public static void checkGlobalPerms(HBaseTestingUtility testUtil, Permission.Action... actions) throws IOException { Permission[] perms = new Permission[actions.length]; for (int i = 0; i < actions.length; i++) { perms[i] = new Permission(actions[i]); } CheckPermissionsRequest.Builder request = CheckPermissionsRequest.newBuilder(); for (Action a : actions) { request.addPermission(AccessControlProtos.Permission.newBuilder() .setType(AccessControlProtos.Permission.Type.Global) .setGlobalPermission( AccessControlProtos.GlobalPermission.newBuilder() .addAction(ProtobufUtil.toPermissionAction(a)).build())); } try(Connection conn = ConnectionFactory.createConnection(testUtil.getConfiguration()); Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) { BlockingRpcChannel channel = acl.coprocessorService(new byte[0]); AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(channel); try { protocol.checkPermissions(null, request.build()); } catch (ServiceException se) { ProtobufUtil.toIOException(se); } } }
/** * Create a request to grant user permissions. * * @param username the short user name who to grant permissions * @param actions the permissions to be granted * @return A {@link AccessControlProtos} GrantRequest */ public static AccessControlProtos.GrantRequest buildGrantRequest( String username, AccessControlProtos.Permission.Action... actions) { AccessControlProtos.Permission.Builder ret = AccessControlProtos.Permission.newBuilder(); AccessControlProtos.GlobalPermission.Builder permissionBuilder = AccessControlProtos.GlobalPermission.newBuilder(); for (AccessControlProtos.Permission.Action a : actions) { permissionBuilder.addAction(a); } ret.setType(AccessControlProtos.Permission.Type.Global) .setGlobalPermission(permissionBuilder); return AccessControlProtos.GrantRequest.newBuilder() .setUserPermission( AccessControlProtos.UserPermission.newBuilder() .setUser(ByteString.copyFromUtf8(username)) .setPermission(ret) ).build(); }
/** * Create a request to grant user permissions. * * @param username the short user name who to grant permissions * @param namespace optional table name the permissions apply * @param actions the permissions to be granted * @return A {@link AccessControlProtos} GrantRequest */ public static AccessControlProtos.GrantRequest buildGrantRequest( String username, String namespace, AccessControlProtos.Permission.Action... actions) { AccessControlProtos.Permission.Builder ret = AccessControlProtos.Permission.newBuilder(); AccessControlProtos.NamespacePermission.Builder permissionBuilder = AccessControlProtos.NamespacePermission.newBuilder(); for (AccessControlProtos.Permission.Action a : actions) { permissionBuilder.addAction(a); } if (namespace != null) { permissionBuilder.setNamespaceName(ByteString.copyFromUtf8(namespace)); } ret.setType(AccessControlProtos.Permission.Type.Namespace) .setNamespacePermission(permissionBuilder); return AccessControlProtos.GrantRequest.newBuilder() .setUserPermission( AccessControlProtos.UserPermission.newBuilder() .setUser(ByteString.copyFromUtf8(username)) .setPermission(ret) ).build(); }
/** * Create a request to revoke user permissions. * * @param username the short user name whose permissions to be revoked * @param actions the permissions to be revoked * @return A {@link AccessControlProtos} RevokeRequest */ public static AccessControlProtos.RevokeRequest buildRevokeRequest( String username, AccessControlProtos.Permission.Action... actions) { AccessControlProtos.Permission.Builder ret = AccessControlProtos.Permission.newBuilder(); AccessControlProtos.GlobalPermission.Builder permissionBuilder = AccessControlProtos.GlobalPermission.newBuilder(); for (AccessControlProtos.Permission.Action a : actions) { permissionBuilder.addAction(a); } ret.setType(AccessControlProtos.Permission.Type.Global) .setGlobalPermission(permissionBuilder); return AccessControlProtos.RevokeRequest.newBuilder() .setUserPermission( AccessControlProtos.UserPermission.newBuilder() .setUser(ByteString.copyFromUtf8(username)) .setPermission(ret) ).build(); }
