diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java index 3918f3b..9234a2a 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java @@ -1565,10 +1565,10 @@ public final class ProtobufUtil { * @return the converted Permission */ public static Permission toPermission(AccessControlProtos.Permission proto) { - if (proto.hasTableName()) { + if (proto.getType() != AccessControlProtos.Permission.Type.Global) { return toTablePermission(proto); } else { - List actions = toPermissionActions(proto.getActionList()); + List actions = toPermissionActions(proto.getGlobalPermission().getActionList()); return new Permission(actions.toArray(new Permission.Action[actions.size()])); } } @@ -1580,18 +1580,43 @@ public final class ProtobufUtil { * @return the converted TablePermission */ public static TablePermission toTablePermission(AccessControlProtos.Permission proto) { - List actions = toPermissionActions(proto.getActionList()); + if(proto.getType() == AccessControlProtos.Permission.Type.Global) { + AccessControlProtos.GlobalPermission perm = proto.getGlobalPermission(); + List actions = toPermissionActions(perm.getActionList()); - byte[] qualifier = null; - byte[] family = null; - TableName table = null; + return new TablePermission(null, null, null, + actions.toArray(new Permission.Action[actions.size()])); + } + if(proto.getType() == AccessControlProtos.Permission.Type.Namespace) { + AccessControlProtos.NamespacePermission perm = proto.getNamespacePermission(); + List actions = toPermissionActions(perm.getActionList()); + + if(!proto.hasNamespacePermission()) { + throw new IllegalStateException("Namespace must not be empty in NamespacePermission"); + } + String namespace = perm.getNamespaceName().toStringUtf8(); + return new TablePermission(namespace, actions.toArray(new Permission.Action[actions.size()])); + } + if(proto.getType() == AccessControlProtos.Permission.Type.Table) { + AccessControlProtos.TablePermission perm = proto.getTablePermission(); + List actions = toPermissionActions(perm.getActionList()); - if (proto.hasTableName()) table = ProtobufUtil.toTableName(proto.getTableName()); - if (proto.hasFamily()) family = proto.getFamily().toByteArray(); - if (proto.hasQualifier()) qualifier = proto.getQualifier().toByteArray(); + byte[] qualifier = null; + byte[] family = null; + TableName table = null; - return new TablePermission(table, family, qualifier, - actions.toArray(new Permission.Action[actions.size()])); + if (!perm.hasTableName()) { + throw new IllegalStateException("TableName cannot be empty"); + } + table = ProtobufUtil.toTableName(perm.getTableName()); + + if (perm.hasFamily()) family = perm.getFamily().toByteArray(); + if (perm.hasQualifier()) qualifier = perm.getQualifier().toByteArray(); + + return new TablePermission(table, family, qualifier, + actions.toArray(new Permission.Action[actions.size()])); + } + throw new IllegalStateException("Unrecognize Perm Type: "+proto.getType()); } /** @@ -1601,23 +1626,47 @@ public final class ProtobufUtil { * @return the protobuf Permission */ public static AccessControlProtos.Permission toPermission(Permission perm) { - AccessControlProtos.Permission.Builder builder = AccessControlProtos.Permission.newBuilder(); + AccessControlProtos.Permission.Builder ret = AccessControlProtos.Permission.newBuilder(); if (perm instanceof TablePermission) { TablePermission tablePerm = (TablePermission)perm; - if (tablePerm.hasTable()) { + if(tablePerm.hasNamespace()) { + ret.setType(AccessControlProtos.Permission.Type.Namespace); + + AccessControlProtos.NamespacePermission.Builder builder = + AccessControlProtos.NamespacePermission.newBuilder(); + builder.setNamespaceName(ByteString.copyFromUtf8(tablePerm.getNamespace())); + for (Permission.Action a : perm.getActions()) { + builder.addAction(toPermissionAction(a)); + } + ret.setNamespacePermission(builder); + } else if (tablePerm.hasTable()) { + ret.setType(AccessControlProtos.Permission.Type.Table); + + AccessControlProtos.TablePermission.Builder builder = + AccessControlProtos.TablePermission.newBuilder(); builder.setTableName(ProtobufUtil.toProtoTableName(tablePerm.getTable())); + if (tablePerm.hasFamily()) { + builder.setFamily(ByteString.copyFrom(tablePerm.getFamily())); + } + if (tablePerm.hasQualifier()) { + builder.setQualifier(ByteString.copyFrom(tablePerm.getQualifier())); + } + for (Permission.Action a : perm.getActions()) { + builder.addAction(toPermissionAction(a)); + } + ret.setTablePermission(builder); } - if (tablePerm.hasFamily()) { - builder.setFamily(ByteString.copyFrom(tablePerm.getFamily())); - } - if (tablePerm.hasQualifier()) { - builder.setQualifier(ByteString.copyFrom(tablePerm.getQualifier())); + } else { + ret.setType(AccessControlProtos.Permission.Type.Global); + + AccessControlProtos.GlobalPermission.Builder builder = + AccessControlProtos.GlobalPermission.newBuilder(); + for (Permission.Action a : perm.getActions()) { + builder.addAction(toPermissionAction(a)); } + ret.setGlobalPermission(builder); } - for (Permission.Action a : perm.getActions()) { - builder.addAction(toPermissionAction(a)); - } - return builder.build(); + return ret.build(); } /** @@ -1688,24 +1737,9 @@ public final class ProtobufUtil { * @return the protobuf UserPermission */ public static AccessControlProtos.UserPermission toUserPermission(UserPermission perm) { - AccessControlProtos.Permission.Builder permissionBuilder = - AccessControlProtos.Permission.newBuilder(); - for (Permission.Action a : perm.getActions()) { - permissionBuilder.addAction(toPermissionAction(a)); - } - if (perm.hasTable()) { - permissionBuilder.setTableName(ProtobufUtil.toProtoTableName(perm.getTable())); - } - if (perm.hasFamily()) { - permissionBuilder.setFamily(ByteString.copyFrom(perm.getFamily())); - } - if (perm.hasQualifier()) { - permissionBuilder.setQualifier(ByteString.copyFrom(perm.getQualifier())); - } - return AccessControlProtos.UserPermission.newBuilder() .setUser(ByteString.copyFrom(perm.getUser())) - .setPermission(permissionBuilder) + .setPermission(toPermission(perm)) .build(); } @@ -1716,20 +1750,8 @@ public final class ProtobufUtil { * @return the converted UserPermission */ public static UserPermission toUserPermission(AccessControlProtos.UserPermission proto) { - AccessControlProtos.Permission permission = proto.getPermission(); - List actions = toPermissionActions(permission.getActionList()); - - byte[] qualifier = null; - byte[] family = null; - TableName table = null; - - if (permission.hasTableName()) table = ProtobufUtil.toTableName(permission.getTableName()); - if (permission.hasFamily()) family = permission.getFamily().toByteArray(); - if (permission.hasQualifier()) qualifier = permission.getQualifier().toByteArray(); - return new UserPermission(proto.getUser().toByteArray(), - table, family, qualifier, - actions.toArray(new Permission.Action[actions.size()])); + toTablePermission(proto.getPermission())); } /** @@ -1739,26 +1761,48 @@ public final class ProtobufUtil { * @param perm the list of user and table permissions * @return the protobuf UserTablePermissions */ - public static AccessControlProtos.UserTablePermissions toUserTablePermissions( + public static AccessControlProtos.UsersAndPermissions toUserTablePermissions( ListMultimap perm) { - AccessControlProtos.UserTablePermissions.Builder builder = - AccessControlProtos.UserTablePermissions.newBuilder(); + AccessControlProtos.UsersAndPermissions.Builder builder = + AccessControlProtos.UsersAndPermissions.newBuilder(); for (Map.Entry> entry : perm.asMap().entrySet()) { - AccessControlProtos.UserTablePermissions.UserPermissions.Builder userPermBuilder = - AccessControlProtos.UserTablePermissions.UserPermissions.newBuilder(); + AccessControlProtos.UsersAndPermissions.UserPermissions.Builder userPermBuilder = + AccessControlProtos.UsersAndPermissions.UserPermissions.newBuilder(); userPermBuilder.setUser(ByteString.copyFromUtf8(entry.getKey())); for (TablePermission tablePerm: entry.getValue()) { userPermBuilder.addPermissions(toPermission(tablePerm)); } - builder.addPermissions(userPermBuilder.build()); + builder.addUserPermissions(userPermBuilder.build()); } return builder.build(); } /** - * A utility used to grant a user some permissions. The permissions will - * be global if table is not specified. Otherwise, they are for those - * table/column family/qualifier only. + * A utility used to grant a user global permissions. + *

+ * It's also called by the shell, in case you want to find references. + * + * @param protocol the AccessControlService protocol proxy + * @param userShortName the short name of the user to grant permissions + * @param actions the permissions to be granted + * @throws ServiceException + */ + public static void grant(AccessControlService.BlockingInterface protocol, + String userShortName, Permission.Action... actions) throws ServiceException { + List permActions = + Lists.newArrayListWithCapacity(actions.length); + for (Permission.Action a : actions) { + permActions.add(ProtobufUtil.toPermissionAction(a)); + } + AccessControlProtos.GrantRequest request = RequestConverter. + buildGrantRequest(userShortName, permActions.toArray( + new AccessControlProtos.Permission.Action[actions.length])); + protocol.grant(null, request); + } + + /** + * A utility used to grant a user table permissions. The permissions will + * be for a table table/column family/qualifier. *

* It's also called by the shell, in case you want to find references. * @@ -1785,9 +1829,55 @@ public final class ProtobufUtil { } /** - * A utility used to revoke a user some permissions. The permissions will - * be global if table is not specified. Otherwise, they are for those - * table/column family/qualifier only. + * A utility used to grant a user namespace permissions. + *

+ * It's also called by the shell, in case you want to find references. + * + * @param protocol the AccessControlService protocol proxy + * @param namespace the short name of the user to grant permissions + * @param actions the permissions to be granted + * @throws ServiceException + */ + public static void grant(AccessControlService.BlockingInterface protocol, + String userShortName, String namespace, + Permission.Action... actions) throws ServiceException { + List permActions = + Lists.newArrayListWithCapacity(actions.length); + for (Permission.Action a : actions) { + permActions.add(ProtobufUtil.toPermissionAction(a)); + } + AccessControlProtos.GrantRequest request = RequestConverter. + buildGrantRequest(userShortName, namespace, permActions.toArray( + new AccessControlProtos.Permission.Action[actions.length])); + protocol.grant(null, request); + } + + /** + * A utility used to revoke a user's global permissions. + *

+ * It's also called by the shell, in case you want to find references. + * + * @param protocol the AccessControlService protocol proxy + * @param userShortName the short name of the user to revoke permissions + * @param actions the permissions to be revoked + * @throws ServiceException + */ + public static void revoke(AccessControlService.BlockingInterface protocol, + String userShortName, Permission.Action... actions) throws ServiceException { + List permActions = + Lists.newArrayListWithCapacity(actions.length); + for (Permission.Action a : actions) { + permActions.add(ProtobufUtil.toPermissionAction(a)); + } + AccessControlProtos.RevokeRequest request = RequestConverter. + buildRevokeRequest(userShortName, permActions.toArray( + new AccessControlProtos.Permission.Action[actions.length])); + protocol.revoke(null, request); + } + + /** + * A utility used to revoke a user's table permissions. The permissions will + * be for a table/column family/qualifier. *

* It's also called by the shell, in case you want to find references. * @@ -1814,7 +1904,55 @@ public final class ProtobufUtil { } /** - * A utility used to get user permissions. + * A utility used to revoke a user's namespace permissions. + *

