Java Code Examples for org.apache.hadoop.hbase.CellUtil#cloneFamily()
The following examples show how to use
org.apache.hadoop.hbase.CellUtil#cloneFamily() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: VerifySingleIndexRowTest.java From phoenix with Apache License 2.0 | 6 votes |
private List <Mutation> getInvalidActualMutations(TestType testType, List<Mutation> actualMutations) { List <Mutation> newActualMutations = new ArrayList<>(); newActualMutations.addAll(actualMutations); for (Mutation m : actualMutations) { newActualMutations.remove(m); NavigableMap<byte[], List<Cell>> familyCellMap = m.getFamilyCellMap(); List<Cell> cellList = familyCellMap.firstEntry().getValue(); List<Cell> newCellList = new ArrayList<>(); byte[] fam = CellUtil.cloneFamily(cellList.get(0)); for (Cell c : cellList) { infiltrateCell(c, newCellList, testType); } familyCellMap.put(fam, newCellList); m.setFamilyCellMap(familyCellMap); newActualMutations.add(m); } return newActualMutations; }
Example 2
Source File: VerifySingleIndexRowTest.java From phoenix with Apache License 2.0 | 6 votes |
private Mutation getUnverifiedPutMutation(Mutation orig, Long ts) { Mutation m = new Put(orig.getRow()); if (orig.getAttributesMap() != null) { for (Map.Entry<String,byte[]> entry : orig.getAttributesMap().entrySet()) { m.setAttribute(entry.getKey(), entry.getValue()); } } List<Cell> origList = orig.getFamilyCellMap().firstEntry().getValue(); ts = ts == null ? EnvironmentEdgeManager.currentTimeMillis() : ts; Cell c = getNewPutCell(orig, origList, ts, KeyValue.Type.Put); Cell empty = getEmptyCell(orig, origList, ts, KeyValue.Type.Put, false); byte[] fam = CellUtil.cloneFamily(origList.get(0)); List<Cell> famCells = Lists.newArrayList(); m.getFamilyCellMap().put(fam, famCells); famCells.add(c); famCells.add(empty); return m; }
Example 3
Source File: TransactionVisibilityFilter.java From phoenix-tephra with Apache License 2.0 | 6 votes |
@Override public Cell transformCell(Cell cell) throws IOException { // Convert Tephra deletes back into HBase deletes if (tx.getVisibilityLevel() == Transaction.VisibilityLevel.SNAPSHOT_ALL) { if (DeleteTracker.isFamilyDelete(cell)) { return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), null, cell.getTimestamp(), KeyValue.Type.DeleteFamily); } else if (isColumnDelete(cell)) { // Note: in some cases KeyValue.Type.Delete is used in Delete object, // and in some other cases KeyValue.Type.DeleteColumn is used. // Since Tephra cannot distinguish between the two, we return KeyValue.Type.DeleteColumn. // KeyValue.Type.DeleteColumn makes both CellUtil.isDelete and CellUtil.isDeleteColumns return true, and will // work in both cases. return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), CellUtil.cloneQualifier(cell), cell.getTimestamp(), KeyValue.Type.DeleteColumn); } } return cell; }
Example 4
Source File: TransactionVisibilityFilter.java From phoenix-tephra with Apache License 2.0 | 6 votes |
@Override public Cell transformCell(Cell cell) throws IOException { // Convert Tephra deletes back into HBase deletes if (tx.getVisibilityLevel() == Transaction.VisibilityLevel.SNAPSHOT_ALL) { if (DeleteTracker.isFamilyDelete(cell)) { return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), null, cell.getTimestamp(), KeyValue.Type.DeleteFamily); } else if (isColumnDelete(cell)) { // Note: in some cases KeyValue.Type.Delete is used in Delete object, // and in some other cases KeyValue.Type.DeleteColumn is used. // Since Tephra cannot distinguish between the two, we return KeyValue.Type.DeleteColumn. // KeyValue.Type.DeleteColumn makes both CellUtil.isDelete and CellUtil.isDeleteColumns return true, and will // work in both cases. return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), CellUtil.cloneQualifier(cell), cell.getTimestamp(), KeyValue.Type.DeleteColumn); } } return cell; }
