org/apache/hadoop/hbase/security/access/Permission.Scope.html
b/devapidocs/org/apache/hadoop/hbase/security/access/Permission.Scope.html
new file mode 100644
index 000..2e5ccef
--- /dev/null
+++ b/devapidocs/org/apache/hadoop/hbase/security/access/Permission.Scope.html
@@ -0,0 +1,420 @@
+http://www.w3.org/TR/html4/loose.dtd;>
+
+
+
+
+
+Permission.Scope (Apache HBase 3.0.0-SNAPSHOT API)
+
+
+
+
+
+var methods = {"i0":10,"i1":9,"i2":9};
+var tabs = {65535:["t0","All Methods"],1:["t1","Static
Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]};
+var altColor = "altColor";
+var rowColor = "rowColor";
+var tableTab = "tableTab";
+var activeTableTab = "activeTableTab";
+
+
+JavaScript is disabled on your browser.
+
+
+
+
+
+Skip navigation links
+
+
+
+
+Overview
+Package
+Class
+Use
+Tree
+Deprecated
+Index
+Help
+
+
+
+
+PrevClass
+NextClass
+
+
+Frames
+NoFrames
+
+
+AllClasses
+
+
+
+
+
+
+
+Summary:
+Nested|
+Enum Constants|
+Field|
+Method
+
+
+Detail:
+Enum Constants|
+Field|
+Method
+
+
+
+
+
+
+
+
+org.apache.hadoop.hbase.security.access
+Enum Permission.Scope
+
+
+
+https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">java.lang.Object
+
+
+https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true;
title="class or interface in java.lang">java.lang.EnumPermission.Scope
+
+
+org.apache.hadoop.hbase.security.access.Permission.Scope
+
+
+
+
+
+
+
+
+
+All Implemented Interfaces:
+https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true;
title="class or interface in java.io">Serializable, https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true;
title="class or interface in java.lang">ComparablePermission.Scope
+
+
+Enclosing class:
+Permission
+
+
+
+@InterfaceAudience.Private
+protected static enum Permission.Scope
+extends https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true;
title="class or interface in java.lang">EnumPermission.Scope
+
+
+
+
+
+
+
+
+
+
+
+Enum Constant Summary
+
+Enum Constants
+
+Enum Constant and Description
+
+
+EMPTY
+
+
+GLOBAL
+
+
+NAMESPACE
+
+
+TABLE
+
+
+
+
+
+
+
+
+
+Field Summary
+
+Fields
+
+Modifier and Type
+Field and Description
+
+
+private byte
+code
+
+
+
+
+
+
+
+
+
+Method Summary
+
+All MethodsStatic MethodsInstance MethodsConcrete Methods
+
+Modifier and Type
+Method and Description
+
+
+byte
+code()
+
+
+static Permission.Scope
+valueOf(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">Stringname)
+Returns the enum constant of this type with the specified
name.
+
+
+
+static Permission.Scope[]
+values()
+Returns an array containing the constants of this enum
type, in
+the order they are declared.
+
+
+
+
+
+
+
+Methods inherited from classjava.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true;
title="class or interface in java.lang">Enum
+https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#clone--;
title="class or interface in java.lang">clone, https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#compareTo-E-;
title="class or interface in java.lang">compareTo, https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#equals-java.lang.Object-;
title="class or interface in java.lang">equals, https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#finalize--;
title="class or interface in java.lang">finalize, https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#getDeclaringClass--;
title="class or interface in java.lang">getDeclaringClass, https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#hashCode--;
title="class or interface in java.lang">hashCode, https://docs.oracle.com/javase/
8/docs/api/java/lang/Enum.html?is-external=true#name--" title="class or
interface in java.lang">name, https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#ordinal--;
title="class or interface in java.lang">ordinal, https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#toString--;
title="class or interface in
[28/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/package-summary.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/package-summary.html b/devapidocs/org/apache/hadoop/hbase/security/access/package-summary.html index 85862c4..f46c7df 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/package-summary.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/package-summary.html @@ -138,6 +138,18 @@ +AuthManager + +Performs authorization checks for a given user's assigned permissions. + + + +AuthManager.PermissionCacheT extends Permission + +Cache of permissions, it is thread safe. + + + AuthResult Represents the result of an authorization check for logging and error @@ -155,6 +167,18 @@ +GlobalPermission + +Represents an authorization for access whole cluster. + + + +NamespacePermission + +Represents an authorization for access for the given namespace. + + + Permission Base permissions instance representing the ability to perform a given set @@ -175,16 +199,6 @@ -TableAuthManager - -Performs authorization checks for a given user's assigned permissions - - - -TableAuthManager.PermissionCacheT extends Permission - - - TablePermission Represents an authorization for access for the given actions, optionally @@ -195,8 +209,7 @@ UserPermission -Represents an authorization for access over the given table, column family - plus qualifier, for the given user. +UserPermission consists of a user name and a permission. @@ -229,6 +242,10 @@ Permission.Action + +Permission.Scope + + http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/package-tree.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/package-tree.html b/devapidocs/org/apache/hadoop/hbase/security/access/package-tree.html index f594c43..b6b603e 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/package-tree.