hbase git commit: HBASE-21485 Add more debug logs for remote procedure execution
Repository: hbase Updated Branches: refs/heads/branch-2 6ab0fbb1f -> 37540b541 HBASE-21485 Add more debug logs for remote procedure execution Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/37540b54 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/37540b54 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/37540b54 Branch: refs/heads/branch-2 Commit: 37540b541d9bdb416f31fa78e34c029cb3b95cf8 Parents: 6ab0fbb Author: zhangduo Authored: Fri Nov 16 11:18:58 2018 +0800 Committer: zhangduo Committed: Fri Nov 16 14:47:24 2018 +0800 -- .../java/org/apache/hadoop/hbase/master/HMaster.java | 2 ++ .../apache/hadoop/hbase/regionserver/RSRpcServices.java | 3 +++ .../regionserver/RemoteProcedureResultReporter.java | 2 ++ .../hbase/regionserver/handler/RSProcedureHandler.java | 11 ++- 4 files changed, 13 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hbase/blob/37540b54/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java -- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java index ce5e1c9..995cb5d 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java @@ -3864,6 +3864,7 @@ public class HMaster extends HRegionServer implements MasterServices { } public void remoteProcedureCompleted(long procId) { +LOG.debug("Remote procedure done, pid={}", procId); RemoteProcedure procedure = getRemoteProcedure(procId); if (procedure != null) { procedure.remoteOperationCompleted(procedureExecutor.getEnvironment()); @@ -3871,6 +3872,7 @@ public class HMaster extends HRegionServer implements MasterServices { } public void remoteProcedureFailed(long procId, RemoteProcedureException error) { +LOG.debug("Remote procedure failed, pid={}", procId, error); RemoteProcedure procedure = getRemoteProcedure(procId); if (procedure != null) { procedure.remoteOperationFailed(procedureExecutor.getEnvironment(), error); http://git-wip-us.apache.org/repos/asf/hbase/blob/37540b54/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java -- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java index 5b29d27..d8967c4 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java @@ -3640,10 +3640,13 @@ public class RSRpcServices implements HBaseRPCErrorHandler, callable = Class.forName(request.getProcClass()).asSubclass(RSProcedureCallable.class) .getDeclaredConstructor().newInstance(); } catch (Exception e) { + LOG.warn("Failed to instantiating remote procedure {}, pid={}", request.getProcClass(), +request.getProcId(), e); regionServer.remoteProcedureComplete(request.getProcId(), e); return; } callable.init(request.getProcData().toByteArray(), regionServer); +LOG.debug("Executing remote procedure {}, pid={}", callable.getClass(), request.getProcId()); regionServer.executeProcedure(request.getProcId(), callable); } http://git-wip-us.apache.org/repos/asf/hbase/blob/37540b54/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java -- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java index ac3e95a..efb044a 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java @@ -57,9 +57,11 @@ class RemoteProcedureResultReporter extends Thread { public void complete(long procId, Throwable error) { RemoteProcedureResult.Builder builder = RemoteProcedureResult.newBuilder().setProcId(procId); if (error != null) { + LOG.debug("Failed to complete execution of proc pid={}", procId, error); builder.setStatus(RemoteProcedureResult.Status.ERROR).setError( ForeignExceptionUtil.toProtoForeignException(server.getServerName().toString(), error)); } else { +
hbase git commit: HBASE-21485 Add more debug logs for remote procedure execution
Repository: hbase Updated Branches: refs/heads/branch-2.1 d0c2e60e3 -> e5758e86a HBASE-21485 Add more debug logs for remote procedure execution Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/e5758e86 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/e5758e86 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/e5758e86 Branch: refs/heads/branch-2.1 Commit: e5758e86a80ad74610295699abb20709aac1c225 Parents: d0c2e60 Author: zhangduo Authored: Fri Nov 16 11:18:58 2018 +0800 Committer: zhangduo Committed: Fri Nov 16 14:32:27 2018 +0800 -- .../java/org/apache/hadoop/hbase/master/HMaster.java | 2 ++ .../regionserver/RemoteProcedureResultReporter.java | 2 ++ .../hbase/regionserver/handler/RSProcedureHandler.java | 11 ++- 3 files changed, 10 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hbase/blob/e5758e86/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java -- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java index c8ba7ae..810bf07 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java @@ -3809,6 +3809,7 @@ public class HMaster extends HRegionServer implements MasterServices { } public void remoteProcedureCompleted(long procId) { +LOG.debug("Remote procedure done, pid={}", procId); RemoteProcedure procedure = getRemoteProcedure(procId); if (procedure != null) { procedure.remoteOperationCompleted(procedureExecutor.getEnvironment()); @@ -3816,6 +3817,7 @@ public class HMaster extends HRegionServer implements MasterServices { } public void remoteProcedureFailed(long procId, RemoteProcedureException error) { +LOG.debug("Remote procedure failed, pid={}", procId, error); RemoteProcedure procedure = getRemoteProcedure(procId); if (procedure != null) { procedure.remoteOperationFailed(procedureExecutor.getEnvironment(), error); http://git-wip-us.apache.org/repos/asf/hbase/blob/e5758e86/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java -- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java index ac3e95a..efb044a 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java @@ -57,9 +57,11 @@ class RemoteProcedureResultReporter extends Thread { public void complete(long procId, Throwable error) { RemoteProcedureResult.Builder builder = RemoteProcedureResult.newBuilder().setProcId(procId); if (error != null) { + LOG.debug("Failed to complete execution of proc pid={}", procId, error); builder.setStatus(RemoteProcedureResult.Status.ERROR).setError( ForeignExceptionUtil.toProtoForeignException(server.getServerName().toString(), error)); } else { + LOG.debug("Successfully complete execution of proc pid={}", procId); builder.setStatus(RemoteProcedureResult.Status.SUCCESS); } results.add(builder.build()); http://git-wip-us.apache.org/repos/asf/hbase/blob/e5758e86/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/handler/RSProcedureHandler.java -- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/handler/RSProcedureHandler.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/handler/RSProcedureHandler.java index d2175d0..ddff13f 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/handler/RSProcedureHandler.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/handler/RSProcedureHandler.java @@ -42,13 +42,14 @@ public class RSProcedureHandler extends EventHandler { @Override public void process() { -Exception error = null; +Throwable error = null; try { callable.call(); -} catch (Exception e) { - LOG.error("Catch exception when call RSProcedureCallable: ", e); - error = e; +} catch (Throwable t) { + LOG.error("Error when call RSProcedureCallable: ", t); + error = t; +} finally { + ((HRegionServer) server).remoteProcedureComplete(procId, error); } -
hbase git commit: HBASE-21485 Add more debug logs for remote procedure execution
Repository: hbase Updated Branches: refs/heads/master a81987593 -> 43a10df70 HBASE-21485 Add more debug logs for remote procedure execution Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/43a10df7 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/43a10df7 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/43a10df7 Branch: refs/heads/master Commit: 43a10df70fcf36999ce28e1ba0ac06e0d62ccaf1 Parents: a819875 Author: zhangduo Authored: Fri Nov 16 11:18:58 2018 +0800 Committer: zhangduo Committed: Fri Nov 16 14:30:59 2018 +0800 -- .../java/org/apache/hadoop/hbase/master/HMaster.java | 2 ++ .../apache/hadoop/hbase/regionserver/RSRpcServices.java | 3 +++ .../regionserver/RemoteProcedureResultReporter.java | 2 ++ .../hbase/regionserver/handler/RSProcedureHandler.java | 11 ++- 4 files changed, 13 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hbase/blob/43a10df7/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java -- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java index df744b6..31dc208 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java @@ -3888,6 +3888,7 @@ public class HMaster extends HRegionServer implements MasterServices { } public void remoteProcedureCompleted(long procId) { +LOG.debug("Remote procedure done, pid={}", procId); RemoteProcedure procedure = getRemoteProcedure(procId); if (procedure != null) { procedure.remoteOperationCompleted(procedureExecutor.getEnvironment()); @@ -3895,6 +3896,7 @@ public class HMaster extends HRegionServer implements MasterServices { } public void remoteProcedureFailed(long procId, RemoteProcedureException error) { +LOG.debug("Remote procedure failed, pid={}", procId, error); RemoteProcedure procedure = getRemoteProcedure(procId); if (procedure != null) { procedure.remoteOperationFailed(procedureExecutor.getEnvironment(), error); http://git-wip-us.apache.org/repos/asf/hbase/blob/43a10df7/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java -- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java index 17c582d..df84dcf 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java @@ -3734,10 +3734,13 @@ public class RSRpcServices implements HBaseRPCErrorHandler, callable = Class.forName(request.getProcClass()).asSubclass(RSProcedureCallable.class) .getDeclaredConstructor().newInstance(); } catch (Exception e) { + LOG.warn("Failed to instantiating remote procedure {}, pid={}", request.getProcClass(), +request.getProcId(), e); regionServer.remoteProcedureComplete(request.getProcId(), e); return; } callable.init(request.getProcData().toByteArray(), regionServer); +LOG.debug("Executing remote procedure {}, pid={}", callable.getClass(), request.getProcId()); regionServer.executeProcedure(request.getProcId(), callable); } http://git-wip-us.apache.org/repos/asf/hbase/blob/43a10df7/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java -- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java index ac3e95a..efb044a 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RemoteProcedureResultReporter.java @@ -57,9 +57,11 @@ class RemoteProcedureResultReporter extends Thread { public void complete(long procId, Throwable error) { RemoteProcedureResult.Builder builder = RemoteProcedureResult.newBuilder().setProcId(procId); if (error != null) { + LOG.debug("Failed to complete execution of proc pid={}", procId, error); builder.setStatus(RemoteProcedureResult.Status.ERROR).setError( ForeignExceptionUtil.toProtoForeignException(server.getServerName().toString(), error)); } else { +
hbase git commit: HBASE-21460 correct Document Configurable Bucket Sizes in bucketCache
Repository: hbase Updated Branches: refs/heads/master 130057f13 -> a81987593 HBASE-21460 correct Document Configurable Bucket Sizes in bucketCache Signed-off-by: tedyu Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/a8198759 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/a8198759 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/a8198759 Branch: refs/heads/master Commit: a8198759390984bb06701b40d1bbdfb90e251e14 Parents: 130057f Author: utf7 Authored: Thu Nov 15 23:31:42 2018 +0800 Committer: tedyu Committed: Thu Nov 15 07:52:42 2018 -0800 -- src/main/asciidoc/_chapters/architecture.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hbase/blob/a8198759/src/main/asciidoc/_chapters/architecture.adoc -- diff --git a/src/main/asciidoc/_chapters/architecture.adoc b/src/main/asciidoc/_chapters/architecture.adoc index e1905bc..17e9e13 100644 --- a/src/main/asciidoc/_chapters/architecture.adoc +++ b/src/main/asciidoc/_chapters/architecture.adoc @@ -950,14 +950,14 @@ In the above, we set the BucketCache to be 4G. We configured the on-heap LruBlockCache have 20% (0.2) of the RegionServer's heap size (0.2 * 5G = 1G). In other words, you configure the L1 LruBlockCache as you would normally (as if there were no L2 cache present). link:https://issues.apache.org/jira/browse/HBASE-10641[HBASE-10641] introduced the ability to configure multiple sizes for the buckets of the BucketCache, in HBase 0.98 and newer. -To configurable multiple bucket sizes, configure the new property `hfile.block.cache.sizes` (instead of `hfile.block.cache.size`) to a comma-separated list of block sizes, ordered from smallest to largest, with no spaces. +To configurable multiple bucket sizes, configure the new property `hbase.bucketcache.bucket.sizes` to a comma-separated list of block sizes, ordered from smallest to largest, with no spaces. The goal is to optimize the bucket sizes based on your data access patterns. The following example configures buckets of size 4096 and 8192. [source,xml] - hfile.block.cache.sizes + hbase.bucketcache.bucket.sizes 4096,8192
[44/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html b/devapidocs/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html index 8989ba1..e6df984 100644 --- a/devapidocs/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html +++ b/devapidocs/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html @@ -18,7 +18,7 @@ catch(err) { } //--> -var methods = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":6}; +var methods = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":6,"i11":10}; var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],4:["t3","Abstract Methods"],8:["t4","Concrete Methods"]}; var altColor = "altColor"; var rowColor = "rowColor"; @@ -303,13 +303,21 @@ implements Check whether we still need to make the call to RS. + +protected boolean +waitInitialized(MasterProcedureEnvenv) +The Procedure.doAcquireLock(Object, ProcedureStore) will be split into two steps, first, it will + call us to determine whether we need to wait for initialization, second, it will call + Procedure.acquireLock(Object) to actually handle the lock for this procedure. + + Methods inherited from classorg.apache.hadoop.hbase.procedure2.Procedure -acquireLock, addStackIndex, afterReplay, beforeReplay, bypass, compareTo, completionCleanup, doExecute, doRollback, elapsedTime, getChildrenLatch, getException, getLastUpdate, getNonceKey, getOwner, getParentProcId, getProcedureMetrics, getProcId, getProcIdHashCode, getProcName, getResult, getRootProcedureId, getRootProcId, getStackIndexes, getState, getSubmittedTime, getTimeout, getTimeoutTimestamp, hasChildren, hasException, hasLock, hasOwner, hasParent, hasTimeout, haveSameParent, holdLock, incChildrenLatch, isBypass, isFailed, isFinished, isInitializing, isLockedWhenLoading, isRunnable, isSuccess, isWaiting, isYieldAfterExecutionStep, releaseLock, removeStackIndex, setAbortFailure, setChildrenLatch, setFailure, setFailure, setLastUpdate, setNonceKey, setOwner, setOwner, setParentProcId, setProcId, setResult, setRootProcId, setStackIndexes, setState, setSubmittedTime, setTimeout, setTimeoutFailure, shouldWaitClientAck, skipPersistence, toString, toStringClass, toStringClassDetails, toStringDetails, toStringSimpleSB, toStringState, updateMetricsOnFinish, updateMetricsOnSubmit, updateTimestamp, waitInitialized, wasExecuted +acquireLock, addStackIndex, afterReplay, beforeReplay, bypass, compareTo, completionCleanup, doExecute, doRollback, elapsedTime, getChildrenLatch, getException, getLastUpdate, getNonceKey, getOwner, getParentProcId, getProcedureMetrics, getProcId, getProcIdHashCode, getProcName, getResult, getRootProcedureId, getRootProcId, getStackIndexes, getState, getSubmittedTime, getTimeout, getTimeoutTimestamp, hasChildren, hasException, hasLock, hasOwner, hasParent, hasTimeout, haveSameParent, holdLock, incChildrenLatch, isBypass, isFailed, isFinished, isInitializing, isLockedWhenLoading, isRunnable, isSuccess, isWaiting, isYieldAfterExecutionStep, releaseLock, removeStackIndex, setAbortFailure, setChildrenLatch, setFailure, setFailure, setLastUpdate, setNonceKey, setOwner, setOwner, setParentProcId, setProcId, setResult, setRootProcId, setStackIndexes, setState, setSubmittedTime, setTimeout, setTimeoutFailure, shouldWaitClientAck, skipPersistence, toString, toStringClass, toStringClassDetails, toStringDetails, toStringSimpleSB, toStringState, updateMetricsOnFinish, updateMetricsOnSubmit, updateTimestamp, wasExecuted @@ -491,13 +499,38 @@ implements + + + + +waitInitialized +protectedbooleanwaitInitialized(MasterProcedureEnvenv) +Description copied from class:Procedure +The Procedure.doAcquireLock(Object, ProcedureStore) will be split into two steps, first, it will + call us to determine whether we need to wait for initialization, second, it will call + Procedure.acquireLock(Object) to actually handle the lock for this procedure. + + This is because that when master restarts, we need to restore the lock state for all the + procedures to not break the semantic if Procedure.holdLock(Object) is true. But the + ProcedureExecutor will be started before the master finish initialization(as it is part + of the initialization!), so we need to split the code into two steps, and when restore, we just + restore the lock part and ignore the waitInitialized part. Otherwise there will be dead lock. + +Overrides: +waitInitializedin classProcedureMasterProcedureEnv +Returns: +true means we
[32/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/class-use/AuthManager.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/AuthManager.html b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/AuthManager.html new file mode 100644 index 000..6dfcacd --- /dev/null +++ b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/AuthManager.html @@ -0,0 +1,249 @@ +http://www.w3.org/TR/html4/loose.dtd;> + + + + + +Uses of Class org.apache.hadoop.hbase.security.access.AuthManager (Apache HBase 3.0.0-SNAPSHOT API) + + + + + + + +JavaScript is disabled on your browser. + + + + + +Skip navigation links + + + + +Overview +Package +Class +Use +Tree +Deprecated +Index +Help + + + + +Prev +Next + + +Frames +NoFrames + + +AllClasses + + + + + + + + + + +Uses of Classorg.apache.hadoop.hbase.security.access.AuthManager + + + + + +Packages that use AuthManager + +Package +Description + + + +org.apache.hadoop.hbase.security.access + + + + + + + + + + +Uses of AuthManager in org.apache.hadoop.hbase.security.access + +Fields in org.apache.hadoop.hbase.security.access declared as AuthManager + +Modifier and Type +Field and Description + + + +private AuthManager +AccessChecker.authManager + + +private AuthManager +ZKPermissionWatcher.authManager + + +private AuthManager +AccessControlFilter.authManager + + + + +Fields in org.apache.hadoop.hbase.security.access with type parameters of type AuthManager + +Modifier and Type +Field and Description + + + +private static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">MapZKWatcher,AuthManager +AuthManager.managerMap + + +private static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">MapAuthManager,https://docs.oracle.com/javase/8/docs/api/java/lang/Integer.html?is-external=true; title="class or interface in java.lang">Integer +AuthManager.refCount + + + + +Methods in org.apache.hadoop.hbase.security.access that return AuthManager + +Modifier and Type +Method and Description + + + +AuthManager +AccessChecker.getAuthManager() + + +AuthManager +AccessController.getAuthManager() + + +static AuthManager +AuthManager.getOrCreate(ZKWatcherwatcher, + org.apache.hadoop.conf.Configurationconf) +Returns a AuthManager from the cache. + + + + + +Methods in org.apache.hadoop.hbase.security.access with parameters of type AuthManager + +Modifier and Type +Method and Description + + + +static void +AuthManager.release(AuthManagerinstance) +Releases the resources for the given AuthManager if the reference count is down to 0. + + + + + +Constructors in org.apache.hadoop.hbase.security.access with parameters of type AuthManager + +Constructor and Description + + + +AccessControlFilter(AuthManagermgr, + Userugi, + TableNametableName, + AccessControlFilter.Strategystrategy, + https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">MapByteRange,https://docs.oracle.com/javase/8/docs/api/java/lang/Integer.html?is-external=true; title="class or interface in java.lang">IntegercfVsMaxVersions) + + +ZKPermissionWatcher(ZKWatcherwatcher, + AuthManagerauthManager, + org.apache.hadoop.conf.Configurationconf) + + + + + + + + + + + + +Skip navigation links + + + + +Overview +Package +Class +Use +Tree +Deprecated +Index +Help + + + + +Prev +Next + + +Frames +NoFrames + + +AllClasses + + + + + + + + + +Copyright 20072018 https://www.apache.org/;>The Apache Software Foundation. All rights reserved. + + http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/class-use/GlobalPermission.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/GlobalPermission.html b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/GlobalPermission.html new file mode 100644
[47/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/AuthUtil.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/AuthUtil.html b/devapidocs/org/apache/hadoop/hbase/AuthUtil.html index 86e2a30..cb321b1 100644 --- a/devapidocs/org/apache/hadoop/hbase/AuthUtil.html +++ b/devapidocs/org/apache/hadoop/hbase/AuthUtil.html @@ -152,7 +152,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html an example of configuring a user of this Auth Chore to run on a secure cluster. - This class will be internal use only from 2.2.0 version, and will transparently work + This class will be internal used only from 2.2.0 version, and will transparently work for kerberized applications. For more, please refer http://hbase.apache.org/book.html#hbase.secure.configuration;>Client-side Configuration for Secure Operation http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/backup/package-tree.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/backup/package-tree.html b/devapidocs/org/apache/hadoop/hbase/backup/package-tree.html index 155a44c..38f7cc7 100644 --- a/devapidocs/org/apache/hadoop/hbase/backup/package-tree.html +++ b/devapidocs/org/apache/hadoop/hbase/backup/package-tree.html @@ -169,8 +169,8 @@ org.apache.hadoop.hbase.backup.BackupType org.apache.hadoop.hbase.backup.BackupRestoreConstants.BackupCommand -org.apache.hadoop.hbase.backup.BackupInfo.BackupState org.apache.hadoop.hbase.backup.BackupInfo.BackupPhase +org.apache.hadoop.hbase.backup.BackupInfo.BackupState http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/class-use/Cell.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/class-use/Cell.html b/devapidocs/org/apache/hadoop/hbase/class-use/Cell.html index a2e2524..320a52a 100644 --- a/devapidocs/org/apache/hadoop/hbase/class-use/Cell.html +++ b/devapidocs/org/apache/hadoop/hbase/class-use/Cell.html @@ -8234,11 +8234,11 @@ service. boolean -TableAuthManager.authorize(Useruser, - TableNametable, - Cellcell, - Permission.Actionaction) -Authorize a user for a given KV. +AuthManager.authorizeCell(Useruser, + TableNametable, + Cellcell, + Permission.Actionaction) +Check if user has given action privilige in cell scope. @@ -8255,7 +8255,7 @@ service. Cellcell) -private static Pairhttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission +private static Pairhttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,Permission AccessControlLists.parsePermissionRecord(byte[]entryName, Cellkv, byte[]cf,
[21/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html new file mode 100644 index 000..4d5cbc9 --- /dev/null +++ b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html @@ -0,0 +1,680 @@ +http://www.w3.org/TR/html4/loose.dtd;> + + +Source code + + + + +001/** +002 * Licensed to the Apache Software Foundation (ASF) under one +003 * or more contributor license agreements. See the NOTICE file +004 * distributed with this work for additional information +005 * regarding copyright ownership. The ASF licenses this file +006 * to you under the Apache License, Version 2.0 (the +007 * "License"); you may not use this file except in compliance +008 * with the License. You may obtain a copy of the License at +009 * +010 * http://www.apache.org/licenses/LICENSE-2.0 +011 * +012 * Unless required by applicable law or agreed to in writing, software +013 * distributed under the License is distributed on an "AS IS" BASIS, +014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +015 * See the License for the specific language governing permissions and +016 * limitations under the License. +017 */ +018 +019package org.apache.hadoop.hbase.security.access; +020 +021import java.io.Closeable; +022import java.io.IOException; +023import java.util.HashMap; +024import java.util.HashSet; +025import java.util.List; +026import java.util.Map; +027import java.util.Set; +028import java.util.concurrent.ConcurrentHashMap; +029import java.util.concurrent.atomic.AtomicLong; +030 +031import org.apache.hadoop.conf.Configuration; +032import org.apache.hadoop.hbase.AuthUtil; +033import org.apache.hadoop.hbase.Cell; +034import org.apache.hadoop.hbase.TableName; +035import org.apache.hadoop.hbase.exceptions.DeserializationException; +036import org.apache.hadoop.hbase.log.HBaseMarkers; +037import org.apache.hadoop.hbase.security.Superusers; +038import org.apache.hadoop.hbase.security.User; +039import org.apache.hadoop.hbase.security.UserProvider; +040import org.apache.hadoop.hbase.util.Bytes; +041import org.apache.hadoop.hbase.zookeeper.ZKWatcher; +042import org.apache.yetus.audience.InterfaceAudience; +043import org.apache.zookeeper.KeeperException; +044import org.slf4j.Logger; +045import org.slf4j.LoggerFactory; +046 +047import org.apache.hbase.thirdparty.com.google.common.annotations.VisibleForTesting; +048import org.apache.hbase.thirdparty.com.google.common.collect.ListMultimap; +049import org.apache.hbase.thirdparty.com.google.common.collect.Lists; +050 +051/** +052 * Performs authorization checks for a given user's assigned permissions. +053 * p +054 * There're following scopes: bGlobal/b, bNamespace/b, bTable/b, bFamily/b, +055 * bQualifier/b, bCell/b. +056 * Generally speaking, higher scopes can overrides lower scopes, +057 * except for Cell permission can be granted even a user has not permission on specified table, +058 * which means the user can get/scan only those granted cells parts. +059 * /p +060 * e.g, if user A has global permission R(ead), he can +061 * read table T without checking table scope permission, so authorization checks alway starts from +062 * Global scope. +063 * p +064 * For each scope, not only user but also groups he belongs to will be checked. +065 * /p +066 */ +067@InterfaceAudience.Private +068public final class AuthManager implements Closeable { +069 +070 /** +071 * Cache of permissions, it is thread safe. +072 * @param T T extends Permission +073 */ +074 private static class PermissionCacheT extends Permission { +075private final Object mutex = new Object(); +076private MapString, SetT cache = new HashMap(); +077 +078void put(String name, T perm) { +079 synchronized (mutex) { +080SetT perms = cache.getOrDefault(name, new HashSet()); +081perms.add(perm); +082cache.put(name, perms); +083 } +084} +085 +086SetT get(String name) { +087 synchronized (mutex) { +088return cache.get(name); +089 } +090} +091 +092void clear() { +093 synchronized (mutex) { +094for (Map.EntryString, SetT entry : cache.entrySet()) { +095 entry.getValue().clear(); +096} +097cache.clear(); +098 } +099} +100 } +101 PermissionCacheNamespacePermission NS_NO_PERMISSION = new PermissionCache(); +102 PermissionCacheTablePermission TBL_NO_PERMISSION = new PermissionCache(); +103 +104 /** +105 * Cache for global permission. +106 * Since every user/group can only have one global permission, no need to user