Example 5
Source File: TransactionVisibilityFilter.java From phoenix-tephra with Apache License 2.0 | 6 votes |
@Override public Cell transformCell(Cell cell) throws IOException { // Convert Tephra deletes back into HBase deletes if (tx.getVisibilityLevel() == Transaction.VisibilityLevel.SNAPSHOT_ALL) { if (DeleteTracker.isFamilyDelete(cell)) { return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), null, cell.getTimestamp(), KeyValue.Type.DeleteFamily); } else if (isColumnDelete(cell)) { // Note: in some cases KeyValue.Type.Delete is used in Delete object, // and in some other cases KeyValue.Type.DeleteColumn is used. // Since Tephra cannot distinguish between the two, we return KeyValue.Type.DeleteColumn. // KeyValue.Type.DeleteColumn makes both CellUtil.isDelete and CellUtil.isDeleteColumns return true, and will // work in both cases. return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), CellUtil.cloneQualifier(cell), cell.getTimestamp(), KeyValue.Type.DeleteColumn); } } return cell; }
Example 6
Source File: HBaseCLI.java From cloud-bigtable-examples with Apache License 2.0 | 6 votes |
public void run(Connection connection, List<String> args) throws InvalidArgsException, IOException { if (args.size() != 2) { throw new InvalidArgsException(args); } String tableName = args.get(0); String rowId = args.get(1); Table table = connection.getTable(TableName.valueOf(tableName)); // Create a new Get request and specify the rowId passed by the user. Result result = table.get(new Get(rowId.getBytes())); // Iterate of the results. Each Cell is a value for column // so multiple Cells will be processed for each row. for (Cell cell : result.listCells()) { // We use the CellUtil class to clone values // from the returned cells. String row = new String(CellUtil.cloneRow(cell)); String family = new String(CellUtil.cloneFamily(cell)); String column = new String(CellUtil.cloneQualifier(cell)); String value = new String(CellUtil.cloneValue(cell)); long timestamp = cell.getTimestamp(); System.out.printf("%-20s column=%s:%s, timestamp=%s, value=%s\n", row, family, column, timestamp, value); } }
Example 7
Source File: TransactionVisibilityFilter.java From phoenix-tephra with Apache License 2.0 | 6 votes |
@Override public Cell transformCell(Cell cell) throws IOException { // Convert Tephra deletes back into HBase deletes if (tx.getVisibilityLevel() == Transaction.VisibilityLevel.SNAPSHOT_ALL) { if (DeleteTracker.isFamilyDelete(cell)) { return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), null, cell.getTimestamp(), KeyValue.Type.DeleteFamily); } else if (isColumnDelete(cell)) { // Note: in some cases KeyValue.Type.Delete is used in Delete object, // and in some other cases KeyValue.Type.DeleteColumn is used. // Since Tephra cannot distinguish between the two, we return KeyValue.Type.DeleteColumn. // KeyValue.Type.DeleteColumn makes both CellUtil.isDelete and CellUtil.isDeleteColumns return true, and will // work in both cases. return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), CellUtil.cloneQualifier(cell), cell.getTimestamp(), KeyValue.Type.DeleteColumn); } } return cell; }
Example 8
Source File: TransactionVisibilityFilter.java From phoenix-tephra with Apache License 2.0 | 6 votes |