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/package-tree.html @@ -86,6 +86,8 @@ org.apache.hadoop.hbase.security.access.AccessController (implements org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface, org.apache.hadoop.hbase.coprocessor.BulkLoadObserver, org.apache.hadoop.hbase.coprocessor.EndpointObserver, org.apache.hadoop.hbase.coprocessor.MasterCoprocessor, org.apache.hadoop.hbase.c oprocessor.MasterObserver, org.apache.hadoop.hbase.coprocessor.RegionCoprocessor, org.apache.hadoop.hbase.coprocessor.RegionObserver, org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessor, org.apache.hadoop.hbase.coprocessor.RegionServerObserver) org.apache.hadoop.hbase.security.access.AccessControlLists org.apache.hadoop.hbase.security.access.AccessControlUtil +org.apache.hadoop.hbase.security.access.AuthManager (implements java.io.https://docs.oracle.com/javase/8/docs/api/java/io/Closeable.html?is-external=true; title="class or interface in java.io">Closeable) +org.apache.hadoop.hbase.security.access.AuthManager.PermissionCacheT org.apache.hadoop.hbase.security.access.AuthResult org.apache.hadoop.hbase.security.access.AuthResult.Params org.apache.hadoop.hbase.security.access.CoprocessorWhitelistMasterObserver (implements org.apache.hadoop.hbase.coprocessor.MasterCoprocessor, org.apache.hadoop.hbase.coprocessor.MasterObserver) @@ -104,22 +106,19 @@ org.apache.hadoop.hbase.security.access.ShadedAccessControlUtil -org.apache.hadoop.hbase.security.access.TableAuthManager (implements java.io.https://docs.oracle.com/javase/8/docs/api/java/io/Closeable.html?is-external=true; title="class or interface in java.io">Closeable) -org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCacheT org.apache.hadoop.hbase.security.User org.apache.hadoop.hbase.security.access.AccessChecker.InputUser +org.apache.hadoop.hbase.security.access.UserPermission org.apache.hadoop.io.VersionedWritable (implements org.apache.hadoop.io.Writable) org.apache.hadoop.hbase.security.access.Permission -org.apache.hadoop.hbase.security.access.TablePermission - -org.apache.hadoop.hbase.security.access.UserPermission - - +org.apache.hadoop.hbase.security.access.GlobalPermission +org.apache.hadoop.hbase.security.access.NamespacePermission +org.apache.hadoop.hbase.security.access.TablePermission @@ -143,8 +142,9 @@ java.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true; title="class or interface in java.lang">EnumE (implements java.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true; title="class or interface in java.lang">ComparableT,
[11/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.CompletedSnaphotDirectoriesFilter.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.CompletedSnaphotDirectoriesFilter.html
b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.CompletedSnaphotDirectoriesFilter.html
index 63a00a7..32d6965 100644
---
a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.CompletedSnaphotDirectoriesFilter.html
+++
b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.CompletedSnaphotDirectoriesFilter.html
@@ -43,7 +43,7 @@
035import
org.apache.hadoop.hbase.security.User;
036import
org.apache.hadoop.hbase.security.access.AccessControlLists;
037import
org.apache.hadoop.hbase.security.access.ShadedAccessControlUtil;
-038import
org.apache.hadoop.hbase.security.access.TablePermission;
+038import
org.apache.hadoop.hbase.security.access.UserPermission;
039import
org.apache.hadoop.hbase.util.EnvironmentEdgeManager;
040import
org.apache.hadoop.hbase.util.FSUtils;
041import
org.apache.yetus.audience.InterfaceAudience;
@@ -443,10 +443,10 @@
435
436 private static SnapshotDescription
writeAclToSnapshotDescription(SnapshotDescription snapshot,
437 Configuration conf) throws
IOException {
-438ListMultimapString,
TablePermission perms =
-439User.runAsLoginUser(new
PrivilegedExceptionActionListMultimapString, TablePermission()
{
+438ListMultimapString,
UserPermission perms =
+439User.runAsLoginUser(new
PrivilegedExceptionActionListMultimapString, UserPermission()
{
440 @Override
-441 public ListMultimapString,
TablePermission run() throws Exception {
+441 public ListMultimapString,
UserPermission run() throws Exception {
442return
AccessControlLists.getTablePermissions(conf,
443
TableName.valueOf(snapshot.getTable()));
444 }
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.html
b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.html
index 63a00a7..32d6965 100644
---
a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.html
+++
b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.html
@@ -43,7 +43,7 @@
035import
org.apache.hadoop.hbase.security.User;
036import
org.apache.hadoop.hbase.security.access.AccessControlLists;
037import
org.apache.hadoop.hbase.security.access.ShadedAccessControlUtil;
-038import
org.apache.hadoop.hbase.security.access.TablePermission;
+038import
org.apache.hadoop.hbase.security.access.UserPermission;
039import
org.apache.hadoop.hbase.util.EnvironmentEdgeManager;
040import
org.apache.hadoop.hbase.util.FSUtils;
041import
org.apache.yetus.audience.InterfaceAudience;
@@ -443,10 +443,10 @@
435
436 private static SnapshotDescription
writeAclToSnapshotDescription(SnapshotDescription snapshot,
437 Configuration conf) throws
IOException {
-438ListMultimapString,
TablePermission perms =
-439User.runAsLoginUser(new
PrivilegedExceptionActionListMultimapString, TablePermission()
{
+438ListMultimapString,
UserPermission perms =
+439User.runAsLoginUser(new
PrivilegedExceptionActionListMultimapString, UserPermission()
{
440 @Override
-441 public ListMultimapString,
TablePermission run() throws Exception {
+441 public ListMultimapString,
UserPermission run() throws Exception {
442return
AccessControlLists.getTablePermissions(conf,
443
TableName.valueOf(snapshot.getTable()));
444 }
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/downloads.html
--
diff --git a/downloads.html b/downloads.html
index 5c0d243..405ed9e 100644
--- a/downloads.html
+++ b/downloads.html
@@ -7,7 +7,7 @@
-
+
Apache HBase Apache HBase Downloads
@@ -461,7 +461,7 @@ under the License. -->
https://www.apache.org/;>The Apache Software
Foundation.
All rights reserved.
- Last Published:
2018-11-14
+ Last Published:
2018-11-15
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/export_control.html
--
diff --git a/export_control.html b/export_control.html
index
[10/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html
--
diff --git
a/testdevapidocs/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html
b/testdevapidocs/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html
index 022325c..48a55d3 100644
---
a/testdevapidocs/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html
+++
b/testdevapidocs/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html
@@ -18,7 +18,7 @@
catch(err) {
}
//-->
-var methods =
{"i0":10,"i1":9,"i2":10,"i3":9,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10};
+var methods =
{"i0":10,"i1":9,"i2":10,"i3":9,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10,"i13":10};
var tabs = {65535:["t0","All Methods"],1:["t1","Static
Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
@@ -109,7 +109,7 @@ var activeTableTab = "activeTableTab";
-public class TestDataBlockEncoders
+public class TestDataBlockEncoders
extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">Object
Test all of the data block encoding algorithms for
correctness. Most of the
class generate data which will test different branches in code.
@@ -274,11 +274,15 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
void
+testRowIndexWithTagsButNoTagsInCell()
+
+
+void
testSeekingOnSample()
Test seeking while file is encoded.
