Java Code Examples for org.apache.hadoop.hbase.CellUtil#cloneFamily()
The following examples show how to use
org.apache.hadoop.hbase.CellUtil#cloneFamily() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: VerifySingleIndexRowTest.java From phoenix with Apache License 2.0 | 6 votes |
|
private List <Mutation> getInvalidActualMutations(TestType testType,
List<Mutation> actualMutations) {
List <Mutation> newActualMutations = new ArrayList<>();
newActualMutations.addAll(actualMutations);
for (Mutation m : actualMutations) {
newActualMutations.remove(m);
NavigableMap<byte[], List<Cell>> familyCellMap = m.getFamilyCellMap();
List<Cell> cellList = familyCellMap.firstEntry().getValue();
List<Cell> newCellList = new ArrayList<>();
byte[] fam = CellUtil.cloneFamily(cellList.get(0));
for (Cell c : cellList) {
infiltrateCell(c, newCellList, testType);
}
familyCellMap.put(fam, newCellList);
m.setFamilyCellMap(familyCellMap);
newActualMutations.add(m);
}
return newActualMutations;
}
Example 2
| Source File: VerifySingleIndexRowTest.java From phoenix with Apache License 2.0 | 6 votes |
|
private Mutation getUnverifiedPutMutation(Mutation orig, Long ts) {
Mutation m = new Put(orig.getRow());
if (orig.getAttributesMap() != null) {
for (Map.Entry<String,byte[]> entry : orig.getAttributesMap().entrySet()) {
m.setAttribute(entry.getKey(), entry.getValue());
}
}
List<Cell> origList = orig.getFamilyCellMap().firstEntry().getValue();
ts = ts == null ? EnvironmentEdgeManager.currentTimeMillis() : ts;
Cell c = getNewPutCell(orig, origList, ts, KeyValue.Type.Put);
Cell empty = getEmptyCell(orig, origList, ts, KeyValue.Type.Put, false);
byte[] fam = CellUtil.cloneFamily(origList.get(0));
List<Cell> famCells = Lists.newArrayList();
m.getFamilyCellMap().put(fam, famCells);
famCells.add(c);
famCells.add(empty);
return m;
}
Example 3
| Source File: TransactionVisibilityFilter.java From phoenix-tephra with Apache License 2.0 | 6 votes |
|
@Override
public Cell transformCell(Cell cell) throws IOException {
// Convert Tephra deletes back into HBase deletes
if (tx.getVisibilityLevel() == Transaction.VisibilityLevel.SNAPSHOT_ALL) {
if (DeleteTracker.isFamilyDelete(cell)) {
return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), null, cell.getTimestamp(),
KeyValue.Type.DeleteFamily);
} else if (isColumnDelete(cell)) {
// Note: in some cases KeyValue.Type.Delete is used in Delete object,
// and in some other cases KeyValue.Type.DeleteColumn is used.
// Since Tephra cannot distinguish between the two, we return KeyValue.Type.DeleteColumn.
// KeyValue.Type.DeleteColumn makes both CellUtil.isDelete and CellUtil.isDeleteColumns return true, and will
// work in both cases.
return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), CellUtil.cloneQualifier(cell),
cell.getTimestamp(), KeyValue.Type.DeleteColumn);
}
}
return cell;
}
Example 4
| Source File: TransactionVisibilityFilter.java From phoenix-tephra with Apache License 2.0 | 6 votes |
|
@Override
public Cell transformCell(Cell cell) throws IOException {
// Convert Tephra deletes back into HBase deletes
if (tx.getVisibilityLevel() == Transaction.VisibilityLevel.SNAPSHOT_ALL) {
if (DeleteTracker.isFamilyDelete(cell)) {
return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), null, cell.getTimestamp(),
KeyValue.Type.DeleteFamily);
} else if (isColumnDelete(cell)) {
// Note: in some cases KeyValue.Type.Delete is used in Delete object,
// and in some other cases KeyValue.Type.DeleteColumn is used.
// Since Tephra cannot distinguish between the two, we return KeyValue.Type.DeleteColumn.