@Override public Cell transformCell(Cell cell) throws IOException { // Convert Tephra deletes back into HBase deletes if (tx.getVisibilityLevel() == Transaction.VisibilityLevel.SNAPSHOT_ALL) { if (DeleteTracker.isFamilyDelete(cell)) { return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), null, cell.getTimestamp(), KeyValue.Type.DeleteFamily); } else if (isColumnDelete(cell)) { // Note: in some cases KeyValue.Type.Delete is used in Delete object, // and in some other cases KeyValue.Type.DeleteColumn is used. // Since Tephra cannot distinguish between the two, we return KeyValue.Type.DeleteColumn. // KeyValue.Type.DeleteColumn makes both CellUtil.isDelete and CellUtil.isDeleteColumns return true, and will // work in both cases. return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), CellUtil.cloneQualifier(cell), cell.getTimestamp(), KeyValue.Type.DeleteColumn); } } return cell; }
Example 9
Source File: TransactionVisibilityFilter.java From phoenix-tephra with Apache License 2.0 | 6 votes |
@Override public Cell transformCell(Cell cell) throws IOException { // Convert Tephra deletes back into HBase deletes if (tx.getVisibilityLevel() == Transaction.VisibilityLevel.SNAPSHOT_ALL) { if (DeleteTracker.isFamilyDelete(cell)) { return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), null, cell.getTimestamp(), KeyValue.Type.DeleteFamily); } else if (isColumnDelete(cell)) { // Note: in some cases KeyValue.Type.Delete is used in Delete object, // and in some other cases KeyValue.Type.DeleteColumn is used. // Since Tephra cannot distinguish between the two, we return KeyValue.Type.DeleteColumn. // KeyValue.Type.DeleteColumn makes both CellUtil.isDelete and CellUtil.isDeleteColumns return true, and will // work in both cases. return new KeyValue(CellUtil.cloneRow(cell), CellUtil.cloneFamily(cell), CellUtil.cloneQualifier(cell), cell.getTimestamp(), KeyValue.Type.DeleteColumn); } } return cell; }
Example 10
Source File: TupleProjector.java From phoenix with Apache License 2.0 | 6 votes |
/** * Iterate over the list of cells and populate dynamic columns * @param result list of cells * @param dynCols Populated list of PColumns corresponding to dynamic columns * @param dynColCellQualifiers Populated set of <column family, column qualifier> pairs * for the cells in the list, which correspond to dynamic columns * @throws InvalidProtocolBufferException Thrown if there is an error parsing byte[] to protobuf */ private static void populateDynColsFromResult(List<Cell> result, List<PColumn> dynCols, Set<Pair<ByteBuffer, ByteBuffer>> dynColCellQualifiers) throws InvalidProtocolBufferException { for (Cell c : result) { byte[] qual = CellUtil.cloneQualifier(c); byte[] fam = CellUtil.cloneFamily(c); int index = Bytes.indexOf(qual, DYN_COLS_METADATA_CELL_QUALIFIER); // Contains dynamic column metadata, so add it to the list of dynamic columns if (index != -1) { byte[] dynColMetaDataProto = CellUtil.cloneValue(c); dynCols.add(PColumnImpl.createFromProto( PTableProtos.PColumn.parseFrom(dynColMetaDataProto))); // Add the <fam, qualifier> pair for the actual dynamic column. The column qualifier // of the dynamic column is got by parsing out the known bytes from the shadow cell // containing the metadata for that column i.e. // DYN_COLS_METADATA_CELL_QUALIFIER<actual column qualifier> byte[] dynColQual = Arrays.copyOfRange(qual, index + DYN_COLS_METADATA_CELL_QUALIFIER.length, qual.length); dynColCellQualifiers.add( new Pair<>(ByteBuffer.wrap(fam), ByteBuffer.wrap(dynColQual))); } } }
Example 11
Source File: IndexRebuildRegionScanner.java From phoenix with Apache License 2.0 | 6 votes |
public static void removeColumn(Put put, Cell deleteCell) { byte[] family = CellUtil.cloneFamily(deleteCell); List<Cell> cellList = put.getFamilyCellMap().get(family); if (cellList == null) { return; } Iterator<Cell> cellIterator = cellList.iterator(); while (cellIterator.hasNext()) { Cell cell = cellIterator.next(); if (CellUtil.matchingQualifier(cell, deleteCell)) { cellIterator.remove(); if (cellList.isEmpty()) { put.getFamilyCellMap().remove(family); } return; } } }