-
+
void
testZeroByte()
@@ -310,7 +314,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
CLASS_RULE
-public static finalHBaseClassTestRule CLASS_RULE
+public static finalHBaseClassTestRule CLASS_RULE
@@ -319,7 +323,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
LOG
-private static finalorg.slf4j.Logger LOG
+private static finalorg.slf4j.Logger LOG
@@ -328,7 +332,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
NUMBER_OF_KV
-private staticint NUMBER_OF_KV
+private staticint NUMBER_OF_KV
@@ -337,7 +341,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
NUM_RANDOM_SEEKS
-private staticint NUM_RANDOM_SEEKS
+private staticint NUM_RANDOM_SEEKS
@@ -346,7 +350,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
ENCODED_DATA_OFFSET
-private staticint ENCODED_DATA_OFFSET
+private staticint ENCODED_DATA_OFFSET
@@ -355,7 +359,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
HFILEBLOCK_DUMMY_HEADER
-static finalbyte[] HFILEBLOCK_DUMMY_HEADER
+static finalbyte[] HFILEBLOCK_DUMMY_HEADER
@@ -364,7 +368,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
generator
-privateRedundantKVGenerator generator
+privateRedundantKVGenerator generator
@@ -373,7 +377,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
randomizer
-privatehttps://docs.oracle.com/javase/8/docs/api/java/util/Random.html?is-external=true;
title="class or interface in java.util">Random randomizer
+privatehttps://docs.oracle.com/javase/8/docs/api/java/util/Random.html?is-external=true;
title="class or interface in java.util">Random randomizer
@@ -382,7 +386,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
includesMemstoreTS
-private finalboolean includesMemstoreTS
+private finalboolean includesMemstoreTS
@@ -391,7 +395,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
includesTags
-private finalboolean includesTags
+private finalboolean includesTags
@@ -400,7 +404,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
useOffheapData
-private finalboolean useOffheapData
+private finalboolean useOffheapData
@@ -417,7 +421,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
TestDataBlockEncoders
-publicTestDataBlockEncoders(booleanincludesMemstoreTS,
+publicTestDataBlockEncoders(booleanincludesMemstoreTS,
booleanincludesTag,
booleanuseOffheapData)
@@ -436,7 +440,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
parameters
-public statichttps://docs.oracle.com/javase/8/docs/api/java/util/Collection.html?is-external=true;
title="class or interface in java.util">Collectionhttps://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">Object[]parameters()
+public statichttps://docs.oracle.com/javase/8/docs/api/java/util/Collection.html?is-external=true;
title="class or interface in
[38/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/CoprocessorWhitelistMasterObserver.html
--
diff --git
a/devapidocs/org/apache/hadoop/hbase/security/access/CoprocessorWhitelistMasterObserver.html
b/devapidocs/org/apache/hadoop/hbase/security/access/CoprocessorWhitelistMasterObserver.html
index cb74478..ce837e5 100644
---
a/devapidocs/org/apache/hadoop/hbase/security/access/CoprocessorWhitelistMasterObserver.html
+++
b/devapidocs/org/apache/hadoop/hbase/security/access/CoprocessorWhitelistMasterObserver.html
@@ -50,7 +50,7 @@ var activeTableTab = "activeTableTab";
PrevClass
-NextClass
+NextClass
Frames
@@ -459,7 +459,7 @@ implements
PrevClass
-NextClass
+NextClass
Frames
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/GlobalPermission.html
--
diff --git
a/devapidocs/org/apache/hadoop/hbase/security/access/GlobalPermission.html
b/devapidocs/org/apache/hadoop/hbase/security/access/GlobalPermission.html
new file mode 100644
index 000..cb72507
--- /dev/null
+++ b/devapidocs/org/apache/hadoop/hbase/security/access/GlobalPermission.html
@@ -0,0 +1,404 @@
+http://www.w3.org/TR/html4/loose.dtd;>
+
+
+
+
+
+GlobalPermission (Apache HBase 3.0.0-SNAPSHOT API)
+
+
+
+
+
+var methods = {"i0":10,"i1":10,"i2":10};
+var tabs = {65535:["t0","All Methods"],2:["t2","Instance
Methods"],8:["t4","Concrete Methods"]};
+var altColor = "altColor";
+var rowColor = "rowColor";
+var tableTab = "tableTab";
+var activeTableTab = "activeTableTab";
+
+
+JavaScript is disabled on your browser.
+
+
+
+
+
+Skip navigation links
+
+
+
+
+Overview
+Package
+Class
+Use
+Tree
+Deprecated
+Index
+Help
+
+
+
+
+PrevClass
+NextClass
+
+
+Frames
+NoFrames
+
+
+AllClasses
+
+
+
+
+
+
+
+Summary:
+Nested|
+Field|
+Constr|
+Method
+
+
+Detail:
+Field|
+Constr|
+Method
+
+
+
+
+
+
+
+
+org.apache.hadoop.hbase.security.access
+Class GlobalPermission
+
+
+
+https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">java.lang.Object
+
+
+org.apache.hadoop.io.VersionedWritable
+
+
+org.apache.hadoop.hbase.security.access.Permission
+
+
+org.apache.hadoop.hbase.security.access.GlobalPermission
+
+
+
+
+
+
+
+
+
+
+
+All Implemented Interfaces:
+org.apache.hadoop.io.Writable
+
+
+
+@InterfaceAudience.Private
+public class GlobalPermission
+extends Permission
+Represents an authorization for access whole cluster.
+
+
+
+
+
+
+
+
+
+
+
+Nested Class Summary
+
+
+
+
+Nested classes/interfaces inherited from
classorg.apache.hadoop.hbase.security.access.Permission
+Permission.Action,
Permission.Scope
+
+
+
+
+
+
+
+
+Field Summary
+
+
+
+
+Fields inherited from
classorg.apache.hadoop.hbase.security.access.Permission
+ACTION_BY_CODE,
actions,
scope,
SCOPE_BY_CODE,
VERSION
+
+
+
+
+
+
+
+
+Constructor Summary
+
+Constructors
+
+Constructor and Description
+
+
+GlobalPermission()
+Default constructor for Writable, do not use
+
+
+
+GlobalPermission(byte[]actionCode)
+Construct a global permission.
+
+
+
+GlobalPermission(Permission.Action...assigned)
+Construct a global permission.