+ * It's also called by the shell, in case you want to find references. + * + * @param protocol the AccessControlService protocol proxy + * @param userShortName the short name of the user to revoke permissions + * @param namespace optional table name + * @param actions the permissions to be revoked + * @throws ServiceException + */ + public static void revoke(AccessControlService.BlockingInterface protocol, + String userShortName, String namespace, + Permission.Action... actions) throws ServiceException { + List permActions = + Lists.newArrayListWithCapacity(actions.length); + for (Permission.Action a : actions) { + permActions.add(ProtobufUtil.toPermissionAction(a)); + } + AccessControlProtos.RevokeRequest request = RequestConverter. + buildRevokeRequest(userShortName, namespace, permActions.toArray( + new AccessControlProtos.Permission.Action[actions.length])); + protocol.revoke(null, request); + } + + /** + * A utility used to get user's global permissions. + *

+ * It's also called by the shell, in case you want to find references. + * + * @param protocol the AccessControlService protocol proxy + * @throws ServiceException + */ + public static List getUserPermissions( + AccessControlService.BlockingInterface protocol) throws ServiceException { + AccessControlProtos.UserPermissionsRequest.Builder builder = + AccessControlProtos.UserPermissionsRequest.newBuilder(); + builder.setType(AccessControlProtos.Permission.Type.Global); + AccessControlProtos.UserPermissionsRequest request = builder.build(); + AccessControlProtos.UserPermissionsResponse response = + protocol.getUserPermissions(null, request); + List perms = new ArrayList(); + for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) { + perms.add(ProtobufUtil.toUserPermission(perm)); + } + return perms; + } + + /** + * A utility used to get user table permissions. *

* It's also called by the shell, in case you want to find references. * @@ -1830,11 +1968,12 @@ public final class ProtobufUtil { if (t != null) { builder.setTableName(ProtobufUtil.toProtoTableName(t)); } + builder.setType(AccessControlProtos.Permission.Type.Table); AccessControlProtos.UserPermissionsRequest request = builder.build(); AccessControlProtos.UserPermissionsResponse response = protocol.getUserPermissions(null, request); List perms = new ArrayList(); - for (AccessControlProtos.UserPermission perm: response.getPermissionList()) { + for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) { perms.add(ProtobufUtil.toUserPermission(perm)); } return perms; @@ -1848,12 +1987,12 @@ public final class ProtobufUtil { * @return the converted UserPermission */ public static ListMultimap toUserTablePermissions( - AccessControlProtos.UserTablePermissions proto) { + AccessControlProtos.UsersAndPermissions proto) { ListMultimap perms = ArrayListMultimap.create(); - AccessControlProtos.UserTablePermissions.UserPermissions userPerm; + AccessControlProtos.UsersAndPermissions.UserPermissions userPerm; - for (int i = 0; i < proto.getPermissionsCount(); i++) { - userPerm = proto.getPermissions(i); + for (int i = 0; i < proto.getUserPermissionsCount(); i++) { + userPerm = proto.getUserPermissions(i); for (int j = 0; j < userPerm.getPermissionsCount(); j++) { TablePermission tablePerm = toTablePermission(userPerm.getPermissions(j)); perms.put(userPerm.getUser().toStringUtf8(), tablePerm); diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/RequestConverter.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/RequestConverter.java index f2b99f6..43f1e13 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/RequestConverter.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/RequestConverter.java @@ -1205,6 +1205,32 @@ public final class RequestConverter { * Create a request to grant user permissions. * * @param username the short user name who to grant permissions + * @param actions the permissions to be granted + * @return A {@link AccessControlProtos} GrantRequest + */ + public static AccessControlProtos.GrantRequest buildGrantRequest( + String username, AccessControlProtos.Permission.Action... actions) { + AccessControlProtos.Permission.Builder ret = + AccessControlProtos.Permission.newBuilder(); + AccessControlProtos.GlobalPermission.Builder permissionBuilder = + AccessControlProtos.GlobalPermission.newBuilder(); + for (AccessControlProtos.Permission.Action a : actions) { + permissionBuilder.addAction(a); + } + ret.setType(AccessControlProtos.Permission.Type.Global) + .setGlobalPermission(permissionBuilder); + return AccessControlProtos.GrantRequest.newBuilder() + .setUserPermission( + AccessControlProtos.UserPermission.newBuilder() + .setUser(ByteString.copyFromUtf8(username)) + .setPermission(ret) + ).build(); + } + + /** + * Create a request to grant user permissions. + * + * @param username the short user name who to grant permissions * @param tableName optional table name the permissions apply * @param family optional column family * @param qualifier optional qualifier @@ -1214,26 +1240,88 @@ public final class RequestConverter { public static AccessControlProtos.GrantRequest buildGrantRequest( String username, TableName tableName, byte[] family, byte[] qualifier, AccessControlProtos.Permission.Action... actions) { - AccessControlProtos.Permission.Builder permissionBuilder = + AccessControlProtos.Permission.Builder ret = AccessControlProtos.Permission.newBuilder(); + AccessControlProtos.TablePermission.Builder permissionBuilder = + AccessControlProtos.TablePermission.newBuilder(); for (AccessControlProtos.Permission.Action a : actions) { permissionBuilder.addAction(a); } - if (tableName != null) { - permissionBuilder.setTableName(ProtobufUtil.toProtoTableName(tableName)); + if (tableName == null) { + throw new NullPointerException("TableName cannot be null"); } + permissionBuilder.setTableName(ProtobufUtil.toProtoTableName(tableName)); + if (family != null) { permissionBuilder.setFamily(ByteString.copyFrom(family)); } if (qualifier != null) { permissionBuilder.setQualifier(ByteString.copyFrom(qualifier)); } + ret.setType(AccessControlProtos.Permission.Type.Table) + .setTablePermission(permissionBuilder); + return AccessControlProtos.GrantRequest.newBuilder() + .setUserPermission( + AccessControlProtos.UserPermission.newBuilder() + .setUser(ByteString.copyFromUtf8(username)) + .setPermission(ret) + ).build(); + } + /** + * Create a request to grant user permissions. + * + * @param username the short user name who to grant permissions + * @param namespace optional table name the permissions apply + * @param actions the permissions to be granted + * @return A {@link AccessControlProtos} GrantRequest + */ + public static AccessControlProtos.GrantRequest buildGrantRequest( + String username, String namespace, + AccessControlProtos.Permission.Action... actions) { + AccessControlProtos.Permission.Builder ret = + AccessControlProtos.Permission.newBuilder(); + AccessControlProtos.NamespacePermission.Builder permissionBuilder = + AccessControlProtos.NamespacePermission.newBuilder(); + for (AccessControlProtos.Permission.Action a : actions) { + permissionBuilder.addAction(a); + } + if (namespace != null) { + permissionBuilder.setNamespaceName(ByteString.copyFromUtf8(namespace)); + } + ret.setType(AccessControlProtos.Permission.Type.Namespace) + .setNamespacePermission(permissionBuilder); return AccessControlProtos.GrantRequest.newBuilder() - .setPermission( + .setUserPermission( + AccessControlProtos.UserPermission.newBuilder() + .setUser(ByteString.copyFromUtf8(username)) + .setPermission(ret) + ).build(); + } + + /** + * Create a request to revoke user permissions. + * + * @param username the short user name whose permissions to be revoked + * @param actions the permissions to be revoked + * @return A {@link AccessControlProtos} RevokeRequest + */ + public static AccessControlProtos.RevokeRequest buildRevokeRequest( + String username, AccessControlProtos.Permission.Action... actions) { + AccessControlProtos.Permission.Builder ret = + AccessControlProtos.Permission.newBuilder(); + AccessControlProtos.GlobalPermission.Builder permissionBuilder = + AccessControlProtos.GlobalPermission.newBuilder(); + for (AccessControlProtos.Permission.Action a : actions) { + permissionBuilder.addAction(a); + } + ret.setType(AccessControlProtos.Permission.Type.Global) + .setGlobalPermission(permissionBuilder); + return AccessControlProtos.RevokeRequest.newBuilder() + .setUserPermission( AccessControlProtos.UserPermission.newBuilder() .setUser(ByteString.copyFromUtf8(username)) - .setPermission(permissionBuilder.build()) + .setPermission(ret) ).build(); } @@ -1250,8 +1338,10 @@ public final class RequestConverter { public static AccessControlProtos.RevokeRequest buildRevokeRequest( String username, TableName tableName, byte[] family, byte[] qualifier, AccessControlProtos.Permission.Action... actions) { - AccessControlProtos.Permission.Builder permissionBuilder = + AccessControlProtos.Permission.Builder ret = AccessControlProtos.Permission.newBuilder(); + AccessControlProtos.TablePermission.Builder permissionBuilder = + AccessControlProtos.TablePermission.newBuilder(); for (AccessControlProtos.Permission.Action a : actions) { permissionBuilder.addAction(a); } @@ -1264,12 +1354,44 @@ public final class RequestConverter { if (qualifier != null) { permissionBuilder.setQualifier(ByteString.copyFrom(qualifier)); } + ret.setType(AccessControlProtos.Permission.Type.Table) + .setTablePermission(permissionBuilder); + return AccessControlProtos.RevokeRequest.newBuilder() + .setUserPermission( + AccessControlProtos.UserPermission.newBuilder() + .setUser(ByteString.copyFromUtf8(username)) + .setPermission(ret) + ).build(); + } + /** + * Create a request to revoke user permissions. + * + * @param username the short user name whose permissions to be revoked + * @param namespace optional table name the permissions apply + * @param actions the permissions to be revoked + * @return A {@link AccessControlProtos} RevokeRequest + */ + public static AccessControlProtos.RevokeRequest buildRevokeRequest( + String username, String namespace, + AccessControlProtos.Permission.Action... actions) { + AccessControlProtos.Permission.Builder ret = + AccessControlProtos.Permission.newBuilder(); + AccessControlProtos.NamespacePermission.Builder permissionBuilder = + AccessControlProtos.NamespacePermission.newBuilder(); + for (AccessControlProtos.Permission.Action a : actions) { + permissionBuilder.addAction(a); + } + if (namespace != null) { + permissionBuilder.setNamespaceName(ByteString.copyFromUtf8(namespace)); + } + ret.setType(AccessControlProtos.Permission.Type.Namespace) + .setNamespacePermission(permissionBuilder); return AccessControlProtos.RevokeRequest.newBuilder() - .setPermission( + .setUserPermission( AccessControlProtos.UserPermission.newBuilder() .setUser(ByteString.copyFromUtf8(username)) - .setPermission(permissionBuilder.build()) + .setPermission(ret) ).build(); } diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ResponseConverter.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ResponseConverter.java index 14459c3..4e59cb7 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ResponseConverter.