@InterfaceAudience.Public
public interface VisibilityLabelService
extends org.apache.hadoop.conf.Configurable
Modifier and Type | Method and Description |
---|---|
OperationStatus[] |
addLabels(List<byte[]> labels)
Adds the set of labels into the system.
|
OperationStatus[] |
clearAuths(byte[] user,
List<byte[]> authLabels)
Removes given labels from user's globally authorized list of labels.
|
List<Tag> |
createVisibilityExpTags(String visExpression,
boolean withSerializationFormat,
boolean checkAuths)
Creates tags corresponding to given visibility expression.
|
byte[] |
encodeVisibilityForReplication(List<Tag> visTags,
Byte serializationFormat)
Provides a way to modify the visibility tags of type
TagType
.VISIBILITY_TAG_TYPE, that are part of the cell created from the WALEdits
that are prepared for replication while calling
ReplicationEndpoint
.replicate(). |
List<String> |
getGroupAuths(String[] groups,
boolean systemCall)
Retrieve the visibility labels for the groups.
|
List<String> |
getUserAuths(byte[] user,
boolean systemCall)
Retrieve the visibility labels for the user.
|
VisibilityExpEvaluator |
getVisibilityExpEvaluator(Authorizations authorizations)
Creates VisibilityExpEvaluator corresponding to given Authorizations.
|
boolean |
havingSystemAuth(User user)
System checks for user auth during admin operations.
|
void |
init(RegionCoprocessorEnvironment e)
System calls this after opening of regions.
|
List<String> |
listLabels(String regex)
Retrieve the list of visibility labels defined in the system.
|
boolean |
matchVisibility(List<Tag> putVisTags,
Byte putVisTagFormat,
List<Tag> deleteVisTags,
Byte deleteVisTagFormat)
System uses this for deciding whether a Cell can be deleted by matching visibility expression
in Delete mutation and the cell in consideration.
|
OperationStatus[] |
setAuths(byte[] user,
List<byte[]> authLabels)
Sets given labels globally authorized for the user.
|
void init(RegionCoprocessorEnvironment e) throws IOException
e
- the region coprocessor envIOException
OperationStatus[] addLabels(List<byte[]> labels) throws IOException
labels
- Labels to add to the system.IOException
OperationStatus[] setAuths(byte[] user, List<byte[]> authLabels) throws IOException
user
- The authorizing userauthLabels
- Labels which are getting authorized for the userIOException
OperationStatus[] clearAuths(byte[] user, List<byte[]> authLabels) throws IOException
user
- The user whose authorization to be removedauthLabels
- Labels which are getting removed from authorization setIOException
List<String> getUserAuths(byte[] user, boolean systemCall) throws IOException
user
- Name of the user whose authorization to be retrievedsystemCall
- Whether a system or user originated call.IOException
List<String> getGroupAuths(String[] groups, boolean systemCall) throws IOException
groups
- Name of the groups whose authorization to be retrievedsystemCall
- Whether a system or user originated call.IOException
List<String> listLabels(String regex) throws IOException
regex
- The regular expression to filter which labels are returned.IOException
List<Tag> createVisibilityExpTags(String visExpression, boolean withSerializationFormat, boolean checkAuths) throws IOException
visExpression
- The Expression for which corresponding Tags to be created.withSerializationFormat
- specifies whether a tag, denoting the serialization version
of the tags, to be added in the list. When this is true make sure to add the
serialization format Tag also. The format tag value should be byte type.checkAuths
- denotes whether to check individual labels in visExpression against user's
global auth label.IOException
VisibilityExpEvaluator getVisibilityExpEvaluator(Authorizations authorizations) throws IOException
authorizations
- Authorizations for the read requestIOException
boolean havingSystemAuth(User user) throws IOException
user
- User for whom system auth check to be done.IOException
boolean matchVisibility(List<Tag> putVisTags, Byte putVisTagFormat, List<Tag> deleteVisTags, Byte deleteVisTagFormat) throws IOException
putVisTags
- The visibility tags present in the Put mutationputVisTagFormat
- The serialization format for the Put visibility tags. A null
value for
this format means the tags are written with unsorted label ordinalsdeleteVisTags
- - The visibility tags in the delete mutation (the specified Cell Visibility)deleteVisTagFormat
- The serialization format for the Delete visibility tags. A null
value for
this format means the tags are written with unsorted label ordinalsIOException
VisibilityConstants.SORTED_ORDINAL_SERIALIZATION_FORMAT
byte[] encodeVisibilityForReplication(List<Tag> visTags, Byte serializationFormat) throws IOException
TagType
.VISIBILITY_TAG_TYPE, that are part of the cell created from the WALEdits
that are prepared for replication while calling
ReplicationEndpoint
.replicate().
VisibilityReplicationEndpoint
calls this API to provide an opportunity to modify the visibility tags
before replicating.visTags
- the visibility tags associated with the cellserializationFormat
- the serialization format associated with the tagIOException
Copyright © 2007–2019 Cloudera. All rights reserved.