+
+
+
+
+
+
+
+
+
+
+Method Summary
+
+All MethodsInstance MethodsConcrete Methods
+
+Modifier and Type
+Method and Description
+
+
+boolean
+equals(https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">Objectobj)
+
+
+int
+hashCode()
+
+
+https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String
+toString()
+
+
+
+
+
+
+Methods inherited from
classorg.apache.hadoop.hbase.security.access.Permission
+equalsExceptActions,
getAccessScope,
getActions,
getVersion,
implies,
rawExpression,
readFields,
setActions,
write
+
+
+
+
+
+Methods inherited from classjava.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in java.lang">Object
+https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone--;
title="class or interface in java.lang">clone, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize--;
title="class or interface in java.lang">finalize,
[46/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/class-use/TableName.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/class-use/TableName.html b/devapidocs/org/apache/hadoop/hbase/class-use/TableName.html index 3065dad..a277554 100644 --- a/devapidocs/org/apache/hadoop/hbase/class-use/TableName.html +++ b/devapidocs/org/apache/hadoop/hbase/class-use/TableName.html @@ -9973,8 +9973,10 @@ service. AccessController.tableAcls -private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentSkipListMap.html?is-external=true; title="class or interface in java.util.concurrent">ConcurrentSkipListMapTableName,TableAuthManager.PermissionCacheTablePermission -TableAuthManager.tableCache +private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentHashMap.html?is-external=true; title="class or interface in java.util.concurrent">ConcurrentHashMapTableName,AuthManager.PermissionCacheTablePermission +AuthManager.tableCache +Cache for table permission. + @@ -10015,6 +10017,15 @@ service. +boolean +AuthManager.accessUserTable(Useruser, + TableNametable, + Permission.Actionaction) +Checks if the user has access to the full table or at least a family/qualifier + for the specified action. + + + static AuthResult AuthResult.allow(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringrequest, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringreason, @@ -10024,7 +10035,7 @@ service. byte[]family, byte[]qualifier) - + static AuthResult AuthResult.allow(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringrequest, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringreason, @@ -10033,68 +10044,67 @@ service. TableNametable, https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Mapbyte[],? extends https://docs.oracle.com/javase/8/docs/api/java/util/Collection.html?is-external=true; title="class or interface in java.util">Collection?families) + +boolean +AuthManager.authorizeCell(Useruser, + TableNametable, + Cellcell, + Permission.Actionaction) +Check if user has given action privilige in cell scope. + + private boolean -TableAuthManager.authorize(https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">ListTablePermissionperms, - TableNametable, - byte[]family, - byte[]qualifier, - Permission.Actionaction) +AuthManager.authorizeFamily(https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true; title="class or interface in java.util">SetTablePermissionpermissions, + TableNametable, + byte[]family, + Permission.Actionaction) -boolean -TableAuthManager.authorize(Useruser, - TableNametable, - byte[]family, - byte[]qualifier, - Permission.Actionaction) +private boolean +AuthManager.authorizeTable(https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true; title="class or interface in java.util">SetTablePermissionpermissions, + TableNametable, + byte[]family, + byte[]qualifier, + Permission.Actionaction) boolean -TableAuthManager.authorize(Useruser, - TableNametable, - byte[]family, - Permission.Actionaction) +AuthManager.authorizeUserFamily(Useruser, + TableNametable, + byte[]family, + Permission.Actionaction) +Check if user has given action privilige in table:family scope. + boolean -TableAuthManager.authorize(Useruser, - TableNametable, - Cellcell, - Permission.Actionaction) -Authorize a user for a given KV. +AuthManager.authorizeUserTable(Useruser, + TableNametable, + byte[]family, + byte[]qualifier, + Permission.Actionaction) +Check if user has given action privilige in table:family:qualifier scope. boolean -TableAuthManager.authorizeGroup(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">StringgroupName, - TableNametable, - byte[]family, - byte[]qualifier, - Permission.Actionaction) -Checks authorization to a given table, column family and column for a group, based - on the stored permissions.
[31/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Action.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Action.html b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Action.html index 9ca96d9..0a6df8c 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Action.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Action.html @@ -129,10 +129,6 @@ private Permission.Action AuthResult.action - -protected Permission.Action[] -Permission.actions - @@ -146,6 +142,10 @@ protected static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Maphttps://docs.oracle.com/javase/8/docs/api/java/lang/Byte.html?is-external=true; title="class or interface in java.lang">Byte,Permission.Action Permission.ACTION_BY_CODE + +protected https://docs.oracle.com/javase/8/docs/api/java/util/EnumSet.html?is-external=true; title="class or interface in java.util">EnumSetPermission.Action +Permission.actions + @@ -220,6 +220,15 @@ the order they are declared. +boolean +AuthManager.accessUserTable(Useruser, + TableNametable, + Permission.Actionaction) +Checks if the user has access to the full table or at least a family/qualifier + for the specified action. + + + static AuthResult AuthResult.allow(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringrequest, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringreason, @@ -227,7 +236,7 @@ the order they are declared. Permission.Actionaction, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace) - + static AuthResult AuthResult.allow(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringrequest, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringreason, @@ -237,7 +246,7 @@ the order they are declared. byte[]family, byte[]qualifier) - + static AuthResult AuthResult.allow(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringrequest, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringreason, @@ -246,100 +255,90 @@ the order they are declared. TableNametable, https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Mapbyte[],? extends https://docs.oracle.com/javase/8/docs/api/java/util/Collection.html?is-external=true; title="class or interface in java.util">Collection?families) - -private boolean -TableAuthManager.authorize(https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">ListPermissionperms, - Permission.Actionaction) -Authorizes a global permission - - -private boolean -TableAuthManager.authorize(https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">ListTablePermissionperms, - https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace, - Permission.Actionaction) +boolean +AuthManager.authorizeCell(Useruser, + TableNametable, + Cellcell, + Permission.Actionaction) +Check if user has given action privilige in cell scope. + private boolean -TableAuthManager.authorize(https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">ListTablePermissionperms, - TableNametable, - byte[]family, - byte[]qualifier, - Permission.Actionaction) +AuthManager.authorizeFamily(https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true; title="class or interface in java.util">SetTablePermissionpermissions, + TableNametable, + byte[]family, + Permission.Actionaction) -boolean -TableAuthManager.authorize(Useruser, - Permission.Actionaction) -Authorize a global permission based on ACLs for the given user and the - user's groups. - +private boolean +AuthManager.authorizeGlobal(GlobalPermissionpermissions, + Permission.Actionaction) -boolean -TableAuthManager.authorize(Useruser, -
