1# 2# Licensed to the Apache Software Foundation (ASF) under one 3# or more contributor license agreements. See the NOTICE file 4# distributed with this work for additional information 5# regarding copyright ownership. The ASF licenses this file 6# to you under the Apache License, Version 2.0 (the 7# "License"); you may not use this file except in compliance 8# with the License. You may obtain a copy of the License at 9# 10# http://www.apache.org/licenses/LICENSE-2.0 11# 12# Unless required by applicable law or agreed to in writing, software 13# distributed under the License is distributed on an "AS IS" BASIS, 14# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15# See the License for the specific language governing permissions and 16# limitations under the License. 17# 18 19include Java 20java_import org.apache.hadoop.hbase.security.visibility.VisibilityClient 21java_import org.apache.hadoop.hbase.security.visibility.VisibilityConstants 22java_import org.apache.hadoop.hbase.util.Bytes 23 24module Hbase 25 class VisibilityLabelsAdmin 26 27 def initialize(admin, formatter) 28 @admin = admin 29 @config = @admin.getConfiguration() 30 @formatter = formatter 31 end 32 33 def close 34 @admin.close 35 end 36 37 def add_labels(*args) 38 visibility_feature_available? 39 # Normalize args 40 if args.kind_of?(Array) 41 labels = [ args ].flatten.compact 42 end 43 if labels.size() == 0 44 raise(ArgumentError, "Arguments cannot be null") 45 end 46 47 begin 48 response = VisibilityClient.addLabels(@config, labels.to_java(:string)) 49 if response.nil? 50 raise(ArgumentError, "DISABLED: Visibility labels feature is not available") 51 end 52 labelsWithException = "" 53 list = response.getResultList() 54 list.each do |result| 55 if result.hasException() 56 labelsWithException += Bytes.toString(result.getException().getValue().toByteArray()) 57 end 58 end 59 if labelsWithException.length > 0 60 raise(ArgumentError, labelsWithException) 61 end 62 end 63 end 64 65 def set_auths(user, *args) 66 visibility_feature_available? 67 # Normalize args 68 if args.kind_of?(Array) 69 auths = [ args ].flatten.compact 70 end 71 72 begin 73 response = VisibilityClient.setAuths(@config, auths.to_java(:string), user) 74 if response.nil? 75 raise(ArgumentError, "DISABLED: Visibility labels feature is not available") 76 end 77 labelsWithException = "" 78 list = response.getResultList() 79 list.each do |result| 80 if result.hasException() 81 labelsWithException += Bytes.toString(result.getException().getValue().toByteArray()) 82 end 83 end 84 if labelsWithException.length > 0 85 raise(ArgumentError, labelsWithException) 86 end 87 end 88 end 89 90 def get_auths(user) 91 visibility_feature_available? 92 begin 93 response = VisibilityClient.getAuths(@config, user) 94 if response.nil? 95 raise(ArgumentError, "DISABLED: Visibility labels feature is not available") 96 end 97 return response.getAuthList 98 end 99 end 100 101 def list_labels(regex = ".*") 102 visibility_feature_available? 103 begin 104 response = VisibilityClient.listLabels(@config, regex) 105 if response.nil? 106 raise(ArgumentError, "DISABLED: Visibility labels feature is not available") 107 end 108 return response.getLabelList 109 end 110 end 111 112 def clear_auths(user, *args) 113 visibility_feature_available? 114 # Normalize args 115 if args.kind_of?(Array) 116 auths = [ args ].flatten.compact 117 end 118 119 begin 120 response = VisibilityClient.clearAuths(@config, auths.to_java(:string), user) 121 if response.nil? 122 raise(ArgumentError, "DISABLED: Visibility labels feature is not available") 123 end 124 labelsWithException = "" 125 list = response.getResultList() 126 list.each do |result| 127 if result.hasException() 128 labelsWithException += Bytes.toString(result.getException().getValue().toByteArray()) 129 end 130 end 131 if labelsWithException.length > 0 132 raise(ArgumentError, labelsWithException) 133 end 134 end 135 end 136 137 # Make sure that lables table is available 138 def visibility_feature_available?() 139 caps = [] 140 begin 141 # Try the getSecurityCapabilities API where supported. 142 caps = @admin.getSecurityCapabilities 143 rescue 144 # If we are unable to use getSecurityCapabilities, fall back with a check for 145 # deployment of the labels table 146 raise(ArgumentError, "DISABLED: Visibility labels feature is not available") unless \ 147 exists?(VisibilityConstants::LABELS_TABLE_NAME) 148 return 149 end 150 raise(ArgumentError, "DISABLED: Visibility labels feature is not available") unless \ 151 caps.include? org.apache.hadoop.hbase.client.security.SecurityCapability::CELL_VISIBILITY 152 end 153 154 # Does table exist? 155 def exists?(table_name) 156 @admin.tableExists(table_name) 157 end 158 end 159end 160