// KeyValue.Type.DeleteColumn makes both CellUtil.isDelete and CellUtil.isDeleteColumns return true, and will
// work in both cases.
return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), CellUtil.cloneQualifier(cell),
cell.getTimestamp(), KeyValue.Type.DeleteColumn);
}
}
return cell;
}
Example 5
| Source File: TransactionVisibilityFilter.java From phoenix-tephra with Apache License 2.0 | 6 votes |
|
@Override
public Cell transformCell(Cell cell) throws IOException {
// Convert Tephra deletes back into HBase deletes
if (tx.getVisibilityLevel() == Transaction.VisibilityLevel.SNAPSHOT_ALL) {
if (DeleteTracker.isFamilyDelete(cell)) {
return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), null, cell.getTimestamp(),
KeyValue.Type.DeleteFamily);
} else if (isColumnDelete(cell)) {
// Note: in some cases KeyValue.Type.Delete is used in Delete object,
// and in some other cases KeyValue.Type.DeleteColumn is used.
// Since Tephra cannot distinguish between the two, we return KeyValue.Type.DeleteColumn.
// KeyValue.Type.DeleteColumn makes both CellUtil.isDelete and CellUtil.isDeleteColumns return true, and will
// work in both cases.
return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), CellUtil.cloneQualifier(cell),
cell.getTimestamp(), KeyValue.Type.DeleteColumn);
}
}
return cell;
}
Example 6
| Source File: HBaseCLI.java From cloud-bigtable-examples with Apache License 2.0 | 6 votes |
|
public void run(Connection connection, List<String> args) throws InvalidArgsException, IOException {
if (args.size() != 2) {
throw new InvalidArgsException(args);
}
String tableName = args.get(0);
String rowId = args.get(1);
Table table = connection.getTable(TableName.valueOf(tableName));
// Create a new Get request and specify the rowId passed by the user.
Result result = table.get(new Get(rowId.getBytes()));
// Iterate of the results. Each Cell is a value for column
// so multiple Cells will be processed for each row.
for (Cell cell : result.listCells()) {
// We use the CellUtil class to clone values
// from the returned cells.
String row = new String(CellUtil.cloneRow(cell));
String family = new String(CellUtil.cloneFamily(cell));
String column = new String(CellUtil.cloneQualifier(cell));
String value = new String(CellUtil.cloneValue(cell));
long timestamp = cell.getTimestamp();
System.out.printf("%-20s column=%s:%s, timestamp=%s, value=%s\n", row, family, column, timestamp, value);
}
}
Example 7
| Source File: TransactionVisibilityFilter.java From phoenix-tephra with Apache License 2.0 | 6 votes |
|
@Override
public Cell transformCell(Cell cell) throws IOException {
// Convert Tephra deletes back into HBase deletes
if (tx.getVisibilityLevel() == Transaction.VisibilityLevel.SNAPSHOT_ALL) {
if (DeleteTracker.isFamilyDelete(cell)) {
return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), null, cell.getTimestamp(),
KeyValue.Type.DeleteFamily);
} else if (isColumnDelete(cell)) {
// Note: in some cases KeyValue.Type.Delete is used in Delete object,
// and in some other cases KeyValue.Type.DeleteColumn is used.
// Since Tephra cannot distinguish between the two, we return KeyValue.Type.DeleteColumn.
// KeyValue.Type.DeleteColumn makes both CellUtil.isDelete and CellUtil.isDeleteColumns return true, and will
// work in both cases.
return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), CellUtil.cloneQualifier(cell),
cell.getTimestamp(), KeyValue.Type.DeleteColumn);
}
}
return cell;
}
Example 8
| Source File: TransactionVisibilityFilter.java From phoenix-tephra with Apache License 2.0 | 6 votes |
|
@Override
public Cell transformCell(Cell cell) throws IOException {
// Convert Tephra deletes back into HBase deletes
if (tx.getVisibilityLevel() == Transaction.VisibilityLevel.SNAPSHOT_ALL) {
if (DeleteTracker.isFamilyDelete(cell)) {
return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), null, cell.getTimestamp(),
KeyValue.Type.DeleteFamily);
} else if (isColumnDelete(cell)) {
// Note: in some cases KeyValue.Type.Delete is used in Delete object,
// and in some other cases KeyValue.Type.DeleteColumn is used.