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ResponseConverter.java @@ -116,7 +116,7 @@ public final class ResponseConverter { final List permissions) { UserPermissionsResponse.Builder builder = UserPermissionsResponse.newBuilder(); for (UserPermission perm : permissions) { - builder.addPermission(ProtobufUtil.toUserPermission(perm)); + builder.addUserPermission(ProtobufUtil.toUserPermission(perm)); } return builder.build(); } diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java index 0fd2f87..1c28e89 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java @@ -41,6 +41,10 @@ public class TablePermission extends Permission { private byte[] family; private byte[] qualifier; + //TODO refactor this class + //we need to refacting this into three classes (Global, Table, Namespace) + private String namespace; + /** Nullary constructor for Writable, do not use */ public TablePermission() { super(); @@ -87,6 +91,62 @@ public class TablePermission extends Permission { this.qualifier = qualifier; } + /** + * Creates a new permission for the given namespace or table, restricted to the given + * column family and qualifer, allowing the assigned actions to be performed. + * @param namespace + * @param table the table + * @param family the family, can be null if a global permission on the table + * @param assigned the list of allowed actions + */ + public TablePermission(String namespace, TableName table, byte[] family, byte[] qualifier, + Action... assigned) { + super(assigned); + this.namespace = namespace; + this.table = table; + this.family = family; + this.qualifier = qualifier; + } + + /** + * Creates a new permission for the given namespace or table, family and column qualifier, + * allowing the actions matching the provided byte codes to be performed. + * @param namespace + * @param table the table + * @param family the family, can be null if a global permission on the table + * @param actionCodes the list of allowed action codes + */ + public TablePermission(String namespace, TableName table, byte[] family, byte[] qualifier, + byte[] actionCodes) { + super(actionCodes); + this.namespace = namespace; + this.table = table; + this.family = family; + this.qualifier = qualifier; + } + + /** + * Creates a new permission for the given namespace, + * allowing the actions matching the provided byte codes to be performed. + * @param namespace + * @param actionCodes the list of allowed action codes + */ + public TablePermission(String namespace, byte[] actionCodes) { + super(actionCodes); + this.namespace = namespace; + } + + /** + * Create a new permission for the given namespace, + * allowing the given actions. + * @param namespace + * @param assigned the list of allowed actions + */ + public TablePermission(String namespace, Action... assigned) { + super(assigned); + this.namespace = namespace; + } + public boolean hasTable() { return table != null; } @@ -111,6 +171,32 @@ public class TablePermission extends Permission { return qualifier; } + public boolean hasNamespace() { + return namespace != null; + } + + public String getNamespace() { + return namespace; + } + + /** + * Checks that a given table operation is authorized by this permission + * instance. + * + * @param namespace the namespace where the operation is being performed + * @param action the action being requested + * @return true if the action within the given scope is allowed + * by this permission, false + */ + public boolean implies(String namespace, Action action) { + if (!this.namespace.equals(namespace)) { + return false; + } + + // check actions + return super.implies(action); + } + /** * Checks that a given table operation is authorized by this permission * instance. @@ -234,7 +320,9 @@ public class TablePermission extends Permission { ((family == null && other.getFamily() == null) || Bytes.equals(family, other.getFamily())) && ((qualifier == null && other.getQualifier() == null) || - Bytes.equals(qualifier, other.getQualifier())) + Bytes.equals(qualifier, other.getQualifier())) && + ((namespace == null && other.getNamespace() == null) || + namespace.equals(other.getNamespace())) )) { return false; } @@ -256,15 +344,28 @@ public class TablePermission extends Permission { if (qualifier != null) { result = prime * result + Bytes.hashCode(qualifier); } + if (namespace != null) { + result = prime * result + namespace.hashCode(); + } return result; } public String toString() { - StringBuilder str = new StringBuilder("[TablePermission: ") - .append("table=").append(table) - .append(", family=").append(Bytes.toString(family)) - .append(", qualifier=").append(Bytes.toString(qualifier)) - .append(", actions="); + StringBuilder str = new StringBuilder("[TablePermission: "); + if(namespace != null) { + str.append("namespace=").append(namespace) + .append(", "); + } + else if(table != null) { + str.append("table=").append(table) + .append(", family=") + .append(family == null ? null : Bytes.toString(family)) + .append(", qualifier=") + .append(qualifier == null ? null : Bytes.toString(qualifier)) + .append(", "); + } else { + str.append("actions="); + } if (actions != null) { for (int i=0; i 0) @@ -291,6 +392,9 @@ public class TablePermission extends Permission { if (in.readBoolean()) { qualifier = Bytes.readByteArray(in); } + if(in.readBoolean()) { + namespace = Bytes.toString(Bytes.readByteArray(in)); + } } @Override @@ -305,5 +409,9 @@ public class TablePermission extends Permission { if (qualifier != null) { Bytes.writeByteArray(out, qualifier); } + out.writeBoolean(namespace != null); + if(namespace != null) { + Bytes.writeByteArray(out, Bytes.toBytes(namespace)); + } } } diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java index 6303ab9..4954fe6 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/UserPermission.java @@ -63,6 +63,29 @@ public class UserPermission extends TablePermission { } /** + * Creates a new instance for the given user. + * @param user the user + * @param namespace + * @param assigned the list of allowed actions + */ + public UserPermission(byte[] user, String namespace, Action... assigned) { + super(namespace, assigned); + this.user = user; + } + + /** + * Creates a new instance for the given user, + * matching the actions with the given codes. + * @param user the user + * @param namespace + * @param actionCodes the list of allowed action codes + */ + public UserPermission(byte[] user, String namespace, byte[] actionCodes) { + super(namespace, actionCodes); + this.user = user; + } + + /** * Creates a new instance for the given user, table and column family. * @param user the user * @param table the table @@ -110,6 +133,18 @@ public class UserPermission extends TablePermission { this.user = user; } + /** + * Creates a new instance for the given user, table, column family and + * qualifier, matching the actions with the given codes. + * @param user the user + * @param perm a TablePermission + */ + public UserPermission(byte[] user, TablePermission perm) { + super(perm.getNamespace(), perm.getTable(), perm.getFamily(), perm.getQualifier(), + perm.actions); + this.user = user; + } + public byte[] getUser() { return user; } @@ -118,8 +153,7 @@ public class UserPermission extends TablePermission { * Returns true if this permission describes a global user permission. */ public boolean isGlobal() { - TableName tableName = getTable(); - return(tableName == null); + return(!hasTable() && !hasNamespace()); } @Override diff --git a/hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java b/hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java index 3ec7435..224acac 100644 --- a/hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java +++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/HConstants.java @@ -289,6 +289,9 @@ public final class HConstants { /** Used by HBCK to sideline backup data */ public static final String HBCK_SIDELINEDIR_NAME = ".hbck"; + /** Any artifacts left from migration can be moved here */ + public static final String MIGRATION_NAME = ".migration"; + /** Used to construct the name of the compaction directory during compaction */ public static final String HREGION_COMPACTIONDIR_NAME = "compaction.dir"; @@ -825,7 +828,7 @@ public final class HConstants { Collections.unmodifiableList(Arrays.asList(new String[] { HREGION_LOGDIR_NAME, HREGION_OLDLOGDIR_NAME, CORRUPT_DIR_NAME, SPLIT_LOGDIR_NAME, HBCK_SIDELINEDIR_NAME, HFILE_ARCHIVE_DIRECTORY, SNAPSHOT_DIR_NAME, HBASE_TEMP_DIRECTORY, - OLD_SNAPSHOT_DIR_NAME, BASE_NAMESPACE_DIR})); + OLD_SNAPSHOT_DIR_NAME, BASE_NAMESPACE_DIR, MIGRATION_NAME})); /** Directories that are not HBase user table directories */ public static final List HBASE_NON_USER_TABLE_DIRS = diff --git a/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/AccessControlProtos.java b/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/AccessControlProtos.java index 92a0fd6..5f821ea 100644 --- a/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/AccessControlProtos.java +++ b/hbase-protocol/src/main/java/org/apache/hadoop/hbase/protobuf/generated/AccessControlProtos.java @@ -11,23 +11,24 @@ public final class AccessControlProtos { public interface PermissionOrBuilder extends com.google.protobuf.MessageOrBuilder { - // repeated .Permission.Action action = 1; - java.util.List getActionList(); - int getActionCount(); - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action getAction(int index); - - // optional .TableName tableName = 2; - boolean hasTableName(); - org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName getTableName(); - org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableNameOrBuilder getTableNameOrBuilder(); - - // optional bytes family = 3; - boolean hasFamily(); - com.google.protobuf.ByteString getFamily(); - - // optional bytes qualifier = 4; - boolean hasQualifier(); - com.google.protobuf.ByteString getQualifier(); + // required .Permission.Type type = 1; + boolean hasType(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type getType(); + + // optional .GlobalPermission global_permission = 2; + boolean hasGlobalPermission(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission getGlobalPermission(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermissionOrBuilder getGlobalPermissionOrBuilder(); + + // optional .NamespacePermission namespace_permission = 3; + boolean hasNamespacePermission(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission getNamespacePermission(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermissionOrBuilder getNamespacePermissionOrBuilder(); + + // optional .TablePermission table_permission = 4; + boolean hasTablePermission(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission getTablePermission(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermissionOrBuilder getTablePermissionOrBuilder(); } public static final class Permission extends com.google.protobuf.GeneratedMessage @@ -135,66 +136,145 @@ public final class AccessControlProtos { // @@protoc_insertion_point(enum_scope:Permission.Action) } - private int bitField0_; - // repeated .Permission.Action action = 1; - public static final int ACTION_FIELD_NUMBER = 1; - private java.util.List action_; - public java.util.List getActionList() { - return action_; - } - public int getActionCount() { - return action_.size(); - } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action getAction(int index) { - return action_.get(index); + public enum Type + implements com.google.protobuf.ProtocolMessageEnum { + Global(0, 1), + Namespace(1, 2), + Table(2, 3), + ; + + public static final int Global_VALUE = 1; + public static final int Namespace_VALUE = 2; + public static final int Table_VALUE = 3; + + + public final int getNumber() { return value; } + + public static Type valueOf(int value) { + switch (value) { + case 1: return Global; + case 2: return Namespace; + case 3: return Table; + default: return null; + } + } + + public static com.google.protobuf.Internal.EnumLiteMap + internalGetValueMap() { + return internalValueMap; + } + private static com.google.protobuf.Internal.EnumLiteMap + internalValueMap = + new com.google.protobuf.Internal.EnumLiteMap() { + public Type findValueByNumber(int number) { + return Type.valueOf(number); + } + }; + + public final com.google.protobuf.Descriptors.EnumValueDescriptor + getValueDescriptor() { + return getDescriptor().getValues().get(index); + } + public final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptorForType() { + return getDescriptor(); + } + public static