[45/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/client/Consistency.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/client/Consistency.html b/devapidocs/org/apache/hadoop/hbase/client/Consistency.html index 7f3f29c..63443a9 100644 --- a/devapidocs/org/apache/hadoop/hbase/client/Consistency.html +++ b/devapidocs/org/apache/hadoop/hbase/client/Consistency.html @@ -253,7 +253,7 @@ the order they are declared. values -public staticConsistency[]values() +public staticConsistency[]values() Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: @@ -273,7 +273,7 @@ for (Consistency c : Consistency.values()) valueOf -public staticConsistencyvalueOf(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringname) +public staticConsistencyvalueOf(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringname) Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/client/IsolationLevel.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/client/IsolationLevel.html b/devapidocs/org/apache/hadoop/hbase/client/IsolationLevel.html index 1e48eae..dc80206 100644 --- a/devapidocs/org/apache/hadoop/hbase/client/IsolationLevel.html +++ b/devapidocs/org/apache/hadoop/hbase/client/IsolationLevel.html @@ -256,7 +256,7 @@ the order they are declared. values -public staticIsolationLevel[]values() +public staticIsolationLevel[]values() Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: @@ -276,7 +276,7 @@ for (IsolationLevel c : IsolationLevel.values()) valueOf -public staticIsolationLevelvalueOf(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringname) +public staticIsolationLevelvalueOf(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringname) Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/client/class-use/Result.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/client/class-use/Result.html b/devapidocs/org/apache/hadoop/hbase/client/class-use/Result.html index 013a9e9..1e001cf 100644 --- a/devapidocs/org/apache/hadoop/hbase/client/class-use/Result.html +++ b/devapidocs/org/apache/hadoop/hbase/client/class-use/Result.html @@ -2206,7 +2206,7 @@ service. -private static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission +private static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,UserPermission AccessControlLists.parsePermissions(byte[]entryName, Resultresult, byte[]cf, http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/client/class-use/Table.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/client/class-use/Table.html b/devapidocs/org/apache/hadoop/hbase/client/class-use/Table.html index 634818a..df03300 100644 --- a/devapidocs/org/apache/hadoop/hbase/client/class-use/Table.html +++ b/devapidocs/org/apache/hadoop/hbase/client/class-use/Table.html @@ -860,7 +860,7 @@ service. AccessControlClient.getAccessControlServiceStub(Tableht) -(package private) static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission +(package private) static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in
[14/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/UserPermission.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/UserPermission.html b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/UserPermission.html index da23956..abb7072 100644 --- a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/UserPermission.html +++ b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/UserPermission.html @@ -26,191 +26,164 @@ 018 019package org.apache.hadoop.hbase.security.access; 020 -021import java.io.DataInput; -022import java.io.DataOutput; -023import java.io.IOException; -024 -025import org.apache.hadoop.hbase.TableName; -026import org.apache.yetus.audience.InterfaceAudience; -027import org.slf4j.Logger; -028import org.slf4j.LoggerFactory; -029import org.apache.hadoop.hbase.util.Bytes; -030 -031/** -032 * Represents an authorization for access over the given table, column family -033 * plus qualifier, for the given user. -034 */ -035@InterfaceAudience.Private -036public class UserPermission extends TablePermission { -037 private static final Logger LOG = LoggerFactory.getLogger(UserPermission.class); -038 -039 private byte[] user; -040 -041 /** Nullary constructor for Writable, do not use */ -042 public UserPermission() { -043super(); +021import java.util.Objects; +022 +023import org.apache.hadoop.hbase.TableName; +024import org.apache.yetus.audience.InterfaceAudience; +025 +026/** +027 * UserPermission consists of a user name and a permission. +028 * Permission can be one of [Global, Namespace, Table] permission. +029 */ +030@InterfaceAudience.Private +031public class UserPermission { +032 +033 private String user; +034 private Permission permission; +035 +036 /** +037 * Construct a global user permission. +038 * @param user user name +039 * @param assigned assigned actions +040 */ +041 public UserPermission(String user, Permission.Action... assigned) { +042this.user = user; +043this.permission = new GlobalPermission(assigned); 044 } 045 046 /** -047 * Creates a new instance for the given user. -048 * @param user the user -049 * @param assigned the list of allowed actions +047 * Construct a global user permission. +048 * @param user user name +049 * @param actionCode action codes 050 */ -051 public UserPermission(byte[] user, Action... assigned) { -052super(null, null, null, assigned); -053this.user = user; +051 public UserPermission(String user, byte[] actionCode) { +052this.user = user; +053this.permission = new GlobalPermission(actionCode); 054 } 055 056 /** -057 * Creates a new instance for the given user, -058 * matching the actions with the given codes. -059 * @param user the user -060 * @param actionCodes the list of allowed action codes +057 * Construct a namespace user permission. +058 * @param user user name +059 * @param namespace namespace +060 * @param assigned assigned actions 061 */ -062 public UserPermission(byte[] user, byte[] actionCodes) { -063super(null, null, null, actionCodes); -064this.user = user; +062 public UserPermission(String user, String namespace, Permission.Action... assigned) { +063this.user = user; +064this.permission = new NamespacePermission(namespace, assigned); 065 } 066 067 /** -068 * Creates a new instance for the given user. -069 * @param user the user -070 * @param namespace -071 * @param assigned the list of allowed actions +068 * Construct a table user permission. +069 * @param user user name +070 * @param tableName table name +071 * @param assigned assigned actions 072 */ -073 public UserPermission(byte[] user, String namespace, Action... assigned) { -074super(namespace, assigned); -075this.user = user; +073 public UserPermission(String user, TableName tableName, Permission.Action... assigned) { +074this.user = user; +075this.permission = new TablePermission(tableName, assigned); 076 } 077 078 /** -079 * Creates a new instance for the given user, -080 * matching the actions with the given codes. -081 * @param user the user -082 * @param namespace -083 * @param actionCodes the list of allowed action codes +079 * Construct a table:family user permission. +080 * @param user user name +081 * @param tableName table name +082 * @param family family name of table +083 * @param assigned assigned actions 084 */ -085 public UserPermission(byte[] user, String namespace, byte[] actionCodes) { -086super(namespace, actionCodes); -087this.user = user; +085 public UserPermission(String user, TableName tableName, byte[] family, +086Permission.Action... assigned) { +087this(user, tableName, family, null, assigned); 088 } 089 090 /** -091 *
[24/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlUtil.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlUtil.html b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlUtil.html index 69565e9..3e1345c 100644 --- a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlUtil.html +++ b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlUtil.html @@ -55,7 +55,7 @@ 047 private AccessControlUtil() {} 048 049 /** -050 * Create a request to grant user permissions. +050 * Create a request to grant user table permissions. 051 * 052 * @param username the short user name who to grant permissions 053 * @param tableName optional table name the permissions apply @@ -96,7 +96,7 @@ 088 } 089 090 /** -091 * Create a request to grant user permissions. +091 * Create a request to grant user namespace permissions. 092 * 093 * @param username the short user name who to grant permissions 094 * @param namespace optional table name the permissions apply @@ -127,7 +127,7 @@ 119 } 120 121 /** -122 * Create a request to revoke user permissions. +122 * Create a request to revoke user global permissions. 123 * 124 * @param username the short user name whose permissions to be revoked 125 * @param actions the permissions to be revoked @@ -153,7 +153,7 @@ 145 } 146 147 /** -148 * Create a request to revoke user permissions. +148 * Create a request to revoke user namespace permissions. 149 * 150 * @param username the short user name whose permissions to be revoked 151 * @param namespace optional table name the permissions apply @@ -184,7 +184,7 @@ 176 } 177 178 /** -179 * Create a request to grant user permissions. +179 * Create a request to grant user global permissions. 180 * 181 * @param username the short user name who to grant permissions 182 * @param actions the permissions to be granted @@ -248,669 +248,661 @@ 240return result; 241 } 242 -243 -244 /** -245 * Converts a Permission proto to a client Permission object. -246 * -247 * @param proto the protobuf Permission -248 * @return the converted Permission -249 */ -250 public static Permission toPermission(AccessControlProtos.Permission proto) { -251if (proto.getType() != AccessControlProtos.Permission.Type.Global) { -252 return toTablePermission(proto); -253} else { -254 ListPermission.Action actions = toPermissionActions( -255 proto.getGlobalPermission().getActionList()); -256 return new Permission(actions.toArray(new Permission.Action[actions.size()])); -257} -258 } -259 -260 /** -261 * Converts a TablePermission proto to a client TablePermission object. -262 * @param proto the protobuf TablePermission -263 * @return the converted TablePermission -264 */ -265 public static TablePermission toTablePermission(AccessControlProtos.TablePermission proto) { -266ListPermission.Action actions = toPermissionActions(proto.getActionList()); -267TableName table = null; -268byte[] qualifier = null; -269byte[] family = null; -270if (!proto.hasTableName()) { -271 throw new IllegalStateException("TableName cannot be empty"); -272} -273table = ProtobufUtil.toTableName(proto.getTableName()); -274if (proto.hasFamily()) { -275 family = proto.getFamily().toByteArray(); -276} -277if (proto.hasQualifier()) { -278 qualifier = proto.getQualifier().toByteArray(); -279} -280return new TablePermission(table, family, qualifier, -281actions.toArray(new Permission.Action[actions.size()])); -282 } -283 -284 /** -285 * Converts a Permission proto to a client TablePermission object. -286 * @param proto the protobuf Permission -287 * @return the converted TablePermission -288 */ -289 public static TablePermission toTablePermission(AccessControlProtos.Permission proto) { -290if(proto.getType() == AccessControlProtos.Permission.Type.Global) { -291 AccessControlProtos.GlobalPermission perm = proto.getGlobalPermission(); -292 ListPermission.Action actions = toPermissionActions(perm.getActionList()); -293 -294 return new TablePermission(null, null, null, -295 actions.toArray(new Permission.Action[actions.size()])); -296} -297if(proto.getType() == AccessControlProtos.Permission.Type.Namespace) { -298 AccessControlProtos.NamespacePermission perm = proto.getNamespacePermission(); -299 ListPermission.Action actions = toPermissionActions(perm.getActionList()); -300 -301 if(!proto.hasNamespacePermission()) { -302throw new IllegalStateException("Namespace must not be empty in NamespacePermission"); -303 } -304
[42/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlUtil.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlUtil.html b/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlUtil.html index a644a4a..6691b7d 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlUtil.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlUtil.html @@ -50,7 +50,7 @@ var activeTableTab = "activeTableTab"; PrevClass -NextClass +NextClass Frames @@ -164,7 +164,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html buildGrantRequest(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringusername, booleanmergeExistingPermissions, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action...actions) -Create a request to grant user permissions. +Create a request to grant user global permissions. @@ -173,7 +173,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace, booleanmergeExistingPermissions, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action...actions) -Create a request to grant user permissions. +Create a request to grant user namespace permissions. @@ -184,14 +184,14 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html byte[]qualifier, booleanmergeExistingPermissions, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action...actions) -Create a request to grant user permissions. +Create a request to grant user table permissions. static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeRequest buildRevokeRequest(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringusername, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action...actions) -Create a request to revoke user permissions. +Create a request to revoke user global permissions. @@ -199,7 +199,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html buildRevokeRequest(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringusername, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action...actions) -Create a request to revoke user permissions. +Create a request to revoke user namespace permissions. @@ -209,7 +209,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html byte[]family, byte[]qualifier, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action...actions) -Create a request to revoke user permissions. +Create a request to revoke user table permissions. @@ -349,35 +349,35 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html +static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,Permission +toPermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissionsproto) +Convert a protobuf UserTablePermissions to a ListMultimapUsername, Permission + + + static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission toPermission(Permissionperm) Convert a client Permission to a Permission proto - + static Permission.Action toPermissionAction(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Actionaction) Converts a Permission.Action proto to a client Permission.Action object. - + static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action toPermissionAction(Permission.Actionaction) Convert a client Permission.Action to a Permission.Action proto - + static https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">ListPermission.Action toPermissionActions(https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in
[27/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html b/devapidocs/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html index 44628e7..18eaf1f 100644 --- a/devapidocs/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html +++ b/devapidocs/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html @@ -110,7 +110,7 @@ var activeTableTab = "activeTableTab"; @InterfaceAudience.Private -public class RestoreSnapshotHelper +public class RestoreSnapshotHelper extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">Object Helper to Restore/Clone a Snapshot @@ -467,7 +467,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html LOG -private static finalorg.slf4j.Logger LOG +private static finalorg.slf4j.Logger LOG @@ -476,7 +476,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html regionsMap -private finalhttps://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Mapbyte[],byte[] regionsMap +private finalhttps://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Mapbyte[],byte[] regionsMap @@ -485,7 +485,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html parentsMap -private finalhttps://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Maphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,Pairhttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String parentsMap +private finalhttps://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Maphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,Pairhttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String parentsMap @@ -494,7 +494,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html monitor -private finalForeignExceptionDispatcher monitor +private finalForeignExceptionDispatcher monitor @@ -503,7 +503,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html status -private finalMonitoredTask status +private finalMonitoredTask status @@ -512,7 +512,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html snapshotManifest -private finalSnapshotManifest snapshotManifest +private finalSnapshotManifest snapshotManifest @@ -521,7 +521,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html snapshotDesc -private finalorg.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotDescription snapshotDesc +private finalorg.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotDescription snapshotDesc @@ -530,7 +530,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html snapshotTable -private finalTableName snapshotTable +private finalTableName snapshotTable @@ -539,7 +539,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html tableDesc -private finalTableDescriptor tableDesc +private finalTableDescriptor tableDesc @@ -548,7 +548,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html rootDir -private finalorg.apache.hadoop.fs.Path rootDir +private finalorg.apache.hadoop.fs.Path rootDir @@ -557,7 +557,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html tableDir -private finalorg.apache.hadoop.fs.Path tableDir +private finalorg.apache.hadoop.fs.Path tableDir @@ -566,7 +566,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html conf -private finalorg.apache.hadoop.conf.Configuration conf +private finalorg.apache.hadoop.conf.Configuration conf @@ -575,7 +575,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html fs -private finalorg.apache.hadoop.fs.FileSystem fs +private finalorg.apache.hadoop.fs.FileSystem fs @@ -584,7 +584,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
[26/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html b/devapidocs/src-html/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html index daf2583..25ef9bf 100644 --- a/devapidocs/src-html/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html +++ b/devapidocs/src-html/org/apache/hadoop/hbase/master/assignment/RegionRemoteProcedureBase.html @@ -116,75 +116,87 @@ 108 } 109 110 @Override -111 protected void rollback(MasterProcedureEnv env) throws IOException, InterruptedException { -112throw new UnsupportedOperationException(); -113 } -114 -115 @Override -116 protected boolean abort(MasterProcedureEnv env) { -117return false; -118 } -119 -120 /** -121 * Check whether we still need to make the call to RS. -122 * p/ -123 * Usually this will not happen if we do not allow assigning a already onlined region. But if we -124 * have something wrong in the RSProcedureDispatcher, where we have already sent the request to -125 * RS, but then we tell the upper layer the remote call is failed due to rpc timeout or connection -126 * closed or anything else, then this issue can still happen. So here we add a check to make it -127 * more robust. -128 */ -129 protected abstract boolean shouldDispatch(RegionStateNode regionNode); +111 protected boolean waitInitialized(MasterProcedureEnv env) { +112if (TableName.isMetaTableName(getTableName())) { +113 return false; +114} +115// First we need meta to be loaded, and second, if meta is not online then we will likely to +116// fail when updating meta so we wait until it is assigned. +117AssignmentManager am = env.getAssignmentManager(); +118return am.waitMetaLoaded(this) || am.waitMetaAssigned(this, region); +119 } +120 +121 @Override +122 protected void rollback(MasterProcedureEnv env) throws IOException, InterruptedException { +123throw new UnsupportedOperationException(); +124 } +125 +126 @Override +127 protected boolean abort(MasterProcedureEnv env) { +128return false; +129 } 130 -131 @Override -132 protected ProcedureMasterProcedureEnv[] execute(MasterProcedureEnv env) -133 throws ProcedureYieldException, ProcedureSuspendedException, InterruptedException { -134if (dispatched) { -135 // we are done, the parent procedure will check whether we are succeeded. -136 return null; -137} -138RegionStateNode regionNode = getRegionNode(env); -139regionNode.lock(); -140try { -141 if (!shouldDispatch(regionNode)) { -142return null; -143 } -144 // The code which wakes us up also needs to lock the RSN so here we do not need to synchronize -145 // on the event. -146 ProcedureEvent? event = regionNode.getProcedureEvent(); -147 try { -148 env.getRemoteDispatcher().addOperationToNode(targetServer, this); -149 } catch (FailedRemoteDispatchException e) { -150LOG.warn("Can not add remote operation {} for region {} to server {}, this usually " + -151 "because the server is alread dead, give up and mark the procedure as complete, " + -152 "the parent procedure will take care of this.", this, region, targetServer, e); -153return null; -154 } -155 dispatched = true; -156 event.suspend(); -157 event.suspendIfNotReady(this); -158 throw new ProcedureSuspendedException(); -159} finally { -160 regionNode.unlock(); -161} -162 } -163 -164 @Override -165 protected void serializeStateData(ProcedureStateSerializer serializer) throws IOException { -166 serializer.serialize(RegionRemoteProcedureBaseStateData.newBuilder() -167 .setRegion(ProtobufUtil.toRegionInfo(region)) -168 .setTargetServer(ProtobufUtil.toServerName(targetServer)).setDispatched(dispatched).build()); -169 } -170 -171 @Override -172 protected void deserializeStateData(ProcedureStateSerializer serializer) throws IOException { -173RegionRemoteProcedureBaseStateData data = -174 serializer.deserialize(RegionRemoteProcedureBaseStateData.class); -175region = ProtobufUtil.toRegionInfo(data.getRegion()); -176targetServer = ProtobufUtil.toServerName(data.getTargetServer()); -177dispatched = data.getDispatched(); -178 } -179} +131 /** +132 * Check whether we still need to make the call to RS. +133 * p/ +134 * This could happen when master restarts. Since we do not know whether a request has already been +135 * sent to the region server after we add a remote operation to the dispatcher, so the safe way is +136 * to not persist the dispatched field and try to add the remote operation again. But it is +137 *