// Since Tephra cannot distinguish between the two, we return KeyValue.Type.DeleteColumn.
// KeyValue.Type.DeleteColumn makes both CellUtil.isDelete and CellUtil.isDeleteColumns return true, and will
// work in both cases.
return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), CellUtil.cloneQualifier(cell),
cell.getTimestamp(), KeyValue.Type.DeleteColumn);
}
}
return cell;
}
Example 9
| Source File: TransactionVisibilityFilter.java From phoenix-tephra with Apache License 2.0 | 6 votes |
|
@Override
public Cell transformCell(Cell cell) throws IOException {
// Convert Tephra deletes back into HBase deletes
if (tx.getVisibilityLevel() == Transaction.VisibilityLevel.SNAPSHOT_ALL) {
if (DeleteTracker.isFamilyDelete(cell)) {
return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), null, cell.getTimestamp(),
KeyValue.Type.DeleteFamily);
} else if (isColumnDelete(cell)) {
// Note: in some cases KeyValue.Type.Delete is used in Delete object,
// and in some other cases KeyValue.Type.DeleteColumn is used.
// Since Tephra cannot distinguish between the two, we return KeyValue.Type.DeleteColumn.
// KeyValue.Type.DeleteColumn makes both CellUtil.isDelete and CellUtil.isDeleteColumns return true, and will
// work in both cases.
return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), CellUtil.cloneQualifier(cell),
cell.getTimestamp(), KeyValue.Type.DeleteColumn);
}
}
return cell;
}
Example 10
| Source File: TupleProjector.java From phoenix with Apache License 2.0 | 6 votes |
|
/**
* Iterate over the list of cells and populate dynamic columns
* @param result list of cells
* @param dynCols Populated list of PColumns corresponding to dynamic columns
* @param dynColCellQualifiers Populated set of <column family, column qualifier> pairs
* for the cells in the list, which correspond to dynamic columns
* @throws InvalidProtocolBufferException Thrown if there is an error parsing byte[] to protobuf
*/
private static void populateDynColsFromResult(List<Cell> result, List<PColumn> dynCols,
Set<Pair<ByteBuffer, ByteBuffer>> dynColCellQualifiers)
throws InvalidProtocolBufferException {
for (Cell c : result) {
byte[] qual = CellUtil.cloneQualifier(c);
byte[] fam = CellUtil.cloneFamily(c);
int index = Bytes.indexOf(qual, DYN_COLS_METADATA_CELL_QUALIFIER);
// Contains dynamic column metadata, so add it to the list of dynamic columns
if (index != -1) {
byte[] dynColMetaDataProto = CellUtil.cloneValue(c);
dynCols.add(PColumnImpl.createFromProto(
PTableProtos.PColumn.parseFrom(dynColMetaDataProto)));
// Add the <fam, qualifier> pair for the actual dynamic column. The column qualifier
// of the dynamic column is got by parsing out the known bytes from the shadow cell
// containing the metadata for that column i.e.
// DYN_COLS_METADATA_CELL_QUALIFIER<actual column qualifier>
byte[] dynColQual = Arrays.copyOfRange(qual,
index + DYN_COLS_METADATA_CELL_QUALIFIER.length, qual.length);
dynColCellQualifiers.add(
new Pair<>(ByteBuffer.wrap(fam), ByteBuffer.wrap(dynColQual)));
}
}
}
Example 11
| Source File: IndexRebuildRegionScanner.java From phoenix with Apache License 2.0 | 6 votes |
|
public static void removeColumn(Put put, Cell deleteCell) {
byte[] family = CellUtil.cloneFamily(deleteCell);
List<Cell> cellList = put.getFamilyCellMap().get(family);
if (cellList == null) {
return;
}
Iterator<Cell> cellIterator = cellList.iterator();
while (cellIterator.hasNext()) {
Cell cell = cellIterator.next();
if (CellUtil.matchingQualifier(cell, deleteCell)) {
cellIterator.remove();
if (cellList.isEmpty()) {
put.getFamilyCellMap().remove(family);
}
return;
}
}
}
Example 12
| Source File: KeyValueBuilder.java From phoenix with Apache License 2.0 | 5 votes |
|
/**
* Helper method for a {@link KeyValueBuilder} that catches an IOException from a {@link Put}
* when adding a {@link KeyValue} generated by the KeyValueBuilder.