[49/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/checkstyle.rss -- diff --git a/checkstyle.rss b/checkstyle.rss index b3dec4e..4413b7a 100644 --- a/checkstyle.rss +++ b/checkstyle.rss @@ -25,8 +25,8 @@ under the License. en-us 2007 - 2018 The Apache Software Foundation - File: 3806, - Errors: 15073, + File: 3809, + Errors: 14996, Warnings: 0, Infos: 0 @@ -601,7 +601,7 @@ under the License. 0 - 7 + 2 @@ -3583,7 +3583,7 @@ under the License. 0 - 3 + 0 @@ -4031,7 +4031,7 @@ under the License. 0 - 17 + 16 @@ -6906,6 +6906,20 @@ under the License. + http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.security.access.AuthManager.java;>org/apache/hadoop/hbase/security/access/AuthManager.java + + + 0 + + + 0 + + + 0 + + + + http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.util.Methods.java;>org/apache/hadoop/hbase/util/Methods.java @@ -14844,6 +14858,20 @@ under the License. + http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.master.assignment.TestRegionAssignedToMultipleRegionServers.java;>org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.java + + + 0 + + + 0 + + + 0 + + + + http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.rest.TestGzipFilter.java;>org/apache/hadoop/hbase/rest/TestGzipFilter.java @@ -28088,6 +28116,20 @@ under the License. + http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.security.access.NamespacePermission.java;>org/apache/hadoop/hbase/security/access/NamespacePermission.java + + + 0 + + + 0 + + + 0 + + + + http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.mapreduce.TestTableMapReduce.java;>org/apache/hadoop/hbase/mapreduce/TestTableMapReduce.java @@ -31009,7 +31051,7 @@ under the License. 0 - 13 + 7 @@ -35993,7 +36035,7 @@ under the License. 0 - 10 + 1 @@ -37925,7 +37967,7 @@ under the License. 0 - 40 + 36 @@ -38420,20 +38462,6 @@ under the License. - http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.security.access.TableAuthManager.java;>org/apache/hadoop/hbase/security/access/TableAuthManager.java - - - 0 - - - 0 - - - 43 - - - - http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.regionserver.FlushPolicy.java;>org/apache/hadoop/hbase/regionserver/FlushPolicy.java @@ -42363,7 +42391,7 @@ under the License. 0 - 16 + 13 @@ -48313,7 +48341,7 @@ under the License.
[34/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/TablePermission.html
--
diff --git
a/devapidocs/org/apache/hadoop/hbase/security/access/TablePermission.html
b/devapidocs/org/apache/hadoop/hbase/security/access/TablePermission.html
index 0025ba5..7903176 100644
--- a/devapidocs/org/apache/hadoop/hbase/security/access/TablePermission.html
+++ b/devapidocs/org/apache/hadoop/hbase/security/access/TablePermission.html
@@ -18,7 +18,7 @@
catch(err) {
}
//-->
-var methods =
{"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10,"i13":10,"i14":10,"i15":10,"i16":10,"i17":10,"i18":10,"i19":10};
+var methods =
{"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10,"i13":10,"i14":10,"i15":10,"i16":10,"i17":10,"i18":10,"i19":10,"i20":10};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance
Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
@@ -49,7 +49,7 @@ var activeTableTab = "activeTableTab";
-PrevClass
+PrevClass
NextClass
@@ -121,10 +121,6 @@ var activeTableTab = "activeTableTab";
All Implemented Interfaces:
org.apache.hadoop.io.Writable
-
-Direct Known Subclasses:
-UserPermission
-
@InterfaceAudience.Private
@@ -132,7 +128,7 @@ public class Permission
Represents an authorization for access for the given
actions, optionally
restricted to the given column family or column qualifier, over the
- given table. If the family property is null, it implies
+ given table. If the family property is null, it implies
full table access.
@@ -151,7 +147,7 @@ extends Permission
-Permission.Action
+Permission.Action,
Permission.Scope
@@ -172,14 +168,10 @@ extends family
-private https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">String
-namespace
-
-
private byte[]
qualifier
-
+
private TableName
table
@@ -189,7 +181,7 @@ extends Permission
-ACTION_BY_CODE,
actions,
VERSION
+ACTION_BY_CODE,
actions,
scope,
SCOPE_BY_CODE,
VERSION
@@ -210,37 +202,16 @@ extends
-TablePermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">Stringnamespace,
+TablePermission(TableNametable,
byte[]actionCodes)
-Creates a new permission for the given namespace,
- allowing the actions matching the provided byte codes to be performed.
+Construct a table permission.
-TablePermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">Stringnamespace,
- Permission.Action...assigned)
-Create a new permission for the given namespace,
- allowing the given actions.
-
-
-
-TablePermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">Stringnamespace,
- TableNametable,
+TablePermission(TableNametable,
byte[]family,
- byte[]qualifier,
byte[]actionCodes)
-Creates a new permission for the given namespace or table,
family and column qualifier,
- allowing the actions matching the provided byte codes to be performed.
-
-
-
-TablePermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true;
title="class or interface in java.lang">Stringnamespace,
- TableNametable,
- byte[]family,
- byte[]qualifier,
- Permission.Action...assigned)
-Creates a new permission for the given namespace or table,
restricted to the given
- column family and qualifier, allowing the assigned actions to be
performed.
+Construct a table:family permission.
@@ -248,8 +219,7 @@ extends Creates a new permission for the given table, family and
column qualifier,
- allowing the actions matching the provided byte codes to be performed.
+Construct a table:family:qualifier permission.
@@ -257,16 +227,20 @@ extends Permission.Action...assigned)
-Creates a new permission for the given table, restricted to
the given
- column family and qualifier, allowing the assigned actions to be
performed.
+Construct a table:family:qualifier permission.
TablePermission(TableNametable,
byte[]family,
Permission.Action...assigned)
-Create a new permission for the given table and
(optionally) column family,
- allowing the given actions.
+Construct a table:family permission.
+
+
+
+TablePermission(TableNametable,
+ Permission.Action...assigned)
+Construct a table permission.