final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptor() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.getDescriptor().getEnumTypes().get(1); + } + + private static final Type[] VALUES = { + Global, Namespace, Table, + }; + + public static Type valueOf( + com.google.protobuf.Descriptors.EnumValueDescriptor desc) { + if (desc.getType() != getDescriptor()) { + throw new java.lang.IllegalArgumentException( + "EnumValueDescriptor is not for this type."); + } + return VALUES[desc.getIndex()]; + } + + private final int index; + private final int value; + + private Type(int index, int value) { + this.index = index; + this.value = value; + } + + // @@protoc_insertion_point(enum_scope:Permission.Type) } - // optional .TableName tableName = 2; - public static final int TABLENAME_FIELD_NUMBER = 2; - private org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName tableName_; - public boolean hasTableName() { + private int bitField0_; + // required .Permission.Type type = 1; + public static final int TYPE_FIELD_NUMBER = 1; + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type type_; + public boolean hasType() { return ((bitField0_ & 0x00000001) == 0x00000001); } - public org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName getTableName() { - return tableName_; - } - public org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableNameOrBuilder getTableNameOrBuilder() { - return tableName_; + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type getType() { + return type_; } - // optional bytes family = 3; - public static final int FAMILY_FIELD_NUMBER = 3; - private com.google.protobuf.ByteString family_; - public boolean hasFamily() { + // optional .GlobalPermission global_permission = 2; + public static final int GLOBAL_PERMISSION_FIELD_NUMBER = 2; + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission globalPermission_; + public boolean hasGlobalPermission() { return ((bitField0_ & 0x00000002) == 0x00000002); } - public com.google.protobuf.ByteString getFamily() { - return family_; + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission getGlobalPermission() { + return globalPermission_; + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermissionOrBuilder getGlobalPermissionOrBuilder() { + return globalPermission_; } - // optional bytes qualifier = 4; - public static final int QUALIFIER_FIELD_NUMBER = 4; - private com.google.protobuf.ByteString qualifier_; - public boolean hasQualifier() { + // optional .NamespacePermission namespace_permission = 3; + public static final int NAMESPACE_PERMISSION_FIELD_NUMBER = 3; + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission namespacePermission_; + public boolean hasNamespacePermission() { return ((bitField0_ & 0x00000004) == 0x00000004); } - public com.google.protobuf.ByteString getQualifier() { - return qualifier_; + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission getNamespacePermission() { + return namespacePermission_; + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermissionOrBuilder getNamespacePermissionOrBuilder() { + return namespacePermission_; + } + + // optional .TablePermission table_permission = 4; + public static final int TABLE_PERMISSION_FIELD_NUMBER = 4; + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission tablePermission_; + public boolean hasTablePermission() { + return ((bitField0_ & 0x00000008) == 0x00000008); + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission getTablePermission() { + return tablePermission_; + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermissionOrBuilder getTablePermissionOrBuilder() { + return tablePermission_; } private void initFields() { - action_ = java.util.Collections.emptyList(); - tableName_ = org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.getDefaultInstance(); - family_ = com.google.protobuf.ByteString.EMPTY; - qualifier_ = com.google.protobuf.ByteString.EMPTY; + type_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type.Global; + globalPermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.getDefaultInstance(); + namespacePermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.getDefaultInstance(); + tablePermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.getDefaultInstance(); } private byte memoizedIsInitialized = -1; public final boolean isInitialized() { byte isInitialized = memoizedIsInitialized; if (isInitialized != -1) return isInitialized == 1; - if (hasTableName()) { - if (!getTableName().isInitialized()) { + if (!hasType()) { + memoizedIsInitialized = 0; + return false; + } + if (hasTablePermission()) { + if (!getTablePermission().isInitialized()) { memoizedIsInitialized = 0; return false; } @@ -206,17 +286,17 @@ public final class AccessControlProtos { public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException { getSerializedSize(); - for (int i = 0; i < action_.size(); i++) { - output.writeEnum(1, action_.get(i).getNumber()); - } if (((bitField0_ & 0x00000001) == 0x00000001)) { - output.writeMessage(2, tableName_); + output.writeEnum(1, type_.getNumber()); } if (((bitField0_ & 0x00000002) == 0x00000002)) { - output.writeBytes(3, family_); + output.writeMessage(2, globalPermission_); } if (((bitField0_ & 0x00000004) == 0x00000004)) { - output.writeBytes(4, qualifier_); + output.writeMessage(3, namespacePermission_); + } + if (((bitField0_ & 0x00000008) == 0x00000008)) { + output.writeMessage(4, tablePermission_); } getUnknownFields().writeTo(output); } @@ -227,26 +307,21 @@ public final class AccessControlProtos { if (size != -1) return size; size = 0; - { - int dataSize = 0; - for (int i = 0; i < action_.size(); i++) { - dataSize += com.google.protobuf.CodedOutputStream - .computeEnumSizeNoTag(action_.get(i).getNumber()); - } - size += dataSize; - size += 1 * action_.size(); - } if (((bitField0_ & 0x00000001) == 0x00000001)) { size += com.google.protobuf.CodedOutputStream - .computeMessageSize(2, tableName_); + .computeEnumSize(1, type_.getNumber()); } if (((bitField0_ & 0x00000002) == 0x00000002)) { size += com.google.protobuf.CodedOutputStream - .computeBytesSize(3, family_); + .computeMessageSize(2, globalPermission_); } if (((bitField0_ & 0x00000004) == 0x00000004)) { size += com.google.protobuf.CodedOutputStream - .computeBytesSize(4, qualifier_); + .computeMessageSize(3, namespacePermission_); + } + if (((bitField0_ & 0x00000008) == 0x00000008)) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(4, tablePermission_); } size += getUnknownFields().getSerializedSize(); memoizedSerializedSize = size; @@ -271,22 +346,25 @@ public final class AccessControlProtos { org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission other = (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission) obj; boolean result = true; - result = result && getActionList() - .equals(other.getActionList()); - result = result && (hasTableName() == other.hasTableName()); - if (hasTableName()) { - result = result && getTableName() - .equals(other.getTableName()); + result = result && (hasType() == other.hasType()); + if (hasType()) { + result = result && + (getType() == other.getType()); } - result = result && (hasFamily() == other.hasFamily()); - if (hasFamily()) { - result = result && getFamily() - .equals(other.getFamily()); + result = result && (hasGlobalPermission() == other.hasGlobalPermission()); + if (hasGlobalPermission()) { + result = result && getGlobalPermission() + .equals(other.getGlobalPermission()); } - result = result && (hasQualifier() == other.hasQualifier()); - if (hasQualifier()) { - result = result && getQualifier() - .equals(other.getQualifier()); + result = result && (hasNamespacePermission() == other.hasNamespacePermission()); + if (hasNamespacePermission()) { + result = result && getNamespacePermission() + .equals(other.getNamespacePermission()); + } + result = result && (hasTablePermission() == other.hasTablePermission()); + if (hasTablePermission()) { + result = result && getTablePermission() + .equals(other.getTablePermission()); } result = result && getUnknownFields().equals(other.getUnknownFields()); @@ -297,21 +375,21 @@ public final class AccessControlProtos { public int hashCode() { int hash = 41; hash = (19 * hash) + getDescriptorForType().hashCode(); - if (getActionCount() > 0) { - hash = (37 * hash) + ACTION_FIELD_NUMBER; - hash = (53 * hash) + hashEnumList(getActionList()); + if (hasType()) { + hash = (37 * hash) + TYPE_FIELD_NUMBER; + hash = (53 * hash) + hashEnum(getType()); } - if (hasTableName()) { - hash = (37 * hash) + TABLENAME_FIELD_NUMBER; - hash = (53 * hash) + getTableName().hashCode(); + if (hasGlobalPermission()) { + hash = (37 * hash) + GLOBAL_PERMISSION_FIELD_NUMBER; + hash = (53 * hash) + getGlobalPermission().hashCode(); } - if (hasFamily()) { - hash = (37 * hash) + FAMILY_FIELD_NUMBER; - hash = (53 * hash) + getFamily().hashCode(); + if (hasNamespacePermission()) { + hash = (37 * hash) + NAMESPACE_PERMISSION_FIELD_NUMBER; + hash = (53 * hash) + getNamespacePermission().hashCode(); } - if (hasQualifier()) { - hash = (37 * hash) + QUALIFIER_FIELD_NUMBER; - hash = (53 * hash) + getQualifier().hashCode(); + if (hasTablePermission()) { + hash = (37 * hash) + TABLE_PERMISSION_FIELD_NUMBER; + hash = (53 * hash) + getTablePermission().hashCode(); } hash = (29 * hash) + getUnknownFields().hashCode(); return hash; @@ -421,7 +499,9 @@ public final class AccessControlProtos { } private void maybeForceBuilderInitialization() { if (com.google.protobuf.GeneratedMessage.alwaysUseFieldBuilders) { - getTableNameFieldBuilder(); + getGlobalPermissionFieldBuilder(); + getNamespacePermissionFieldBuilder(); + getTablePermissionFieldBuilder(); } } private static Builder create() { @@ -430,17 +510,25 @@ public final class AccessControlProtos { public Builder clear() { super.clear(); - action_ = java.util.Collections.emptyList(); + type_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type.Global; bitField0_ = (bitField0_ & ~0x00000001); - if (tableNameBuilder_ == null) { - tableName_ = org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.getDefaultInstance(); + if (globalPermissionBuilder_ == null) { + globalPermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.getDefaultInstance(); } else { - tableNameBuilder_.clear(); + globalPermissionBuilder_.clear(); } bitField0_ = (bitField0_ & ~0x00000002); - family_ = com.google.protobuf.ByteString.EMPTY; + if (namespacePermissionBuilder_ == null) { + namespacePermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.getDefaultInstance(); + } else { + namespacePermissionBuilder_.clear(); + } bitField0_ = (bitField0_ & ~0x00000004); - qualifier_ = com.google.protobuf.ByteString.EMPTY; + if (tablePermissionBuilder_ == null) { + tablePermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.getDefaultInstance(); + } else { + tablePermissionBuilder_.clear(); + } bitField0_ = (bitField0_ & ~0x00000008); return this; } @@ -480,27 +568,34 @@ public final class AccessControlProtos { org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission result = new org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission(this); int from_bitField0_ = bitField0_; int to_bitField0_ = 0; - if (((bitField0_ & 0x00000001) == 0x00000001)) { - action_ = java.util.Collections.unmodifiableList(action_); - bitField0_ = (bitField0_ & ~0x00000001); + if (((from_bitField0_ & 0x00000001) == 0x00000001)) { + to_bitField0_ |= 0x00000001; } - result.action_ = action_; + result.type_ = type_; if (((from_bitField0_ & 0x00000002) == 0x00000002)) { - to_bitField0_ |= 0x00000001; + to_bitField0_ |= 0x00000002; } - if (tableNameBuilder_ == null) { - result.tableName_ = tableName_; + if (globalPermissionBuilder_ == null) { + result.globalPermission_ = globalPermission_; } else { - result.tableName_ = tableNameBuilder_.build(); + result.globalPermission_ = globalPermissionBuilder_.build(); } if (((from_bitField0_ & 0x00000004) == 0x00000004)) { - to_bitField0_ |= 0x00000002; + to_bitField0_ |= 0x00000004; + } + if (namespacePermissionBuilder_ == null) { + result.namespacePermission_ = namespacePermission_; + } else { + result.namespacePermission_ = namespacePermissionBuilder_.build(); } - result.family_ = family_; if (((from_bitField0_ & 0x00000008) == 0x00000008)) { - to_bitField0_ |= 0x00000004; + to_bitField0_ |= 0x00000008; + } + if (tablePermissionBuilder_ == null) { + result.tablePermission_ = tablePermission_; + } else { + result.tablePermission_ = tablePermissionBuilder_.build(); } - result.qualifier_ = qualifier_; result.bitField0_ = to_bitField0_; onBuilt(); return result; @@ -517,32 +612,29 @@ public final class AccessControlProtos { public Builder mergeFrom(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission other) { if (other == org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.getDefaultInstance()) return this; - if (!other.action_.isEmpty()) { - if (action_.isEmpty()) { - action_ = other.action_; - bitField0_ = (bitField0_ & ~0x00000001); - } else { - ensureActionIsMutable(); - action_.addAll(other.action_); - } - onChanged(); + if (other.hasType()) { + setType(other.getType()); } - if (other.hasTableName()) { - mergeTableName(other.getTableName()); + if (other.hasGlobalPermission()) { + mergeGlobalPermission(other.getGlobalPermission()); } - if (other.hasFamily()) { - setFamily(other.getFamily()); + if (other.hasNamespacePermission()) { + mergeNamespacePermission(other.getNamespacePermission()); } - if (other.hasQualifier()) { - setQualifier(other.getQualifier()); + if (other.hasTablePermission()) { + mergeTablePermission(other.getTablePermission()); } this.mergeUnknownFields(other.getUnknownFields()); return this; } public final boolean isInitialized() { - if (hasTableName()) { - if (!getTableName().isInitialized()) { + if (!hasType()) { + + return false; + } + if (hasTablePermission()) { + if (!getTablePermission().isInitialized()) { return false; } @@ -575,46 +667,1956 @@ public final class AccessControlProtos { } case 8: { int rawValue = input.readEnum(); - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action value = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action.valueOf(rawValue); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type value = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type.valueOf(rawValue); if (value == null) { unknownFields.mergeVarintField(1, rawValue); } else { - addAction(value); - } - break; - } - case 10: { - int length = input.readRawVarint32(); - int oldLimit = input.pushLimit(length); - while(input.getBytesUntilLimit() > 0) { - int rawValue = input.readEnum(); - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action value = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action.valueOf(rawValue); - if (value == null) { - unknownFields.mergeVarintField(1, rawValue); - } else { - addAction(value); - } + bitField0_ |= 0x00000001; + type_ = value; } - input.popLimit(oldLimit); break; } case 18: { - org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.Builder subBuilder = org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.newBuilder(); - if (hasTableName()) { - subBuilder.mergeFrom(getTableName()); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.Builder subBuilder = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.newBuilder(); + if (hasGlobalPermission()) { + subBuilder.mergeFrom(getGlobalPermission()); } input.readMessage(subBuilder, extensionRegistry); - setTableName(subBuilder.buildPartial()); + setGlobalPermission(subBuilder.buildPartial()); break; } case 26: { - bitField0_ |= 0x00000004; - family_ = input.readBytes(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.Builder subBuilder = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.newBuilder(); + if (hasNamespacePermission()) { + subBuilder.mergeFrom(getNamespacePermission()); + } + input.readMessage(subBuilder, extensionRegistry); + setNamespacePermission(subBuilder.buildPartial()); break; } case 34: { - bitField0_ |= 0x00000008; - qualifier_ = input.readBytes(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.Builder subBuilder = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.newBuilder(); + if (hasTablePermission()) { + subBuilder.mergeFrom(getTablePermission()); + } + input.readMessage(subBuilder, extensionRegistry); + setTablePermission(subBuilder.buildPartial()); + break; + } + } + } + } + + private int bitField0_; + + // required .Permission.Type type = 1; + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type type_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type.Global; + public boolean hasType() { + return ((bitField0_ & 0x00000001) == 0x00000001); + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type getType() { + return type_; + } + public Builder setType(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000001; + type_ = value; + onChanged(); + return this; + } + public Builder clearType() { + bitField0_ = (bitField0_ & ~0x00000001); + type_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type.Global; + onChanged(); + return this; + } + + // optional .GlobalPermission global_permission = 2; + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission globalPermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.getDefaultInstance(); + private com.google.protobuf.SingleFieldBuilder< + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermissionOrBuilder> globalPermissionBuilder_; + public boolean hasGlobalPermission() { + return ((bitField0_ & 0x00000002) == 0x00000002); + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission getGlobalPermission() { + if (globalPermissionBuilder_ == null) { + return globalPermission_; + } else { + return globalPermissionBuilder_.getMessage(); + } + } + public Builder setGlobalPermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission value) { + if (globalPermissionBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + globalPermission_ = value; + onChanged(); + } else { + globalPermissionBuilder_.setMessage(value); + } + bitField0_ |= 0x00000002; + return this; + } + public Builder setGlobalPermission( + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.Builder builderForValue) { + if (globalPermissionBuilder_ == null) { + globalPermission_ = builderForValue.build(); + onChanged(); + } else { + globalPermissionBuilder_.setMessage(builderForValue.build()); + } + bitField0_ |= 0x00000002; + return this; + } + public Builder mergeGlobalPermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission value) { + if (globalPermissionBuilder_ == null) { + if (((bitField0_ & 0x00000002) == 0x00000002) && + globalPermission_ != org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.getDefaultInstance()) { + globalPermission_ = + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.newBuilder(globalPermission_).mergeFrom(value).buildPartial(); + } else { + globalPermission_ = value; + } + onChanged(); + } else { + globalPermissionBuilder_.mergeFrom(value); + } + bitField0_ |= 0x00000002; + return this; + } + public Builder clearGlobalPermission() { + if (globalPermissionBuilder_ == null) { + globalPermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.getDefaultInstance(); + onChanged(); + } else { + globalPermissionBuilder_.clear(); + } + bitField0_ = (bitField0_ & ~0x00000002); + return this; + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.Builder getGlobalPermissionBuilder() { + bitField0_ |= 0x00000002; + onChanged(); + return getGlobalPermissionFieldBuilder().getBuilder(); + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermissionOrBuilder getGlobalPermissionOrBuilder() { + if (globalPermissionBuilder_ != null) { + return globalPermissionBuilder_.getMessageOrBuilder(); + } else { + return globalPermission_; + } + } + private com.google.protobuf.SingleFieldBuilder< + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermissionOrBuilder> + getGlobalPermissionFieldBuilder() { + if (globalPermissionBuilder_ == null) { + globalPermissionBuilder_ = new com.google.protobuf.SingleFieldBuilder< + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermissionOrBuilder>( + globalPermission_, + getParentForChildren(), + isClean()); + globalPermission_ = null; + } + return globalPermissionBuilder_; + } + + // optional .NamespacePermission namespace_permission = 3; + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission namespacePermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.getDefaultInstance(); + private com.google.protobuf.SingleFieldBuilder< + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermissionOrBuilder> namespacePermissionBuilder_; + public boolean hasNamespacePermission() { + return ((bitField0_ & 0x00000004) == 0x00000004); + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission getNamespacePermission() { + if (namespacePermissionBuilder_ == null) { + return namespacePermission_; + } else { + return namespacePermissionBuilder_.getMessage(); + } + } + public Builder setNamespacePermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission value) { + if (namespacePermissionBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + namespacePermission_ = value; + onChanged(); + } else { + namespacePermissionBuilder_.setMessage(value); + } + bitField0_ |= 0x00000004; + return this; + } + public Builder setNamespacePermission( + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.Builder builderForValue) { + if (namespacePermissionBuilder_ == null) { + namespacePermission_ = builderForValue.build(); + onChanged(); + } else { + namespacePermissionBuilder_.setMessage(builderForValue.build()); + } + bitField0_ |= 0x00000004; + return this; + } + public Builder mergeNamespacePermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission value) { + if (namespacePermissionBuilder_ == null) { + if (((bitField0_ & 0x00000004) == 0x00000004) && + namespacePermission_ != org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.getDefaultInstance()) { + namespacePermission_ = + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.newBuilder(namespacePermission_).mergeFrom(value).buildPartial(); + } else { + namespacePermission_ = value; + } + onChanged(); + } else { + namespacePermissionBuilder_.mergeFrom(value); + } + bitField0_ |= 0x00000004; + return this; + } + public Builder clearNamespacePermission() { + if (namespacePermissionBuilder_ == null) { + namespacePermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.getDefaultInstance(); + onChanged(); + } else { + namespacePermissionBuilder_.clear(); + } + bitField0_ = (bitField0_ & ~0x00000004); + return this; + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.Builder getNamespacePermissionBuilder() { + bitField0_ |= 0x00000004; + onChanged(); + return getNamespacePermissionFieldBuilder().getBuilder(); + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermissionOrBuilder getNamespacePermissionOrBuilder() { + if (namespacePermissionBuilder_ != null) { + return namespacePermissionBuilder_.getMessageOrBuilder(); + } else { + return namespacePermission_; + } + } + private com.google.protobuf.SingleFieldBuilder< + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermissionOrBuilder> + getNamespacePermissionFieldBuilder() { + if (namespacePermissionBuilder_ == null) { + namespacePermissionBuilder_ = new com.google.protobuf.SingleFieldBuilder< + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermissionOrBuilder>( + namespacePermission_, + getParentForChildren(), + isClean()); + namespacePermission_ = null; + } + return namespacePermissionBuilder_; + } + + // optional .TablePermission table_permission = 4; + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission tablePermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.getDefaultInstance(); + private com.google.protobuf.SingleFieldBuilder< + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermissionOrBuilder> tablePermissionBuilder_; + public