* @throws RuntimeException if there is an IOException thrown from the underlying {@link Put}
*/
@SuppressWarnings("javadoc")
public static void addQuietly(Mutation m, KeyValue kv) {
byte [] family = CellUtil.cloneFamily(kv);
List<Cell> list = m.getFamilyCellMap().get(family);
if (list == null) {
list = new ArrayList<>();
m.getFamilyCellMap().put(family, list);
}
list.add(kv);
}
Example 13
| Source File: ExtendCubeToHybridCLI.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
|
private void copyAcl(String origCubeId, String newCubeId, String projectName) throws Exception {
String projectResPath = ProjectInstance.concatResourcePath(projectName);
Serializer<ProjectInstance> projectSerializer = new JsonSerializer<ProjectInstance>(ProjectInstance.class);
ProjectInstance project = store.getResource(projectResPath, projectSerializer);
String projUUID = project.getUuid();
Table aclHtable = null;
try {
aclHtable = HBaseConnection.get(kylinConfig.getStorageUrl()).getTable(TableName.valueOf(kylinConfig.getMetadataUrlPrefix() + "_acl"));
// cube acl
Result result = aclHtable.get(new Get(Bytes.toBytes(origCubeId)));
if (result.listCells() != null) {
for (Cell cell : result.listCells()) {
byte[] family = CellUtil.cloneFamily(cell);
byte[] column = CellUtil.cloneQualifier(cell);
byte[] value = CellUtil.cloneValue(cell);
// use the target project uuid as the parent
if (Bytes.toString(family).equals(ACL_INFO_FAMILY) && Bytes.toString(column).equals(ACL_INFO_FAMILY_PARENT_COLUMN)) {
String valueString = "{\"id\":\"" + projUUID + "\",\"type\":\"org.apache.kylin.metadata.project.ProjectInstance\"}";
value = Bytes.toBytes(valueString);
}
Put put = new Put(Bytes.toBytes(newCubeId));
put.add(family, column, value);
aclHtable.put(put);
}
}
} finally {
IOUtils.closeQuietly(aclHtable);
}
}
Example 14
| Source File: Mutation.java From hbase with Apache License 2.0 | 5 votes |
|
Mutation add(Cell cell) throws IOException {
//Checking that the row of the kv is the same as the mutation
// TODO: It is fraught with risk if user pass the wrong row.
// Throwing the IllegalArgumentException is more suitable I'd say.
if (!CellUtil.matchingRows(cell, this.row)) {
throw new WrongRowIOException("The row in " + cell.toString() +
" doesn't match the original one " + Bytes.toStringBinary(this.row));
}
byte[] family;
if (cell instanceof IndividualBytesFieldCell) {
family = cell.getFamilyArray();
} else {
family = CellUtil.cloneFamily(cell);
}
if (family == null || family.length == 0) {
throw new IllegalArgumentException("Family cannot be null");
}
if (cell instanceof ExtendedCell) {
getCellList(family).add(cell);
} else {
getCellList(family).add(new CellWrapper(cell));
}
return this;
}
Example 15
| Source File: HBaseMergingFilter.java From geowave with Apache License 2.0 | 5 votes |
|
/** Handle the entire row at one time */
@Override
public void filterRowCells(final List<Cell> rowCells) throws IOException {
if (!rowCells.isEmpty()) {
if (rowCells.size() > 1) {
try {
final Cell firstCell = rowCells.get(0);
final byte[] singleRow = CellUtil.cloneRow(firstCell);
final byte[] singleFam = CellUtil.cloneFamily(firstCell);