/** * Create a request to revoke user permissions. * * @param username the short user name whose permissions to be revoked * @param namespace optional table name the permissions apply * @param actions the permissions to be revoked * @return A {@link AccessControlProtos} RevokeRequest */ public static AccessControlProtos.RevokeRequest buildRevokeRequest( String username, String namespace, AccessControlProtos.Permission.Action... actions) { AccessControlProtos.Permission.Builder ret = AccessControlProtos.Permission.newBuilder(); AccessControlProtos.NamespacePermission.Builder permissionBuilder = AccessControlProtos.NamespacePermission.newBuilder(); for (AccessControlProtos.Permission.Action a : actions) { permissionBuilder.addAction(a); } if (namespace != null) { permissionBuilder.setNamespaceName(ByteString.copyFromUtf8(namespace)); } ret.setType(AccessControlProtos.Permission.Type.Namespace) .setNamespacePermission(permissionBuilder); return AccessControlProtos.RevokeRequest.newBuilder() .setUserPermission( AccessControlProtos.UserPermission.newBuilder() .setUser(ByteString.copyFromUtf8(username)) .setPermission(ret) ).build(); }
/** * Converts a Permission.Action proto to a client Permission.Action object. * * @param action the protobuf Action * @return the converted Action */ public static Permission.Action toPermissionAction( AccessControlProtos.Permission.Action action) { switch (action) { case READ: return Permission.Action.READ; case WRITE: return Permission.Action.WRITE; case EXEC: return Permission.Action.EXEC; case CREATE: return Permission.Action.CREATE; case ADMIN: return Permission.Action.ADMIN; } throw new IllegalArgumentException("Unknown action value "+action.name()); }
/** * Convert a client Permission.Action to a Permission.Action proto * * @param action the client Action * @return the protobuf Action */ public static AccessControlProtos.Permission.Action toPermissionAction( Permission.Action action) { switch (action) { case READ: return AccessControlProtos.Permission.Action.READ; case WRITE: return AccessControlProtos.Permission.Action.WRITE; case EXEC: return AccessControlProtos.Permission.Action.EXEC; case CREATE: return AccessControlProtos.Permission.Action.CREATE; case ADMIN: return AccessControlProtos.Permission.Action.ADMIN; } throw new IllegalArgumentException("Unknown action value "+action.name()); }
/** * Convert a ListMultimap<String, TablePermission> where key is username * to a protobuf UserPermission * * @param perm the list of user and table permissions * @return the protobuf UserTablePermissions */ public static AccessControlProtos.UsersAndPermissions toUserTablePermissions( ListMultimap<String, TablePermission> perm) { AccessControlProtos.UsersAndPermissions.Builder builder = AccessControlProtos.UsersAndPermissions.newBuilder(); for (Map.Entry<String, Collection<TablePermission>> entry : perm.asMap().entrySet()) { AccessControlProtos.UsersAndPermissions.UserPermissions.Builder userPermBuilder = AccessControlProtos.UsersAndPermissions.UserPermissions.newBuilder(); userPermBuilder.setUser(ByteString.copyFromUtf8(entry.getKey())); for (TablePermission tablePerm: entry.getValue()) { userPermBuilder.addPermissions(toPermission(tablePerm)); } builder.addUserPermissions(userPermBuilder.build()); } return builder.build(); }
/** * A utility used to get user table permissions. * <p> * It's also called by the shell, in case you want to find references. * * @param protocol the AccessControlService protocol proxy * @param t optional table name * @throws ServiceException */ public static List<UserPermission> getUserPermissions(RpcController controller, AccessControlService.BlockingInterface protocol, TableName t) throws ServiceException { AccessControlProtos.GetUserPermissionsRequest.Builder builder = AccessControlProtos.GetUserPermissionsRequest.newBuilder(); if (t != null) { builder.setTableName(ProtobufUtil.toProtoTableName(t)); } builder.setType(AccessControlProtos.Permission.Type.Table); AccessControlProtos.GetUserPermissionsRequest request = builder.build(); AccessControlProtos.GetUserPermissionsResponse response = protocol.getUserPermissions(controller, request); List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount()); for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) { perms.add(ProtobufUtil.toUserPermission(perm)); } return perms; }