[35/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.html b/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.html deleted file mode 100644 index 08041b5..000 --- a/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.html +++ /dev/null @@ -1,1290 +0,0 @@ -http://www.w3.org/TR/html4/loose.dtd;> - - - - - -TableAuthManager (Apache HBase 3.0.0-SNAPSHOT API) - - - - - -var methods = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10,"i13":10,"i14":10,"i15":9,"i16":10,"i17":9,"i18":10,"i19":10,"i20":10,"i21":10,"i22":10,"i23":10,"i24":10,"i25":10,"i26":10,"i27":9,"i28":10,"i29":10,"i30":10,"i31":10,"i32":10,"i33":10,"i34":10,"i35":10,"i36":10,"i37":10,"i38":10,"i39":10}; -var tabs = {65535:["t0","All Methods"],1:["t1","Static Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]}; -var altColor = "altColor"; -var rowColor = "rowColor"; -var tableTab = "tableTab"; -var activeTableTab = "activeTableTab"; - - -JavaScript is disabled on your browser. - - - - - -Skip navigation links - - - - -Overview -Package -Class -Use -Tree -Deprecated -Index -Help - - - - -PrevClass -NextClass - - -Frames -NoFrames - - -AllClasses - - - - - - - -Summary: -Nested| -Field| -Constr| -Method - - -Detail: -Field| -Constr| -Method - - - - - - - - -org.apache.hadoop.hbase.security.access -Class TableAuthManager - - - -https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">java.lang.Object - - -org.apache.hadoop.hbase.security.access.TableAuthManager - - - - - - - -All Implemented Interfaces: -https://docs.oracle.com/javase/8/docs/api/java/io/Closeable.html?is-external=true; title="class or interface in java.io">Closeable, https://docs.oracle.com/javase/8/docs/api/java/lang/AutoCloseable.html?is-external=true; title="class or interface in java.lang">AutoCloseable - - - -@InterfaceAudience.Private -public class TableAuthManager -extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">Object -implements https://docs.oracle.com/javase/8/docs/api/java/io/Closeable.html?is-external=true; title="class or interface in java.io">Closeable -Performs authorization checks for a given user's assigned permissions - - - - - - - - - - - -Nested Class Summary - -Nested Classes - -Modifier and Type -Class and Description - - -private static class -TableAuthManager.PermissionCacheT extends Permission - - - - - - - - - -Field Summary - -Fields - -Modifier and Type -Field and Description - - -private org.apache.hadoop.conf.Configuration -conf - - -private TableAuthManager.PermissionCachePermission -globalCache -Cache of global permissions - - - -private static org.slf4j.Logger -LOG - - -private static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">MapZKWatcher,TableAuthManager -managerMap - - -private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/atomic/AtomicLong.html?is-external=true; title="class or interface in java.util.concurrent.atomic">AtomicLong -mtime - - -private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentSkipListMap.html?is-external=true; title="class or interface in java.util.concurrent">ConcurrentSkipListMaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TableAuthManager.PermissionCacheTablePermission -nsCache - - -private static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">MapTableAuthManager,https://docs.oracle.com/javase/8/docs/api/java/lang/Integer.html?is-external=true; title="class or interface in java.lang">Integer -refCount - - -private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentSkipListMap.html?is-external=true; title="class or interface in java.util.concurrent">ConcurrentSkipListMapTableName,TableAuthManager.PermissionCacheTablePermission -tableCache - - -private ZKPermissionWatcher -zkperms - - - - - - - - - -Constructor Summary - -Constructors - -Modifier -Constructor and Description - - -private
[23/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.OpType.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.OpType.html b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.OpType.html index 25b7848..5c428b5 100644 --- a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.OpType.html +++ b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.OpType.html @@ -245,20 +245,20 @@ 237return regionEnv != null ? regionEnv.getRegion() : null; 238 } 239 -240 public TableAuthManager getAuthManager() { +240 public AuthManager getAuthManager() { 241return accessChecker.getAuthManager(); 242 } 243 244 private void initialize(RegionCoprocessorEnvironment e) throws IOException { 245final Region region = e.getRegion(); 246Configuration conf = e.getConfiguration(); -247Mapbyte[], ListMultimapString, TablePermission tables = AccessControlLists.loadAll(region); +247Mapbyte[], ListMultimapString, UserPermission tables = AccessControlLists.loadAll(region); 248// For each table, write out the table's permissions to the respective 249// znode for that table. -250for (Map.Entrybyte[], ListMultimapString,TablePermission t: +250for (Map.Entrybyte[], ListMultimapString, UserPermission t: 251 tables.entrySet()) { 252 byte[] entry = t.getKey(); -253 ListMultimapString,TablePermission perms = t.getValue(); +253 ListMultimapString, UserPermission perms = t.getValue(); 254 byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms, conf); 255 getAuthManager().getZKPermissionWatcher().writeToZookeeper(entry, serialized); 256} @@ -294,7 +294,7 @@ 286try (Table t = e.getConnection().getTable(AccessControlLists.ACL_TABLE_NAME)) { 287 for (byte[] entry : entries) { 288currentEntry = entry; -289ListMultimapString, TablePermission perms = +289ListMultimapString, UserPermission perms = 290 AccessControlLists.getPermissions(conf, entry, t, null, null, null, false); 291byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms, conf); 292zkw.writeToZookeeper(entry, serialized); @@ -338,7 +338,7 @@ 330} 331 332// 2. check for the table-level, if successful we can short-circuit -333if (getAuthManager().authorize(user, tableName, (byte[])null, permRequest)) { +333if (getAuthManager().authorizeUserTable(user, tableName, permRequest)) { 334 return AuthResult.allow(request, "Table permission granted", user, 335permRequest, tableName, families); 336} @@ -348,7 +348,7 @@ 340 // all families must pass 341 for (Map.Entrybyte [], ? extends Collection? family : families.entrySet()) { 342// a) check for family level access -343if (getAuthManager().authorize(user, tableName, family.getKey(), +343if (getAuthManager().authorizeUserTable(user, tableName, family.getKey(), 344permRequest)) { 345 continue; // family-level permission overrides per-qualifier 346} @@ -359,17 +359,17 @@ 351// for each qualifier of the family 352Setbyte[] familySet = (Setbyte[])family.getValue(); 353for (byte[] qualifier : familySet) { -354 if (!getAuthManager().authorize(user, tableName, family.getKey(), -355 qualifier, permRequest)) { +354 if (!getAuthManager().authorizeUserTable(user, tableName, +355family.getKey(), qualifier, permRequest)) { 356return AuthResult.deny(request, "Failed qualifier check", user, -357permRequest, tableName, makeFamilyMap(family.getKey(), qualifier)); +357 permRequest, tableName, makeFamilyMap(family.getKey(), qualifier)); 358 } 359} 360 } else if (family.getValue() instanceof List) { // ListCell 361ListCell cellList = (ListCell)family.getValue(); 362for (Cell cell : cellList) { -363 if (!getAuthManager().authorize(user, tableName, family.getKey(), -364 CellUtil.cloneQualifier(cell), permRequest)) { +363 if (!getAuthManager().authorizeUserTable(user, tableName, family.getKey(), +364 CellUtil.cloneQualifier(cell), permRequest)) { 365return AuthResult.deny(request, "Failed qualifier check", user, permRequest, 366 tableName, makeFamilyMap(family.getKey(), CellUtil.cloneQualifier(cell))); 367 } @@ -378,7 +378,7 @@ 370} else { 371 // no qualifiers and family-level check already failed
[01/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
Repository: hbase-site Updated Branches: refs/heads/asf-site 733988183 -> 68eae6230 http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.PingCoprocessor.html -- diff --git a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.PingCoprocessor.html b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.PingCoprocessor.html index 5062e9b..23b4be7 100644 --- a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.PingCoprocessor.html +++ b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.PingCoprocessor.html @@ -282,7 +282,7 @@ 274 public static void tearDownAfterClass() throws Exception { 275cleanUp(); 276TEST_UTIL.shutdownMiniCluster(); -277int total = TableAuthManager.getTotalRefCount(); +277int total = AuthManager.getTotalRefCount(); 278assertTrue("Unexpected reference count: " + total, total == 0); 279 } 280 @@ -1642,12 +1642,12 @@ 1634 } 1635 1636 UserPermission ownerperm = -1637 new UserPermission(Bytes.toBytes(USER_OWNER.getName()), tableName, null, Action.values()); +1637 new UserPermission(USER_OWNER.getName(), tableName, Action.values()); 1638 assertTrue("Owner should have all permissions on table", 1639 hasFoundUserPermission(ownerperm, perms)); 1640 1641 User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]); -1642 byte[] userName = Bytes.toBytes(user.getShortName()); +1642 String userName = user.getShortName(); 1643 1644 UserPermission up = 1645 new UserPermission(userName, tableName, family1, qualifier, Permission.Action.READ); @@ -1733,7 +1733,7 @@ 1725 } 1726 1727 UserPermission newOwnerperm = -1728 new UserPermission(Bytes.toBytes(newOwner.getName()), tableName, null, Action.values()); +1728 new UserPermission(newOwner.getName(), tableName, Action.values()); 1729 assertTrue("New owner should have all permissions on table", 1730 hasFoundUserPermission(newOwnerperm, perms)); 1731} finally { @@ -1757,1888 +1757,1898 @@ 1749 1750CollectionString superUsers = Superusers.getSuperUsers(); 1751ListUserPermission adminPerms = new ArrayList(superUsers.size() + 1); -1752adminPerms.add(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()), -1753 AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW"))); -1754 -1755for(String user: superUsers) { -1756 adminPerms.add(new UserPermission(Bytes.toBytes(user), AccessControlLists.ACL_TABLE_NAME, -1757 null, null, Action.values())); -1758} -1759assertTrue("Only super users, global users and user admin has permission on table hbase:acl " + -1760"per setup", perms.size() == 5 + superUsers.size() -1761 hasFoundUserPermission(adminPerms, perms)); -1762 } -1763 -1764 /** global operations */ -1765 private void verifyGlobal(AccessTestAction action) throws Exception { -1766verifyAllowed(action, SUPERUSER); -1767 -1768verifyDenied(action, USER_CREATE, USER_RW, USER_NONE, USER_RO); -1769 } -1770 -1771 @Test -1772 public void testCheckPermissions() throws Exception { -1773// -- -1774// test global permissions -1775AccessTestAction globalAdmin = new AccessTestAction() { -1776 @Override -1777 public Void run() throws Exception { -1778checkGlobalPerms(TEST_UTIL, Permission.Action.ADMIN); -1779return null; -1780 } -1781}; -1782// verify that only superuser can admin -1783verifyGlobal(globalAdmin); -1784 -1785// -- -1786// test multiple permissions -1787AccessTestAction globalReadWrite = new AccessTestAction() { -1788 @Override -1789 public Void run() throws Exception { -1790checkGlobalPerms(TEST_UTIL, Permission.Action.READ, Permission.Action.WRITE); -1791return null; -1792 } -1793}; +1752adminPerms.add(new UserPermission(USER_ADMIN.getShortName(), Bytes.toBytes("ACRW"))); +1753for(String user: superUsers) { +1754 // Global permission +1755 adminPerms.add(new UserPermission(user, Action.values())); +1756} +1757assertTrue("Only super users, global users and user admin has permission on table hbase:acl " + +1758"per setup", perms.size() == 5 + superUsers.size() +1759 hasFoundUserPermission(adminPerms, perms)); +1760 } +1761 +1762 /** global operations */ +1763 private void verifyGlobal(AccessTestAction action) throws Exception { +1764verifyAllowed(action, SUPERUSER); +1765 +1766verifyDenied(action, USER_CREATE, USER_RW,
[48/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/index-all.html -- diff --git a/devapidocs/index-all.html b/devapidocs/index-all.html index 036587e..fe6b567 100644 --- a/devapidocs/index-all.html +++ b/devapidocs/index-all.html @@ -642,7 +642,7 @@ For Writable -AccessControlFilter(TableAuthManager, User, TableName, AccessControlFilter.Strategy, MapByteRange, Integer) - Constructor for class org.apache.hadoop.hbase.security.access.AccessControlFilter +AccessControlFilter(AuthManager, User, TableName, AccessControlFilter.Strategy, MapByteRange, Integer) - Constructor for class org.apache.hadoop.hbase.security.access.AccessControlFilter AccessControlFilter.Strategy - Enum in org.apache.hadoop.hbase.security.access @@ -698,6 +698,11 @@ accessToken - Variable in class org.apache.hadoop.hbase.rest.client.RemoteAdmin +accessUserTable(User, TableName, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.AuthManager + +Checks if the user has access to the full table or at least a family/qualifier + for the specified action. + ack - Variable in class org.apache.hadoop.hbase.util.RegionMover ack - Variable in class org.apache.hadoop.hbase.util.RegionMover.RegionMoverBuilder @@ -4531,8 +4536,18 @@ authManager - Variable in class org.apache.hadoop.hbase.security.access.AccessControlFilter +AuthManager - Class in org.apache.hadoop.hbase.security.access + +Performs authorization checks for a given user's assigned permissions. + +AuthManager(ZKWatcher, Configuration) - Constructor for class org.apache.hadoop.hbase.security.access.AuthManager + authManager - Variable in class org.apache.hadoop.hbase.security.access.ZKPermissionWatcher +AuthManager.PermissionCacheT extends Permission - Class in org.apache.hadoop.hbase.security.access + +Cache of permissions, it is thread safe. + authMethod - Variable in class org.apache.hadoop.hbase.ipc.RpcConnection authMethod - Variable in class org.apache.hadoop.hbase.ipc.ServerRpcConnection @@ -4597,48 +4612,44 @@ Authorize the incoming client connection. -authorize(ListPermission, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager - -Authorizes a global permission - -authorize(User, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager - -Authorize a global permission based on ACLs for the given user and the - user's groups. - -authorize(ListTablePermission, TableName, byte[], byte[], Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager - -authorize(User, TableName, Cell, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager +authorizeCell(User, TableName, Cell, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.AuthManager -Authorize a user for a given KV. +Check if user has given action privilige in cell scope. -authorize(User, String, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager +authorizeConnection() - Method in class org.apache.hadoop.hbase.ipc.ServerRpcConnection -authorize(ListTablePermission, String, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager +authorizeFamily(SetTablePermission, TableName, byte[], Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.AuthManager -authorize(User, TableName, byte[], byte[], Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager +authorizeGlobal(GlobalPermission, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.AuthManager -authorize(User, TableName, byte[], Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager +authorizeNamespace(SetNamespacePermission, String, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.AuthManager -authorizeConnection() - Method in class org.apache.hadoop.hbase.ipc.ServerRpcConnection +authorizeTable(SetTablePermission, TableName, byte[], byte[], Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.AuthManager -authorizeGroup(String, Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager +authorizeUserFamily(User, TableName, byte[], Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.AuthManager -Checks global authorization for a given action for a group, based on the stored - permissions. +Check if user has given action privilige in table:family scope. -authorizeGroup(String, TableName, byte[], byte[], Permission.Action) - Method in class org.apache.hadoop.hbase.security.access.TableAuthManager +authorizeUserGlobal(User, Permission.Action) - Method in class
[50/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/checkstyle-aggregate.html -- diff --git a/checkstyle-aggregate.html b/checkstyle-aggregate.html index 0ee5ffc..fdbae97 100644 --- a/checkstyle-aggregate.html +++ b/checkstyle-aggregate.html @@ -7,7 +7,7 @@ - + Apache HBase Checkstyle Results @@ -291,10 +291,10 @@ Warnings Errors -3806 +3809 0 0 -15073 +14996 Files @@ -8232,12 +8232,12 @@ org/apache/hadoop/hbase/security/access/AccessControlLists.java 0 0 -16 +13 org/apache/hadoop/hbase/security/access/AccessControlUtil.java 0 0 -40 +36 org/apache/hadoop/hbase/security/access/AccessController.java 0 @@ -8252,7 +8252,7 @@ org/apache/hadoop/hbase/security/access/Permission.java 0 0 -7 +2 org/apache/hadoop/hbase/security/access/SecureTestUtil.java 0 @@ -8262,62 +8262,52 @@ org/apache/hadoop/hbase/security/access/ShadedAccessControlUtil.java 0 0 -49 +46 -org/apache/hadoop/hbase/security/access/TableAuthManager.java -0 -0 -43 - org/apache/hadoop/hbase/security/access/TablePermission.java 0 0 -10 - +1 + org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java 0 0 1 - + org/apache/hadoop/hbase/security/access/TestAccessController.java 0 0 -17 - +16 + org/apache/hadoop/hbase/security/access/TestAccessController2.java 0 0 3 - + org/apache/hadoop/hbase/security/access/TestCellACLWithMultipleVersions.java 0 0 1 - + org/apache/hadoop/hbase/security/access/TestCellACLs.java 0 0 2 - + org/apache/hadoop/hbase/security/access/TestNamespaceCommands.java 0 0 2 - + org/apache/hadoop/hbase/security/access/TestTablePermissions.java 0 0 -13 - +7 + org/apache/hadoop/hbase/security/access/TestWithDisabledAuthorization.java 0 0 5 - -org/apache/hadoop/hbase/security/access/UserPermission.java -0 -0 -3 org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java 0 @@ -9729,7 +9719,7 @@ http://checkstyle.sourceforge.net/config_blocks.html#NeedBraces;>NeedBraces -1792 +1779 Error coding @@ -9754,7 +9744,7 @@ design http://checkstyle.sourceforge.net/config_design.html#FinalClass;>FinalClass -51 +50 Error @@ -9796,7 +9786,7 @@ sortStaticImportsAlphabetically: true groups: *,org.apache.hbase.thirdparty,org.apache.hadoop.hbase.shaded option: top -1145 +1142 Error @@ -9819,24 +9809,24 @@ caseIndent: 2 basicOffset: 2 lineWrappingIndentation: 2 -4805 +4803 Error javadoc http://checkstyle.sourceforge.net/config_javadoc.html#JavadocTagContinuationIndentation;>JavadocTagContinuationIndentation offset: 2 -731 +730 Error http://checkstyle.sourceforge.net/config_javadoc.html#NonEmptyAtclauseDescription;>NonEmptyAtclauseDescription -3494 +3453 Error misc http://checkstyle.sourceforge.net/config_misc.html#ArrayTypeStyle;>ArrayTypeStyle -144 +139 Error @@ -9849,7 +9839,7 @@ max: 100 ignorePattern: ^package.*|^import.*|a href|href|http://|https://|ftp://|org.apache.thrift.|com.google.protobuf.|hbase.protobuf.generated -1442 +1431 Error @@ -19125,7 +19115,7 @@ Error javadoc -JavadocTagContinuationIndentation +NonEmptyAtclauseDescription Javadoc comment at column 0 has parse error. Details: no viable alternative at input ' *' while parsing JAVADOC_TAG 117 @@ -46796,7 +46786,7 @@ javadoc NonEmptyAtclauseDescription At-clause should have a non-empty description. -304 +306 org/apache/hadoop/hbase/io/encoding/TestEncodedSeekers.java @@ -96944,397 +96934,361 @@ indentation Indentation 'method call rparen' has incorrect indentation level 10, expected level should be 6. -185 +184 Error -sizes -LineLength -Line is longer than 100 characters (found 102). -245 - -Error blocks NeedBraces 'if' construct must use '{}'s. -334 - +336 + Error blocks NeedBraces 'if' construct must use '{}'s. -335 - +337 + Error javadoc NonEmptyAtclauseDescription At-clause should have a non-empty description. -403 - +413 + Error javadoc NonEmptyAtclauseDescription At-clause should have a non-empty description. -405 - -Error -sizes -LineLength -Line is longer than 100 characters (found 107). -414 +415 Error -sizes -LineLength -Line is longer than 100 characters (found 106). -465 - -Error blocks NeedBraces 'if' construct must use '{}'s. -484 - +496 + Error blocks NeedBraces 'if' construct must use '{}'s. -514 - +526 + Error sizes LineLength Line is longer than 100 characters (found 102). -743 - +752 + Error blocks NeedBraces 'if' construct must use '{}'s. -818 - +860 + Error sizes LineLength Line is longer than 100 characters (found 107). -855 - +897 + Error misc ArrayTypeStyle Array brackets at illegal position. -867 +909 org/apache/hadoop/hbase/security/access/AccessControlUtil.java - + Severity Category Rule Message Line - + Error imports ImportOrder Wrong order for 'org.apache.hadoop.hbase.protobuf.ProtobufUtil' import. 29 - + Error
[09/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.ServerManagerForTest.html -- diff --git a/testdevapidocs/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.ServerManagerForTest.html b/testdevapidocs/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.ServerManagerForTest.html new file mode 100644 index 000..b308bce --- /dev/null +++ b/testdevapidocs/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.ServerManagerForTest.html @@ -0,0 +1,307 @@ +http://www.w3.org/TR/html4/loose.dtd;> + + + + + +TestRegionAssignedToMultipleRegionServers.ServerManagerForTest (Apache HBase 3.0.0-SNAPSHOT Test API) + + + + + +var methods = {"i0":10}; +var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]}; +var altColor = "altColor"; +var rowColor = "rowColor"; +var tableTab = "tableTab"; +var activeTableTab = "activeTableTab"; + + +JavaScript is disabled on your browser. + + + + + +Skip navigation links + + + + +Overview +Package +Class +Use +Tree +Deprecated +Index +Help + + + + +PrevClass +NextClass + + +Frames +NoFrames + + +AllClasses + + + + + + + +Summary: +Nested| +Field| +Constr| +Method + + +Detail: +Field| +Constr| +Method + + + + + + + + +org.apache.hadoop.hbase.master.assignment +Class TestRegionAssignedToMultipleRegionServers.ServerManagerForTest + + + +https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">java.lang.Object + + +org.apache.hadoop.hbase.master.ServerManager + + +org.apache.hadoop.hbase.master.assignment.TestRegionAssignedToMultipleRegionServers.ServerManagerForTest + + + + + + + + + +Enclosing class: +TestRegionAssignedToMultipleRegionServers + + + +private static final class TestRegionAssignedToMultipleRegionServers.ServerManagerForTest +extends org.apache.hadoop.hbase.master.ServerManager + + + + + + + + + + + +Field Summary + + + + +Fields inherited from classorg.apache.hadoop.hbase.master.ServerManager +FLUSHEDSEQUENCEID_FLUSHER_INTERVAL, FLUSHEDSEQUENCEID_FLUSHER_INTERVAL_DEFAULT, PERSIST_FLUSHEDSEQUENCEID, PERSIST_FLUSHEDSEQUENCEID_DEFAULT, WAIT_ON_REGIONSERVERS_INTERVAL, WAIT_ON_REGIONSERVERS_MAXTOSTART, WAIT_ON_REGIONSERVERS_MINTOSTART, WAIT_ON_REGIONSERVERS_TIMEOUT + + + + + + + + +Constructor Summary + +Constructors + +Constructor and Description + + +ServerManagerForTest(org.apache.hadoop.hbase.master.MasterServicesmaster) + + + + + + + + + +Method Summary + +All MethodsInstance MethodsConcrete Methods + +Modifier and Type +Method and Description + + +https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">Listorg.apache.hadoop.hbase.ServerName +createDestinationServersList() + + + + + + +Methods inherited from classorg.apache.hadoop.hbase.master.ServerManager +addServerToDrainList, areDeadServersInProgress, closeRegionSilentlyAndWait, countOfRegionServers, createDestinationServersList, expireServer, getAverageLoad, getDeadServers, getDrainingServersList, getFlushedSequenceIdByRegion, getInfoPort, getLastFlushedSequenceId, getLoad, getOnlineServers, getOnlineServersList, getOnlineServersListWithPredicator, getRsAdmin, getVersion, getVersionNumber, isClusterShutdown, isRegionInServerManagerStates, isServerDead, isServerOnline, loadLastFlushedSequenceIds, moveFromOnlineToDeadServers, regionServerReport, registerListener, removeDeletedRegionFromLoadedFlushedSequenceIds, removeRegion, removeRegions, removeServerFromDrainList, sendRegionWarmup, shutdownCluster, startChore, stop, unregisterListener, waitForRegionServers + + + + + +Methods inherited from classjava.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">Object +https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone--; title="class or interface in java.lang">clone, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals-java.lang.Object-; title="class or interface in java.lang">equals, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize--; title="class or interface in java.lang">finalize,
[29/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/class-use/TablePermission.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/TablePermission.html b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/TablePermission.html index c7df26c..e71aa27 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/TablePermission.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/TablePermission.html @@ -95,22 +95,6 @@ Uses of TablePermission in org.apache.hadoop.hbase.security.access - -Subclasses of TablePermission in org.apache.hadoop.hbase.security.access - -Modifier and Type -Class and Description - - - -class -UserPermission -Represents an authorization for access over the given table, column family - plus qualifier, for the given user. - - - - Fields in org.apache.hadoop.hbase.security.access with type parameters of type TablePermission @@ -119,12 +103,14 @@ -private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentSkipListMap.html?is-external=true; title="class or interface in java.util.concurrent">ConcurrentSkipListMaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TableAuthManager.PermissionCacheTablePermission -TableAuthManager.nsCache +private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentHashMap.html?is-external=true; title="class or interface in java.util.concurrent">ConcurrentHashMapTableName,AuthManager.PermissionCacheTablePermission +AuthManager.tableCache +Cache for table permission. + -private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentSkipListMap.html?is-external=true; title="class or interface in java.util.concurrent">ConcurrentSkipListMapTableName,TableAuthManager.PermissionCacheTablePermission -TableAuthManager.tableCache +(package private) AuthManager.PermissionCacheTablePermission +AuthManager.TBL_NO_PERMISSION @@ -137,18 +123,6 @@ static TablePermission -ShadedAccessControlUtil.toTablePermission(org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.Permissionproto) -Converts a Permission shaded proto to a client TablePermission object. - - - -static TablePermission -AccessControlUtil.toTablePermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permissionproto) -Converts a Permission proto to a client TablePermission object. - - - -static TablePermission AccessControlUtil.toTablePermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermissionproto) Converts a TablePermission proto to a client TablePermission object. @@ -156,108 +130,6 @@ -Methods in org.apache.hadoop.hbase.security.access that return types with arguments of type TablePermission - -Modifier and Type -Method and Description - - - -static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission -AccessControlLists.getNamespacePermissions(org.apache.hadoop.conf.Configurationconf, - https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace) - - -private TableAuthManager.PermissionCacheTablePermission -TableAuthManager.getNamespacePermissions(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace) - - -(package private) static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission -AccessControlLists.getPermissions(org.apache.hadoop.conf.Configurationconf, - byte[]entryName, - Tablet, - byte[]cf, - byte[]cq, - https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser, - booleanhasFilterUser) -Reads user permission assignments stored in the l: column family of the first - table row in _acl_. - - - -static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission -AccessControlLists.getTablePermissions(org.apache.hadoop.conf.Configurationconf, - TableNametableName) - - -private TableAuthManager.PermissionCacheTablePermission -TableAuthManager.getTablePermissions(TableNametable) - - -(package private) static