final byte[] singleQual = CellUtil.cloneQualifier(firstCell);
Mergeable mergedValue = null;
for (final Cell cell : rowCells) {
final byte[] byteValue = CellUtil.cloneValue(cell);
final Mergeable value = (Mergeable) URLClassloaderUtils.fromBinary(byteValue);
if (mergedValue != null) {
mergedValue.merge(value);
} else {
mergedValue = value;
}
}
final Cell singleCell =
CellUtil.createCell(
singleRow,
singleFam,
singleQual,
System.currentTimeMillis(),
KeyValue.Type.Put.getCode(),
URLClassloaderUtils.toBinary(mergedValue));
rowCells.clear();
rowCells.add(singleCell);
} catch (final Exception e) {
throw new IOException("Exception in filter", e);
}
}
}
}
Example 16
| Source File: HCell.java From spliceengine with GNU Affero General Public License v3.0 | 4 votes |
|
@Override
public byte[] family(){
if(delegate==null) return null;
return CellUtil.cloneFamily(delegate);
}
Example 17
| Source File: TransactionVisibilityFilter.java From phoenix-tephra with Apache License 2.0 | 4 votes |
|
@Override
public ReturnCode filterKeyValue(Cell cell) throws IOException {
if (!CellUtil.matchingFamily(cell, currentFamily)) {
// column family changed
currentFamily = CellUtil.cloneFamily(cell);
Long familyOldestTs = oldestTsByFamily.get(currentFamily);
currentOldestTs = familyOldestTs != null ? familyOldestTs : 0;
deleteTracker.reset();
}
// need to apply TTL for the column family here
long kvTimestamp = cell.getTimestamp();
if (TxUtils.getTimestampForTTL(kvTimestamp) < currentOldestTs) {
// passed TTL for this column, seek to next
return ReturnCode.NEXT_COL;
} else if (tx.isVisible(kvTimestamp)) {
// Return all writes done by current transaction (including deletes) for VisibilityLevel.SNAPSHOT_ALL
if (tx.getVisibilityLevel() == Transaction.VisibilityLevel.SNAPSHOT_ALL && tx.isCurrentWrite(kvTimestamp)) {
// cell is visible
// visibility SNAPSHOT_ALL needs all matches
return runSubFilter(ReturnCode.INCLUDE, cell);
}
if (DeleteTracker.isFamilyDelete(cell)) {
deleteTracker.addFamilyDelete(cell);
if (clearDeletes) {
return ReturnCode.NEXT_COL;
} else {
// cell is visible
// as soon as we find a KV to include we can move to the next column
return runSubFilter(ReturnCode.INCLUDE_AND_NEXT_COL, cell);
}
}
// check if masked by family delete
if (deleteTracker.isDeleted(cell)) {
return ReturnCode.NEXT_COL;
}
// check for column delete
if (isColumnDelete(cell)) {
if (clearDeletes) {
// skip "deleted" cell
return ReturnCode.NEXT_COL;
} else {
// keep the marker but skip any remaining versions
return runSubFilter(ReturnCode.INCLUDE_AND_NEXT_COL, cell);
}
}
// cell is visible
// as soon as we find a KV to include we can move to the next column
return runSubFilter(ReturnCode.INCLUDE_AND_NEXT_COL, cell);
} else {
return ReturnCode.SKIP;
}
}
Example 18
| Source File: SolrRegionObserver.java From SolrCoprocessor with Apache License 2.0 | 4 votes |
|
@Override
public void postPut(ObserverContext<RegionCoprocessorEnvironment> e, Put put, WALEdit edit, Durability durability)
throws IOException {
String tableName = e.getEnvironment().getRegion().getRegionInfo().getTable().getNameAsString();
if (tableName.startsWith("hbase:")) { //Ԫ���ݱ�,����!