/** * A utility used to get permissions for selected namespace. * <p> * It's also called by the shell, in case you want to find references. * * @param protocol the AccessControlService protocol proxy * @param namespace name of the namespace * @throws ServiceException */ public static List<UserPermission> getUserPermissions(RpcController controller, AccessControlService.BlockingInterface protocol, byte[] namespace) throws ServiceException { AccessControlProtos.GetUserPermissionsRequest.Builder builder = AccessControlProtos.GetUserPermissionsRequest.newBuilder(); if (namespace != null) { builder.setNamespaceName(ByteStringer.wrap(namespace)); } builder.setType(AccessControlProtos.Permission.Type.Namespace); AccessControlProtos.GetUserPermissionsRequest request = builder.build(); AccessControlProtos.GetUserPermissionsResponse response = protocol.getUserPermissions(controller, request); List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount()); for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) { perms.add(ProtobufUtil.toUserPermission(perm)); } return perms; }
/** * Convert a protobuf UserTablePermissions to a * ListMultimap<String, TablePermission> where key is username. * * @param proto the protobuf UserPermission * @return the converted UserPermission */ public static ListMultimap<String, TablePermission> toUserTablePermissions( AccessControlProtos.UsersAndPermissions proto) { ListMultimap<String, TablePermission> perms = ArrayListMultimap.create(); AccessControlProtos.UsersAndPermissions.UserPermissions userPerm; for (int i = 0; i < proto.getUserPermissionsCount(); i++) { userPerm = proto.getUserPermissions(i); for (int j = 0; j < userPerm.getPermissionsCount(); j++) { TablePermission tablePerm = toTablePermission(userPerm.getPermissions(j)); perms.put(userPerm.getUser().toStringUtf8(), tablePerm); } } return perms; }
/** * Convert a ListMultimap<String, TablePermission> where key is username * to a protobuf UserPermission * * @param perm the list of user and table permissions * @return the protobuf UserTablePermissions */ public static AccessControlProtos.UsersAndPermissions toUserTablePermissions( ListMultimap<String, TablePermission> perm) { AccessControlProtos.UsersAndPermissions.Builder builder = AccessControlProtos.UsersAndPermissions.newBuilder(); for (Map.Entry<String, Collection<TablePermission>> entry : perm.asMap().entrySet()) { AccessControlProtos.UsersAndPermissions.UserPermissions.Builder userPermBuilder = AccessControlProtos.UsersAndPermissions.UserPermissions.newBuilder(); userPermBuilder.setUser(ByteString.copyFromUtf8(entry.getKey())); for (TablePermission tablePerm: entry.getValue()) { userPermBuilder.addPermissions(toPermission(tablePerm)); } builder.addUserPermissions(userPermBuilder.build()); } return builder.build(); }
/** * A utility used to get user table permissions. * <p> * It's also called by the shell, in case you want to find references. * * @param protocol the AccessControlService protocol proxy * @param t optional table name * @throws ServiceException */ public static List<UserPermission> getUserPermissions( AccessControlService.BlockingInterface protocol, TableName t) throws ServiceException { AccessControlProtos.GetUserPermissionsRequest.Builder builder = AccessControlProtos.GetUserPermissionsRequest.newBuilder(); if (t != null) { builder.setTableName(ProtobufUtil.toProtoTableName(t)); } builder.setType(AccessControlProtos.Permission.Type.Table); AccessControlProtos.GetUserPermissionsRequest request = builder.build(); AccessControlProtos.GetUserPermissionsResponse response = protocol.getUserPermissions(null, request); List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount()); for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) { perms.add(ProtobufUtil.toUserPermission(perm)); } return perms; }