Example 12
Source File: KeyValueBuilder.java From phoenix with Apache License 2.0 | 5 votes |
/** * Helper method for a {@link KeyValueBuilder} that catches an IOException from a {@link Put} * when adding a {@link KeyValue} generated by the KeyValueBuilder. * @throws RuntimeException if there is an IOException thrown from the underlying {@link Put} */ @SuppressWarnings("javadoc") public static void addQuietly(Mutation m, KeyValue kv) { byte [] family = CellUtil.cloneFamily(kv); List<Cell> list = m.getFamilyCellMap().get(family); if (list == null) { list = new ArrayList<>(); m.getFamilyCellMap().put(family, list); } list.add(kv); }
Example 13
Source File: ExtendCubeToHybridCLI.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
private void copyAcl(String origCubeId, String newCubeId, String projectName) throws Exception { String projectResPath = ProjectInstance.concatResourcePath(projectName); Serializer<ProjectInstance> projectSerializer = new JsonSerializer<ProjectInstance>(ProjectInstance.class); ProjectInstance project = store.getResource(projectResPath, projectSerializer); String projUUID = project.getUuid(); Table aclHtable = null; try { aclHtable = HBaseConnection.get(kylinConfig.getStorageUrl()).getTable(TableName.valueOf(kylinConfig.getMetadataUrlPrefix() + "_acl")); // cube acl Result result = aclHtable.get(new Get(Bytes.toBytes(origCubeId))); if (result.listCells() != null) { for (Cell cell : result.listCells()) { byte[] family = CellUtil.cloneFamily(cell); byte[] column = CellUtil.cloneQualifier(cell); byte[] value = CellUtil.cloneValue(cell); // use the target project uuid as the parent if (Bytes.toString(family).equals(ACL_INFO_FAMILY) && Bytes.toString(column).equals(ACL_INFO_FAMILY_PARENT_COLUMN)) { String valueString = "{\"id\":\"" + projUUID + "\",\"type\":\"org.apache.kylin.metadata.project.ProjectInstance\"}"; value = Bytes.toBytes(valueString); } Put put = new Put(Bytes.toBytes(newCubeId)); put.add(family, column, value); aclHtable.put(put); } } } finally { IOUtils.closeQuietly(aclHtable); } }
Example 14
Source File: Mutation.java From hbase with Apache License 2.0 | 5 votes |
Mutation add(Cell cell) throws IOException { //Checking that the row of the kv is the same as the mutation // TODO: It is fraught with risk if user pass the wrong row. // Throwing the IllegalArgumentException is more suitable I'd say. if (!CellUtil.matchingRows(cell, this.row)) { throw new WrongRowIOException("The row in " + cell.toString() + " doesn't match the original one " + Bytes.toStringBinary(this.row)); } byte[] family; if (cell instanceof IndividualBytesFieldCell) { family = cell.getFamilyArray(); } else { family = CellUtil.cloneFamily(cell); } if (family == null || family.length == 0) { throw new IllegalArgumentException("Family cannot be null"); } if (cell instanceof ExtendedCell) { getCellList(family).add(cell); } else { getCellList(family).add(new CellWrapper(cell)); } return this; }
Example 15
Source File: HBaseMergingFilter.java From geowave with Apache License 2.0 | 5 votes |
/** Handle the entire row at one time */ @Override public void filterRowCells(final List<Cell> rowCells) throws IOException { if (!rowCells.isEmpty()) { if (rowCells.size() > 1) { try { final Cell firstCell = rowCells.get(0); final byte[] singleRow = CellUtil.cloneRow(firstCell); final byte[] singleFam = CellUtil.cloneFamily(firstCell); final byte[] singleQual = CellUtil.cloneQualifier(firstCell); Mergeable mergedValue = null; for (final Cell cell : rowCells) { final byte[] byteValue = CellUtil.cloneValue(cell); final Mergeable value = (Mergeable) URLClassloaderUtils.fromBinary(byteValue); if (mergedValue != null) { mergedValue.merge(value); } else { mergedValue = value; } } final Cell singleCell = CellUtil.createCell( singleRow, singleFam, singleQual, System.currentTimeMillis(), KeyValue.Type.Put.getCode(), URLClassloaderUtils.toBinary(mergedValue)); rowCells.clear(); rowCells.add(singleCell); } catch (final Exception e) { throw new IOException("Exception in filter", e); } } } }