[16/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TableAuthManager.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TableAuthManager.html b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TableAuthManager.html deleted file mode 100644 index 2e68b22..000 --- a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TableAuthManager.html +++ /dev/null @@ -1,859 +0,0 @@ -http://www.w3.org/TR/html4/loose.dtd;> - - -Source code - - - - -001/** -002 * Licensed to the Apache Software Foundation (ASF) under one -003 * or more contributor license agreements. See the NOTICE file -004 * distributed with this work for additional information -005 * regarding copyright ownership. The ASF licenses this file -006 * to you under the Apache License, Version 2.0 (the -007 * "License"); you may not use this file except in compliance -008 * with the License. You may obtain a copy of the License at -009 * -010 * http://www.apache.org/licenses/LICENSE-2.0 -011 * -012 * Unless required by applicable law or agreed to in writing, software -013 * distributed under the License is distributed on an "AS IS" BASIS, -014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -015 * See the License for the specific language governing permissions and -016 * limitations under the License. -017 */ -018 -019package org.apache.hadoop.hbase.security.access; -020 -021import static org.apache.hadoop.hbase.util.CollectionUtils.computeIfAbsent; -022 -023import org.apache.hbase.thirdparty.com.google.common.annotations.VisibleForTesting; -024import org.apache.hbase.thirdparty.com.google.common.collect.ArrayListMultimap; -025import org.apache.hbase.thirdparty.com.google.common.collect.ListMultimap; -026import org.apache.hbase.thirdparty.com.google.common.collect.Lists; -027 -028import java.io.Closeable; -029import java.io.IOException; -030import java.util.HashMap; -031import java.util.List; -032import java.util.Map; -033import java.util.concurrent.ConcurrentSkipListMap; -034import java.util.concurrent.atomic.AtomicLong; -035 -036import org.apache.hadoop.conf.Configuration; -037import org.apache.hadoop.hbase.AuthUtil; -038import org.apache.hadoop.hbase.Cell; -039import org.apache.hadoop.hbase.TableName; -040import org.apache.hadoop.hbase.zookeeper.ZKWatcher; -041import org.apache.yetus.audience.InterfaceAudience; -042import org.apache.hadoop.hbase.exceptions.DeserializationException; -043import org.apache.hadoop.hbase.log.HBaseMarkers; -044import org.apache.hadoop.hbase.security.Superusers; -045import org.apache.hadoop.hbase.security.User; -046import org.apache.hadoop.hbase.security.UserProvider; -047import org.apache.hadoop.hbase.util.Bytes; -048import org.apache.zookeeper.KeeperException; -049import org.slf4j.Logger; -050import org.slf4j.LoggerFactory; -051 -052/** -053 * Performs authorization checks for a given user's assigned permissions -054 */ -055@InterfaceAudience.Private -056public class TableAuthManager implements Closeable { -057 private static class PermissionCacheT extends Permission { -058/** Cache of user permissions */ -059private ListMultimapString,T userCache = ArrayListMultimap.create(); -060/** Cache of group permissions */ -061private ListMultimapString,T groupCache = ArrayListMultimap.create(); -062 -063public ListT getUser(String user) { -064 return userCache.get(user); -065} -066 -067public void putUser(String user, T perm) { -068 userCache.put(user, perm); -069} -070 -071public ListT replaceUser(String user, Iterable? extends T perms) { -072 return userCache.replaceValues(user, perms); -073} -074 -075public ListT getGroup(String group) { -076 return groupCache.get(group); -077} -078 -079public void putGroup(String group, T perm) { -080 groupCache.put(group, perm); -081} -082 -083public ListT replaceGroup(String group, Iterable? extends T perms) { -084 return groupCache.replaceValues(group, perms); -085} -086 -087/** -088 * Returns a combined map of user and group permissions, with group names -089 * distinguished according to {@link AuthUtil#isGroupPrincipal(String)}. -090 */ -091public ListMultimapString,T getAllPermissions() { -092 ListMultimapString,T tmp = ArrayListMultimap.create(); -093 tmp.putAll(userCache); -094 for (String group : groupCache.keySet()) { -095 tmp.putAll(AuthUtil.toGroupEntry(group), groupCache.get(group)); -096 } -097 return tmp; -098} -099 } -100 -101 private static final Logger LOG = LoggerFactory.getLogger(TableAuthManager.class); -102 -103 /** Cache of global permissions */ -104 private volatile PermissionCachePermission globalCache; -105 -106 private
hbase-site git commit: INFRA-10751 Empty commit
Repository: hbase-site Updated Branches: refs/heads/asf-site 68eae6230 -> 921a91b8f INFRA-10751 Empty commit Project: http://git-wip-us.apache.org/repos/asf/hbase-site/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase-site/commit/921a91b8 Tree: http://git-wip-us.apache.org/repos/asf/hbase-site/tree/921a91b8 Diff: http://git-wip-us.apache.org/repos/asf/hbase-site/diff/921a91b8 Branch: refs/heads/asf-site Commit: 921a91b8f3420d3cab90c2d37a5c1fc9f75ecd6c Parents: 68eae62 Author: jenkins Authored: Thu Nov 15 14:54:47 2018 + Committer: jenkins Committed: Thu Nov 15 14:54:47 2018 + -- --
[36/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.PermissionCache.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.PermissionCache.html b/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.PermissionCache.html deleted file mode 100644 index 9edfa17..000 --- a/devapidocs/org/apache/hadoop/hbase/security/access/TableAuthManager.PermissionCache.html +++ /dev/null @@ -1,428 +0,0 @@ -http://www.w3.org/TR/html4/loose.dtd;> - - - - - -TableAuthManager.PermissionCache (Apache HBase 3.0.0-SNAPSHOT API) - - - - - -var methods = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10}; -var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]}; -var altColor = "altColor"; -var rowColor = "rowColor"; -var tableTab = "tableTab"; -var activeTableTab = "activeTableTab"; - - -JavaScript is disabled on your browser. - - - - - -Skip navigation links - - - - -Overview -Package -Class -Use -Tree -Deprecated -Index -Help - - - - -PrevClass -NextClass - - -Frames -NoFrames - - -AllClasses - - - - - - - -Summary: -Nested| -Field| -Constr| -Method - - -Detail: -Field| -Constr| -Method - - - - - - - - -org.apache.hadoop.hbase.security.access -Class TableAuthManager.PermissionCacheT extends Permission - - - -https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">java.lang.Object - - -org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCacheT - - - - - - - -Enclosing class: -TableAuthManager - - - -private static class TableAuthManager.PermissionCacheT extends Permission -extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">Object - - - - - - - - - - - -Field Summary - -Fields - -Modifier and Type -Field and Description - - -private org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,T -groupCache -Cache of group permissions - - - -private org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,T -userCache -Cache of user permissions - - - - - - - - - - -Constructor Summary - -Constructors - -Modifier -Constructor and Description - - -private -PermissionCache() - - - - - - - - - -Method Summary - -All MethodsInstance MethodsConcrete Methods - -Modifier and Type -Method and Description - - -org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,T -getAllPermissions() -Returns a combined map of user and group permissions, with group names - distinguished according to AuthUtil.isGroupPrincipal(String). - - - -https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">ListT -getGroup(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringgroup) - - -https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">ListT -getUser(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser) - - -void -putGroup(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringgroup, -Tperm) - - -void -putUser(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser, - Tperm) - - -https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">ListT -replaceGroup(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringgroup, -https://docs.oracle.com/javase/8/docs/api/java/lang/Iterable.html?is-external=true; title="class or interface in java.lang">Iterable? extends Tperms) - -
[18/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.html b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.html index 042bf4a..cb2cfdc 100644 --- a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.html +++ b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.html @@ -30,194 +30,226 @@ 022import java.io.DataOutput; 023import java.io.IOException; 024import java.util.Arrays; -025import java.util.Map; -026 -027import org.apache.yetus.audience.InterfaceAudience; -028import org.slf4j.Logger; -029import org.slf4j.LoggerFactory; -030import org.apache.hadoop.hbase.util.Bytes; -031import org.apache.hadoop.io.VersionedWritable; -032 -033import org.apache.hbase.thirdparty.com.google.common.collect.Maps; -034 -035/** -036 * Base permissions instance representing the ability to perform a given set -037 * of actions. -038 * -039 * @see TablePermission -040 */ -041@InterfaceAudience.Public -042public class Permission extends VersionedWritable { -043 protected static final byte VERSION = 0; -044 -045 @InterfaceAudience.Public -046 public enum Action { -047READ('R'), WRITE('W'), EXEC('X'), CREATE('C'), ADMIN('A'); -048 -049private final byte code; -050Action(char code) { -051 this.code = (byte)code; -052} -053 -054public byte code() { return code; } -055 } -056 -057 private static final Logger LOG = LoggerFactory.getLogger(Permission.class); -058 protected static final MapByte,Action ACTION_BY_CODE = Maps.newHashMap(); -059 -060 protected Action[] actions; +025import java.util.EnumSet; +026import java.util.Map; +027 +028import org.apache.yetus.audience.InterfaceAudience; +029import org.slf4j.Logger; +030import org.slf4j.LoggerFactory; +031import org.apache.hadoop.hbase.util.Bytes; +032import org.apache.hadoop.io.VersionedWritable; +033 +034import org.apache.hbase.thirdparty.com.google.common.collect.ImmutableMap; +035 +036/** +037 * Base permissions instance representing the ability to perform a given set +038 * of actions. +039 * +040 * @see TablePermission +041 */ +042@InterfaceAudience.Public +043public class Permission extends VersionedWritable { +044 protected static final byte VERSION = 0; +045 +046 @InterfaceAudience.Public +047 public enum Action { +048READ('R'), WRITE('W'), EXEC('X'), CREATE('C'), ADMIN('A'); +049 +050private final byte code; +051Action(char code) { +052 this.code = (byte) code; +053} +054 +055public byte code() { return code; } +056 } +057 +058 @InterfaceAudience.Private +059 protected enum Scope { +060GLOBAL('G'), NAMESPACE('N'), TABLE('T'), EMPTY('E'); 061 -062 static { -063for (Action a : Action.values()) { -064 ACTION_BY_CODE.put(a.code(), a); +062private final byte code; +063Scope(char code) { +064 this.code = (byte) code; 065} -066 } -067 -068 /** Empty constructor for Writable implementation. bDo not use./b */ -069 public Permission() { -070super(); -071 } -072 -073 public Permission(Action... assigned) { -074if (assigned != null assigned.length 0) { -075 actions = Arrays.copyOf(assigned, assigned.length); -076} -077 } -078 -079 public Permission(byte[] actionCodes) { -080if (actionCodes != null) { -081 Action acts[] = new Action[actionCodes.length]; -082 int j = 0; -083 for (int i=0; iactionCodes.length; i++) { -084byte b = actionCodes[i]; -085Action a = ACTION_BY_CODE.get(b); -086if (a == null) { -087 LOG.error("Ignoring unknown action code '"+ -088 Bytes.toStringBinary(new byte[]{b})+"'"); -089 continue; -090} -091acts[j++] = a; -092 } -093 this.actions = Arrays.copyOf(acts, j); -094} +066 +067public byte code() { +068 return code; +069} +070 } +071 +072 private static final Logger LOG = LoggerFactory.getLogger(Permission.class); +073 +074 protected static final MapByte, Action ACTION_BY_CODE; +075 protected static final MapByte, Scope SCOPE_BY_CODE; +076 +077 protected EnumSetAction actions = EnumSet.noneOf(Action.class); +078 protected Scope scope = Scope.EMPTY; +079 +080 static { +081ACTION_BY_CODE = ImmutableMap.of( +082 Action.READ.code, Action.READ, +083 Action.WRITE.code, Action.WRITE, +084 Action.EXEC.code, Action.EXEC, +085 Action.CREATE.code, Action.CREATE, +086 Action.ADMIN.code, Action.ADMIN +087); +088 +089SCOPE_BY_CODE = ImmutableMap.of( +090 Scope.GLOBAL.code, Scope.GLOBAL, +091 Scope.NAMESPACE.code, Scope.NAMESPACE, +092 Scope.TABLE.code, Scope.TABLE, +093 Scope.EMPTY.code, Scope.EMPTY +094); 095 } 096 -097 public
[12/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html index cbae28e..aec5920 100644 --- a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html +++ b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.html @@ -64,825 +64,827 @@ 056import org.apache.hadoop.hbase.regionserver.HRegionFileSystem; 057import org.apache.hadoop.hbase.regionserver.StoreFileInfo; 058import org.apache.hadoop.hbase.security.access.AccessControlClient; -059import org.apache.hadoop.hbase.security.access.ShadedAccessControlUtil; -060import org.apache.hadoop.hbase.security.access.TablePermission; -061import org.apache.hadoop.hbase.util.Bytes; -062import org.apache.hadoop.hbase.util.FSUtils; -063import org.apache.hadoop.hbase.util.ModifyRegionUtils; -064import org.apache.hadoop.hbase.util.Pair; -065import org.apache.hadoop.io.IOUtils; -066import org.apache.yetus.audience.InterfaceAudience; -067import org.slf4j.Logger; -068import org.slf4j.LoggerFactory; -069import org.apache.hbase.thirdparty.com.google.common.collect.ListMultimap; -070import org.apache.hadoop.hbase.shaded.protobuf.ProtobufUtil; -071import org.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotDescription; -072import org.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotRegionManifest; -073 -074/** -075 * Helper to Restore/Clone a Snapshot -076 * -077 * pThe helper assumes that a table is already created, and by calling restore() -078 * the content present in the snapshot will be restored as the new content of the table. -079 * -080 * pClone from Snapshot: If the target table is empty, the restore operation -081 * is just a "clone operation", where the only operations are: -082 * ul -083 * lifor each region in the snapshot create a new region -084 *(note that the region will have a different name, since the encoding contains the table name) -085 * lifor each file in the region create a new HFileLink to point to the original file. -086 * lirestore the logs, if any -087 * /ul -088 * -089 * pRestore from Snapshot: -090 * ul -091 * lifor each region in the table verify which are available in the snapshot and which are not -092 *ul -093 *liif the region is not present in the snapshot, remove it. -094 *liif the region is present in the snapshot -095 * ul -096 * lifor each file in the table region verify which are available in the snapshot -097 *ul -098 * liif the hfile is not present in the snapshot, remove it -099 * liif the hfile is present, keep it (nothing to do) -100 */ul -101 * lifor each file in the snapshot region but not in the table -102 *ul -103 * licreate a new HFileLink that point to the original file -104 */ul -105 * /ul -106 */ul -107 * lifor each region in the snapshot not present in the current table state -108 *ul -109 *licreate a new region and for each file in the region create a new HFileLink -110 * (This is the same as the clone operation) -111 */ul -112 * lirestore the logs, if any -113 * /ul -114 */ -115@InterfaceAudience.Private -116public class RestoreSnapshotHelper { -117 private static final Logger LOG = LoggerFactory.getLogger(RestoreSnapshotHelper.class); -118 -119 private final Mapbyte[], byte[] regionsMap = new TreeMap(Bytes.BYTES_COMPARATOR); -120 -121 private final MapString, PairString, String parentsMap = new HashMap(); -122 -123 private final ForeignExceptionDispatcher monitor; -124 private final MonitoredTask status; -125 -126 private final SnapshotManifest snapshotManifest; -127 private final SnapshotDescription snapshotDesc; -128 private final TableName snapshotTable; -129 -130 private final TableDescriptor tableDesc; -131 private final Path rootDir; -132 private final Path tableDir; -133 -134 private final Configuration conf; -135 private final FileSystem fs; -136 private final boolean createBackRefs; -137 -138 public RestoreSnapshotHelper(final Configuration conf, -139 final FileSystem fs, -140 final SnapshotManifest manifest, -141 final TableDescriptor tableDescriptor, -142 final Path rootDir, -143 final ForeignExceptionDispatcher monitor, -144 final MonitoredTask status) { -145this(conf, fs, manifest, tableDescriptor, rootDir, monitor, status, true); -146 } -147 -148 public RestoreSnapshotHelper(final Configuration conf, -149 final FileSystem fs, -150 final SnapshotManifest manifest, -151 final TableDescriptor tableDescriptor, -152 final Path rootDir, -153 final
[04/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadAccessTestAction.html -- diff --git a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadAccessTestAction.html b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadAccessTestAction.html index 5062e9b..23b4be7 100644 --- a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadAccessTestAction.html +++ b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadAccessTestAction.html @@ -282,7 +282,7 @@ 274 public static void tearDownAfterClass() throws Exception { 275cleanUp(); 276TEST_UTIL.shutdownMiniCluster(); -277int total = TableAuthManager.getTotalRefCount(); +277int total = AuthManager.getTotalRefCount(); 278assertTrue("Unexpected reference count: " + total, total == 0); 279 } 280 @@ -1642,12 +1642,12 @@ 1634 } 1635 1636 UserPermission ownerperm = -1637 new UserPermission(Bytes.toBytes(USER_OWNER.getName()), tableName, null, Action.values()); +1637 new UserPermission(USER_OWNER.getName(), tableName, Action.values()); 1638 assertTrue("Owner should have all permissions on table", 1639 hasFoundUserPermission(ownerperm, perms)); 1640 1641 User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]); -1642 byte[] userName = Bytes.toBytes(user.getShortName()); +1642 String userName = user.getShortName(); 1643 1644 UserPermission up = 1645 new UserPermission(userName, tableName, family1, qualifier, Permission.Action.READ); @@ -1733,7 +1733,7 @@ 1725 } 1726 1727 UserPermission newOwnerperm = -1728 new UserPermission(Bytes.toBytes(newOwner.getName()), tableName, null, Action.values()); +1728 new UserPermission(newOwner.getName(), tableName, Action.values()); 1729 assertTrue("New owner should have all permissions on table", 1730 hasFoundUserPermission(newOwnerperm, perms)); 1731} finally { @@ -1757,1888 +1757,1898 @@ 1749 1750CollectionString superUsers = Superusers.getSuperUsers(); 1751ListUserPermission adminPerms = new ArrayList(superUsers.size() + 1); -1752adminPerms.add(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()), -1753 AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW"))); -1754 -1755for(String user: superUsers) { -1756 adminPerms.add(new UserPermission(Bytes.toBytes(user), AccessControlLists.ACL_TABLE_NAME, -1757 null, null, Action.values())); -1758} -1759assertTrue("Only super users, global users and user admin has permission on table hbase:acl " + -1760"per setup", perms.size() == 5 + superUsers.size() -1761 hasFoundUserPermission(adminPerms, perms)); -1762 } -1763 -1764 /** global operations */ -1765 private void verifyGlobal(AccessTestAction action) throws Exception { -1766verifyAllowed(action, SUPERUSER); -1767 -1768verifyDenied(action, USER_CREATE, USER_RW, USER_NONE, USER_RO); -1769 } -1770 -1771 @Test -1772 public void testCheckPermissions() throws Exception { -1773// -- -1774// test global permissions -1775AccessTestAction globalAdmin = new AccessTestAction() { -1776 @Override -1777 public Void run() throws Exception { -1778checkGlobalPerms(TEST_UTIL, Permission.Action.ADMIN); -1779return null; -1780 } -1781}; -1782// verify that only superuser can admin -1783verifyGlobal(globalAdmin); -1784 -1785// -- -1786// test multiple permissions -1787AccessTestAction globalReadWrite = new AccessTestAction() { -1788 @Override -1789 public Void run() throws Exception { -1790checkGlobalPerms(TEST_UTIL, Permission.Action.READ, Permission.Action.WRITE); -1791return null; -1792 } -1793}; +1752adminPerms.add(new UserPermission(USER_ADMIN.getShortName(), Bytes.toBytes("ACRW"))); +1753for(String user: superUsers) { +1754 // Global permission +1755 adminPerms.add(new UserPermission(user, Action.values())); +1756} +1757assertTrue("Only super users, global users and user admin has permission on table hbase:acl " + +1758"per setup", perms.size() == 5 + superUsers.size() +1759 hasFoundUserPermission(adminPerms, perms)); +1760 } +1761 +1762 /** global operations */ +1763 private void verifyGlobal(AccessTestAction action) throws Exception { +1764verifyAllowed(action, SUPERUSER); +1765 +1766verifyDenied(action, USER_CREATE, USER_RW, USER_NONE, USER_RO); +1767 } +1768 +1769 @Test
[05/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/src-html/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.AssignmentManagerForTest.html -- diff --git a/testdevapidocs/src-html/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.AssignmentManagerForTest.html b/testdevapidocs/src-html/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.AssignmentManagerForTest.html new file mode 100644 index 000..8ba5775 --- /dev/null +++ b/testdevapidocs/src-html/org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.AssignmentManagerForTest.html @@ -0,0 +1,252 @@ +http://www.w3.org/TR/html4/loose.dtd;> + + +Source code + + + + +001/** +002 * Licensed to the Apache Software Foundation (ASF) under one +003 * or more contributor license agreements. See the NOTICE file +004 * distributed with this work for additional information +005 * regarding copyright ownership. The ASF licenses this file +006 * to you under the Apache License, Version 2.0 (the +007 * "License"); you may not use this file except in compliance +008 * with the License. You may obtain a copy of the License at +009 * +010 * http://www.apache.org/licenses/LICENSE-2.0 +011 * +012 * Unless required by applicable law or agreed to in writing, software +013 * distributed under the License is distributed on an "AS IS" BASIS, +014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +015 * See the License for the specific language governing permissions and +016 * limitations under the License. +017 */ +018package org.apache.hadoop.hbase.master.assignment; +019 +020import static org.junit.Assert.assertNotNull; +021import static org.junit.Assert.assertNull; +022 +023import java.io.IOException; +024import java.util.ArrayList; +025import java.util.List; +026import java.util.concurrent.CountDownLatch; +027import org.apache.hadoop.conf.Configuration; +028import org.apache.hadoop.hbase.HBaseClassTestRule; +029import org.apache.hadoop.hbase.HBaseTestingUtility; +030import org.apache.hadoop.hbase.HConstants; +031import org.apache.hadoop.hbase.PleaseHoldException; +032import org.apache.hadoop.hbase.ServerName; +033import org.apache.hadoop.hbase.StartMiniClusterOption; +034import org.apache.hadoop.hbase.TableName; +035import org.apache.hadoop.hbase.client.RegionInfo; +036import org.apache.hadoop.hbase.master.HMaster; +037import org.apache.hadoop.hbase.master.MasterServices; +038import org.apache.hadoop.hbase.master.RegionPlan; +039import org.apache.hadoop.hbase.master.ServerManager; +040import org.apache.hadoop.hbase.regionserver.HRegionServer; +041import org.apache.hadoop.hbase.testclassification.MasterTests; +042import org.apache.hadoop.hbase.testclassification.MediumTests; +043import org.apache.hadoop.hbase.util.Bytes; +044import org.apache.zookeeper.KeeperException; +045import org.junit.AfterClass; +046import org.junit.BeforeClass; +047import org.junit.ClassRule; +048import org.junit.Test; +049import org.junit.experimental.categories.Category; +050 +051import org.apache.hadoop.hbase.shaded.protobuf.generated.RegionServerStatusProtos.RegionStateTransition.TransitionCode; +052import org.apache.hadoop.hbase.shaded.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionRequest; +053import org.apache.hadoop.hbase.shaded.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionResponse; +054 +055@Category({ MasterTests.class, MediumTests.class }) +056public class TestRegionAssignedToMultipleRegionServers { +057 +058 @ClassRule +059 public static final HBaseClassTestRule CLASS_RULE = +060 HBaseClassTestRule.forClass(TestRegionAssignedToMultipleRegionServers.class); +061 +062 private static final ListServerName EXCLUDE_SERVERS = new ArrayList(); +063 +064 private static boolean HALT = false; +065 +066 private static boolean KILL = false; +067 +068 private static CountDownLatch ARRIVE; +069 +070 private static final class ServerManagerForTest extends ServerManager { +071 +072public ServerManagerForTest(MasterServices master) { +073 super(master); +074} +075 +076@Override +077public ListServerName createDestinationServersList() { +078 return super.createDestinationServersList(EXCLUDE_SERVERS); +079} +080 } +081 +082 private static final class AssignmentManagerForTest extends AssignmentManager { +083 +084public AssignmentManagerForTest(MasterServices master) { +085 super(master); +086} +087 +088@Override +089public ReportRegionStateTransitionResponse reportRegionStateTransition( +090 ReportRegionStateTransitionRequest req) throws PleaseHoldException { +091 if (req.getTransition(0).getTransitionCode() == TransitionCode.OPENED) { +092if (ARRIVE != null) { +093