/** * A utility used to get permissions for selected namespace. * <p> * It's also called by the shell, in case you want to find references. * * @param protocol the AccessControlService protocol proxy * @param namespace name of the namespace * @throws ServiceException */ public static List<UserPermission> getUserPermissions( AccessControlService.BlockingInterface protocol, byte[] namespace) throws ServiceException { AccessControlProtos.GetUserPermissionsRequest.Builder builder = AccessControlProtos.GetUserPermissionsRequest.newBuilder(); if (namespace != null) { builder.setNamespaceName(ByteStringer.wrap(namespace)); } builder.setType(AccessControlProtos.Permission.Type.Namespace); AccessControlProtos.GetUserPermissionsRequest request = builder.build(); AccessControlProtos.GetUserPermissionsResponse response = protocol.getUserPermissions(null, request); List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount()); for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) { perms.add(ProtobufUtil.toUserPermission(perm)); } return perms; }
/** * Convert a protobuf UserTablePermissions to a * ListMultimap<String, TablePermission> where key is username. * * @param proto the protobuf UserPermission * @return the converted UserPermission */ public static ListMultimap<String, TablePermission> toUserTablePermissions( AccessControlProtos.UsersAndPermissions proto) { ListMultimap<String, TablePermission> perms = ArrayListMultimap.create(); AccessControlProtos.UsersAndPermissions.UserPermissions userPerm; for (int i = 0; i < proto.getUserPermissionsCount(); i++) { userPerm = proto.getUserPermissions(i); for (int j = 0; j < userPerm.getPermissionsCount(); j++) { TablePermission tablePerm = toTablePermission(userPerm.getPermissions(j)); perms.put(userPerm.getUser().toStringUtf8(), tablePerm); } } return perms; }
/** * A utility used to get user table permissions. * <p> * It's also called by the shell, in case you want to find references. * * @param protocol the AccessControlService protocol proxy * @param t optional table name * @throws ServiceException */ public static List<UserPermission> getUserPermissions( AccessControlService.BlockingInterface protocol, TableName t) throws ServiceException { AccessControlProtos.GetUserPermissionsRequest.Builder builder = AccessControlProtos.GetUserPermissionsRequest.newBuilder(); if (t != null) { builder.setTableName(ProtobufUtil.toProtoTableName(t)); } builder.setType(AccessControlProtos.Permission.Type.Table); AccessControlProtos.GetUserPermissionsRequest request = builder.build(); AccessControlProtos.GetUserPermissionsResponse response = protocol.getUserPermissions(null, request); List<UserPermission> perms = new ArrayList<UserPermission>(); for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) { perms.add(ProtobufUtil.toUserPermission(perm)); } return perms; }
/** * A utility used to get permissions for selected namespace. * <p> * It's also called by the shell, in case you want to find references. * * @param protocol the AccessControlService protocol proxy * @param namespace name of the namespace * @throws ServiceException */ public static List<UserPermission> getUserPermissions( AccessControlService.BlockingInterface protocol, byte[] namespace) throws ServiceException { AccessControlProtos.GetUserPermissionsRequest.Builder builder = AccessControlProtos.GetUserPermissionsRequest.newBuilder(); if (namespace != null) { builder.setNamespaceName(HBaseZeroCopyByteString.wrap(namespace)); } builder.setType(AccessControlProtos.Permission.Type.Namespace); AccessControlProtos.GetUserPermissionsRequest request = builder.build(); AccessControlProtos.GetUserPermissionsResponse response = protocol.getUserPermissions(null, request); List<UserPermission> perms = new ArrayList<UserPermission>(); for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) { perms.add(ProtobufUtil.toUserPermission(perm)); } return perms; }
