private static BlockingInterface getAccessControlServiceStub(Table ht) throws IOException { CoprocessorRpcChannel service = ht.coprocessorService(HConstants.EMPTY_START_ROW); BlockingInterface protocol = AccessControlProtos.AccessControlService.newBlockingStub(service); return protocol; }
/** * List all the userPermissions matching the given pattern. * @param connection The Connection instance to use * @param tableRegex The regular expression string to match against * @return - returns an array of UserPermissions * @throws Throwable */ public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex) throws Throwable { PayloadCarryingRpcController controller = ((ClusterConnection) connection).getRpcControllerFactory().newController(); List<UserPermission> permList = new ArrayList<UserPermission>(); try (Table table = connection.getTable(ACL_TABLE_NAME)) { try (Admin admin = connection.getAdmin()) { CoprocessorRpcChannel service = table.coprocessorService(HConstants.EMPTY_START_ROW); BlockingInterface protocol = AccessControlProtos.AccessControlService.newBlockingStub(service); HTableDescriptor[] htds = null; if (tableRegex == null || tableRegex.isEmpty()) { permList = ProtobufUtil.getUserPermissions(controller, protocol); } else if (tableRegex.charAt(0) == '@') { String namespace = tableRegex.substring(1); permList = ProtobufUtil.getUserPermissions(controller, protocol, Bytes.toBytes(namespace)); } else { htds = admin.listTables(Pattern.compile(tableRegex), true); for (HTableDescriptor hd : htds) { permList.addAll(ProtobufUtil.getUserPermissions(controller, protocol, hd.getTableName())); } } } } return permList; }
/** * List all the userPermissions matching the given pattern. * @param connection * @param tableRegex The regular expression string to match against * @return - returns an array of UserPermissions * @throws Throwable */ public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex) throws Throwable { List<UserPermission> permList = new ArrayList<UserPermission>(); // TODO: Make it so caller passes in a Connection rather than have us do this expensive // setup each time. This class only used in test and shell at moment though. try (Table table = connection.getTable(ACL_TABLE_NAME)) { try (Admin admin = connection.getAdmin()) { CoprocessorRpcChannel service = table.coprocessorService(HConstants.EMPTY_START_ROW); BlockingInterface protocol = AccessControlProtos.AccessControlService.newBlockingStub(service); HTableDescriptor[] htds = null; if (tableRegex == null || tableRegex.isEmpty()) { permList = ProtobufUtil.getUserPermissions(protocol); } else if (tableRegex.charAt(0) == '@') { String namespace = tableRegex.substring(1); permList = ProtobufUtil.getUserPermissions(protocol, Bytes.toBytes(namespace)); } else { htds = admin.listTables(Pattern.compile(tableRegex), true); for (HTableDescriptor hd : htds) { permList.addAll(ProtobufUtil.getUserPermissions(protocol, hd.getTableName())); } } } } return permList; }
/** * List all the userPermissions matching the given pattern. If pattern is null, the behavior is * dependent on whether user has global admin privileges or not. If yes, the global permissions * along with the list of superusers would be returned. Else, no rows get returned. * @param connection The Connection instance to use * @param tableRegex The regular expression string to match against * @return - returns an array of UserPermissions * @throws Throwable */ public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex) throws Throwable { /** TODO: Pass an rpcController HBaseRpcController controller = ((ClusterConnection) connection).getRpcControllerFactory().newController(); */ List<UserPermission> permList = new ArrayList<>(); try (Table table = connection.getTable(ACL_TABLE_NAME)) { try (Admin admin = connection.getAdmin()) { CoprocessorRpcChannel service = table.coprocessorService(HConstants.EMPTY_START_ROW); BlockingInterface protocol = AccessControlProtos.AccessControlService.newBlockingStub(service); HTableDescriptor[] htds = null; if (tableRegex == null || tableRegex.isEmpty()) { permList = AccessControlUtil.getUserPermissions(null, protocol); } else if (tableRegex.charAt(0) == '@') { // Namespaces String namespaceRegex = tableRegex.substring(1); for (NamespaceDescriptor nsds : admin.listNamespaceDescriptors()) { // Read out all namespaces String namespace = nsds.getName(); if (namespace.matches(namespaceRegex)) { // Match the given namespace regex? permList.addAll(AccessControlUtil.getUserPermissions(null, protocol, Bytes.toBytes(namespace))); } } } else { // Tables htds = admin.listTables(Pattern.compile(tableRegex), true); for (HTableDescriptor hd : htds) { permList.addAll(AccessControlUtil.getUserPermissions(null, protocol, hd.getTableName())); } } } } return permList; }