@@ -289,60 +263,69 @@ extends equals(https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true;
title="class or interface in
[07/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/org/apache/hadoop/hbase/security/access/TestTablePermissions.html -- diff --git a/testdevapidocs/org/apache/hadoop/hbase/security/access/TestTablePermissions.html b/testdevapidocs/org/apache/hadoop/hbase/security/access/TestTablePermissions.html index e9217bf..10e2501 100644 --- a/testdevapidocs/org/apache/hadoop/hbase/security/access/TestTablePermissions.html +++ b/testdevapidocs/org/apache/hadoop/hbase/security/access/TestTablePermissions.html @@ -224,11 +224,11 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html void -checkMultimapEqual(org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.TablePermissionfirst, - org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.TablePermissionsecond) +checkMultimapEqual(org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.UserPermissionfirst, + org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.UserPermissionsecond) -private org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.TablePermission +private org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.UserPermission createPermissions() @@ -484,7 +484,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html testPersistence -publicvoidtestPersistence() +publicvoidtestPersistence() throws https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true; title="class or interface in java.lang">Exception Throws: @@ -498,7 +498,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html testSerialization -publicvoidtestSerialization() +publicvoidtestSerialization() throws https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true; title="class or interface in java.lang">Exception Throws: @@ -512,7 +512,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html createPermissions -privateorg.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.TablePermissioncreatePermissions() +privateorg.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.UserPermissioncreatePermissions() @@ -521,8 +521,8 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html checkMultimapEqual -publicvoidcheckMultimapEqual(org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.TablePermissionfirst, - org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.TablePermissionsecond) +publicvoidcheckMultimapEqual(org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.UserPermissionfirst, + org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in
[13/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.RestoreMetaChanges.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.RestoreMetaChanges.html
b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.RestoreMetaChanges.html
index cbae28e..aec5920 100644
---
a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.RestoreMetaChanges.html
+++
b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.RestoreMetaChanges.html
@@ -64,825 +64,827 @@
056import
org.apache.hadoop.hbase.regionserver.HRegionFileSystem;
057import
org.apache.hadoop.hbase.regionserver.StoreFileInfo;
058import
org.apache.hadoop.hbase.security.access.AccessControlClient;
-059import
org.apache.hadoop.hbase.security.access.ShadedAccessControlUtil;
-060import
org.apache.hadoop.hbase.security.access.TablePermission;
-061import
org.apache.hadoop.hbase.util.Bytes;
-062import
org.apache.hadoop.hbase.util.FSUtils;
-063import
org.apache.hadoop.hbase.util.ModifyRegionUtils;
-064import
org.apache.hadoop.hbase.util.Pair;
-065import org.apache.hadoop.io.IOUtils;
-066import
org.apache.yetus.audience.InterfaceAudience;
-067import org.slf4j.Logger;
-068import org.slf4j.LoggerFactory;
-069import
org.apache.hbase.thirdparty.com.google.common.collect.ListMultimap;
-070import
org.apache.hadoop.hbase.shaded.protobuf.ProtobufUtil;
-071import
org.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotDescription;
-072import
org.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotRegionManifest;
-073
-074/**
-075 * Helper to Restore/Clone a Snapshot
-076 *
-077 * pThe helper assumes that a
table is already created, and by calling restore()
-078 * the content present in the snapshot
will be restored as the new content of the table.
-079 *
-080 * pClone from Snapshot: If the
target table is empty, the restore operation
-081 * is just a "clone operation", where the
only operations are:
-082 * ul
-083 * lifor each region in the
snapshot create a new region
-084 *(note that the region will have a
different name, since the encoding contains the table name)
-085 * lifor each file in the region
create a new HFileLink to point to the original file.
-086 * lirestore the logs, if any
-087 * /ul
-088 *
-089 * pRestore from Snapshot:
-090 * ul
-091 * lifor each region in the
table verify which are available in the snapshot and which are not
-092 *ul
-093 *liif the region is not
present in the snapshot, remove it.
-094 *liif the region is present
in the snapshot
-095 * ul
-096 * lifor each file in the
table region verify which are available in the snapshot
-097 *ul
-098 * liif the hfile is not
present in the snapshot, remove it
-099 * liif the hfile is
present, keep it (nothing to do)
-100 */ul
-101 * lifor each file in the
snapshot region but not in the table
-102 *ul
-103 * licreate a new
HFileLink that point to the original file
-104 */ul
-105 * /ul
-106 */ul
-107 * lifor each region in the
snapshot not present in the current table state
-108 *ul
-109 *licreate a new region and
for each file in the region create a new HFileLink
-110 * (This is the same as the clone
operation)
-111 */ul
-112 * lirestore the logs, if any
-113 * /ul
-114 */
-115@InterfaceAudience.Private
-116public class RestoreSnapshotHelper {
-117 private static final Logger LOG =
LoggerFactory.getLogger(RestoreSnapshotHelper.class);
-118
-119 private final Mapbyte[], byte[]
regionsMap = new TreeMap(Bytes.BYTES_COMPARATOR);
-120
-121 private final MapString,
PairString, String parentsMap = new HashMap();
-122
-123 private final
ForeignExceptionDispatcher monitor;
-124 private final MonitoredTask status;
-125
-126 private final SnapshotManifest
snapshotManifest;
-127 private final SnapshotDescription
snapshotDesc;
-128 private final TableName
snapshotTable;
-129
-130 private final TableDescriptor
tableDesc;
-131 private final Path rootDir;
-132 private final Path tableDir;
-133
-134 private final Configuration conf;
-135 private final FileSystem fs;
-136 private final boolean createBackRefs;
-137
-138 public RestoreSnapshotHelper(final
Configuration conf,
-139 final FileSystem fs,
-140 final SnapshotManifest manifest,
-141 final TableDescriptor
tableDescriptor,
-142 final Path rootDir,
-143 final ForeignExceptionDispatcher
monitor,
-144 final MonitoredTask status) {
-145this(conf, fs, manifest,
tableDescriptor, rootDir, monitor, status, true);
-146 }
-147
-148 public RestoreSnapshotHelper(final
Configuration conf,
-149 final FileSystem fs,
-150 final SnapshotManifest manifest,
-151