[51/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
Published site at 130057f13774f6b213cdb06952c805a29d59396e. Project: http://git-wip-us.apache.org/repos/asf/hbase-site/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase-site/commit/68eae623 Tree: http://git-wip-us.apache.org/repos/asf/hbase-site/tree/68eae623 Diff: http://git-wip-us.apache.org/repos/asf/hbase-site/diff/68eae623 Branch: refs/heads/asf-site Commit: 68eae6230f127b69a3dd4f5dd11907a95f162e42 Parents: 7339881 Author: jenkins Authored: Thu Nov 15 14:54:22 2018 + Committer: jenkins Committed: Thu Nov 15 14:54:22 2018 + -- acid-semantics.html |4 +- apache_hbase_reference_guide.pdf|4 +- apidocs/org/apache/hadoop/hbase/AuthUtil.html |2 +- .../apache/hadoop/hbase/client/Consistency.html |4 +- .../hadoop/hbase/client/IsolationLevel.html |4 +- .../hadoop/hbase/client/Scan.ReadType.html |4 +- .../hadoop/hbase/filter/Filter.ReturnCode.html |4 +- .../org/apache/hadoop/hbase/AuthUtil.html |2 +- book.html |2 +- bulk-loads.html |4 +- checkstyle-aggregate.html | 6844 -- checkstyle.rss | 90 +- coc.html|4 +- dependencies.html |4 +- dependency-convergence.html |4 +- dependency-info.html|4 +- dependency-management.html |4 +- devapidocs/allclasses-frame.html|7 +- devapidocs/allclasses-noframe.html |7 +- devapidocs/constant-values.html |4 +- devapidocs/index-all.html | 562 +- .../org/apache/hadoop/hbase/AuthUtil.html |2 +- .../hadoop/hbase/backup/package-tree.html |2 +- .../org/apache/hadoop/hbase/class-use/Cell.html | 12 +- .../hadoop/hbase/class-use/TableName.html | 385 +- .../apache/hadoop/hbase/client/Consistency.html |4 +- .../hadoop/hbase/client/IsolationLevel.html |4 +- .../hadoop/hbase/client/class-use/Result.html |2 +- .../hadoop/hbase/client/class-use/Table.html|2 +- .../hadoop/hbase/client/package-tree.html | 24 +- .../class-use/DeserializationException.html | 12 +- .../hadoop/hbase/executor/package-tree.html |2 +- .../hadoop/hbase/filter/package-tree.html |8 +- .../hadoop/hbase/io/hfile/package-tree.html |8 +- .../apache/hadoop/hbase/ipc/package-tree.html |2 +- .../hadoop/hbase/mapreduce/package-tree.html|4 +- .../master/assignment/CloseRegionProcedure.html | 16 +- .../master/assignment/OpenRegionProcedure.html | 16 +- .../assignment/RegionRemoteProcedureBase.html | 61 +- .../hbase/master/balancer/package-tree.html |2 +- .../hadoop/hbase/master/package-tree.html |4 +- .../procedure/class-use/MasterProcedureEnv.html |8 +- .../hbase/master/procedure/package-tree.html|4 +- .../org/apache/hadoop/hbase/package-tree.html | 18 +- .../hadoop/hbase/procedure2/package-tree.html |4 +- .../hadoop/hbase/quotas/package-tree.html |6 +- .../hbase/regionserver/class-use/Region.html|2 +- .../hadoop/hbase/regionserver/package-tree.html | 16 +- .../regionserver/querymatcher/package-tree.html |2 +- .../hadoop/hbase/rest/model/package-tree.html |2 +- .../hbase/security/access/AccessChecker.html| 12 +- .../security/access/AccessControlFilter.html| 12 +- .../security/access/AccessControlLists.html | 244 +- .../security/access/AccessControlUtil.html | 168 +- .../access/AccessController.OpType.html | 30 +- .../hbase/security/access/AccessController.html | 252 +- .../access/AuthManager.PermissionCache.html | 362 + .../hbase/security/access/AuthManager.html | 1134 +++ .../hbase/security/access/AuthResult.html |4 +- .../CoprocessorWhitelistMasterObserver.html |4 +- .../hbase/security/access/GlobalPermission.html | 404 ++ .../security/access/NamespacePermission.html| 564 ++ .../security/access/Permission.Action.html | 24 +- .../hbase/security/access/Permission.Scope.html | 420 ++ .../hbase/security/access/Permission.html | 153 +- .../security/access/SecureBulkLoadEndpoint.html |4 +- .../access/ShadedAccessControlUtil.html | 70 +- .../TableAuthManager.PermissionCache.html | 428 -- .../hbase/security/access/TableAuthManager.html | 1290 .../hbase/security/access/TablePermission.html | 457 +- .../hbase/security/access/UserPermission.html | 385 +- .../security/access/ZKPermissionWatcher.html| 14 +- .../class-use/AccessControlFilter.Strategy.html |2 +-
[39/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.html b/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.html new file mode 100644 index 000..12f8242 --- /dev/null +++ b/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.html @@ -0,0 +1,1134 @@ +http://www.w3.org/TR/html4/loose.dtd;> + + + + + +AuthManager (Apache HBase 3.0.0-SNAPSHOT API) + + + + + +var methods = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10,"i13":10,"i14":10,"i15":9,"i16":9,"i17":10,"i18":10,"i19":10,"i20":10,"i21":10,"i22":9,"i23":10,"i24":10,"i25":10,"i26":10,"i27":10,"i28":10}; +var tabs = {65535:["t0","All Methods"],1:["t1","Static Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]}; +var altColor = "altColor"; +var rowColor = "rowColor"; +var tableTab = "tableTab"; +var activeTableTab = "activeTableTab"; + + +JavaScript is disabled on your browser. + + + + + +Skip navigation links + + + + +Overview +Package +Class +Use +Tree +Deprecated +Index +Help + + + + +PrevClass +NextClass + + +Frames +NoFrames + + +AllClasses + + + + + + + +Summary: +Nested| +Field| +Constr| +Method + + +Detail: +Field| +Constr| +Method + + + + + + + + +org.apache.hadoop.hbase.security.access +Class AuthManager + + + +https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">java.lang.Object + + +org.apache.hadoop.hbase.security.access.AuthManager + + + + + + + +All Implemented Interfaces: +https://docs.oracle.com/javase/8/docs/api/java/io/Closeable.html?is-external=true; title="class or interface in java.io">Closeable, https://docs.oracle.com/javase/8/docs/api/java/lang/AutoCloseable.html?is-external=true; title="class or interface in java.lang">AutoCloseable + + + +@InterfaceAudience.Private +public final class AuthManager +extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">Object +implements https://docs.oracle.com/javase/8/docs/api/java/io/Closeable.html?is-external=true; title="class or interface in java.io">Closeable +Performs authorization checks for a given user's assigned permissions. + + There're following scopes: Global, Namespace, Table, Family, + Qualifier, Cell. + Generally speaking, higher scopes can overrides lower scopes, + except for Cell permission can be granted even a user has not permission on specified table, + which means the user can get/scan only those granted cells parts. + + e.g, if user A has global permission R(ead), he can + read table T without checking table scope permission, so authorization checks alway starts from + Global scope. + + For each scope, not only user but also groups he belongs to will be checked. + + + + + + + + + + + + +Nested Class Summary + +Nested Classes + +Modifier and Type +Class and Description + + +private static class +AuthManager.PermissionCacheT extends Permission +Cache of permissions, it is thread safe. + + + + + + + + + + +Field Summary + +Fields + +Modifier and Type +Field and Description + + +private org.apache.hadoop.conf.Configuration +conf + + +private https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Maphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,GlobalPermission +globalCache +Cache for global permission. + + + +private static org.slf4j.Logger +LOG + + +private static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">MapZKWatcher,AuthManager +managerMap + + +private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/atomic/AtomicLong.html?is-external=true; title="class or interface in java.util.concurrent.atomic">AtomicLong +mtime + + +private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentHashMap.html?is-external=true; title="class or interface in java.util.concurrent">ConcurrentHashMaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,AuthManager.PermissionCacheNamespacePermission +namespaceCache +Cache for namespace permission.
[30/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Scope.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Scope.html b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Scope.html new file mode 100644 index 000..5d49142 --- /dev/null +++ b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Scope.html @@ -0,0 +1,210 @@ +http://www.w3.org/TR/html4/loose.dtd;> + + + + + +Uses of Class org.apache.hadoop.hbase.security.access.Permission.Scope (Apache HBase 3.0.0-SNAPSHOT API) + + + + + + + +JavaScript is disabled on your browser. + + + + + +Skip navigation links + + + + +Overview +Package +Class +Use +Tree +Deprecated +Index +Help + + + + +Prev +Next + + +Frames +NoFrames + + +AllClasses + + + + + + + + + + +Uses of Classorg.apache.hadoop.hbase.security.access.Permission.Scope + + + + + +Packages that use Permission.Scope + +Package +Description + + + +org.apache.hadoop.hbase.security.access + + + + + + + + + + +Uses of Permission.Scope in org.apache.hadoop.hbase.security.access + +Fields in org.apache.hadoop.hbase.security.access declared as Permission.Scope + +Modifier and Type +Field and Description + + + +protected Permission.Scope +Permission.scope + + + + +Fields in org.apache.hadoop.hbase.security.access with type parameters of type Permission.Scope + +Modifier and Type +Field and Description + + + +protected static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Maphttps://docs.oracle.com/javase/8/docs/api/java/lang/Byte.html?is-external=true; title="class or interface in java.lang">Byte,Permission.Scope +Permission.SCOPE_BY_CODE + + + + +Methods in org.apache.hadoop.hbase.security.access that return Permission.Scope + +Modifier and Type +Method and Description + + + +Permission.Scope +UserPermission.getAccessScope() +Get this permission access scope. + + + +Permission.Scope +Permission.getAccessScope() + + +static Permission.Scope +Permission.Scope.valueOf(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringname) +Returns the enum constant of this type with the specified name. + + + +static Permission.Scope[] +Permission.Scope.values() +Returns an array containing the constants of this enum type, in +the order they are declared. + + + + + + + + + + + + + +Skip navigation links + + + + +Overview +Package +Class +Use +Tree +Deprecated +Index +Help + + + + +Prev +Next + + +Frames +NoFrames + + +AllClasses + + + + + + + + + +Copyright 20072018 https://www.apache.org/;>The Apache Software Foundation. All rights reserved. + + http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.html b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.html index f16df55..07dc8af 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.html @@ -205,7 +205,9 @@ private static class -TableAuthManager.PermissionCacheT extends Permission +AuthManager.PermissionCacheT extends Permission +Cache of permissions, it is thread safe. + @@ -218,33 +220,36 @@ class -TablePermission -Represents an authorization for access for the given actions, optionally - restricted to the given column family or column qualifier, over the - given table. +GlobalPermission +Represents an authorization for access whole cluster. class -UserPermission -Represents an authorization for access over the given table, column family - plus qualifier, for the given user. +NamespacePermission +Represents an authorization for access for the given namespace. + + + +class +TablePermission +Represents an authorization for access for the given actions, optionally + restricted to
[15/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TablePermission.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TablePermission.html b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TablePermission.html index d00864b..0eb1c04 100644 --- a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TablePermission.html +++ b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/TablePermission.html @@ -39,7 +39,7 @@ 031/** 032 * Represents an authorization for access for the given actions, optionally 033 * restricted to the given column family or column qualifier, over the -034 * given table. If the family property is codenull/code, it implies +034 * given table. If the family property is codenull/code, it implies 035 * full table access. 036 */ 037@InterfaceAudience.Private @@ -49,393 +49,278 @@ 041 private byte[] family; 042 private byte[] qualifier; 043 -044 //TODO refactor this class -045 //we need to refacting this into three classes (Global, Table, Namespace) -046 private String namespace; -047 -048 /** Nullary constructor for Writable, do not use */ -049 public TablePermission() { -050super(); -051 } -052 -053 /** -054 * Create a new permission for the given table and (optionally) column family, -055 * allowing the given actions. -056 * @param table the table -057 * @param family the family, can be null if a global permission on the table -058 * @param assigned the list of allowed actions -059 */ -060 public TablePermission(TableName table, byte[] family, Action... assigned) { -061this(table, family, null, assigned); -062 } -063 -064 /** -065 * Creates a new permission for the given table, restricted to the given -066 * column family and qualifier, allowing the assigned actions to be performed. -067 * @param table the table -068 * @param family the family, can be null if a global permission on the table -069 * @param assigned the list of allowed actions -070 */ -071 public TablePermission(TableName table, byte[] family, byte[] qualifier, -072 Action... assigned) { -073super(assigned); -074this.table = table; -075this.family = family; -076this.qualifier = qualifier; -077 } -078 -079 /** -080 * Creates a new permission for the given table, family and column qualifier, -081 * allowing the actions matching the provided byte codes to be performed. -082 * @param table the table -083 * @param family the family, can be null if a global permission on the table -084 * @param actionCodes the list of allowed action codes -085 */ -086 public TablePermission(TableName table, byte[] family, byte[] qualifier, -087 byte[] actionCodes) { -088super(actionCodes); -089this.table = table; -090this.family = family; -091this.qualifier = qualifier; -092 } -093 -094 /** -095 * Creates a new permission for the given namespace or table, restricted to the given -096 * column family and qualifier, allowing the assigned actions to be performed. -097 * @param namespace -098 * @param table the table -099 * @param family the family, can be null if a global permission on the table -100 * @param assigned the list of allowed actions -101 */ -102 public TablePermission(String namespace, TableName table, byte[] family, byte[] qualifier, -103 Action... assigned) { -104super(assigned); -105this.namespace = namespace; -106this.table = table; -107this.family = family; -108this.qualifier = qualifier; -109 } -110 -111 /** -112 * Creates a new permission for the given namespace or table, family and column qualifier, -113 * allowing the actions matching the provided byte codes to be performed. -114 * @param namespace -115 * @param table the table -116 * @param family the family, can be null if a global permission on the table -117 * @param actionCodes the list of allowed action codes -118 */ -119 public TablePermission(String namespace, TableName table, byte[] family, byte[] qualifier, -120 byte[] actionCodes) { -121super(actionCodes); -122this.namespace = namespace; +044 /** Nullary constructor for Writable, do not use */ +045 public TablePermission() { +046super(); +047this.scope = Scope.EMPTY; +048 } +049 +050 /** +051 * Construct a table permission. +052 * @param table table name +053 * @param assigned assigned actions +054 */ +055 public TablePermission(TableName table, Action... assigned) { +056this(table, null, null, assigned); +057 } +058 +059 /** +060 * Construct a table:family permission. +061 * @param table table name +062 * @param family family name +063 * @param assigned assigned actions +064 */ +065 public TablePermission(TableName table, byte[] family, Action... assigned) { +066
[06/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/src-html/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html -- diff --git a/testdevapidocs/src-html/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html b/testdevapidocs/src-html/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html index 1222951..6f09c2f 100644 --- a/testdevapidocs/src-html/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html +++ b/testdevapidocs/src-html/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html @@ -51,389 +51,414 @@ 043import org.apache.hadoop.hbase.Tag; 044import org.apache.hadoop.hbase.io.ByteArrayOutputStream; 045import org.apache.hadoop.hbase.io.compress.Compression; -046import org.apache.hadoop.hbase.io.hfile.HFileContext; -047import org.apache.hadoop.hbase.io.hfile.HFileContextBuilder; -048import org.apache.hadoop.hbase.nio.SingleByteBuff; -049import org.apache.hadoop.hbase.testclassification.IOTests; -050import org.apache.hadoop.hbase.testclassification.LargeTests; -051import org.apache.hadoop.hbase.util.Bytes; -052import org.apache.hadoop.hbase.util.RedundantKVGenerator; -053import org.junit.ClassRule; -054import org.junit.Test; -055import org.junit.experimental.categories.Category; -056import org.junit.runner.RunWith; -057import org.junit.runners.Parameterized; -058import org.junit.runners.Parameterized.Parameters; -059import org.slf4j.Logger; -060import org.slf4j.LoggerFactory; -061 -062/** -063 * Test all of the data block encoding algorithms for correctness. Most of the -064 * class generate data which will test different branches in code. -065 */ -066@Category({IOTests.class, LargeTests.class}) -067@RunWith(Parameterized.class) -068public class TestDataBlockEncoders { -069 -070 @ClassRule -071 public static final HBaseClassTestRule CLASS_RULE = -072 HBaseClassTestRule.forClass(TestDataBlockEncoders.class); -073 -074 private static final Logger LOG = LoggerFactory.getLogger(TestDataBlockEncoders.class); +046import org.apache.hadoop.hbase.io.compress.Compression.Algorithm; +047import org.apache.hadoop.hbase.io.hfile.HFileContext; +048import org.apache.hadoop.hbase.io.hfile.HFileContextBuilder; +049import org.apache.hadoop.hbase.nio.SingleByteBuff; +050import org.apache.hadoop.hbase.testclassification.IOTests; +051import org.apache.hadoop.hbase.testclassification.LargeTests; +052import org.apache.hadoop.hbase.util.Bytes; +053import org.apache.hadoop.hbase.util.RedundantKVGenerator; +054import org.junit.Assert; +055import org.junit.ClassRule; +056import org.junit.Test; +057import org.junit.experimental.categories.Category; +058import org.junit.runner.RunWith; +059import org.junit.runners.Parameterized; +060import org.junit.runners.Parameterized.Parameters; +061import org.slf4j.Logger; +062import org.slf4j.LoggerFactory; +063 +064/** +065 * Test all of the data block encoding algorithms for correctness. Most of the +066 * class generate data which will test different branches in code. +067 */ +068@Category({IOTests.class, LargeTests.class}) +069@RunWith(Parameterized.class) +070public class TestDataBlockEncoders { +071 +072 @ClassRule +073 public static final HBaseClassTestRule CLASS_RULE = +074 HBaseClassTestRule.forClass(TestDataBlockEncoders.class); 075 -076 private static int NUMBER_OF_KV = 1; -077 private static int NUM_RANDOM_SEEKS = 1000; -078 -079 private static int ENCODED_DATA_OFFSET = HConstants.HFILEBLOCK_HEADER_SIZE -080 + DataBlockEncoding.ID_SIZE; -081 static final byte[] HFILEBLOCK_DUMMY_HEADER = new byte[HConstants.HFILEBLOCK_HEADER_SIZE]; -082 -083 private RedundantKVGenerator generator = new RedundantKVGenerator(); -084 private Random randomizer = new Random(42L); -085 -086 private final boolean includesMemstoreTS; -087 private final boolean includesTags; -088 private final boolean useOffheapData; -089 -090 @Parameters -091 public static CollectionObject[] parameters() { -092return HBaseTestingUtility.memStoreTSTagsAndOffheapCombination(); -093 } -094 -095 public TestDataBlockEncoders(boolean includesMemstoreTS, boolean includesTag, -096 boolean useOffheapData) { -097this.includesMemstoreTS = includesMemstoreTS; -098this.includesTags = includesTag; -099this.useOffheapData = useOffheapData; -100 } -101 -102 private HFileBlockEncodingContext getEncodingContext(Compression.Algorithm algo, -103 DataBlockEncoding encoding) { -104DataBlockEncoder encoder = encoding.getEncoder(); -105HFileContext meta = new HFileContextBuilder() -106 .withHBaseCheckSum(false) -107 .withIncludesMvcc(includesMemstoreTS) -108 .withIncludesTags(includesTags) -109 .withCompression(algo).build(); -110if (encoder != null) { -111 return
[22/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.html b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.html index 25b7848..5c428b5 100644 --- a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.html +++ b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessController.html @@ -245,20 +245,20 @@ 237return regionEnv != null ? regionEnv.getRegion() : null; 238 } 239 -240 public TableAuthManager getAuthManager() { +240 public AuthManager getAuthManager() { 241return accessChecker.getAuthManager(); 242 } 243 244 private void initialize(RegionCoprocessorEnvironment e) throws IOException { 245final Region region = e.getRegion(); 246Configuration conf = e.getConfiguration(); -247Mapbyte[], ListMultimapString, TablePermission tables = AccessControlLists.loadAll(region); +247Mapbyte[], ListMultimapString, UserPermission tables = AccessControlLists.loadAll(region); 248// For each table, write out the table's permissions to the respective 249// znode for that table. -250for (Map.Entrybyte[], ListMultimapString,TablePermission t: +250for (Map.Entrybyte[], ListMultimapString, UserPermission t: 251 tables.entrySet()) { 252 byte[] entry = t.getKey(); -253 ListMultimapString,TablePermission perms = t.getValue(); +253 ListMultimapString, UserPermission perms = t.getValue(); 254 byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms, conf); 255 getAuthManager().getZKPermissionWatcher().writeToZookeeper(entry, serialized); 256} @@ -294,7 +294,7 @@ 286try (Table t = e.getConnection().getTable(AccessControlLists.ACL_TABLE_NAME)) { 287 for (byte[] entry : entries) { 288currentEntry = entry; -289ListMultimapString, TablePermission perms = +289ListMultimapString, UserPermission perms = 290 AccessControlLists.getPermissions(conf, entry, t, null, null, null, false); 291byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms, conf); 292zkw.writeToZookeeper(entry, serialized); @@ -338,7 +338,7 @@ 330} 331 332// 2. check for the table-level, if successful we can short-circuit -333if (getAuthManager().authorize(user, tableName, (byte[])null, permRequest)) { +333if (getAuthManager().authorizeUserTable(user, tableName, permRequest)) { 334 return AuthResult.allow(request, "Table permission granted", user, 335permRequest, tableName, families); 336} @@ -348,7 +348,7 @@ 340 // all families must pass 341 for (Map.Entrybyte [], ? extends Collection? family : families.entrySet()) { 342// a) check for family level access -343if (getAuthManager().authorize(user, tableName, family.getKey(), +343if (getAuthManager().authorizeUserTable(user, tableName, family.getKey(), 344permRequest)) { 345 continue; // family-level permission overrides per-qualifier 346} @@ -359,17 +359,17 @@ 351// for each qualifier of the family 352Setbyte[] familySet = (Setbyte[])family.getValue(); 353for (byte[] qualifier : familySet) { -354 if (!getAuthManager().authorize(user, tableName, family.getKey(), -355 qualifier, permRequest)) { +354 if (!getAuthManager().authorizeUserTable(user, tableName, +355family.getKey(), qualifier, permRequest)) { 356return AuthResult.deny(request, "Failed qualifier check", user, -357permRequest, tableName, makeFamilyMap(family.getKey(), qualifier)); +357 permRequest, tableName, makeFamilyMap(family.getKey(), qualifier)); 358 } 359} 360 } else if (family.getValue() instanceof List) { // ListCell 361ListCell cellList = (ListCell)family.getValue(); 362for (Cell cell : cellList) { -363 if (!getAuthManager().authorize(user, tableName, family.getKey(), -364 CellUtil.cloneQualifier(cell), permRequest)) { +363 if (!getAuthManager().authorizeUserTable(user, tableName, family.getKey(), +364 CellUtil.cloneQualifier(cell), permRequest)) { 365return AuthResult.deny(request, "Failed qualifier check", user, permRequest, 366 tableName, makeFamilyMap(family.getKey(), CellUtil.cloneQualifier(cell))); 367 } @@ -378,7 +378,7 @@ 370} else { 371 // no qualifiers and family-level check already failed 372 return