return;
}
String rowKey = Bytes.toString(put.getRow());
String cFamily = null;
String cQualifier = null;
String cValue = null;
NavigableMap<byte[], List<Cell>> map = put.getFamilyCellMap();
JsonObject jsonSet = new JsonObject();
for (List<Cell> cells : map.values()) {
for (Cell cell : cells) {
cFamily = new String(CellUtil.cloneFamily(cell));
cQualifier = new String(CellUtil.cloneQualifier(cell));
cValue = new String(CellUtil.cloneValue(cell), SolrTools.UTF_8);
if (cQualifier.endsWith("_s")) { //string
jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putString("set", cValue));
} else if (cQualifier.endsWith("_t")) { //text_general
jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putString("set", cValue));
} else if (cQualifier.endsWith("_dt")) { //date
jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putString("set", cValue));
} else if (cQualifier.endsWith("_i")) { //int
jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putNumber("set", Integer.valueOf(cValue)));
} else if (cQualifier.endsWith("_l")) { //long
jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putNumber("set", Long.valueOf(cValue)));
} else if (cQualifier.endsWith("_f")) { //float
jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putNumber("set", Float.valueOf(cValue)));
} else if (cQualifier.endsWith("_d")) { //double
jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putNumber("set", Double.valueOf(cValue)));
} else if (cQualifier.endsWith("_b")) { //boolean
jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putBoolean("set", Boolean.valueOf(cValue)));
} else { //������Ҫ������,����!
continue;
}
}
}
if (jsonSet.size() == 0) { //˵��û��solr��ѯ�ֶ�
return;
}
jsonSet.putString(F_ID, tableName + F_SEPARATOR + rowKey);
jsonSet.putObject(F_TABLENAME, (new JsonObject()).putString("set", tableName));
jsonSet.putObject(F_ROWKEY, (new JsonObject()).putString("set", rowKey));
jsonSet.putObject(F_UPDATETIME, (new JsonObject()).putString("set", SolrTools.solrDateFormat.format(new java.util.Date())));
log.debug("postPut!!! " + jsonSet.encode());
_bqUpdate.enqueue(jsonSet.encode().getBytes(SolrTools.UTF_8));
}
Example 19
| Source File: PermissionStorage.java From hbase with Apache License 2.0 | 4 votes |
|
private static Pair<String, Permission> parsePermissionRecord(byte[] entryName, Cell kv,
byte[] cf, byte[] cq, boolean filterPerms, String filterUser) {
// return X given a set of permissions encoded in the permissionRecord kv.
byte[] family = CellUtil.cloneFamily(kv);
if (!Bytes.equals(family, ACL_LIST_FAMILY)) {
return null;
}
byte[] key = CellUtil.cloneQualifier(kv);
byte[] value = CellUtil.cloneValue(kv);
if (LOG.isDebugEnabled()) {
LOG.debug("Read acl: entry[" +
Bytes.toStringBinary(entryName) + "], kv [" +
Bytes.toStringBinary(key) + ": " +
Bytes.toStringBinary(value)+"]");
}
// check for a column family appended to the key
// TODO: avoid the string conversion to make this more efficient
String username = Bytes.toString(key);
// Retrieve group list for the filterUser if cell key is a group.
// Group list is not required when filterUser itself a group
List<String> filterUserGroups = null;
if (filterPerms) {
if (username.charAt(0) == '@' && !StringUtils.isEmpty(filterUser)
&& filterUser.charAt(0) != '@') {
filterUserGroups = AccessChecker.getUserGroups(filterUser);
}
}
// Handle namespace entry
if (isNamespaceEntry(entryName)) {
// Filter the permissions cell record if client query
if (filterPerms && !validateFilterUser(username, filterUser, filterUserGroups)) {
return null;
}
return new Pair<>(username,
Permission.newBuilder(Bytes.toString(fromNamespaceEntry(entryName)))
.withActionCodes(value).build());
}
// Handle global entry
if (isGlobalEntry(entryName)) {
// Filter the permissions cell record if client query
if (filterPerms && !validateFilterUser(username, filterUser, filterUserGroups)) {
return null;
}
return new Pair<>(username, Permission.newBuilder().withActionCodes(value).build());
}
// Handle table entry
int idx = username.indexOf(ACL_KEY_DELIMITER);
byte[] permFamily = null;
byte[] permQualifier = null;
if (idx > 0 && idx < username.length()-1) {
String remainder = username.substring(idx+1);
username = username.substring(0, idx);
idx = remainder.indexOf(ACL_KEY_DELIMITER);
if (idx > 0 && idx < remainder.length()-1) {
permFamily = Bytes.toBytes(remainder.substring(0, idx));
permQualifier = Bytes.toBytes(remainder.substring(idx+1));
} else {
permFamily = Bytes.toBytes(remainder);
}
}
// Filter the permissions cell record if client query
if (filterPerms) {
// ACL table contain 3 types of cell key entries; hbase:Acl, namespace and table. So to filter
// the permission cell records additional validations are required at CF, CQ and username.