public static void checkGlobalPerms(HBaseTestingUtility testUtil, Permission.Action... actions) throws IOException { Permission[] perms = new Permission[actions.length]; for (int i = 0; i < actions.length; i++) { perms[i] = new Permission(actions[i]); } CheckPermissionsRequest.Builder request = CheckPermissionsRequest.newBuilder(); for (Action a : actions) { request.addPermission(AccessControlProtos.Permission.newBuilder() .setType(AccessControlProtos.Permission.Type.Global) .setGlobalPermission( AccessControlProtos.GlobalPermission.newBuilder() .addAction(AccessControlUtil.toPermissionAction(a)).build())); } try(Connection conn = ConnectionFactory.createConnection(testUtil.getConfiguration()); Table acl = conn.getTable(AccessControlLists.ACL_TABLE_NAME)) { BlockingRpcChannel channel = acl.coprocessorService(new byte[0]); AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(channel); try { protocol.checkPermissions(null, request.build()); } catch (ServiceException se) { ProtobufUtil.toIOException(se); } } }
/** * Create a request to grant user permissions. * * @param username the short user name who to grant permissions * @param namespace optional table name the permissions apply * @param actions the permissions to be granted * @return A {@link AccessControlProtos} GrantRequest */ public static AccessControlProtos.GrantRequest buildGrantRequest( String username, String namespace, boolean mergeExistingPermissions, AccessControlProtos.Permission.Action... actions) { AccessControlProtos.Permission.Builder ret = AccessControlProtos.Permission.newBuilder(); AccessControlProtos.NamespacePermission.Builder permissionBuilder = AccessControlProtos.NamespacePermission.newBuilder(); for (AccessControlProtos.Permission.Action a : actions) { permissionBuilder.addAction(a); } if (namespace != null) { permissionBuilder.setNamespaceName(ByteString.copyFromUtf8(namespace)); } ret.setType(AccessControlProtos.Permission.Type.Namespace) .setNamespacePermission(permissionBuilder); return AccessControlProtos.GrantRequest.newBuilder() .setUserPermission( AccessControlProtos.UserPermission.newBuilder() .setUser(ByteString.copyFromUtf8(username)) .setPermission(ret) ).setMergeExistingPermissions(mergeExistingPermissions).build(); }
/** * Create a request to grant user permissions. * * @param username the short user name who to grant permissions * @param actions the permissions to be granted * @return A {@link AccessControlProtos} GrantRequest */ public static AccessControlProtos.GrantRequest buildGrantRequest(String username, boolean mergeExistingPermissions, AccessControlProtos.Permission.Action... actions) { AccessControlProtos.Permission.Builder ret = AccessControlProtos.Permission.newBuilder(); AccessControlProtos.GlobalPermission.Builder permissionBuilder = AccessControlProtos.GlobalPermission.newBuilder(); for (AccessControlProtos.Permission.Action a : actions) { permissionBuilder.addAction(a); } ret.setType(AccessControlProtos.Permission.Type.Global) .setGlobalPermission(permissionBuilder); return AccessControlProtos.GrantRequest.newBuilder() .setUserPermission( AccessControlProtos.UserPermission.newBuilder() .setUser(ByteString.copyFromUtf8(username)) .setPermission(ret) ).setMergeExistingPermissions(mergeExistingPermissions).build(); }
/** * A utility used to get user table permissions. * <p> * It's also called by the shell, in case you want to find references. * * @param protocol the AccessControlService protocol proxy * @param t optional table name * @throws ServiceException */ public static List<UserPermission> getUserPermissions(RpcController controller, AccessControlService.BlockingInterface protocol, TableName t) throws ServiceException { AccessControlProtos.GetUserPermissionsRequest.Builder builder = AccessControlProtos.GetUserPermissionsRequest.newBuilder(); if (t != null) { builder.setTableName(ProtobufUtil.toProtoTableName(t)); } builder.setType(AccessControlProtos.Permission.Type.Table); AccessControlProtos.GetUserPermissionsRequest request = builder.build(); AccessControlProtos.GetUserPermissionsResponse response = protocol.getUserPermissions(controller, request); List<UserPermission> perms = new ArrayList<>(response.getUserPermissionCount()); for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) { perms.add(toUserPermission(perm)); } return perms; }