Repository: phoenix Updated Branches: refs/heads/5.x-HBase-2.0 1e9099106 -> 60841186d
PHOENIX-672 Add new files missed during cherry-pick (addendum) Project: http://git-wip-us.apache.org/repos/asf/phoenix/repo Commit: http://git-wip-us.apache.org/repos/asf/phoenix/commit/60841186 Tree: http://git-wip-us.apache.org/repos/asf/phoenix/tree/60841186 Diff: http://git-wip-us.apache.org/repos/asf/phoenix/diff/60841186 Branch: refs/heads/5.x-HBase-2.0 Commit: 60841186ddd7e8bc8eb03e3db40bad6ad811e091 Parents: 1e90991 Author: Josh Elser <els...@apache.org> Authored: Mon Apr 9 13:56:42 2018 -0400 Committer: Josh Elser <els...@apache.org> Committed: Mon Apr 9 13:56:42 2018 -0400 ---------------------------------------------------------------------- .../phoenix/parse/ChangePermsStatement.java | 102 +++++++++++++++++++ .../schema/TablesNotInSyncException.java | 39 +++++++ 2 files changed, 141 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/phoenix/blob/60841186/phoenix-core/src/main/java/org/apache/phoenix/parse/ChangePermsStatement.java ---------------------------------------------------------------------- diff --git a/phoenix-core/src/main/java/org/apache/phoenix/parse/ChangePermsStatement.java b/phoenix-core/src/main/java/org/apache/phoenix/parse/ChangePermsStatement.java new file mode 100644 index 0000000..0eae26f --- /dev/null +++ b/phoenix-core/src/main/java/org/apache/phoenix/parse/ChangePermsStatement.java @@ -0,0 +1,102 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.phoenix.parse; + +import org.antlr.runtime.RecognitionException; +import org.apache.hadoop.hbase.AuthUtil; +import org.apache.hadoop.hbase.security.access.Permission; +import org.apache.phoenix.exception.PhoenixParserException; +import org.apache.phoenix.jdbc.PhoenixStatement; +import org.apache.phoenix.util.SchemaUtil; + +import java.util.Arrays; + +/** + * See PHOENIX-672, Use GRANT/REVOKE statements to assign or remove permissions for a user OR group on a table OR namespace + * Permissions are managed by HBase using hbase:acl table, Allowed permissions are RWXCA + */ +public class ChangePermsStatement implements BindableStatement { + + private Permission.Action[] permsList; + private TableName tableName; + private String schemaName; + private String name; + // Grant/Revoke statements are differentiated based on this boolean + private boolean isGrantStatement; + + public ChangePermsStatement(String permsString, boolean isSchemaName, + TableName tableName, String schemaName, boolean isGroupName, LiteralParseNode ugNode, boolean isGrantStatement) { + // PHOENIX-672 HBase API doesn't allow to revoke specific permissions, hence this parameter will be ignored here. + // To comply with SQL standards, we may support the user given permissions to revoke specific permissions in future. + // GRANT permissions statement requires this parameter and the parsing will fail if it is not specified in SQL + if(permsString != null) { + Permission permission = new Permission(permsString.getBytes()); + permsList = permission.getActions(); + } + if(isSchemaName) { + this.schemaName = SchemaUtil.normalizeIdentifier(schemaName); + } else { + this.tableName = tableName; + } + name = SchemaUtil.normalizeLiteral(ugNode); + name = isGroupName ? AuthUtil.toGroupEntry(name) : name; + this.isGrantStatement = isGrantStatement; + } + + public Permission.Action[] getPermsList() { + return permsList; + } + + public String getName() { + return name; + } + + public TableName getTableName() { + return tableName; + } + + public String getSchemaName() { + return schemaName; + } + + public boolean isGrantStatement() { + return isGrantStatement; + } + + public String toString() { + StringBuffer buffer = new StringBuffer(); + buffer = this.isGrantStatement() ? buffer.append("GRANT ") : buffer.append("REVOKE "); + buffer.append("permissions requested for user/group: " + this.getName()); + if (this.getSchemaName() != null) { + buffer.append(" for Schema: " + this.getSchemaName()); + } else if (this.getTableName() != null) { + buffer.append(" for Table: " + this.getTableName()); + } + buffer.append(" Permissions: " + Arrays.toString(this.getPermsList())); + return buffer.toString(); + } + + @Override + public int getBindCount() { + return 0; + } + + @Override + public PhoenixStatement.Operation getOperation() { + return PhoenixStatement.Operation.ADMIN; + } +} http://git-wip-us.apache.org/repos/asf/phoenix/blob/60841186/phoenix-core/src/main/java/org/apache/phoenix/schema/TablesNotInSyncException.java ---------------------------------------------------------------------- diff --git a/phoenix-core/src/main/java/org/apache/phoenix/schema/TablesNotInSyncException.java b/phoenix-core/src/main/java/org/apache/phoenix/schema/TablesNotInSyncException.java new file mode 100644 index 0000000..dac5b7f --- /dev/null +++ b/phoenix-core/src/main/java/org/apache/phoenix/schema/TablesNotInSyncException.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.phoenix.schema; + +import org.apache.phoenix.exception.SQLExceptionCode; +import org.apache.phoenix.exception.SQLExceptionInfo; + +import java.sql.SQLException; + +/** + * Exception to raise when multiple tables differ in specified properties + * This can happen since Apache Phoenix code doesn't work atomically for many parts + * For example, Base table and index tables are inconsistent in namespace mapping + * OR View Index table doesn't exist for multi-tenant base table + */ +public class TablesNotInSyncException extends SQLException { + private static final long serialVersionUID = 1L; + private static SQLExceptionCode code = SQLExceptionCode.TABLES_NOT_IN_SYNC; + + public TablesNotInSyncException(String table1, String table2, String diff) { + super(new SQLExceptionInfo.Builder(code).setMessage("Table: " + table1 + " and Table: " + table2 + " differ in " + diff).build().toString(), code.getSQLState(), code.getErrorCode()); + } + +}