// Here we can proceed based on client input whether it contain filterUser.
// Validate the filterUser when specified
if (filterUser != null && !validateFilterUser(username, filterUser, filterUserGroups)) {
return null;
}
if (!validateCFAndCQ(permFamily, cf, permQualifier, cq)) {
return null;
}
}
return new Pair<>(username, Permission.newBuilder(TableName.valueOf(entryName))
.withFamily(permFamily).withQualifier(permQualifier).withActionCodes(value).build());
}
Example 20
| Source File: RangerAuthorizationFilter.java From ranger with Apache License 2.0 | 4 votes |
|
@Override
public ReturnCode filterKeyValue(Cell kv) throws IOException {
if (LOG.isDebugEnabled()) {
LOG.debug("==> filterKeyValue");
}
String family = null;
byte[] familyBytes = CellUtil.cloneFamily(kv);
if (familyBytes != null && familyBytes.length > 0) {
family = Bytes.toString(familyBytes);
if (LOG.isDebugEnabled()) {
LOG.debug("filterKeyValue: evaluating family[" + family + "].");
}
}
String column = null;
byte[] qualifier = CellUtil.cloneQualifier(kv);
if (qualifier != null && qualifier.length > 0) {
column = Bytes.toString(qualifier);
if (LOG.isDebugEnabled()) {
LOG.debug("filterKeyValue: evaluating column[" + column + "].");
}
} else {
LOG.warn("filterKeyValue: empty/null column set! Unexpected!");
}
ReturnCode result = ReturnCode.NEXT_COL;
boolean authCheckNeeded = false;
if (family == null) {
LOG.warn("filterKeyValue: Unexpected - null/empty family! Access denied!");
} else if (_familiesAccessDenied.contains(family)) {
LOG.debug("filterKeyValue: family found in access denied families cache. Access denied.");
} else if (_columnsAccessAllowed.containsKey(family)) {
LOG.debug("filterKeyValue: family found in column level access results cache.");
if (_columnsAccessAllowed.get(family).contains(column)) {
LOG.debug("filterKeyValue: family/column found in column level access results cache. Access allowed.");
result = ReturnCode.INCLUDE;
} else {
LOG.debug("filterKeyValue: family/column not in column level access results cache. Access denied.");
}
} else if (_familiesAccessAllowed.contains(family)) {
LOG.debug("filterKeyValue: family found in access allowed families cache. Must re-authorize for correct audit generation.");
authCheckNeeded = true;
} else if (_familiesAccessIndeterminate.contains(family)) {
LOG.debug("filterKeyValue: family found in indeterminate families cache. Evaluating access...");
authCheckNeeded = true;
} else {
LOG.warn("filterKeyValue: Unexpected - alien family encountered that wasn't seen by pre-hook! Access Denied.!");
}
if (authCheckNeeded) {
LOG.debug("filterKeyValue: Checking authorization...");
_session.columnFamily(family)
.column(column)
.buildRequest()
.authorize();
// must always purge the captured audit event out of the audit handler to avoid messing up the next check
AuthzAuditEvent auditEvent = _auditHandler.getAndDiscardMostRecentEvent();
if (_session.isAuthorized()) {
LOG.debug("filterKeyValue: Access granted.");
result = ReturnCode.INCLUDE;
if (auditEvent != null) {
LOG.debug("filterKeyValue: access is audited.");
_auditHandler.logAuthzAudits(Collections.singletonList(auditEvent));
} else {
LOG.debug("filterKeyValue: no audit event returned. Access not audited.");
}
} else {
LOG.debug("filterKeyValue: Access denied. Denial not audited.");
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("filterKeyValue: " + result);
}
return result;
}