[02/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html -- diff --git a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html index 5062e9b..23b4be7 100644 --- a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html +++ b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html @@ -282,7 +282,7 @@ 274 public static void tearDownAfterClass() throws Exception { 275cleanUp(); 276TEST_UTIL.shutdownMiniCluster(); -277int total = TableAuthManager.getTotalRefCount(); +277int total = AuthManager.getTotalRefCount(); 278assertTrue("Unexpected reference count: " + total, total == 0); 279 } 280 @@ -1642,12 +1642,12 @@ 1634 } 1635 1636 UserPermission ownerperm = -1637 new UserPermission(Bytes.toBytes(USER_OWNER.getName()), tableName, null, Action.values()); +1637 new UserPermission(USER_OWNER.getName(), tableName, Action.values()); 1638 assertTrue("Owner should have all permissions on table", 1639 hasFoundUserPermission(ownerperm, perms)); 1640 1641 User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]); -1642 byte[] userName = Bytes.toBytes(user.getShortName()); +1642 String userName = user.getShortName(); 1643 1644 UserPermission up = 1645 new UserPermission(userName, tableName, family1, qualifier, Permission.Action.READ); @@ -1733,7 +1733,7 @@ 1725 } 1726 1727 UserPermission newOwnerperm = -1728 new UserPermission(Bytes.toBytes(newOwner.getName()), tableName, null, Action.values()); +1728 new UserPermission(newOwner.getName(), tableName, Action.values()); 1729 assertTrue("New owner should have all permissions on table", 1730 hasFoundUserPermission(newOwnerperm, perms)); 1731} finally { @@ -1757,1888 +1757,1898 @@ 1749 1750CollectionString superUsers = Superusers.getSuperUsers(); 1751ListUserPermission adminPerms = new ArrayList(superUsers.size() + 1); -1752adminPerms.add(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()), -1753 AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW"))); -1754 -1755for(String user: superUsers) { -1756 adminPerms.add(new UserPermission(Bytes.toBytes(user), AccessControlLists.ACL_TABLE_NAME, -1757 null, null, Action.values())); -1758} -1759assertTrue("Only super users, global users and user admin has permission on table hbase:acl " + -1760"per setup", perms.size() == 5 + superUsers.size() -1761 hasFoundUserPermission(adminPerms, perms)); -1762 } -1763 -1764 /** global operations */ -1765 private void verifyGlobal(AccessTestAction action) throws Exception { -1766verifyAllowed(action, SUPERUSER); -1767 -1768verifyDenied(action, USER_CREATE, USER_RW, USER_NONE, USER_RO); -1769 } -1770 -1771 @Test -1772 public void testCheckPermissions() throws Exception { -1773// -- -1774// test global permissions -1775AccessTestAction globalAdmin = new AccessTestAction() { -1776 @Override -1777 public Void run() throws Exception { -1778checkGlobalPerms(TEST_UTIL, Permission.Action.ADMIN); -1779return null; -1780 } -1781}; -1782// verify that only superuser can admin -1783verifyGlobal(globalAdmin); -1784 -1785// -- -1786// test multiple permissions -1787AccessTestAction globalReadWrite = new AccessTestAction() { -1788 @Override -1789 public Void run() throws Exception { -1790checkGlobalPerms(TEST_UTIL, Permission.Action.READ, Permission.Action.WRITE); -1791return null; -1792 } -1793}; +1752adminPerms.add(new UserPermission(USER_ADMIN.getShortName(), Bytes.toBytes("ACRW"))); +1753for(String user: superUsers) { +1754 // Global permission +1755 adminPerms.add(new UserPermission(user, Action.values())); +1756} +1757assertTrue("Only super users, global users and user admin has permission on table hbase:acl " + +1758"per setup", perms.size() == 5 + superUsers.size() +1759 hasFoundUserPermission(adminPerms, perms)); +1760 } +1761 +1762 /** global operations */ +1763 private void verifyGlobal(AccessTestAction action) throws Exception { +1764verifyAllowed(action, SUPERUSER); +1765 +1766verifyDenied(action, USER_CREATE, USER_RW, USER_NONE, USER_RO);
[20/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.html b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.html new file mode 100644 index 000..4d5cbc9 --- /dev/null +++ b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AuthManager.html @@ -0,0 +1,680 @@ +http://www.w3.org/TR/html4/loose.dtd;> + + +Source code + + + + +001/** +002 * Licensed to the Apache Software Foundation (ASF) under one +003 * or more contributor license agreements. See the NOTICE file +004 * distributed with this work for additional information +005 * regarding copyright ownership. The ASF licenses this file +006 * to you under the Apache License, Version 2.0 (the +007 * "License"); you may not use this file except in compliance +008 * with the License. You may obtain a copy of the License at +009 * +010 * http://www.apache.org/licenses/LICENSE-2.0 +011 * +012 * Unless required by applicable law or agreed to in writing, software +013 * distributed under the License is distributed on an "AS IS" BASIS, +014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +015 * See the License for the specific language governing permissions and +016 * limitations under the License. +017 */ +018 +019package org.apache.hadoop.hbase.security.access; +020 +021import java.io.Closeable; +022import java.io.IOException; +023import java.util.HashMap; +024import java.util.HashSet; +025import java.util.List; +026import java.util.Map; +027import java.util.Set; +028import java.util.concurrent.ConcurrentHashMap; +029import java.util.concurrent.atomic.AtomicLong; +030 +031import org.apache.hadoop.conf.Configuration; +032import org.apache.hadoop.hbase.AuthUtil; +033import org.apache.hadoop.hbase.Cell; +034import org.apache.hadoop.hbase.TableName; +035import org.apache.hadoop.hbase.exceptions.DeserializationException; +036import org.apache.hadoop.hbase.log.HBaseMarkers; +037import org.apache.hadoop.hbase.security.Superusers; +038import org.apache.hadoop.hbase.security.User; +039import org.apache.hadoop.hbase.security.UserProvider; +040import org.apache.hadoop.hbase.util.Bytes; +041import org.apache.hadoop.hbase.zookeeper.ZKWatcher; +042import org.apache.yetus.audience.InterfaceAudience; +043import org.apache.zookeeper.KeeperException; +044import org.slf4j.Logger; +045import org.slf4j.LoggerFactory; +046 +047import org.apache.hbase.thirdparty.com.google.common.annotations.VisibleForTesting; +048import org.apache.hbase.thirdparty.com.google.common.collect.ListMultimap; +049import org.apache.hbase.thirdparty.com.google.common.collect.Lists; +050 +051/** +052 * Performs authorization checks for a given user's assigned permissions. +053 * p +054 * There're following scopes: bGlobal/b, bNamespace/b, bTable/b, bFamily/b, +055 * bQualifier/b, bCell/b. +056 * Generally speaking, higher scopes can overrides lower scopes, +057 * except for Cell permission can be granted even a user has not permission on specified table, +058 * which means the user can get/scan only those granted cells parts. +059 * /p +060 * e.g, if user A has global permission R(ead), he can +061 * read table T without checking table scope permission, so authorization checks alway starts from +062 * Global scope. +063 * p +064 * For each scope, not only user but also groups he belongs to will be checked. +065 * /p +066 */ +067@InterfaceAudience.Private +068public final class AuthManager implements Closeable { +069 +070 /** +071 * Cache of permissions, it is thread safe. +072 * @param T T extends Permission +073 */ +074 private static class PermissionCacheT extends Permission { +075private final Object mutex = new Object(); +076private MapString, SetT cache = new HashMap(); +077 +078void put(String name, T perm) { +079 synchronized (mutex) { +080SetT perms = cache.getOrDefault(name, new HashSet()); +081perms.add(perm); +082cache.put(name, perms); +083 } +084} +085 +086SetT get(String name) { +087 synchronized (mutex) { +088return cache.get(name); +089 } +090} +091 +092void clear() { +093 synchronized (mutex) { +094for (Map.EntryString, SetT entry : cache.entrySet()) { +095 entry.getValue().clear(); +096} +097cache.clear(); +098 } +099} +100 } +101 PermissionCacheNamespacePermission NS_NO_PERMISSION = new PermissionCache(); +102 PermissionCacheTablePermission TBL_NO_PERMISSION = new PermissionCache(); +103 +104 /** +105 * Cache for global permission. +106 * Since every user/group can only have one global permission, no need to user PermissionCache. +107 */ +108 private volatile MapString,
[43/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlLists.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlLists.html b/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlLists.html index 2e59d6f..22cd830 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlLists.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/AccessControlLists.html @@ -18,7 +18,7 @@ catch(err) { } //--> -var methods = {"i0":9,"i1":9,"i2":9,"i3":9,"i4":9,"i5":9,"i6":9,"i7":9,"i8":9,"i9":9,"i10":9,"i11":9,"i12":9,"i13":9,"i14":9,"i15":9,"i16":9,"i17":9,"i18":9,"i19":9,"i20":9,"i21":9,"i22":9,"i23":9,"i24":9,"i25":9,"i26":9,"i27":9,"i28":9,"i29":9,"i30":9,"i31":9,"i32":9,"i33":9}; +var methods = {"i0":9,"i1":9,"i2":9,"i3":9,"i4":9,"i5":9,"i6":9,"i7":9,"i8":9,"i9":9,"i10":9,"i11":9,"i12":9,"i13":9,"i14":9,"i15":9,"i16":9,"i17":9,"i18":9,"i19":9,"i20":9,"i21":9,"i22":9,"i23":9,"i24":9,"i25":9,"i26":9,"i27":9,"i28":9,"i29":9,"i30":9,"i31":9,"i32":9,"i33":9,"i34":9,"i35":9}; var tabs = {65535:["t0","All Methods"],1:["t1","Static Methods"],8:["t4","Concrete Methods"]}; var altColor = "altColor"; var rowColor = "rowColor"; @@ -266,12 +266,12 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html Cellcell) -static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission +static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,UserPermission getNamespacePermissions(org.apache.hadoop.conf.Configurationconf, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace) -(package private) static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission +(package private) static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,UserPermission getPermissions(org.apache.hadoop.conf.Configurationconf, byte[]entryName, Tablet, @@ -284,7 +284,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html -static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission +static org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,UserPermission getTablePermissions(org.apache.hadoop.conf.Configurationconf, TableNametableName) @@ -337,28 +337,32 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html static boolean -isNamespaceEntry(byte[]entryName) +isGlobalEntry(byte[]entryName) static boolean -isNamespaceEntry(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">StringentryName) +isNamespaceEntry(byte[]entryName) -(package private) static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Mapbyte[],org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,TablePermission +static boolean +isNamespaceEntry(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">StringentryName) + + +(package private) static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Mapbyte[],org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,UserPermission loadAll(org.apache.hadoop.conf.Configurationconf) Load all permissions from the region server holding _acl_, primarily intended for testing purposes. - -(package private) static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or
[03/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadHelper.html -- diff --git a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadHelper.html b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadHelper.html index 5062e9b..23b4be7 100644 --- a/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadHelper.html +++ b/testdevapidocs/src-html/org/apache/hadoop/hbase/security/access/TestAccessController.BulkLoadHelper.html @@ -282,7 +282,7 @@ 274 public static void tearDownAfterClass() throws Exception { 275cleanUp(); 276TEST_UTIL.shutdownMiniCluster(); -277int total = TableAuthManager.getTotalRefCount(); +277int total = AuthManager.getTotalRefCount(); 278assertTrue("Unexpected reference count: " + total, total == 0); 279 } 280 @@ -1642,12 +1642,12 @@ 1634 } 1635 1636 UserPermission ownerperm = -1637 new UserPermission(Bytes.toBytes(USER_OWNER.getName()), tableName, null, Action.values()); +1637 new UserPermission(USER_OWNER.getName(), tableName, Action.values()); 1638 assertTrue("Owner should have all permissions on table", 1639 hasFoundUserPermission(ownerperm, perms)); 1640 1641 User user = User.createUserForTesting(TEST_UTIL.getConfiguration(), "user", new String[0]); -1642 byte[] userName = Bytes.toBytes(user.getShortName()); +1642 String userName = user.getShortName(); 1643 1644 UserPermission up = 1645 new UserPermission(userName, tableName, family1, qualifier, Permission.Action.READ); @@ -1733,7 +1733,7 @@ 1725 } 1726 1727 UserPermission newOwnerperm = -1728 new UserPermission(Bytes.toBytes(newOwner.getName()), tableName, null, Action.values()); +1728 new UserPermission(newOwner.getName(), tableName, Action.values()); 1729 assertTrue("New owner should have all permissions on table", 1730 hasFoundUserPermission(newOwnerperm, perms)); 1731} finally { @@ -1757,1888 +1757,1898 @@ 1749 1750CollectionString superUsers = Superusers.getSuperUsers(); 1751ListUserPermission adminPerms = new ArrayList(superUsers.size() + 1); -1752adminPerms.add(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()), -1753 AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW"))); -1754 -1755for(String user: superUsers) { -1756 adminPerms.add(new UserPermission(Bytes.toBytes(user), AccessControlLists.ACL_TABLE_NAME, -1757 null, null, Action.values())); -1758} -1759assertTrue("Only super users, global users and user admin has permission on table hbase:acl " + -1760"per setup", perms.size() == 5 + superUsers.size() -1761 hasFoundUserPermission(adminPerms, perms)); -1762 } -1763 -1764 /** global operations */ -1765 private void verifyGlobal(AccessTestAction action) throws Exception { -1766verifyAllowed(action, SUPERUSER); -1767 -1768verifyDenied(action, USER_CREATE, USER_RW, USER_NONE, USER_RO); -1769 } -1770 -1771 @Test -1772 public void testCheckPermissions() throws Exception { -1773// -- -1774// test global permissions -1775AccessTestAction globalAdmin = new AccessTestAction() { -1776 @Override -1777 public Void run() throws Exception { -1778checkGlobalPerms(TEST_UTIL, Permission.Action.ADMIN); -1779return null; -1780 } -1781}; -1782// verify that only superuser can admin -1783verifyGlobal(globalAdmin); -1784 -1785// -- -1786// test multiple permissions -1787AccessTestAction globalReadWrite = new AccessTestAction() { -1788 @Override -1789 public Void run() throws Exception { -1790checkGlobalPerms(TEST_UTIL, Permission.Action.READ, Permission.Action.WRITE); -1791return null; -1792 } -1793}; +1752adminPerms.add(new UserPermission(USER_ADMIN.getShortName(), Bytes.toBytes("ACRW"))); +1753for(String user: superUsers) { +1754 // Global permission +1755 adminPerms.add(new UserPermission(user, Action.values())); +1756} +1757assertTrue("Only super users, global users and user admin has permission on table hbase:acl " + +1758"per setup", perms.size() == 5 + superUsers.size() +1759 hasFoundUserPermission(adminPerms, perms)); +1760 } +1761 +1762 /** global operations */ +1763 private void verifyGlobal(AccessTestAction action) throws Exception { +1764verifyAllowed(action, SUPERUSER); +1765 +1766verifyDenied(action, USER_CREATE, USER_RW, USER_NONE, USER_RO); +1767 } +1768 +1769 @Test +1770 public void testCheckPermissions() throws
[40/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html b/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html new file mode 100644 index 000..695371fd --- /dev/null +++ b/devapidocs/org/apache/hadoop/hbase/security/access/AuthManager.PermissionCache.html @@ -0,0 +1,362 @@ +http://www.w3.org/TR/html4/loose.dtd;> + + + + + +AuthManager.PermissionCache (Apache HBase 3.0.0-SNAPSHOT API) + + + + + +var methods = {"i0":10,"i1":10,"i2":10}; +var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]}; +var altColor = "altColor"; +var rowColor = "rowColor"; +var tableTab = "tableTab"; +var activeTableTab = "activeTableTab"; + + +JavaScript is disabled on your browser. + + + + + +Skip navigation links + + + + +Overview +Package +Class +Use +Tree +Deprecated +Index +Help + + + + +PrevClass +NextClass + + +Frames +NoFrames + + +AllClasses + + + + + + + +Summary: +Nested| +Field| +Constr| +Method + + +Detail: +Field| +Constr| +Method + + + + + + + + +org.apache.hadoop.hbase.security.access +Class AuthManager.PermissionCacheT extends Permission + + + +https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">java.lang.Object + + +org.apache.hadoop.hbase.security.access.AuthManager.PermissionCacheT + + + + + + + +Type Parameters: +T - T extends Permission + + +Enclosing class: +AuthManager + + + +private static class AuthManager.PermissionCacheT extends Permission +extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">Object +Cache of permissions, it is thread safe. + + + + + + + + + + + +Field Summary + +Fields + +Modifier and Type +Field and Description + + +private https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Maphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true; title="class or interface in java.util">SetT +cache + + +private https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">Object +mutex + + + + + + + + + +Constructor Summary + +Constructors + +Modifier +Constructor and Description + + +private +PermissionCache() + + + + + + + + + +Method Summary + +All MethodsInstance MethodsConcrete Methods + +Modifier and Type +Method and Description + + +(package private) void +clear() + + +(package private) https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true; title="class or interface in java.util">SetT +get(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringname) + + +(package private) void +put(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringname, + Tperm) + + + + + + +Methods inherited from classjava.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">Object +https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone--; title="class or interface in java.lang">clone, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals-java.lang.Object-; title="class or interface in java.lang">equals, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize--; title="class or interface in java.lang">finalize, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass--; title="class or interface in java.lang">getClass, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#hashCode--; title="class or interface in java.lang">hashCode, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notify--; title="class or interface in java.lang">notify, https://docs.oracle.com/javase/8/docs/api/ja va/lang/Object.html?is-external=true#notifyAll--" title="class or interface in java.lang">notifyAll,
[19/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.Action.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.Action.html b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.Action.html index 042bf4a..cb2cfdc 100644 --- a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.Action.html +++ b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/Permission.Action.html @@ -30,194 +30,226 @@ 022import java.io.DataOutput; 023import java.io.IOException; 024import java.util.Arrays; -025import java.util.Map; -026 -027import org.apache.yetus.audience.InterfaceAudience; -028import org.slf4j.Logger; -029import org.slf4j.LoggerFactory; -030import org.apache.hadoop.hbase.util.Bytes; -031import org.apache.hadoop.io.VersionedWritable; -032 -033import org.apache.hbase.thirdparty.com.google.common.collect.Maps; -034 -035/** -036 * Base permissions instance representing the ability to perform a given set -037 * of actions. -038 * -039 * @see TablePermission -040 */ -041@InterfaceAudience.Public -042public class Permission extends VersionedWritable { -043 protected static final byte VERSION = 0; -044 -045 @InterfaceAudience.Public -046 public enum Action { -047READ('R'), WRITE('W'), EXEC('X'), CREATE('C'), ADMIN('A'); -048 -049private final byte code; -050Action(char code) { -051 this.code = (byte)code; -052} -053 -054public byte code() { return code; } -055 } -056 -057 private static final Logger LOG = LoggerFactory.getLogger(Permission.class); -058 protected static final MapByte,Action ACTION_BY_CODE = Maps.newHashMap(); -059 -060 protected Action[] actions; +025import java.util.EnumSet; +026import java.util.Map; +027 +028import org.apache.yetus.audience.InterfaceAudience; +029import org.slf4j.Logger; +030import org.slf4j.LoggerFactory; +031import org.apache.hadoop.hbase.util.Bytes; +032import org.apache.hadoop.io.VersionedWritable; +033 +034import org.apache.hbase.thirdparty.com.google.common.collect.ImmutableMap; +035 +036/** +037 * Base permissions instance representing the ability to perform a given set +038 * of actions. +039 * +040 * @see TablePermission +041 */ +042@InterfaceAudience.Public +043public class Permission extends VersionedWritable { +044 protected static final byte VERSION = 0; +045 +046 @InterfaceAudience.Public +047 public enum Action { +048READ('R'), WRITE('W'), EXEC('X'), CREATE('C'), ADMIN('A'); +049 +050private final byte code; +051Action(char code) { +052 this.code = (byte) code; +053} +054 +055public byte code() { return code; } +056 } +057 +058 @InterfaceAudience.Private +059 protected enum Scope { +060GLOBAL('G'), NAMESPACE('N'), TABLE('T'), EMPTY('E'); 061 -062 static { -063for (Action a : Action.values()) { -064 ACTION_BY_CODE.put(a.code(), a); +062private final byte code; +063Scope(char code) { +064 this.code = (byte) code; 065} -066 } -067 -068 /** Empty constructor for Writable implementation. bDo not use./b */ -069 public Permission() { -070super(); -071 } -072 -073 public Permission(Action... assigned) { -074if (assigned != null assigned.length 0) { -075 actions = Arrays.copyOf(assigned, assigned.length); -076} -077 } -078 -079 public Permission(byte[] actionCodes) { -080if (actionCodes != null) { -081 Action acts[] = new Action[actionCodes.length]; -082 int j = 0; -083 for (int i=0; iactionCodes.length; i++) { -084byte b = actionCodes[i]; -085Action a = ACTION_BY_CODE.get(b); -086if (a == null) { -087 LOG.error("Ignoring unknown action code '"+ -088 Bytes.toStringBinary(new byte[]{b})+"'"); -089 continue; -090} -091acts[j++] = a; -092 } -093 this.actions = Arrays.copyOf(acts, j); -094} +066 +067public byte code() { +068 return code; +069} +070 } +071 +072 private static final Logger LOG = LoggerFactory.getLogger(Permission.class); +073 +074 protected static final MapByte, Action ACTION_BY_CODE; +075 protected static final MapByte, Scope SCOPE_BY_CODE; +076 +077 protected EnumSetAction actions = EnumSet.noneOf(Action.class); +078 protected Scope scope = Scope.EMPTY; +079 +080 static { +081ACTION_BY_CODE = ImmutableMap.of( +082 Action.READ.code, Action.READ, +083 Action.WRITE.code, Action.WRITE, +084 Action.EXEC.code, Action.EXEC, +085 Action.CREATE.code, Action.CREATE, +086 Action.ADMIN.code, Action.ADMIN +087); +088 +089SCOPE_BY_CODE = ImmutableMap.of( +090 Scope.GLOBAL.code, Scope.GLOBAL, +091 Scope.NAMESPACE.code, Scope.NAMESPACE, +092 Scope.TABLE.code, Scope.TABLE, +093 Scope.EMPTY.code, Scope.EMPTY +094
[37/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/Permission.Scope.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/Permission.Scope.html b/devapidocs/org/apache/hadoop/hbase/security/access/Permission.Scope.html new file mode 100644 index 000..2e5ccef --- /dev/null +++ b/devapidocs/org/apache/hadoop/hbase/security/access/Permission.Scope.html @@ -0,0 +1,420 @@ +http://www.w3.org/TR/html4/loose.dtd;> + + + + + +Permission.Scope (Apache HBase 3.0.0-SNAPSHOT API) + + + + + +var methods = {"i0":10,"i1":9,"i2":9}; +var tabs = {65535:["t0","All Methods"],1:["t1","Static Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]}; +var altColor = "altColor"; +var rowColor = "rowColor"; +var tableTab = "tableTab"; +var activeTableTab = "activeTableTab"; + + +JavaScript is disabled on your browser. + + + + + +Skip navigation links + + + + +Overview +Package +Class +Use +Tree +Deprecated +Index +Help + + + + +PrevClass +NextClass + + +Frames +NoFrames + + +AllClasses + + + + + + + +Summary: +Nested| +Enum Constants| +Field| +Method + + +Detail: +Enum Constants| +Field| +Method + + + + + + + + +org.apache.hadoop.hbase.security.access +Enum Permission.Scope + + + +https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">java.lang.Object + + +https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true; title="class or interface in java.lang">java.lang.EnumPermission.Scope + + +org.apache.hadoop.hbase.security.access.Permission.Scope + + + + + + + + + +All Implemented Interfaces: +https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true; title="class or interface in java.io">Serializable, https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true; title="class or interface in java.lang">ComparablePermission.Scope + + +Enclosing class: +Permission + + + +@InterfaceAudience.Private +protected static enum Permission.Scope +extends https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true; title="class or interface in java.lang">EnumPermission.Scope + + + + + + + + + + + +Enum Constant Summary + +Enum Constants + +Enum Constant and Description + + +EMPTY + + +GLOBAL + + +NAMESPACE + + +TABLE + + + + + + + + + +Field Summary + +Fields + +Modifier and Type +Field and Description + + +private byte +code + + + + + + + + + +Method Summary + +All MethodsStatic MethodsInstance MethodsConcrete Methods + +Modifier and Type +Method and Description + + +byte +code() + + +static Permission.Scope +valueOf(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringname) +Returns the enum constant of this type with the specified name. + + + +static Permission.Scope[] +values() +Returns an array containing the constants of this enum type, in +the order they are declared. + + + + + + + +Methods inherited from classjava.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true; title="class or interface in java.lang">Enum +https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#clone--; title="class or interface in java.lang">clone, https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#compareTo-E-; title="class or interface in java.lang">compareTo, https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#equals-java.lang.Object-; title="class or interface in java.lang">equals, https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#finalize--; title="class or interface in java.lang">finalize, https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#getDeclaringClass--; title="class or interface in java.lang">getDeclaringClass, https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#hashCode--; title="class or interface in java.lang">hashCode, https://docs.oracle.com/javase/ 8/docs/api/java/lang/Enum.html?is-external=true#name--" title="class or interface in java.lang">name, https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#ordinal--; title="class or interface in java.lang">ordinal, https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true#toString--; title="class or interface in