[08/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/org/apache/hadoop/hbase/procedure2/package-tree.html -- diff --git a/testdevapidocs/org/apache/hadoop/hbase/procedure2/package-tree.html b/testdevapidocs/org/apache/hadoop/hbase/procedure2/package-tree.html index 6e82899..152a081 100644 --- a/testdevapidocs/org/apache/hadoop/hbase/procedure2/package-tree.html +++ b/testdevapidocs/org/apache/hadoop/hbase/procedure2/package-tree.html @@ -234,10 +234,10 @@ java.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true; title="class or interface in java.lang">EnumE (implements java.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true; title="class or interface in java.lang">ComparableT, java.io.https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true; title="class or interface in java.io">Serializable) +org.apache.hadoop.hbase.procedure2.TestProcedureRecovery.TestStateMachineProcedure.State org.apache.hadoop.hbase.procedure2.TestStateMachineProcedure.TestSMProcedureState -org.apache.hadoop.hbase.procedure2.TestYieldProcedures.TestStateMachineProcedure.State org.apache.hadoop.hbase.procedure2.TestProcedureBypass.StuckStateMachineState -org.apache.hadoop.hbase.procedure2.TestProcedureRecovery.TestStateMachineProcedure.State +org.apache.hadoop.hbase.procedure2.TestYieldProcedures.TestStateMachineProcedure.State http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/org/apache/hadoop/hbase/regionserver/package-tree.html -- diff --git a/testdevapidocs/org/apache/hadoop/hbase/regionserver/package-tree.html b/testdevapidocs/org/apache/hadoop/hbase/regionserver/package-tree.html index d7c69fc..06907ed 100644 --- a/testdevapidocs/org/apache/hadoop/hbase/regionserver/package-tree.html +++ b/testdevapidocs/org/apache/hadoop/hbase/regionserver/package-tree.html @@ -701,10 +701,10 @@ java.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true; title="class or interface in java.lang">EnumE (implements java.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true; title="class or interface in java.lang">ComparableT, java.io.https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true; title="class or interface in java.io">Serializable) -org.apache.hadoop.hbase.regionserver.TestAtomicOperation.TestStep org.apache.hadoop.hbase.regionserver.TestMultiLogThreshold.ActionType -org.apache.hadoop.hbase.regionserver.DataBlockEncodingTool.Manipulation org.apache.hadoop.hbase.regionserver.TestRegionServerReadRequestMetrics.Metric +org.apache.hadoop.hbase.regionserver.TestAtomicOperation.TestStep +org.apache.hadoop.hbase.regionserver.DataBlockEncodingTool.Manipulation org.apache.hadoop.hbase.regionserver.TestCacheOnWriteInSchema.CacheOnWriteType http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html -- diff --git a/testdevapidocs/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html b/testdevapidocs/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html index 79ffc82..da97f01 100644 --- a/testdevapidocs/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html +++ b/testdevapidocs/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html @@ -122,7 +122,7 @@ var activeTableTab = "activeTableTab"; -public static class TestAccessController.MyShellBasedUnixGroupsMapping +public static class TestAccessController.MyShellBasedUnixGroupsMapping extends org.apache.hadoop.security.ShellBasedUnixGroupsMapping implements org.apache.hadoop.security.GroupMappingServiceProvider @@ -221,7 +221,7 @@ implements org.apache.hadoop.security.GroupMappingServiceProvider MyShellBasedUnixGroupsMapping -publicMyShellBasedUnixGroupsMapping() +publicMyShellBasedUnixGroupsMapping() @@ -238,7 +238,7 @@ implements org.apache.hadoop.security.GroupMappingServiceProvider getGroups -publichttps://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">Listhttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">StringgetGroups(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser) +publichttps://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in
[41/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/AccessController.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/AccessController.html b/devapidocs/org/apache/hadoop/hbase/security/access/AccessController.html index 0bb9839..5d7328c 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/AccessController.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/AccessController.html @@ -382,7 +382,7 @@ implements -TableAuthManager +AuthManager getAuthManager() @@ -1639,7 +1639,7 @@ implements getAuthManager -publicTableAuthManagergetAuthManager() +publicAuthManagergetAuthManager() @@ -1911,7 +1911,7 @@ implements checkCoveringPermission -privatebooleancheckCoveringPermission(Useruser, +privatebooleancheckCoveringPermission(Useruser, AccessController.OpTyperequest, RegionCoprocessorEnvironmente, byte[]row, @@ -1934,7 +1934,7 @@ implements addCellPermissions -private staticvoidaddCellPermissions(byte[]perms, +private staticvoidaddCellPermissions(byte[]perms, https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Mapbyte[],https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">ListCellfamilyMap) @@ -1944,7 +1944,7 @@ implements checkForReservedTagPresence -privatevoidcheckForReservedTagPresence(Useruser, +privatevoidcheckForReservedTagPresence(Useruser, Mutationm) throws https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true; title="class or interface in java.io">IOException @@ -1959,7 +1959,7 @@ implements start -publicvoidstart(CoprocessorEnvironmentenv) +publicvoidstart(CoprocessorEnvironmentenv) throws https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true; title="class or interface in java.io">IOException Description copied from interface:Coprocessor Called by the CoprocessorEnvironment during it's own startup to initialize the @@ -1978,7 +1978,7 @@ implements stop -publicvoidstop(CoprocessorEnvironmentenv) +publicvoidstop(CoprocessorEnvironmentenv) Description copied from interface:Coprocessor Called by the CoprocessorEnvironment during it's own shutdown to stop the coprocessor. @@ -1994,7 +1994,7 @@ implements getRegionObserver -publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalRegionObservergetRegionObserver() +publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalRegionObservergetRegionObserver() Observer/Service Getters Specified by: @@ -2008,7 +2008,7 @@ implements getMasterObserver -publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalMasterObservergetMasterObserver() +publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalMasterObservergetMasterObserver() Specified by: getMasterObserverin interfaceMasterCoprocessor @@ -2021,7 +2021,7 @@ implements getEndpointObserver -publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalEndpointObservergetEndpointObserver() +publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalEndpointObservergetEndpointObserver() Specified by: getEndpointObserverin interfaceRegionCoprocessor @@ -2034,7 +2034,7 @@ implements getBulkLoadObserver -publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalBulkLoadObservergetBulkLoadObserver() +publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalBulkLoadObservergetBulkLoadObserver() Specified by: getBulkLoadObserverin interfaceRegionCoprocessor @@ -2047,7 +2047,7 @@ implements getRegionServerObserver -publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalRegionServerObservergetRegionServerObserver() +publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalRegionServerObservergetRegionServerObserver()
[25/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlLists.html
--
diff --git
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlLists.html
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlLists.html
index e1f2ceb..78cac0b 100644
---
a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlLists.html
+++
b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlLists.html
@@ -139,503 +139,503 @@
131 * @throws IOException in the case of
an error accessing the metadata table
132 */
133 static void
addUserPermission(Configuration conf, UserPermission userPerm, Table t,
-134boolean
mergeExistingPermissions) throws IOException {
-135Permission.Action[] actions =
userPerm.getActions();
-136byte[] rowKey =
userPermissionRowKey(userPerm);
-137Put p = new Put(rowKey);
-138byte[] key =
userPermissionKey(userPerm);
-139
-140if ((actions == null) ||
(actions.length == 0)) {
-141 String msg = "No actions associated
with user '" + Bytes.toString(userPerm.getUser()) + "'";
-142 LOG.warn(msg);
-143 throw new IOException(msg);
-144}
-145
-146SetPermission.Action
actionSet = new TreeSetPermission.Action();
-147if(mergeExistingPermissions){
-148 ListUserPermission perms =
getUserPermissions(conf, rowKey, null, null, null, false);
-149 UserPermission currentPerm =
null;
-150 for (UserPermission perm : perms)
{
-151if (Bytes.equals(perm.getUser(),
userPerm.getUser())
-152
((userPerm.isGlobal() ACL_TABLE_NAME.equals(perm.getTableName()))
-153||
perm.tableFieldsEqual(userPerm))) {
-154 currentPerm = perm;
-155 break;
-156}
-157 }
-158
-159 if(currentPerm != null
currentPerm.getActions() != null){
-160
actionSet.addAll(Arrays.asList(currentPerm.getActions()));
-161 }
-162}
-163
-164// merge current action with new
action.