boolean hasTablePermission() { + return ((bitField0_ & 0x00000008) == 0x00000008); + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission getTablePermission() { + if (tablePermissionBuilder_ == null) { + return tablePermission_; + } else { + return tablePermissionBuilder_.getMessage(); + } + } + public Builder setTablePermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission value) { + if (tablePermissionBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + tablePermission_ = value; + onChanged(); + } else { + tablePermissionBuilder_.setMessage(value); + } + bitField0_ |= 0x00000008; + return this; + } + public Builder setTablePermission( + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.Builder builderForValue) { + if (tablePermissionBuilder_ == null) { + tablePermission_ = builderForValue.build(); + onChanged(); + } else { + tablePermissionBuilder_.setMessage(builderForValue.build()); + } + bitField0_ |= 0x00000008; + return this; + } + public Builder mergeTablePermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission value) { + if (tablePermissionBuilder_ == null) { + if (((bitField0_ & 0x00000008) == 0x00000008) && + tablePermission_ != org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.getDefaultInstance()) { + tablePermission_ = + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.newBuilder(tablePermission_).mergeFrom(value).buildPartial(); + } else { + tablePermission_ = value; + } + onChanged(); + } else { + tablePermissionBuilder_.mergeFrom(value); + } + bitField0_ |= 0x00000008; + return this; + } + public Builder clearTablePermission() { + if (tablePermissionBuilder_ == null) { + tablePermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.getDefaultInstance(); + onChanged(); + } else { + tablePermissionBuilder_.clear(); + } + bitField0_ = (bitField0_ & ~0x00000008); + return this; + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.Builder getTablePermissionBuilder() { + bitField0_ |= 0x00000008; + onChanged(); + return getTablePermissionFieldBuilder().getBuilder(); + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermissionOrBuilder getTablePermissionOrBuilder() { + if (tablePermissionBuilder_ != null) { + return tablePermissionBuilder_.getMessageOrBuilder(); + } else { + return tablePermission_; + } + } + private com.google.protobuf.SingleFieldBuilder< + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermissionOrBuilder> + getTablePermissionFieldBuilder() { + if (tablePermissionBuilder_ == null) { + tablePermissionBuilder_ = new com.google.protobuf.SingleFieldBuilder< + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermissionOrBuilder>( + tablePermission_, + getParentForChildren(), + isClean()); + tablePermission_ = null; + } + return tablePermissionBuilder_; + } + + // @@protoc_insertion_point(builder_scope:Permission) + } + + static { + defaultInstance = new Permission(true); + defaultInstance.initFields(); + } + + // @@protoc_insertion_point(class_scope:Permission) + } + + public interface TablePermissionOrBuilder + extends com.google.protobuf.MessageOrBuilder { + + // optional .TableName table_name = 1; + boolean hasTableName(); + org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName getTableName(); + org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableNameOrBuilder getTableNameOrBuilder(); + + // optional bytes family = 2; + boolean hasFamily(); + com.google.protobuf.ByteString getFamily(); + + // optional bytes qualifier = 3; + boolean hasQualifier(); + com.google.protobuf.ByteString getQualifier(); + + // repeated .Permission.Action action = 4; + java.util.List getActionList(); + int getActionCount(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action getAction(int index); + } + public static final class TablePermission extends + com.google.protobuf.GeneratedMessage + implements TablePermissionOrBuilder { + // Use TablePermission.newBuilder() to construct. + private TablePermission(Builder builder) { + super(builder); + } + private TablePermission(boolean noInit) {} + + private static final TablePermission defaultInstance; + public static TablePermission getDefaultInstance() { + return defaultInstance; + } + + public TablePermission getDefaultInstanceForType() { + return defaultInstance; + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_TablePermission_descriptor; + } + + protected com.google.protobuf.GeneratedMessage.FieldAccessorTable + internalGetFieldAccessorTable() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_TablePermission_fieldAccessorTable; + } + + private int bitField0_; + // optional .TableName table_name = 1; + public static final int TABLE_NAME_FIELD_NUMBER = 1; + private org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName tableName_; + public boolean hasTableName() { + return ((bitField0_ & 0x00000001) == 0x00000001); + } + public org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName getTableName() { + return tableName_; + } + public org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableNameOrBuilder getTableNameOrBuilder() { + return tableName_; + } + + // optional bytes family = 2; + public static final int FAMILY_FIELD_NUMBER = 2; + private com.google.protobuf.ByteString family_; + public boolean hasFamily() { + return ((bitField0_ & 0x00000002) == 0x00000002); + } + public com.google.protobuf.ByteString getFamily() { + return family_; + } + + // optional bytes qualifier = 3; + public static final int QUALIFIER_FIELD_NUMBER = 3; + private com.google.protobuf.ByteString qualifier_; + public boolean hasQualifier() { + return ((bitField0_ & 0x00000004) == 0x00000004); + } + public com.google.protobuf.ByteString getQualifier() { + return qualifier_; + } + + // repeated .Permission.Action action = 4; + public static final int ACTION_FIELD_NUMBER = 4; + private java.util.List action_; + public java.util.List getActionList() { + return action_; + } + public int getActionCount() { + return action_.size(); + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action getAction(int index) { + return action_.get(index); + } + + private void initFields() { + tableName_ = org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.getDefaultInstance(); + family_ = com.google.protobuf.ByteString.EMPTY; + qualifier_ = com.google.protobuf.ByteString.EMPTY; + action_ = java.util.Collections.emptyList(); + } + private byte memoizedIsInitialized = -1; + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized != -1) return isInitialized == 1; + + if (hasTableName()) { + if (!getTableName().isInitialized()) { + memoizedIsInitialized = 0; + return false; + } + } + memoizedIsInitialized = 1; + return true; + } + + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + getSerializedSize(); + if (((bitField0_ & 0x00000001) == 0x00000001)) { + output.writeMessage(1, tableName_); + } + if (((bitField0_ & 0x00000002) == 0x00000002)) { + output.writeBytes(2, family_); + } + if (((bitField0_ & 0x00000004) == 0x00000004)) { + output.writeBytes(3, qualifier_); + } + for (int i = 0; i < action_.size(); i++) { + output.writeEnum(4, action_.get(i).getNumber()); + } + getUnknownFields().writeTo(output); + } + + private int memoizedSerializedSize = -1; + public int getSerializedSize() { + int size = memoizedSerializedSize; + if (size != -1) return size; + + size = 0; + if (((bitField0_ & 0x00000001) == 0x00000001)) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(1, tableName_); + } + if (((bitField0_ & 0x00000002) == 0x00000002)) { + size += com.google.protobuf.CodedOutputStream + .computeBytesSize(2, family_); + } + if (((bitField0_ & 0x00000004) == 0x00000004)) { + size += com.google.protobuf.CodedOutputStream + .computeBytesSize(3, qualifier_); + } + { + int dataSize = 0; + for (int i = 0; i < action_.size(); i++) { + dataSize += com.google.protobuf.CodedOutputStream + .computeEnumSizeNoTag(action_.get(i).getNumber()); + } + size += dataSize; + size += 1 * action_.size(); + } + size += getUnknownFields().getSerializedSize(); + memoizedSerializedSize = size; + return size; + } + + private static final long serialVersionUID = 0L; + @java.lang.Override + protected java.lang.Object writeReplace() + throws java.io.ObjectStreamException { + return super.writeReplace(); + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission)) { + return super.equals(obj); + } + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission other = (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission) obj; + + boolean result = true; + result = result && (hasTableName() == other.hasTableName()); + if (hasTableName()) { + result = result && getTableName() + .equals(other.getTableName()); + } + result = result && (hasFamily() == other.hasFamily()); + if (hasFamily()) { + result = result && getFamily() + .equals(other.getFamily()); + } + result = result && (hasQualifier() == other.hasQualifier()); + if (hasQualifier()) { + result = result && getQualifier() + .equals(other.getQualifier()); + } + result = result && getActionList() + .equals(other.getActionList()); + result = result && + getUnknownFields().equals(other.getUnknownFields()); + return result; + } + + @java.lang.Override + public int hashCode() { + int hash = 41; + hash = (19 * hash) + getDescriptorForType().hashCode(); + if (hasTableName()) { + hash = (37 * hash) + TABLE_NAME_FIELD_NUMBER; + hash = (53 * hash) + getTableName().hashCode(); + } + if (hasFamily()) { + hash = (37 * hash) + FAMILY_FIELD_NUMBER; + hash = (53 * hash) + getFamily().hashCode(); + } + if (hasQualifier()) { + hash = (37 * hash) + QUALIFIER_FIELD_NUMBER; + hash = (53 * hash) + getQualifier().hashCode(); + } + if (getActionCount() > 0) { + hash = (37 * hash) + ACTION_FIELD_NUMBER; + hash = (53 * hash) + hashEnumList(getActionList()); + } + hash = (29 * hash) + getUnknownFields().hashCode(); + return hash; + } + + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return newBuilder().mergeFrom(data).buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return newBuilder().mergeFrom(data, extensionRegistry) + .buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return newBuilder().mergeFrom(data).buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return newBuilder().mergeFrom(data, extensionRegistry) + .buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission parseFrom(java.io.InputStream input) + throws java.io.IOException { + return newBuilder().mergeFrom(input).buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return newBuilder().mergeFrom(input, extensionRegistry) + .buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + Builder builder = newBuilder(); + if (builder.mergeDelimitedFrom(input)) { + return builder.buildParsed(); + } else { + return null; + } + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + Builder builder = newBuilder(); + if (builder.mergeDelimitedFrom(input, extensionRegistry)) { + return builder.buildParsed(); + } else { + return null; + } + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return newBuilder().mergeFrom(input).buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return newBuilder().mergeFrom(input, extensionRegistry) + .buildParsed(); + } + + public static Builder newBuilder() { return Builder.create(); } + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission prototype) { + return newBuilder().mergeFrom(prototype); + } + public Builder toBuilder() { return newBuilder(this); } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessage.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + public static final class Builder extends + com.google.protobuf.GeneratedMessage.Builder + implements org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermissionOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_TablePermission_descriptor; + } + + protected com.google.protobuf.GeneratedMessage.FieldAccessorTable + internalGetFieldAccessorTable() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_TablePermission_fieldAccessorTable; + } + + // Construct using org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.newBuilder() + private Builder() { + maybeForceBuilderInitialization(); + } + + private Builder(BuilderParent parent) { + super(parent); + maybeForceBuilderInitialization(); + } + private void maybeForceBuilderInitialization() { + if (com.google.protobuf.GeneratedMessage.alwaysUseFieldBuilders) { + getTableNameFieldBuilder(); + } + } + private static Builder create() { + return new Builder(); + } + + public Builder clear() { + super.clear(); + if (tableNameBuilder_ == null) { + tableName_ = org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.getDefaultInstance(); + } else { + tableNameBuilder_.clear(); + } + bitField0_ = (bitField0_ & ~0x00000001); + family_ = com.google.protobuf.ByteString.EMPTY; + bitField0_ = (bitField0_ & ~0x00000002); + qualifier_ = com.google.protobuf.ByteString.EMPTY; + bitField0_ = (bitField0_ & ~0x00000004); + action_ = java.util.Collections.emptyList(); + bitField0_ = (bitField0_ & ~0x00000008); + return this; + } + + public Builder clone() { + return create().mergeFrom(buildPartial()); + } + + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.getDescriptor(); + } + + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission getDefaultInstanceForType() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.getDefaultInstance(); + } + + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission build() { + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission buildParsed() + throws com.google.protobuf.InvalidProtocolBufferException { + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException( + result).asInvalidProtocolBufferException(); + } + return result; + } + + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission buildPartial() { + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission result = new org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission(this); + int from_bitField0_ = bitField0_; + int to_bitField0_ = 0; + if (((from_bitField0_ & 0x00000001) == 0x00000001)) { + to_bitField0_ |= 0x00000001; + } + if (tableNameBuilder_ == null) { + result.tableName_ = tableName_; + } else { + result.tableName_ = tableNameBuilder_.build(); + } + if (((from_bitField0_ & 0x00000002) == 0x00000002)) { + to_bitField0_ |= 0x00000002; + } + result.family_ = family_; + if (((from_bitField0_ & 0x00000004) == 0x00000004)) { + to_bitField0_ |= 0x00000004; + } + result.qualifier_ = qualifier_; + if (((bitField0_ & 0x00000008) == 0x00000008)) { + action_ = java.util.Collections.unmodifiableList(action_); + bitField0_ = (bitField0_ & ~0x00000008); + } + result.action_ = action_; + result.bitField0_ = to_bitField0_; + onBuilt(); + return result; + } + + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission) { + return mergeFrom((org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission other) { + if (other == org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.getDefaultInstance()) return this; + if (other.hasTableName()) { + mergeTableName(other.getTableName()); + } + if (other.hasFamily()) { + setFamily(other.getFamily()); + } + if (other.hasQualifier()) { + setQualifier(other.getQualifier()); + } + if (!other.action_.isEmpty()) { + if (action_.isEmpty()) { + action_ = other.action_; + bitField0_ = (bitField0_ & ~0x00000008); + } else { + ensureActionIsMutable(); + action_.addAll(other.action_); + } + onChanged(); + } + this.mergeUnknownFields(other.getUnknownFields()); + return this; + } + + public final boolean isInitialized() { + if (hasTableName()) { + if (!getTableName().isInitialized()) { + + return false; + } + } + return true; + } + + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + com.google.protobuf.UnknownFieldSet.Builder unknownFields = + com.google.protobuf.UnknownFieldSet.newBuilder( + this.getUnknownFields()); + while (true) { + int tag = input.readTag(); + switch (tag) { + case 0: + this.setUnknownFields(unknownFields.build()); + onChanged(); + return this; + default: { + if (!parseUnknownField(input, unknownFields, + extensionRegistry, tag)) { + this.setUnknownFields(unknownFields.build()); + onChanged(); + return this; + } + break; + } + case 10: { + org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.Builder subBuilder = org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.newBuilder(); + if (hasTableName()) { + subBuilder.mergeFrom(getTableName()); + } + input.readMessage(subBuilder, extensionRegistry); + setTableName(subBuilder.buildPartial()); + break; + } + case 18: { + bitField0_ |= 0x00000002; + family_ = input.readBytes(); + break; + } + case 26: { + bitField0_ |= 0x00000004; + qualifier_ = input.readBytes(); + break; + } + case 32: { + int rawValue = input.readEnum(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action value = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action.valueOf(rawValue); + if (value == null) { + unknownFields.mergeVarintField(4, rawValue); + } else { + addAction(value); + } + break; + } + case 34: { + int length = input.readRawVarint32(); + int oldLimit = input.pushLimit(length); + while(input.getBytesUntilLimit() > 0) { + int rawValue = input.readEnum(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action value = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action.valueOf(rawValue); + if (value == null) { + unknownFields.mergeVarintField(4, rawValue); + } else { + addAction(value); + } + } + input.popLimit(oldLimit); + break; + } + } + } + } + + private int bitField0_; + + // optional .TableName table_name = 1; + private org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName tableName_ = org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.getDefaultInstance(); + private com.google.protobuf.SingleFieldBuilder< + org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName, org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.Builder, org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableNameOrBuilder> tableNameBuilder_; + public boolean hasTableName() { + return ((bitField0_ & 0x00000001) == 0x00000001); + } + public org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName getTableName() { + if (tableNameBuilder_ == null) { + return tableName_; + } else { + return tableNameBuilder_.getMessage(); + } + } + public Builder setTableName(org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName value) { + if (tableNameBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + tableName_ = value; + onChanged(); + } else { + tableNameBuilder_.setMessage(value); + } + bitField0_ |= 0x00000001; + return this; + } + public Builder setTableName( + org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.Builder builderForValue) { + if (tableNameBuilder_ == null) { + tableName_ = builderForValue.build(); + onChanged(); + } else { + tableNameBuilder_.setMessage(builderForValue.build()); + } + bitField0_ |= 0x00000001; + return this; + } + public Builder mergeTableName(org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName value) { + if (tableNameBuilder_ == null) { + if (((bitField0_ & 0x00000001) == 0x00000001) && + tableName_ != org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.getDefaultInstance()) { + tableName_ = + org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.newBuilder(tableName_).mergeFrom(value).buildPartial(); + } else { + tableName_ = value; + } + onChanged(); + } else { + tableNameBuilder_.mergeFrom(value); + } + bitField0_ |= 0x00000001; + return this; + } + public Builder clearTableName() { + if (tableNameBuilder_ == null) { + tableName_ = org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.getDefaultInstance(); + onChanged(); + } else { + tableNameBuilder_.clear(); + } + bitField0_ = (bitField0_ & ~0x00000001); + return this; + } + public org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.Builder getTableNameBuilder() { + bitField0_ |= 0x00000001; + onChanged(); + return getTableNameFieldBuilder().getBuilder(); + } + public org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableNameOrBuilder getTableNameOrBuilder() { + if (tableNameBuilder_ != null) { + return tableNameBuilder_.getMessageOrBuilder(); + } else { + return tableName_; + } + } + private com.google.protobuf.SingleFieldBuilder< + org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName, org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.Builder, org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableNameOrBuilder> + getTableNameFieldBuilder() { + if (tableNameBuilder_ == null) { + tableNameBuilder_ = new com.google.protobuf.SingleFieldBuilder< + org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName, org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.Builder, org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableNameOrBuilder>( + tableName_, + getParentForChildren(), + isClean()); + tableName_ = null; + } + return tableNameBuilder_; + } + + // optional bytes family = 2; + private com.google.protobuf.ByteString family_ = com.google.protobuf.ByteString.EMPTY; + public boolean hasFamily() { + return ((bitField0_ & 0x00000002) == 0x00000002); + } + public com.google.protobuf.ByteString getFamily() { + return family_; + } + public Builder setFamily(com.google.protobuf.ByteString value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000002; + family_ = value; + onChanged(); + return this; + } + public Builder clearFamily() { + bitField0_ = (bitField0_ & ~0x00000002); + family_ = getDefaultInstance().getFamily(); + onChanged(); + return this; + } + + // optional bytes qualifier = 3; + private com.google.protobuf.ByteString qualifier_ = com.google.protobuf.ByteString.EMPTY; + public boolean hasQualifier() { + return ((bitField0_ & 0x00000004) == 0x00000004); + } + public com.google.protobuf.ByteString getQualifier() { + return qualifier_; + } + public Builder setQualifier(com.google.protobuf.ByteString value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000004; + qualifier_ = value; + onChanged(); + return this; + } + public Builder clearQualifier() { + bitField0_ = (bitField0_ & ~0x00000004); + qualifier_ = getDefaultInstance().getQualifier(); + onChanged(); + return this; + } + + // repeated .Permission.Action action = 4; + private java.util.List action_ = + java.util.Collections.emptyList(); + private void ensureActionIsMutable() { + if (!