[28/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/package-summary.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/package-summary.html b/devapidocs/org/apache/hadoop/hbase/security/access/package-summary.html index 85862c4..f46c7df 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/package-summary.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/package-summary.html @@ -138,6 +138,18 @@ +AuthManager + +Performs authorization checks for a given user's assigned permissions. + + + +AuthManager.PermissionCacheT extends Permission + +Cache of permissions, it is thread safe. + + + AuthResult Represents the result of an authorization check for logging and error @@ -155,6 +167,18 @@ +GlobalPermission + +Represents an authorization for access whole cluster. + + + +NamespacePermission + +Represents an authorization for access for the given namespace. + + + Permission Base permissions instance representing the ability to perform a given set @@ -175,16 +199,6 @@ -TableAuthManager - -Performs authorization checks for a given user's assigned permissions - - - -TableAuthManager.PermissionCacheT extends Permission - - - TablePermission Represents an authorization for access for the given actions, optionally @@ -195,8 +209,7 @@ UserPermission -Represents an authorization for access over the given table, column family - plus qualifier, for the given user. +UserPermission consists of a user name and a permission. @@ -229,6 +242,10 @@ Permission.Action + +Permission.Scope + + http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/package-tree.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/package-tree.html b/devapidocs/org/apache/hadoop/hbase/security/access/package-tree.html index f594c43..b6b603e 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/package-tree.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/package-tree.html @@ -86,6 +86,8 @@ org.apache.hadoop.hbase.security.access.AccessController (implements org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface, org.apache.hadoop.hbase.coprocessor.BulkLoadObserver, org.apache.hadoop.hbase.coprocessor.EndpointObserver, org.apache.hadoop.hbase.coprocessor.MasterCoprocessor, org.apache.hadoop.hbase.c oprocessor.MasterObserver, org.apache.hadoop.hbase.coprocessor.RegionCoprocessor, org.apache.hadoop.hbase.coprocessor.RegionObserver, org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessor, org.apache.hadoop.hbase.coprocessor.RegionServerObserver) org.apache.hadoop.hbase.security.access.AccessControlLists org.apache.hadoop.hbase.security.access.AccessControlUtil +org.apache.hadoop.hbase.security.access.AuthManager (implements java.io.https://docs.oracle.com/javase/8/docs/api/java/io/Closeable.html?is-external=true; title="class or interface in java.io">Closeable) +org.apache.hadoop.hbase.security.access.AuthManager.PermissionCacheT org.apache.hadoop.hbase.security.access.AuthResult org.apache.hadoop.hbase.security.access.AuthResult.Params org.apache.hadoop.hbase.security.access.CoprocessorWhitelistMasterObserver (implements org.apache.hadoop.hbase.coprocessor.MasterCoprocessor, org.apache.hadoop.hbase.coprocessor.MasterObserver) @@ -104,22 +106,19 @@ org.apache.hadoop.hbase.security.access.ShadedAccessControlUtil -org.apache.hadoop.hbase.security.access.TableAuthManager (implements java.io.https://docs.oracle.com/javase/8/docs/api/java/io/Closeable.html?is-external=true; title="class or interface in java.io">Closeable) -org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCacheT org.apache.hadoop.hbase.security.User org.apache.hadoop.hbase.security.access.AccessChecker.InputUser +org.apache.hadoop.hbase.security.access.UserPermission org.apache.hadoop.io.VersionedWritable (implements org.apache.hadoop.io.Writable) org.apache.hadoop.hbase.security.access.Permission -org.apache.hadoop.hbase.security.access.TablePermission - -org.apache.hadoop.hbase.security.access.UserPermission - - +org.apache.hadoop.hbase.security.access.GlobalPermission +org.apache.hadoop.hbase.security.access.NamespacePermission +org.apache.hadoop.hbase.security.access.TablePermission @@ -143,8 +142,9 @@ java.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true; title="class or interface in java.lang">EnumE (implements java.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true; title="class or interface in java.lang">ComparableT,
[11/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.CompletedSnaphotDirectoriesFilter.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.CompletedSnaphotDirectoriesFilter.html b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.CompletedSnaphotDirectoriesFilter.html index 63a00a7..32d6965 100644 --- a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.CompletedSnaphotDirectoriesFilter.html +++ b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.CompletedSnaphotDirectoriesFilter.html @@ -43,7 +43,7 @@ 035import org.apache.hadoop.hbase.security.User; 036import org.apache.hadoop.hbase.security.access.AccessControlLists; 037import org.apache.hadoop.hbase.security.access.ShadedAccessControlUtil; -038import org.apache.hadoop.hbase.security.access.TablePermission; +038import org.apache.hadoop.hbase.security.access.UserPermission; 039import org.apache.hadoop.hbase.util.EnvironmentEdgeManager; 040import org.apache.hadoop.hbase.util.FSUtils; 041import org.apache.yetus.audience.InterfaceAudience; @@ -443,10 +443,10 @@ 435 436 private static SnapshotDescription writeAclToSnapshotDescription(SnapshotDescription snapshot, 437 Configuration conf) throws IOException { -438ListMultimapString, TablePermission perms = -439User.runAsLoginUser(new PrivilegedExceptionActionListMultimapString, TablePermission() { +438ListMultimapString, UserPermission perms = +439User.runAsLoginUser(new PrivilegedExceptionActionListMultimapString, UserPermission() { 440 @Override -441 public ListMultimapString, TablePermission run() throws Exception { +441 public ListMultimapString, UserPermission run() throws Exception { 442return AccessControlLists.getTablePermissions(conf, 443 TableName.valueOf(snapshot.getTable())); 444 } http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.html b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.html index 63a00a7..32d6965 100644 --- a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.html +++ b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.html @@ -43,7 +43,7 @@ 035import org.apache.hadoop.hbase.security.User; 036import org.apache.hadoop.hbase.security.access.AccessControlLists; 037import org.apache.hadoop.hbase.security.access.ShadedAccessControlUtil; -038import org.apache.hadoop.hbase.security.access.TablePermission; +038import org.apache.hadoop.hbase.security.access.UserPermission; 039import org.apache.hadoop.hbase.util.EnvironmentEdgeManager; 040import org.apache.hadoop.hbase.util.FSUtils; 041import org.apache.yetus.audience.InterfaceAudience; @@ -443,10 +443,10 @@ 435 436 private static SnapshotDescription writeAclToSnapshotDescription(SnapshotDescription snapshot, 437 Configuration conf) throws IOException { -438ListMultimapString, TablePermission perms = -439User.runAsLoginUser(new PrivilegedExceptionActionListMultimapString, TablePermission() { +438ListMultimapString, UserPermission perms = +439User.runAsLoginUser(new PrivilegedExceptionActionListMultimapString, UserPermission() { 440 @Override -441 public ListMultimapString, TablePermission run() throws Exception { +441 public ListMultimapString, UserPermission run() throws Exception { 442return AccessControlLists.getTablePermissions(conf, 443 TableName.valueOf(snapshot.getTable())); 444 } http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/downloads.html -- diff --git a/downloads.html b/downloads.html index 5c0d243..405ed9e 100644 --- a/downloads.html +++ b/downloads.html @@ -7,7 +7,7 @@ - + Apache HBase Apache HBase Downloads @@ -461,7 +461,7 @@ under the License. --> https://www.apache.org/;>The Apache Software Foundation. All rights reserved. - Last Published: 2018-11-14 + Last Published: 2018-11-15 http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/export_control.html -- diff --git a/export_control.html b/export_control.html index
[10/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html -- diff --git a/testdevapidocs/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html b/testdevapidocs/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html index 022325c..48a55d3 100644 --- a/testdevapidocs/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html +++ b/testdevapidocs/org/apache/hadoop/hbase/io/encoding/TestDataBlockEncoders.html @@ -18,7 +18,7 @@ catch(err) { } //--> -var methods = {"i0":10,"i1":9,"i2":10,"i3":9,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10}; +var methods = {"i0":10,"i1":9,"i2":10,"i3":9,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10,"i13":10}; var tabs = {65535:["t0","All Methods"],1:["t1","Static Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]}; var altColor = "altColor"; var rowColor = "rowColor"; @@ -109,7 +109,7 @@ var activeTableTab = "activeTableTab"; -public class TestDataBlockEncoders +public class TestDataBlockEncoders extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">Object Test all of the data block encoding algorithms for correctness. Most of the class generate data which will test different branches in code. @@ -274,11 +274,15 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html void +testRowIndexWithTagsButNoTagsInCell() + + +void testSeekingOnSample() Test seeking while file is encoded. - + void testZeroByte() @@ -310,7 +314,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html CLASS_RULE -public static finalHBaseClassTestRule CLASS_RULE +public static finalHBaseClassTestRule CLASS_RULE @@ -319,7 +323,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html LOG -private static finalorg.slf4j.Logger LOG +private static finalorg.slf4j.Logger LOG @@ -328,7 +332,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html NUMBER_OF_KV -private staticint NUMBER_OF_KV +private staticint NUMBER_OF_KV @@ -337,7 +341,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html NUM_RANDOM_SEEKS -private staticint NUM_RANDOM_SEEKS +private staticint NUM_RANDOM_SEEKS @@ -346,7 +350,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html ENCODED_DATA_OFFSET -private staticint ENCODED_DATA_OFFSET +private staticint ENCODED_DATA_OFFSET @@ -355,7 +359,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html HFILEBLOCK_DUMMY_HEADER -static finalbyte[] HFILEBLOCK_DUMMY_HEADER +static finalbyte[] HFILEBLOCK_DUMMY_HEADER @@ -364,7 +368,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html generator -privateRedundantKVGenerator generator +privateRedundantKVGenerator generator @@ -373,7 +377,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html randomizer -privatehttps://docs.oracle.com/javase/8/docs/api/java/util/Random.html?is-external=true; title="class or interface in java.util">Random randomizer +privatehttps://docs.oracle.com/javase/8/docs/api/java/util/Random.html?is-external=true; title="class or interface in java.util">Random randomizer @@ -382,7 +386,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html includesMemstoreTS -private finalboolean includesMemstoreTS +private finalboolean includesMemstoreTS @@ -391,7 +395,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html includesTags -private finalboolean includesTags +private finalboolean includesTags @@ -400,7 +404,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html useOffheapData -private finalboolean useOffheapData +private finalboolean useOffheapData @@ -417,7 +421,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html TestDataBlockEncoders -publicTestDataBlockEncoders(booleanincludesMemstoreTS, +publicTestDataBlockEncoders(booleanincludesMemstoreTS, booleanincludesTag, booleanuseOffheapData) @@ -436,7 +440,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html parameters -public statichttps://docs.oracle.com/javase/8/docs/api/java/util/Collection.html?is-external=true; title="class or interface in java.util">Collectionhttps://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">Object[]parameters() +public statichttps://docs.oracle.com/javase/8/docs/api/java/util/Collection.html?is-external=true; title="class or interface in
[38/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/CoprocessorWhitelistMasterObserver.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/CoprocessorWhitelistMasterObserver.html b/devapidocs/org/apache/hadoop/hbase/security/access/CoprocessorWhitelistMasterObserver.html index cb74478..ce837e5 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/CoprocessorWhitelistMasterObserver.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/CoprocessorWhitelistMasterObserver.html @@ -50,7 +50,7 @@ var activeTableTab = "activeTableTab"; PrevClass -NextClass +NextClass Frames @@ -459,7 +459,7 @@ implements PrevClass -NextClass +NextClass Frames http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/GlobalPermission.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/GlobalPermission.html b/devapidocs/org/apache/hadoop/hbase/security/access/GlobalPermission.html new file mode 100644 index 000..cb72507 --- /dev/null +++ b/devapidocs/org/apache/hadoop/hbase/security/access/GlobalPermission.html @@ -0,0 +1,404 @@ +http://www.w3.org/TR/html4/loose.dtd;> + + + + + +GlobalPermission (Apache HBase 3.0.0-SNAPSHOT API) + + + + + +var methods = {"i0":10,"i1":10,"i2":10}; +var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]}; +var altColor = "altColor"; +var rowColor = "rowColor"; +var tableTab = "tableTab"; +var activeTableTab = "activeTableTab"; + + +JavaScript is disabled on your browser. + + + + + +Skip navigation links + + + + +Overview +Package +Class +Use +Tree +Deprecated +Index +Help + + + + +PrevClass +NextClass + + +Frames +NoFrames + + +AllClasses + + + + + + + +Summary: +Nested| +Field| +Constr| +Method + + +Detail: +Field| +Constr| +Method + + + + + + + + +org.apache.hadoop.hbase.security.access +Class GlobalPermission + + + +https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">java.lang.Object + + +org.apache.hadoop.io.VersionedWritable + + +org.apache.hadoop.hbase.security.access.Permission + + +org.apache.hadoop.hbase.security.access.GlobalPermission + + + + + + + + + + + +All Implemented Interfaces: +org.apache.hadoop.io.Writable + + + +@InterfaceAudience.Private +public class GlobalPermission +extends Permission +Represents an authorization for access whole cluster. + + + + + + + + + + + +Nested Class Summary + + + + +Nested classes/interfaces inherited from classorg.apache.hadoop.hbase.security.access.Permission +Permission.Action, Permission.Scope + + + + + + + + +Field Summary + + + + +Fields inherited from classorg.apache.hadoop.hbase.security.access.Permission +ACTION_BY_CODE, actions, scope, SCOPE_BY_CODE, VERSION + + + + + + + + +Constructor Summary + +Constructors + +Constructor and Description + + +GlobalPermission() +Default constructor for Writable, do not use + + + +GlobalPermission(byte[]actionCode) +Construct a global permission. + + + +GlobalPermission(Permission.Action...assigned) +Construct a global permission. + + + + + + + + + + +Method Summary + +All MethodsInstance MethodsConcrete Methods + +Modifier and Type +Method and Description + + +boolean +equals(https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">Objectobj) + + +int +hashCode() + + +https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String +toString() + + + + + + +Methods inherited from classorg.apache.hadoop.hbase.security.access.Permission +equalsExceptActions, getAccessScope, getActions, getVersion, implies, rawExpression, readFields, setActions, write + + + + + +Methods inherited from classjava.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">Object +https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone--; title="class or interface in java.lang">clone, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize--; title="class or interface in java.lang">finalize,
[46/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/class-use/TableName.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/class-use/TableName.html b/devapidocs/org/apache/hadoop/hbase/class-use/TableName.html index 3065dad..a277554 100644 --- a/devapidocs/org/apache/hadoop/hbase/class-use/TableName.html +++ b/devapidocs/org/apache/hadoop/hbase/class-use/TableName.html @@ -9973,8 +9973,10 @@ service. AccessController.tableAcls -private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentSkipListMap.html?is-external=true; title="class or interface in java.util.concurrent">ConcurrentSkipListMapTableName,TableAuthManager.PermissionCacheTablePermission -TableAuthManager.tableCache +private https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ConcurrentHashMap.html?is-external=true; title="class or interface in java.util.concurrent">ConcurrentHashMapTableName,AuthManager.PermissionCacheTablePermission +AuthManager.tableCache +Cache for table permission. + @@ -10015,6 +10017,15 @@ service. +boolean +AuthManager.accessUserTable(Useruser, + TableNametable, + Permission.Actionaction) +Checks if the user has access to the full table or at least a family/qualifier + for the specified action. + + + static AuthResult AuthResult.allow(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringrequest, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringreason, @@ -10024,7 +10035,7 @@ service. byte[]family, byte[]qualifier) - + static AuthResult AuthResult.allow(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringrequest, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringreason, @@ -10033,68 +10044,67 @@ service. TableNametable, https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Mapbyte[],? extends https://docs.oracle.com/javase/8/docs/api/java/util/Collection.html?is-external=true; title="class or interface in java.util">Collection?families) + +boolean +AuthManager.authorizeCell(Useruser, + TableNametable, + Cellcell, + Permission.Actionaction) +Check if user has given action privilige in cell scope. + + private boolean -TableAuthManager.authorize(https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">ListTablePermissionperms, - TableNametable, - byte[]family, - byte[]qualifier, - Permission.Actionaction) +AuthManager.authorizeFamily(https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true; title="class or interface in java.util">SetTablePermissionpermissions, + TableNametable, + byte[]family, + Permission.Actionaction) -boolean -TableAuthManager.authorize(Useruser, - TableNametable, - byte[]family, - byte[]qualifier, - Permission.Actionaction) +private boolean +AuthManager.authorizeTable(https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true; title="class or interface in java.util">SetTablePermissionpermissions, + TableNametable, + byte[]family, + byte[]qualifier, + Permission.Actionaction) boolean -TableAuthManager.authorize(Useruser, - TableNametable, - byte[]family, - Permission.Actionaction) +AuthManager.authorizeUserFamily(Useruser, + TableNametable, + byte[]family, + Permission.Actionaction) +Check if user has given action privilige in table:family scope. + boolean -TableAuthManager.authorize(Useruser, - TableNametable, - Cellcell, - Permission.Actionaction) -Authorize a user for a given KV. +AuthManager.authorizeUserTable(Useruser, + TableNametable, + byte[]family, + byte[]qualifier, + Permission.Actionaction) +Check if user has given action privilige in table:family:qualifier scope. boolean -TableAuthManager.authorizeGroup(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">StringgroupName, - TableNametable, - byte[]family, - byte[]qualifier, - Permission.Actionaction) -Checks authorization to a given table, column family and column for a group, based - on the stored permissions.
[31/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Action.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Action.html b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Action.html index 9ca96d9..0a6df8c 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Action.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/class-use/Permission.Action.html @@ -129,10 +129,6 @@ private Permission.Action AuthResult.action - -protected Permission.Action[] -Permission.actions - @@ -146,6 +142,10 @@ protected static https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Maphttps://docs.oracle.com/javase/8/docs/api/java/lang/Byte.html?is-external=true; title="class or interface in java.lang">Byte,Permission.Action Permission.ACTION_BY_CODE + +protected https://docs.oracle.com/javase/8/docs/api/java/util/EnumSet.html?is-external=true; title="class or interface in java.util">EnumSetPermission.Action +Permission.actions + @@ -220,6 +220,15 @@ the order they are declared. +boolean +AuthManager.accessUserTable(Useruser, + TableNametable, + Permission.Actionaction) +Checks if the user has access to the full table or at least a family/qualifier + for the specified action. + + + static AuthResult AuthResult.allow(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringrequest, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringreason, @@ -227,7 +236,7 @@ the order they are declared. Permission.Actionaction, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace) - + static AuthResult AuthResult.allow(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringrequest, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringreason, @@ -237,7 +246,7 @@ the order they are declared. byte[]family, byte[]qualifier) - + static AuthResult AuthResult.allow(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringrequest, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringreason, @@ -246,100 +255,90 @@ the order they are declared. TableNametable, https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Mapbyte[],? extends https://docs.oracle.com/javase/8/docs/api/java/util/Collection.html?is-external=true; title="class or interface in java.util">Collection?families) - -private boolean -TableAuthManager.authorize(https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">ListPermissionperms, - Permission.Actionaction) -Authorizes a global permission - - -private boolean -TableAuthManager.authorize(https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">ListTablePermissionperms, - https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace, - Permission.Actionaction) +boolean +AuthManager.authorizeCell(Useruser, + TableNametable, + Cellcell, + Permission.Actionaction) +Check if user has given action privilige in cell scope. + private boolean -TableAuthManager.authorize(https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">ListTablePermissionperms, - TableNametable, - byte[]family, - byte[]qualifier, - Permission.Actionaction) +AuthManager.authorizeFamily(https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true; title="class or interface in java.util">SetTablePermissionpermissions, + TableNametable, + byte[]family, + Permission.Actionaction) -boolean -TableAuthManager.authorize(Useruser, - Permission.Actionaction) -Authorize a global permission based on ACLs for the given user and the - user's groups. - +private boolean +AuthManager.authorizeGlobal(GlobalPermissionpermissions, + Permission.Actionaction) -boolean -TableAuthManager.authorize(Useruser, -
[49/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/checkstyle.rss -- diff --git a/checkstyle.rss b/checkstyle.rss index b3dec4e..4413b7a 100644 --- a/checkstyle.rss +++ b/checkstyle.rss @@ -25,8 +25,8 @@ under the License. en-us 2007 - 2018 The Apache Software Foundation - File: 3806, - Errors: 15073, + File: 3809, + Errors: 14996, Warnings: 0, Infos: 0 @@ -601,7 +601,7 @@ under the License. 0 - 7 + 2 @@ -3583,7 +3583,7 @@ under the License. 0 - 3 + 0 @@ -4031,7 +4031,7 @@ under the License. 0 - 17 + 16 @@ -6906,6 +6906,20 @@ under the License. + http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.security.access.AuthManager.java;>org/apache/hadoop/hbase/security/access/AuthManager.java + + + 0 + + + 0 + + + 0 + + + + http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.util.Methods.java;>org/apache/hadoop/hbase/util/Methods.java @@ -14844,6 +14858,20 @@ under the License. + http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.master.assignment.TestRegionAssignedToMultipleRegionServers.java;>org/apache/hadoop/hbase/master/assignment/TestRegionAssignedToMultipleRegionServers.java + + + 0 + + + 0 + + + 0 + + + + http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.rest.TestGzipFilter.java;>org/apache/hadoop/hbase/rest/TestGzipFilter.java @@ -28088,6 +28116,20 @@ under the License. + http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.security.access.NamespacePermission.java;>org/apache/hadoop/hbase/security/access/NamespacePermission.java + + + 0 + + + 0 + + + 0 + + + + http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.mapreduce.TestTableMapReduce.java;>org/apache/hadoop/hbase/mapreduce/TestTableMapReduce.java @@ -31009,7 +31051,7 @@ under the License. 0 - 13 + 7 @@ -35993,7 +36035,7 @@ under the License. 0 - 10 + 1 @@ -37925,7 +37967,7 @@ under the License. 0 - 40 + 36 @@ -38420,20 +38462,6 @@ under the License. - http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.security.access.TableAuthManager.java;>org/apache/hadoop/hbase/security/access/TableAuthManager.java - - - 0 - - - 0 - - - 43 - - - - http://hbase.apache.org/checkstyle.html#org.apache.hadoop.hbase.regionserver.FlushPolicy.java;>org/apache/hadoop/hbase/regionserver/FlushPolicy.java @@ -42363,7 +42391,7 @@ under the License. 0 - 16 + 13 @@ -48313,7 +48341,7 @@ under the License.