Example 16
Source File: HCell.java From spliceengine with GNU Affero General Public License v3.0 | 4 votes |
@Override public byte[] family(){ if(delegate==null) return null; return CellUtil.cloneFamily(delegate); }
Example 17
Source File: TransactionVisibilityFilter.java From phoenix-tephra with Apache License 2.0 | 4 votes |
@Override public ReturnCode filterKeyValue(Cell cell) throws IOException { if (!CellUtil.matchingFamily(cell, currentFamily)) { // column family changed currentFamily = CellUtil.cloneFamily(cell); Long familyOldestTs = oldestTsByFamily.get(currentFamily); currentOldestTs = familyOldestTs != null ? familyOldestTs : 0; deleteTracker.reset(); } // need to apply TTL for the column family here long kvTimestamp = cell.getTimestamp(); if (TxUtils.getTimestampForTTL(kvTimestamp) < currentOldestTs) { // passed TTL for this column, seek to next return ReturnCode.NEXT_COL; } else if (tx.isVisible(kvTimestamp)) { // Return all writes done by current transaction (including deletes) for VisibilityLevel.SNAPSHOT_ALL if (tx.getVisibilityLevel() == Transaction.VisibilityLevel.SNAPSHOT_ALL && tx.isCurrentWrite(kvTimestamp)) { // cell is visible // visibility SNAPSHOT_ALL needs all matches return runSubFilter(ReturnCode.INCLUDE, cell); } if (DeleteTracker.isFamilyDelete(cell)) { deleteTracker.addFamilyDelete(cell); if (clearDeletes) { return ReturnCode.NEXT_COL; } else { // cell is visible // as soon as we find a KV to include we can move to the next column return runSubFilter(ReturnCode.INCLUDE_AND_NEXT_COL, cell); } } // check if masked by family delete if (deleteTracker.isDeleted(cell)) { return ReturnCode.NEXT_COL; } // check for column delete if (isColumnDelete(cell)) { if (clearDeletes) { // skip "deleted" cell return ReturnCode.NEXT_COL; } else { // keep the marker but skip any remaining versions return runSubFilter(ReturnCode.INCLUDE_AND_NEXT_COL, cell); } } // cell is visible // as soon as we find a KV to include we can move to the next column return runSubFilter(ReturnCode.INCLUDE_AND_NEXT_COL, cell); } else { return ReturnCode.SKIP; } }
Example 18
Source File: SolrRegionObserver.java From SolrCoprocessor with Apache License 2.0 | 4 votes |
@Override public void postPut(ObserverContext<RegionCoprocessorEnvironment> e, Put put, WALEdit edit, Durability durability) throws IOException { String tableName = e.getEnvironment().getRegion().getRegionInfo().getTable().getNameAsString(); if (tableName.startsWith("hbase:")) { //Ԫ���ݱ�,����! return; } String rowKey = Bytes.toString(put.getRow()); String cFamily = null; String cQualifier = null; String cValue = null; NavigableMap<byte[], List<Cell>> map = put.getFamilyCellMap(); JsonObject jsonSet = new JsonObject(); for (List<Cell> cells : map.values()) { for (Cell cell : cells) { cFamily = new String(CellUtil.cloneFamily(cell)); cQualifier = new String(CellUtil.cloneQualifier(cell)); cValue = new String(CellUtil.cloneValue(cell), SolrTools.UTF_8); if (cQualifier.endsWith("_s")) { //string jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putString("set", cValue)); } else if (cQualifier.endsWith("_t")) { //text_general jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putString("set", cValue)); } else