1#
2# Licensed to the Apache Software Foundation (ASF) under one
3# or more contributor license agreements.  See the NOTICE file
4# distributed with this work for additional information
5# regarding copyright ownership.  The ASF licenses this file
6# to you under the Apache License, Version 2.0 (the
7# "License"); you may not use this file except in compliance
8# with the License.  You may obtain a copy of the License at
9#
10#     http://www.apache.org/licenses/LICENSE-2.0
11#
12# Unless required by applicable law or agreed to in writing, software
13# distributed under the License is distributed on an "AS IS" BASIS,
14# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15# See the License for the specific language governing permissions and
16# limitations under the License.
17#
18
19include Java
20java_import org.apache.hadoop.hbase.security.visibility.VisibilityClient
21java_import org.apache.hadoop.hbase.security.visibility.VisibilityConstants
22java_import org.apache.hadoop.hbase.util.Bytes
23
24module Hbase
25  class VisibilityLabelsAdmin
26
27    def initialize(admin, formatter)
28      @admin = admin
29      @config = @admin.getConfiguration()
30      @formatter = formatter
31    end
32
33    def close
34      @admin.close
35    end
36
37    def add_labels(*args)
38      visibility_feature_available?
39      # Normalize args
40      if args.kind_of?(Array)
41        labels = [ args ].flatten.compact
42      end
43      if labels.size() == 0
44      	raise(ArgumentError, "Arguments cannot be null")
45      end
46
47      begin
48        response = VisibilityClient.addLabels(@config, labels.to_java(:string))
49        if response.nil?
50          raise(ArgumentError, "DISABLED: Visibility labels feature is not available")
51        end
52        labelsWithException = ""
53        list = response.getResultList()
54        list.each do |result|
55            if result.hasException()
56               labelsWithException += Bytes.toString(result.getException().getValue().toByteArray())
57            end
58        end
59        if labelsWithException.length > 0
60          raise(ArgumentError, labelsWithException)
61        end
62      end
63    end
64
65    def set_auths(user, *args)
66      visibility_feature_available?
67      # Normalize args
68      if args.kind_of?(Array)
69        auths = [ args ].flatten.compact
70      end
71
72      begin
73        response = VisibilityClient.setAuths(@config, auths.to_java(:string), user)
74        if response.nil?
75          raise(ArgumentError, "DISABLED: Visibility labels feature is not available")
76        end
77        labelsWithException = ""
78        list = response.getResultList()
79        list.each do |result|
80            if result.hasException()
81               labelsWithException += Bytes.toString(result.getException().getValue().toByteArray())
82            end
83        end
84        if labelsWithException.length > 0
85          raise(ArgumentError, labelsWithException)
86        end
87      end
88    end
89
90    def get_auths(user)
91      visibility_feature_available?
92      begin
93        response = VisibilityClient.getAuths(@config, user)
94        if response.nil?
95          raise(ArgumentError, "DISABLED: Visibility labels feature is not available")
96        end
97        return response.getAuthList
98      end
99    end
100
101    def list_labels(regex = ".*")
102      visibility_feature_available?
103      begin
104        response = VisibilityClient.listLabels(@config, regex)
105        if response.nil?
106          raise(ArgumentError, "DISABLED: Visibility labels feature is not available")
107        end
108        return response.getLabelList
109      end
110    end
111
112    def clear_auths(user, *args)
113      visibility_feature_available?
114      # Normalize args
115      if args.kind_of?(Array)
116        auths = [ args ].flatten.compact
117      end
118
119      begin
120        response = VisibilityClient.clearAuths(@config, auths.to_java(:string), user)
121        if response.nil?
122          raise(ArgumentError, "DISABLED: Visibility labels feature is not available")
123        end
124        labelsWithException = ""
125        list = response.getResultList()
126        list.each do |result|
127            if result.hasException()
128               labelsWithException += Bytes.toString(result.getException().getValue().toByteArray())
129            end
130        end
131        if labelsWithException.length > 0
132          raise(ArgumentError, labelsWithException)
133        end
134      end
135    end
136
137    # Make sure that lables table is available
138    def visibility_feature_available?()
139      caps = []
140      begin
141        # Try the getSecurityCapabilities API where supported.
142        caps = @admin.getSecurityCapabilities
143      rescue
144        # If we are unable to use getSecurityCapabilities, fall back with a check for
145        # deployment of the labels table
146        raise(ArgumentError, "DISABLED: Visibility labels feature is not available") unless \
147          exists?(VisibilityConstants::LABELS_TABLE_NAME)
148        return
149      end
150      raise(ArgumentError, "DISABLED: Visibility labels feature is not available") unless \
151        caps.include? org.apache.hadoop.hbase.client.security.SecurityCapability::CELL_VISIBILITY
152    end
153
154    # Does table exist?
155    def exists?(table_name)
156      @admin.tableExists(table_name)
157    end
158  end
159end
160