[34/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/TablePermission.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/TablePermission.html b/devapidocs/org/apache/hadoop/hbase/security/access/TablePermission.html index 0025ba5..7903176 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/TablePermission.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/TablePermission.html @@ -18,7 +18,7 @@ catch(err) { } //--> -var methods = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10,"i13":10,"i14":10,"i15":10,"i16":10,"i17":10,"i18":10,"i19":10}; +var methods = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10,"i13":10,"i14":10,"i15":10,"i16":10,"i17":10,"i18":10,"i19":10,"i20":10}; var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]}; var altColor = "altColor"; var rowColor = "rowColor"; @@ -49,7 +49,7 @@ var activeTableTab = "activeTableTab"; -PrevClass +PrevClass NextClass @@ -121,10 +121,6 @@ var activeTableTab = "activeTableTab"; All Implemented Interfaces: org.apache.hadoop.io.Writable - -Direct Known Subclasses: -UserPermission - @InterfaceAudience.Private @@ -132,7 +128,7 @@ public class Permission Represents an authorization for access for the given actions, optionally restricted to the given column family or column qualifier, over the - given table. If the family property is null, it implies + given table. If the family property is null, it implies full table access. @@ -151,7 +147,7 @@ extends Permission -Permission.Action +Permission.Action, Permission.Scope @@ -172,14 +168,10 @@ extends family -private https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String -namespace - - private byte[] qualifier - + private TableName table @@ -189,7 +181,7 @@ extends Permission -ACTION_BY_CODE, actions, VERSION +ACTION_BY_CODE, actions, scope, SCOPE_BY_CODE, VERSION @@ -210,37 +202,16 @@ extends -TablePermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace, +TablePermission(TableNametable, byte[]actionCodes) -Creates a new permission for the given namespace, - allowing the actions matching the provided byte codes to be performed. +Construct a table permission. -TablePermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace, - Permission.Action...assigned) -Create a new permission for the given namespace, - allowing the given actions. - - - -TablePermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace, - TableNametable, +TablePermission(TableNametable, byte[]family, - byte[]qualifier, byte[]actionCodes) -Creates a new permission for the given namespace or table, family and column qualifier, - allowing the actions matching the provided byte codes to be performed. - - - -TablePermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace, - TableNametable, - byte[]family, - byte[]qualifier, - Permission.Action...assigned) -Creates a new permission for the given namespace or table, restricted to the given - column family and qualifier, allowing the assigned actions to be performed. +Construct a table:family permission. @@ -248,8 +219,7 @@ extends Creates a new permission for the given table, family and column qualifier, - allowing the actions matching the provided byte codes to be performed. +Construct a table:family:qualifier permission. @@ -257,16 +227,20 @@ extends Permission.Action...assigned) -Creates a new permission for the given table, restricted to the given - column family and qualifier, allowing the assigned actions to be performed. +Construct a table:family:qualifier permission. TablePermission(TableNametable, byte[]family, Permission.Action...assigned) -Create a new permission for the given table and (optionally) column family, - allowing the given actions. +Construct a table:family permission. + + + +TablePermission(TableNametable, + Permission.Action...assigned) +Construct a table permission. @@ -289,60 +263,69 @@ extends equals(https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in
[07/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/org/apache/hadoop/hbase/security/access/TestTablePermissions.html -- diff --git a/testdevapidocs/org/apache/hadoop/hbase/security/access/TestTablePermissions.html b/testdevapidocs/org/apache/hadoop/hbase/security/access/TestTablePermissions.html index e9217bf..10e2501 100644 --- a/testdevapidocs/org/apache/hadoop/hbase/security/access/TestTablePermissions.html +++ b/testdevapidocs/org/apache/hadoop/hbase/security/access/TestTablePermissions.html @@ -224,11 +224,11 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html void -checkMultimapEqual(org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.TablePermissionfirst, - org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.TablePermissionsecond) +checkMultimapEqual(org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.UserPermissionfirst, + org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.UserPermissionsecond) -private org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.TablePermission +private org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.UserPermission createPermissions() @@ -484,7 +484,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html testPersistence -publicvoidtestPersistence() +publicvoidtestPersistence() throws https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true; title="class or interface in java.lang">Exception Throws: @@ -498,7 +498,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html testSerialization -publicvoidtestSerialization() +publicvoidtestSerialization() throws https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true; title="class or interface in java.lang">Exception Throws: @@ -512,7 +512,7 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html createPermissions -privateorg.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.TablePermissioncreatePermissions() +privateorg.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.UserPermissioncreatePermissions() @@ -521,8 +521,8 @@ extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html checkMultimapEqual -publicvoidcheckMultimapEqual(org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.TablePermissionfirst, - org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.TablePermissionsecond) +publicvoidcheckMultimapEqual(org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String,org.apache.hadoop.hbase.security.access.UserPermissionfirst, + org.apache.hbase.thirdparty.com.google.common.collect.ListMultimaphttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in
[13/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.RestoreMetaChanges.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.RestoreMetaChanges.html b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.RestoreMetaChanges.html index cbae28e..aec5920 100644 --- a/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.RestoreMetaChanges.html +++ b/devapidocs/src-html/org/apache/hadoop/hbase/snapshot/RestoreSnapshotHelper.RestoreMetaChanges.html @@ -64,825 +64,827 @@ 056import org.apache.hadoop.hbase.regionserver.HRegionFileSystem; 057import org.apache.hadoop.hbase.regionserver.StoreFileInfo; 058import org.apache.hadoop.hbase.security.access.AccessControlClient; -059import org.apache.hadoop.hbase.security.access.ShadedAccessControlUtil; -060import org.apache.hadoop.hbase.security.access.TablePermission; -061import org.apache.hadoop.hbase.util.Bytes; -062import org.apache.hadoop.hbase.util.FSUtils; -063import org.apache.hadoop.hbase.util.ModifyRegionUtils; -064import org.apache.hadoop.hbase.util.Pair; -065import org.apache.hadoop.io.IOUtils; -066import org.apache.yetus.audience.InterfaceAudience; -067import org.slf4j.Logger; -068import org.slf4j.LoggerFactory; -069import org.apache.hbase.thirdparty.com.google.common.collect.ListMultimap; -070import org.apache.hadoop.hbase.shaded.protobuf.ProtobufUtil; -071import org.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotDescription; -072import org.apache.hadoop.hbase.shaded.protobuf.generated.SnapshotProtos.SnapshotRegionManifest; -073 -074/** -075 * Helper to Restore/Clone a Snapshot -076 * -077 * pThe helper assumes that a table is already created, and by calling restore() -078 * the content present in the snapshot will be restored as the new content of the table. -079 * -080 * pClone from Snapshot: If the target table is empty, the restore operation -081 * is just a "clone operation", where the only operations are: -082 * ul -083 * lifor each region in the snapshot create a new region -084 *(note that the region will have a different name, since the encoding contains the table name) -085 * lifor each file in the region create a new HFileLink to point to the original file. -086 * lirestore the logs, if any -087 * /ul -088 * -089 * pRestore from Snapshot: -090 * ul -091 * lifor each region in the table verify which are available in the snapshot and which are not -092 *ul -093 *liif the region is not present in the snapshot, remove it. -094 *liif the region is present in the snapshot -095 * ul -096 * lifor each file in the table region verify which are available in the snapshot -097 *ul -098 * liif the hfile is not present in the snapshot, remove it -099 * liif the hfile is present, keep it (nothing to do) -100 */ul -101 * lifor each file in the snapshot region but not in the table -102 *ul -103 * licreate a new HFileLink that point to the original file -104 */ul -105 * /ul -106 */ul -107 * lifor each region in the snapshot not present in the current table state -108 *ul -109 *licreate a new region and for each file in the region create a new HFileLink -110 * (This is the same as the clone operation) -111 */ul -112 * lirestore the logs, if any -113 * /ul -114 */ -115@InterfaceAudience.Private -116public class RestoreSnapshotHelper { -117 private static final Logger LOG = LoggerFactory.getLogger(RestoreSnapshotHelper.class); -118 -119 private final Mapbyte[], byte[] regionsMap = new TreeMap(Bytes.BYTES_COMPARATOR); -120 -121 private final MapString, PairString, String parentsMap = new HashMap(); -122 -123 private final ForeignExceptionDispatcher monitor; -124 private final MonitoredTask status; -125 -126 private final SnapshotManifest snapshotManifest; -127 private final SnapshotDescription snapshotDesc; -128 private final TableName snapshotTable; -129 -130 private final TableDescriptor tableDesc; -131 private final Path rootDir; -132 private final Path tableDir; -133 -134 private final Configuration conf; -135 private final FileSystem fs; -136 private final boolean createBackRefs; -137 -138 public RestoreSnapshotHelper(final Configuration conf, -139 final FileSystem fs, -140 final SnapshotManifest manifest, -141 final TableDescriptor tableDescriptor, -142 final Path rootDir, -143 final ForeignExceptionDispatcher monitor, -144 final MonitoredTask status) { -145this(conf, fs, manifest, tableDescriptor, rootDir, monitor, status, true); -146 } -147 -148 public RestoreSnapshotHelper(final Configuration conf, -149 final FileSystem fs, -150 final SnapshotManifest manifest, -151
[08/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/org/apache/hadoop/hbase/procedure2/package-tree.html -- diff --git a/testdevapidocs/org/apache/hadoop/hbase/procedure2/package-tree.html b/testdevapidocs/org/apache/hadoop/hbase/procedure2/package-tree.html index 6e82899..152a081 100644 --- a/testdevapidocs/org/apache/hadoop/hbase/procedure2/package-tree.html +++ b/testdevapidocs/org/apache/hadoop/hbase/procedure2/package-tree.html @@ -234,10 +234,10 @@ java.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true; title="class or interface in java.lang">EnumE (implements java.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true; title="class or interface in java.lang">ComparableT, java.io.https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true; title="class or interface in java.io">Serializable) +org.apache.hadoop.hbase.procedure2.TestProcedureRecovery.TestStateMachineProcedure.State org.apache.hadoop.hbase.procedure2.TestStateMachineProcedure.TestSMProcedureState -org.apache.hadoop.hbase.procedure2.TestYieldProcedures.TestStateMachineProcedure.State org.apache.hadoop.hbase.procedure2.TestProcedureBypass.StuckStateMachineState -org.apache.hadoop.hbase.procedure2.TestProcedureRecovery.TestStateMachineProcedure.State +org.apache.hadoop.hbase.procedure2.TestYieldProcedures.TestStateMachineProcedure.State http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/org/apache/hadoop/hbase/regionserver/package-tree.html -- diff --git a/testdevapidocs/org/apache/hadoop/hbase/regionserver/package-tree.html b/testdevapidocs/org/apache/hadoop/hbase/regionserver/package-tree.html index d7c69fc..06907ed 100644 --- a/testdevapidocs/org/apache/hadoop/hbase/regionserver/package-tree.html +++ b/testdevapidocs/org/apache/hadoop/hbase/regionserver/package-tree.html @@ -701,10 +701,10 @@ java.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true; title="class or interface in java.lang">EnumE (implements java.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true; title="class or interface in java.lang">ComparableT, java.io.https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true; title="class or interface in java.io">Serializable) -org.apache.hadoop.hbase.regionserver.TestAtomicOperation.TestStep org.apache.hadoop.hbase.regionserver.TestMultiLogThreshold.ActionType -org.apache.hadoop.hbase.regionserver.DataBlockEncodingTool.Manipulation org.apache.hadoop.hbase.regionserver.TestRegionServerReadRequestMetrics.Metric +org.apache.hadoop.hbase.regionserver.TestAtomicOperation.TestStep +org.apache.hadoop.hbase.regionserver.DataBlockEncodingTool.Manipulation org.apache.hadoop.hbase.regionserver.TestCacheOnWriteInSchema.CacheOnWriteType http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/testdevapidocs/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html -- diff --git a/testdevapidocs/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html b/testdevapidocs/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html index 79ffc82..da97f01 100644 --- a/testdevapidocs/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html +++ b/testdevapidocs/org/apache/hadoop/hbase/security/access/TestAccessController.MyShellBasedUnixGroupsMapping.html @@ -122,7 +122,7 @@ var activeTableTab = "activeTableTab"; -public static class TestAccessController.MyShellBasedUnixGroupsMapping +public static class TestAccessController.MyShellBasedUnixGroupsMapping extends org.apache.hadoop.security.ShellBasedUnixGroupsMapping implements org.apache.hadoop.security.GroupMappingServiceProvider @@ -221,7 +221,7 @@ implements org.apache.hadoop.security.GroupMappingServiceProvider MyShellBasedUnixGroupsMapping -publicMyShellBasedUnixGroupsMapping() +publicMyShellBasedUnixGroupsMapping() @@ -238,7 +238,7 @@ implements org.apache.hadoop.security.GroupMappingServiceProvider getGroups -publichttps://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">Listhttps://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">StringgetGroups(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser) +publichttps://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in
[41/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/AccessController.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/AccessController.html b/devapidocs/org/apache/hadoop/hbase/security/access/AccessController.html index 0bb9839..5d7328c 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/AccessController.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/AccessController.html @@ -382,7 +382,7 @@ implements -TableAuthManager +AuthManager getAuthManager() @@ -1639,7 +1639,7 @@ implements getAuthManager -publicTableAuthManagergetAuthManager() +publicAuthManagergetAuthManager() @@ -1911,7 +1911,7 @@ implements checkCoveringPermission -privatebooleancheckCoveringPermission(Useruser, +privatebooleancheckCoveringPermission(Useruser, AccessController.OpTyperequest, RegionCoprocessorEnvironmente, byte[]row, @@ -1934,7 +1934,7 @@ implements addCellPermissions -private staticvoidaddCellPermissions(byte[]perms, +private staticvoidaddCellPermissions(byte[]perms, https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true; title="class or interface in java.util">Mapbyte[],https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true; title="class or interface in java.util">ListCellfamilyMap) @@ -1944,7 +1944,7 @@ implements checkForReservedTagPresence -privatevoidcheckForReservedTagPresence(Useruser, +privatevoidcheckForReservedTagPresence(Useruser, Mutationm) throws https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true; title="class or interface in java.io">IOException @@ -1959,7 +1959,7 @@ implements start -publicvoidstart(CoprocessorEnvironmentenv) +publicvoidstart(CoprocessorEnvironmentenv) throws https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true; title="class or interface in java.io">IOException Description copied from interface:Coprocessor Called by the CoprocessorEnvironment during it's own startup to initialize the @@ -1978,7 +1978,7 @@ implements stop -publicvoidstop(CoprocessorEnvironmentenv) +publicvoidstop(CoprocessorEnvironmentenv) Description copied from interface:Coprocessor Called by the CoprocessorEnvironment during it's own shutdown to stop the coprocessor. @@ -1994,7 +1994,7 @@ implements getRegionObserver -publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalRegionObservergetRegionObserver() +publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalRegionObservergetRegionObserver() Observer/Service Getters Specified by: @@ -2008,7 +2008,7 @@ implements getMasterObserver -publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalMasterObservergetMasterObserver() +publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalMasterObservergetMasterObserver() Specified by: getMasterObserverin interfaceMasterCoprocessor @@ -2021,7 +2021,7 @@ implements getEndpointObserver -publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalEndpointObservergetEndpointObserver() +publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalEndpointObservergetEndpointObserver() Specified by: getEndpointObserverin interfaceRegionCoprocessor @@ -2034,7 +2034,7 @@ implements getBulkLoadObserver -publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalBulkLoadObservergetBulkLoadObserver() +publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalBulkLoadObservergetBulkLoadObserver() Specified by: getBulkLoadObserverin interfaceRegionCoprocessor @@ -2047,7 +2047,7 @@ implements getRegionServerObserver -publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalRegionServerObservergetRegionServerObserver() +publichttps://docs.oracle.com/javase/8/docs/api/java/util/Optional.html?is-external=true; title="class or interface in java.util">OptionalRegionServerObservergetRegionServerObserver()
[25/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlLists.html -- diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlLists.html b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlLists.html index e1f2ceb..78cac0b 100644 --- a/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlLists.html +++ b/devapidocs/src-html/org/apache/hadoop/hbase/security/access/AccessControlLists.html @@ -139,503 +139,503 @@ 131 * @throws IOException in the case of an error accessing the metadata table 132 */ 133 static void addUserPermission(Configuration conf, UserPermission userPerm, Table t, -134boolean mergeExistingPermissions) throws IOException { -135Permission.Action[] actions = userPerm.getActions(); -136byte[] rowKey = userPermissionRowKey(userPerm); -137Put p = new Put(rowKey); -138byte[] key = userPermissionKey(userPerm); -139 -140if ((actions == null) || (actions.length == 0)) { -141 String msg = "No actions associated with user '" + Bytes.toString(userPerm.getUser()) + "'"; -142 LOG.warn(msg); -143 throw new IOException(msg); -144} -145 -146SetPermission.Action actionSet = new TreeSetPermission.Action(); -147if(mergeExistingPermissions){ -148 ListUserPermission perms = getUserPermissions(conf, rowKey, null, null, null, false); -149 UserPermission currentPerm = null; -150 for (UserPermission perm : perms) { -151if (Bytes.equals(perm.getUser(), userPerm.getUser()) -152 ((userPerm.isGlobal() ACL_TABLE_NAME.equals(perm.getTableName())) -153|| perm.tableFieldsEqual(userPerm))) { -154 currentPerm = perm; -155 break; -156} -157 } -158 -159 if(currentPerm != null currentPerm.getActions() != null){ -160 actionSet.addAll(Arrays.asList(currentPerm.getActions())); -161 } -162} -163 -164// merge current action with new action. -165 actionSet.addAll(Arrays.asList(actions)); -166 -167// serialize to byte array. -168byte[] value = new byte[actionSet.size()]; -169int index = 0; -170for (Permission.Action action : actionSet) { -171 value[index++] = action.code(); -172} -173 p.add(CellBuilderFactory.create(CellBuilderType.SHALLOW_COPY) -174.setRow(p.getRow()) -175.setFamily(ACL_LIST_FAMILY) -176.setQualifier(key) -177.setTimestamp(p.getTimestamp()) -178.setType(Type.Put) -179.setValue(value) -180.build()); -181if (LOG.isDebugEnabled()) { -182 LOG.debug("Writing permission with rowKey "+ -183 Bytes.toString(rowKey)+" "+ -184 Bytes.toString(key)+": "+Bytes.toStringBinary(value) -185 ); -186} -187try { -188 /** -189 * TODO: Use Table.put(Put) instead. This Table.put() happens within the RS. We are already in -190 * AccessController. Means already there was an RPC happened to server (Actual grant call from -191 * client side). At RpcServer we have a ThreadLocal where we keep the CallContext and inside -192 * that the current RPC called user info is set. The table on which put was called is created -193 * via the RegionCP env and that uses a special Connection. The normal RPC channel will be by -194 * passed here means there would have no further contact on to the RpcServer. So the -195 * ThreadLocal is never getting reset. We ran the new put as a super user (User.runAsLoginUser -196 * where the login user is the user who started RS process) but still as per the RPC context -197 * it is the old user. When AsyncProcess was used, the execute happen via another thread from -198 * pool and so old ThreadLocal variable is not accessible and so it looks as if no Rpc context -199 * and we were relying on the super user who starts the RS process. -200 */ -201 t.put(Collections.singletonList(p)); -202} finally { -203 t.close(); -204} -205 } -206 -207 static void addUserPermission(Configuration conf, UserPermission userPerm, Table t) -208 throws IOException{ -209addUserPermission(conf, userPerm, t, false); -210 } -211 -212 /** -213 * Removes a previously granted permission from the stored access control -214 * lists. The {@link TablePermission} being removed must exactly match what -215 * is stored -- no wildcard matching is attempted. Ie, if user "bob" has -216 * been granted "READ" access to the "data" table, but only to column family -217 * plus qualifier "info:colA", then trying to call this method with only -218 * user "bob" and the table name "data" (but without specifying the -219 * column qualifier "info:colA") will
[33/51] [partial] hbase-site git commit: Published site at 130057f13774f6b213cdb06952c805a29d59396e.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/68eae623/devapidocs/org/apache/hadoop/hbase/security/access/UserPermission.html -- diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/UserPermission.html b/devapidocs/org/apache/hadoop/hbase/security/access/UserPermission.html index fec80f5..797991d 100644 --- a/devapidocs/org/apache/hadoop/hbase/security/access/UserPermission.html +++ b/devapidocs/org/apache/hadoop/hbase/security/access/UserPermission.html @@ -74,7 +74,7 @@ var activeTableTab = "activeTableTab"; Summary: -Nested| +Nested| Field| Constr| Method @@ -100,60 +100,26 @@ var activeTableTab = "activeTableTab"; https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">java.lang.Object -org.apache.hadoop.io.VersionedWritable - - -org.apache.hadoop.hbase.security.access.Permission - - -org.apache.hadoop.hbase.security.access.TablePermission - - org.apache.hadoop.hbase.security.access.UserPermission - - - - - - - -All Implemented Interfaces: -org.apache.hadoop.io.Writable - @InterfaceAudience.Private -public class UserPermission -extends TablePermission -Represents an authorization for access over the given table, column family - plus qualifier, for the given user. +public class UserPermission +extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true; title="class or interface in java.lang">Object +UserPermission consists of a user name and a permission. + Permission can be one of [Global, Namespace, Table] permission. - - - - - -Nested Class Summary - - - - -Nested classes/interfaces inherited from classorg.apache.hadoop.hbase.security.access.Permission -Permission.Action - - - @@ -167,21 +133,14 @@ extends Field and Description -private static org.slf4j.Logger -LOG +private Permission +permission -private byte[] +private https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">String user - - - - -Fields inherited from classorg.apache.hadoop.hbase.security.access.Permission -ACTION_BY_CODE, actions, VERSION - @@ -196,71 +155,61 @@ extends Constructor and Description -UserPermission() -Nullary constructor for Writable, do not use +UserPermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser, + byte[]actionCode) +Construct a global user permission. -UserPermission(byte[]user, - byte[]actionCodes) -Creates a new instance for the given user, - matching the actions with the given codes. +UserPermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser, + Permission.Action...assigned) +Construct a global user permission. -UserPermission(byte[]user, - Permission.Action...assigned) -Creates a new instance for the given user. +UserPermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser, + Permissionpermission) +Construct a user permission given permission. -UserPermission(byte[]user, - https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace, - byte[]actionCodes) -Creates a new instance for the given user, - matching the actions with the given codes. - - - -UserPermission(byte[]user, +UserPermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser, https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringnamespace, Permission.Action...assigned) -Creates a new instance for the given user. +Construct a namespace user permission. - -UserPermission(byte[]user, - TableNametable, + +UserPermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser, + TableNametableName, byte[]family, byte[]qualifier, byte[]actionCodes) -Creates a new instance for the given user, table, column family and - qualifier, matching the actions with the given codes. +Construct a table:family:qualifier user permission. - -UserPermission(byte[]user, - TableNametable, + +UserPermission(https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true; title="class or interface in java.lang">Stringuser, + TableNametableName, byte[]family, byte[]qualifier,