if (cQualifier.endsWith("_dt")) { //date jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putString("set", cValue)); } else if (cQualifier.endsWith("_i")) { //int jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putNumber("set", Integer.valueOf(cValue))); } else if (cQualifier.endsWith("_l")) { //long jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putNumber("set", Long.valueOf(cValue))); } else if (cQualifier.endsWith("_f")) { //float jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putNumber("set", Float.valueOf(cValue))); } else if (cQualifier.endsWith("_d")) { //double jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putNumber("set", Double.valueOf(cValue))); } else if (cQualifier.endsWith("_b")) { //boolean jsonSet.putObject(cFamily + F_SEPARATOR + cQualifier, (new JsonObject()).putBoolean("set", Boolean.valueOf(cValue))); } else { //������Ҫ������,����! continue; } } } if (jsonSet.size() == 0) { //˵��û��solr��ѯ�ֶ� return; } jsonSet.putString(F_ID, tableName + F_SEPARATOR + rowKey); jsonSet.putObject(F_TABLENAME, (new JsonObject()).putString("set", tableName)); jsonSet.putObject(F_ROWKEY, (new JsonObject()).putString("set", rowKey)); jsonSet.putObject(F_UPDATETIME, (new JsonObject()).putString("set", SolrTools.solrDateFormat.format(new java.util.Date()))); log.debug("postPut!!! " + jsonSet.encode()); _bqUpdate.enqueue(jsonSet.encode().getBytes(SolrTools.UTF_8)); }
Example 19
Source File: PermissionStorage.java From hbase with Apache License 2.0 | 4 votes |
private static Pair<String, Permission> parsePermissionRecord(byte[] entryName, Cell kv, byte[] cf, byte[] cq, boolean filterPerms, String filterUser) { // return X given a set of permissions encoded in the permissionRecord kv. byte[] family = CellUtil.cloneFamily(kv); if (!Bytes.equals(family, ACL_LIST_FAMILY)) { return null; } byte[] key = CellUtil.cloneQualifier(kv); byte[] value = CellUtil.cloneValue(kv); if (LOG.isDebugEnabled()) { LOG.debug("Read acl: entry[" + Bytes.toStringBinary(entryName) + "], kv [" + Bytes.toStringBinary(key) + ": " + Bytes.toStringBinary(value)+"]"); } // check for a column family appended to the key // TODO: avoid the string conversion to make this more efficient String username = Bytes.toString(key); // Retrieve group list for the filterUser if cell key is a group. // Group list is not required when filterUser itself a group List<String> filterUserGroups = null; if (filterPerms) { if (username.charAt(0) == '@' && !StringUtils.isEmpty(filterUser) && filterUser.charAt(0) != '@') { filterUserGroups = AccessChecker.getUserGroups(filterUser); } } // Handle namespace entry if (isNamespaceEntry(entryName)) { // Filter the permissions cell record if client query if (filterPerms && !validateFilterUser(username, filterUser, filterUserGroups)) { return null; } return new Pair<>(username, Permission.newBuilder(Bytes.toString(fromNamespaceEntry(entryName))) .withActionCodes(value).build()); } // Handle global entry if (isGlobalEntry(entryName)) { // Filter the permissions cell record if client query if (filterPerms && !validateFilterUser(username, filterUser, filterUserGroups)) { return null; } return new Pair<>(username, Permission.newBuilder().withActionCodes(value).build()); } // Handle table entry int idx = username.indexOf(ACL_KEY_DELIMITER); byte[] permFamily = null; byte[] permQualifier = null; if (idx > 0 && idx < username.length()-1) { String remainder = username.substring(idx+1); username = username.substring(0, idx); idx = remainder.indexOf(ACL_KEY_DELIMITER); if (idx > 0 && idx < remainder.length()-1) { permFamily = Bytes.toBytes(remainder.substring(0, idx)); permQualifier = Bytes.toBytes(remainder.substring(idx+1)); } else { permFamily = Bytes.toBytes(remainder); } } // Filter the permissions cell record if client query if (filterPerms) { // ACL table contain 3 types of cell key entries; hbase:Acl, namespace and table. So to filter // the permission cell records additional validations are required at CF, CQ and username. // Here we can proceed based on client input whether it contain filterUser. // Validate the filterUser when specified if (filterUser != null && !validateFilterUser(username, filterUser, filterUserGroups)) { return null; } if (!validateCFAndCQ(permFamily, cf, permQualifier, cq)) { return null; } } return new Pair<>(username, Permission.newBuilder(TableName.valueOf(entryName)) .withFamily(permFamily).withQualifier(permQualifier).withActionCodes(value).build()); }
Example 20
Source File: RangerAuthorizationFilter.java From ranger with Apache License 2.0 | 4 votes |
@Override public ReturnCode filterKeyValue(Cell kv) throws IOException { if (LOG.isDebugEnabled()) { LOG.debug("==> filterKeyValue"); } String family = null; byte[] familyBytes = CellUtil.cloneFamily(kv); if (familyBytes != null && familyBytes.length > 0) { family = Bytes.toString(familyBytes); if (LOG.isDebugEnabled()) { LOG.debug("filterKeyValue: evaluating family[" + family + "]."); } } String column = null; byte[] qualifier = CellUtil.cloneQualifier(kv); if (qualifier != null && qualifier.length > 0) { column = Bytes.toString(qualifier); if (LOG.isDebugEnabled()) { LOG.debug("filterKeyValue: evaluating column[" + column + "]."); } } else { LOG.warn("filterKeyValue: empty/null column set! Unexpected!"); } ReturnCode result = ReturnCode.NEXT_COL; boolean authCheckNeeded = false; if (family == null) { LOG.warn("filterKeyValue: Unexpected - null/empty family! Access denied!"); } else if (_familiesAccessDenied.contains(family)) { LOG.debug("filterKeyValue: family found in access denied families cache. Access denied."); } else if (_columnsAccessAllowed.containsKey(family)) { LOG.debug("filterKeyValue: family found in column level access results cache."); if (_columnsAccessAllowed.get(family).contains(column)) { LOG.debug("filterKeyValue: family/column found in column level access results cache. Access allowed."); result = ReturnCode.INCLUDE; } else { LOG.debug("filterKeyValue: family/column not in column level access results cache. Access denied."); } } else if (_familiesAccessAllowed.contains(family)) { LOG.debug("filterKeyValue: family found in access allowed families cache. Must re-authorize for correct audit generation."); authCheckNeeded = true; } else if (_familiesAccessIndeterminate.contains(family)) { LOG.debug("filterKeyValue: family found in indeterminate families cache. Evaluating access..."); authCheckNeeded = true; } else { LOG.warn("filterKeyValue: Unexpected - alien family encountered that wasn't seen by pre-hook! Access Denied.!"); } if (authCheckNeeded) { LOG.debug("filterKeyValue: Checking authorization..."); _session.columnFamily(family) .column(column) .buildRequest() .authorize(); // must always purge the captured audit event out of the audit handler to avoid messing up the next check AuthzAuditEvent auditEvent = _auditHandler.getAndDiscardMostRecentEvent(); if (_session.isAuthorized()) { LOG.debug("filterKeyValue: Access granted."); result = ReturnCode.INCLUDE; if (auditEvent != null) { LOG.debug("filterKeyValue: access is audited."); _auditHandler.logAuthzAudits(Collections.singletonList(auditEvent)); } else { LOG.debug("filterKeyValue: no audit event returned. Access not audited."); } } else { LOG.debug("filterKeyValue: Access denied. Denial not audited."); } } if (LOG.isDebugEnabled()) { LOG.debug("filterKeyValue: " + result); } return result; }