-165
actionSet.addAll(Arrays.asList(actions));
-166
-167// serialize to byte array.
-168byte[] value = new
byte[actionSet.size()];
-169int index = 0;
-170for (Permission.Action action :
actionSet) {
-171 value[index++] = action.code();
-172}
-173
p.add(CellBuilderFactory.create(CellBuilderType.SHALLOW_COPY)
-174.setRow(p.getRow())
-175.setFamily(ACL_LIST_FAMILY)
-176.setQualifier(key)
-177.setTimestamp(p.getTimestamp())
-178.setType(Type.Put)
-179.setValue(value)
-180.build());
-181if (LOG.isDebugEnabled()) {
-182 LOG.debug("Writing permission with
rowKey "+
-183 Bytes.toString(rowKey)+" "+
-184 Bytes.toString(key)+":
"+Bytes.toStringBinary(value)
-185 );
-186}
-187try {
-188 /**
-189 * TODO: Use Table.put(Put)
instead. This Table.put() happens within the RS. We are already in
-190 * AccessController. Means already
there was an RPC happened to server (Actual grant call from
-191 * client side). At RpcServer we
have a ThreadLocal where we keep the CallContext and inside
-192 * that the current RPC called user
info is set. The table on which put was called is created
-193 * via the RegionCP env and that
uses a special Connection. The normal RPC channel will be by
-194 * passed here means there would
have no further contact on to the RpcServer. So the
-195 * ThreadLocal is never getting
reset. We ran the new put as a super user (User.runAsLoginUser
-196 * where the login user is the user
who started RS process) but still as per the RPC context
-197 * it is the old user. When
AsyncProcess was used, the execute happen via another thread from
-198 * pool and so old ThreadLocal
variable is not accessible and so it looks as if no Rpc context
-199 * and we were relying on the super
user who starts the RS process.
-200 */
-201
t.put(Collections.singletonList(p));
-202} finally {
-203 t.close();
-204}
-205 }
-206
-207 static void
addUserPermission(Configuration conf, UserPermission userPerm, Table t)
-208 throws IOException{
-209addUserPermission(conf, userPerm, t,
false);
-210 }
-211
-212 /**
-213 * Removes a previously granted
permission from the stored access control
-214 * lists. The {@link TablePermission}
being removed must exactly match what
-215 * is stored -- no wildcard matching is
attempted. Ie, if user "bob" has
-216 * been granted "READ" access to the
"data" table, but only to column family
-217 * plus qualifier "info:colA", then
trying to call this method with only
-218 * user "bob" and the table name "data"
(but without specifying the
-219 * column qualifier "info:colA") will
[33/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/UserPermission.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/UserPermission.html b/devapidocs/org/apache/hadoop/hbase/security/access/UserPermission.html index fec80f5..797991d 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/UserPermission.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/UserPermission.html @@ -74,7 +74,7 @@ var activeTableTab = "activeTableTab"; Summary: -Nested| +Nested| Field| Constr| Method @@ -100,60 +100,26 @@ var activeTableTab = "activeTableTab"; https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">java.lang.Object -org.apache.hadoop.io.VersionedWritable - - -org.apache.hadoop.hbase.security.access.Permission - - -org.apache.hadoop.hbase.security.access.TablePermission - - org.apache.hadoop.hbase.security.access.UserPermission - - - - - - - -All Implemented Interfaces: -org.apache.hadoop.io.Writable - @InterfaceAudience.Private -public class UserPermission -extends TablePermission -Represents an authorization for access over the given table, column family - plus qualifier, for the given user. +public class UserPermission +extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">Object +UserPermission consists of a user name and a permission. + Permission can be one of [Global, Namespace, Table] permission. - - - - - -Nested Class Summary - - - - -Nested classes/interfaces inherited from classorg.apache.hadoop.hbase.security.access.Permission -Permission.Action - - - @@ -167,21 +133,14 @@ extends Field and Description -private static org.slf4j.Logger -LOG +private Permission +permission -private byte[] +private https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String user - - - - -Fields inherited from classorg.apache.hadoop.hbase.security.access.Permission -ACTION_BY_CODE, actions, VERSION - @@ -196,71 +155,61 @@ extends Constructor and Description -UserPermission() -Nullary constructor for Writable, do not use +UserPermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser, + byte[]actionCode) +Construct a global user permission. -UserPermission(byte[]user, - byte[]actionCodes) -Creates a new instance for the given user, - matching the actions with the given codes. +UserPermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser, + Permission.Action...assigned) +Construct a global user permission. -UserPermission(byte[]user, - Permission.Action...assigned) -Creates a new instance for the given user. +UserPermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser, + Permissionpermission) +Construct a user permission given permission. -UserPermission(byte[]user, - https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace, - byte[]actionCodes) -Creates a new instance for the given user, - matching the actions with the given codes. - - - -UserPermission(byte[]user, +UserPermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace, Permission.Action...assigned) -Creates a new instance for the given user. +Construct a namespace user permission. - -UserPermission(byte[]user, - TableNametable, + +UserPermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser, + TableNametableName, byte[]family, byte[]qualifier, byte[]actionCodes) -Creates a new instance for the given user, table, column family and - qualifier, matching the actions with the given codes. +Construct a table:family:qualifier user permission. - -UserPermission(byte[]user, - TableNametable, + +UserPermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser, + TableNametableName, byte[]family, byte[]qualifier,