((bitField0_ & 0x00000008) == 0x00000008)) { + action_ = new java.util.ArrayList(action_); + bitField0_ |= 0x00000008; + } + } + public java.util.List getActionList() { + return java.util.Collections.unmodifiableList(action_); + } + public int getActionCount() { + return action_.size(); + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action getAction(int index) { + return action_.get(index); + } + public Builder setAction( + int index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action value) { + if (value == null) { + throw new NullPointerException(); + } + ensureActionIsMutable(); + action_.set(index, value); + onChanged(); + return this; + } + public Builder addAction(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action value) { + if (value == null) { + throw new NullPointerException(); + } + ensureActionIsMutable(); + action_.add(value); + onChanged(); + return this; + } + public Builder addAllAction( + java.lang.Iterable values) { + ensureActionIsMutable(); + super.addAll(values, action_); + onChanged(); + return this; + } + public Builder clearAction() { + action_ = java.util.Collections.emptyList(); + bitField0_ = (bitField0_ & ~0x00000008); + onChanged(); + return this; + } + + // @@protoc_insertion_point(builder_scope:TablePermission) + } + + static { + defaultInstance = new TablePermission(true); + defaultInstance.initFields(); + } + + // @@protoc_insertion_point(class_scope:TablePermission) + } + + public interface NamespacePermissionOrBuilder + extends com.google.protobuf.MessageOrBuilder { + + // optional bytes namespace_name = 1; + boolean hasNamespaceName(); + com.google.protobuf.ByteString getNamespaceName(); + + // repeated .Permission.Action action = 2; + java.util.List getActionList(); + int getActionCount(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action getAction(int index); + } + public static final class NamespacePermission extends + com.google.protobuf.GeneratedMessage + implements NamespacePermissionOrBuilder { + // Use NamespacePermission.newBuilder() to construct. + private NamespacePermission(Builder builder) { + super(builder); + } + private NamespacePermission(boolean noInit) {} + + private static final NamespacePermission defaultInstance; + public static NamespacePermission getDefaultInstance() { + return defaultInstance; + } + + public NamespacePermission getDefaultInstanceForType() { + return defaultInstance; + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_NamespacePermission_descriptor; + } + + protected com.google.protobuf.GeneratedMessage.FieldAccessorTable + internalGetFieldAccessorTable() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_NamespacePermission_fieldAccessorTable; + } + + private int bitField0_; + // optional bytes namespace_name = 1; + public static final int NAMESPACE_NAME_FIELD_NUMBER = 1; + private com.google.protobuf.ByteString namespaceName_; + public boolean hasNamespaceName() { + return ((bitField0_ & 0x00000001) == 0x00000001); + } + public com.google.protobuf.ByteString getNamespaceName() { + return namespaceName_; + } + + // repeated .Permission.Action action = 2; + public static final int ACTION_FIELD_NUMBER = 2; + private java.util.List action_; + public java.util.List getActionList() { + return action_; + } + public int getActionCount() { + return action_.size(); + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action getAction(int index) { + return action_.get(index); + } + + private void initFields() { + namespaceName_ = com.google.protobuf.ByteString.EMPTY; + action_ = java.util.Collections.emptyList(); + } + private byte memoizedIsInitialized = -1; + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized != -1) return isInitialized == 1; + + memoizedIsInitialized = 1; + return true; + } + + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + getSerializedSize(); + if (((bitField0_ & 0x00000001) == 0x00000001)) { + output.writeBytes(1, namespaceName_); + } + for (int i = 0; i < action_.size(); i++) { + output.writeEnum(2, action_.get(i).getNumber()); + } + getUnknownFields().writeTo(output); + } + + private int memoizedSerializedSize = -1; + public int getSerializedSize() { + int size = memoizedSerializedSize; + if (size != -1) return size; + + size = 0; + if (((bitField0_ & 0x00000001) == 0x00000001)) { + size += com.google.protobuf.CodedOutputStream + .computeBytesSize(1, namespaceName_); + } + { + int dataSize = 0; + for (int i = 0; i < action_.size(); i++) { + dataSize += com.google.protobuf.CodedOutputStream + .computeEnumSizeNoTag(action_.get(i).getNumber()); + } + size += dataSize; + size += 1 * action_.size(); + } + size += getUnknownFields().getSerializedSize(); + memoizedSerializedSize = size; + return size; + } + + private static final long serialVersionUID = 0L; + @java.lang.Override + protected java.lang.Object writeReplace() + throws java.io.ObjectStreamException { + return super.writeReplace(); + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission)) { + return super.equals(obj); + } + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission other = (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission) obj; + + boolean result = true; + result = result && (hasNamespaceName() == other.hasNamespaceName()); + if (hasNamespaceName()) { + result = result && getNamespaceName() + .equals(other.getNamespaceName()); + } + result = result && getActionList() + .equals(other.getActionList()); + result = result && + getUnknownFields().equals(other.getUnknownFields()); + return result; + } + + @java.lang.Override + public int hashCode() { + int hash = 41; + hash = (19 * hash) + getDescriptorForType().hashCode(); + if (hasNamespaceName()) { + hash = (37 * hash) + NAMESPACE_NAME_FIELD_NUMBER; + hash = (53 * hash) + getNamespaceName().hashCode(); + } + if (getActionCount() > 0) { + hash = (37 * hash) + ACTION_FIELD_NUMBER; + hash = (53 * hash) + hashEnumList(getActionList()); + } + hash = (29 * hash) + getUnknownFields().hashCode(); + return hash; + } + + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return newBuilder().mergeFrom(data).buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return newBuilder().mergeFrom(data, extensionRegistry) + .buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return newBuilder().mergeFrom(data).buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return newBuilder().mergeFrom(data, extensionRegistry) + .buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission parseFrom(java.io.InputStream input) + throws java.io.IOException { + return newBuilder().mergeFrom(input).buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return newBuilder().mergeFrom(input, extensionRegistry) + .buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + Builder builder = newBuilder(); + if (builder.mergeDelimitedFrom(input)) { + return builder.buildParsed(); + } else { + return null; + } + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + Builder builder = newBuilder(); + if (builder.mergeDelimitedFrom(input, extensionRegistry)) { + return builder.buildParsed(); + } else { + return null; + } + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return newBuilder().mergeFrom(input).buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return newBuilder().mergeFrom(input, extensionRegistry) + .buildParsed(); + } + + public static Builder newBuilder() { return Builder.create(); } + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission prototype) { + return newBuilder().mergeFrom(prototype); + } + public Builder toBuilder() { return newBuilder(this); } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessage.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + public static final class Builder extends + com.google.protobuf.GeneratedMessage.Builder + implements org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermissionOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_NamespacePermission_descriptor; + } + + protected com.google.protobuf.GeneratedMessage.FieldAccessorTable + internalGetFieldAccessorTable() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_NamespacePermission_fieldAccessorTable; + } + + // Construct using org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.newBuilder() + private Builder() { + maybeForceBuilderInitialization(); + } + + private Builder(BuilderParent parent) { + super(parent); + maybeForceBuilderInitialization(); + } + private void maybeForceBuilderInitialization() { + if (com.google.protobuf.GeneratedMessage.alwaysUseFieldBuilders) { + } + } + private static Builder create() { + return new Builder(); + } + + public Builder clear() { + super.clear(); + namespaceName_ = com.google.protobuf.ByteString.EMPTY; + bitField0_ = (bitField0_ & ~0x00000001); + action_ = java.util.Collections.emptyList(); + bitField0_ = (bitField0_ & ~0x00000002); + return this; + } + + public Builder clone() { + return create().mergeFrom(buildPartial()); + } + + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.getDescriptor(); + } + + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission getDefaultInstanceForType() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.getDefaultInstance(); + } + + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission build() { + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission buildParsed() + throws com.google.protobuf.InvalidProtocolBufferException { + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException( + result).asInvalidProtocolBufferException(); + } + return result; + } + + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission buildPartial() { + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission result = new org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission(this); + int from_bitField0_ = bitField0_; + int to_bitField0_ = 0; + if (((from_bitField0_ & 0x00000001) == 0x00000001)) { + to_bitField0_ |= 0x00000001; + } + result.namespaceName_ = namespaceName_; + if (((bitField0_ & 0x00000002) == 0x00000002)) { + action_ = java.util.Collections.unmodifiableList(action_); + bitField0_ = (bitField0_ & ~0x00000002); + } + result.action_ = action_; + result.bitField0_ = to_bitField0_; + onBuilt(); + return result; + } + + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission) { + return mergeFrom((org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission other) { + if (other == org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.getDefaultInstance()) return this; + if (other.hasNamespaceName()) { + setNamespaceName(other.getNamespaceName()); + } + if (!other.action_.isEmpty()) { + if (action_.isEmpty()) { + action_ = other.action_; + bitField0_ = (bitField0_ & ~0x00000002); + } else { + ensureActionIsMutable(); + action_.addAll(other.action_); + } + onChanged(); + } + this.mergeUnknownFields(other.getUnknownFields()); + return this; + } + + public final boolean isInitialized() { + return true; + } + + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + com.google.protobuf.UnknownFieldSet.Builder unknownFields = + com.google.protobuf.UnknownFieldSet.newBuilder( + this.getUnknownFields()); + while (true) { + int tag = input.readTag(); + switch (tag) { + case 0: + this.setUnknownFields(unknownFields.build()); + onChanged(); + return this; + default: { + if (!parseUnknownField(input, unknownFields, + extensionRegistry, tag)) { + this.setUnknownFields(unknownFields.build()); + onChanged(); + return this; + } + break; + } + case 10: { + bitField0_ |= 0x00000001; + namespaceName_ = input.readBytes(); + break; + } + case 16: { + int rawValue = input.readEnum(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action value = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action.valueOf(rawValue); + if (value == null) { + unknownFields.mergeVarintField(2, rawValue); + } else { + addAction(value); + } + break; + } + case 18: { + int length = input.readRawVarint32(); + int oldLimit = input.pushLimit(length); + while(input.getBytesUntilLimit() > 0) { + int rawValue = input.readEnum(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action value = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action.valueOf(rawValue); + if (value == null) { + unknownFields.mergeVarintField(2, rawValue); + } else { + addAction(value); + } + } + input.popLimit(oldLimit); + break; + } + } + } + } + + private int bitField0_; + + // optional bytes namespace_name = 1; + private com.google.protobuf.ByteString namespaceName_ = com.google.protobuf.ByteString.EMPTY; + public boolean hasNamespaceName() { + return ((bitField0_ & 0x00000001) == 0x00000001); + } + public com.google.protobuf.ByteString getNamespaceName() { + return namespaceName_; + } + public Builder setNamespaceName(com.google.protobuf.ByteString value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000001; + namespaceName_ = value; + onChanged(); + return this; + } + public Builder clearNamespaceName() { + bitField0_ = (bitField0_ & ~0x00000001); + namespaceName_ = getDefaultInstance().getNamespaceName(); + onChanged(); + return this; + } + + // repeated .Permission.Action action = 2; + private java.util.List action_ = + java.util.Collections.emptyList(); + private void ensureActionIsMutable() { + if (!((bitField0_ & 0x00000002) == 0x00000002)) { + action_ = new java.util.ArrayList(action_); + bitField0_ |= 0x00000002; + } + } + public java.util.List getActionList() { + return java.util.Collections.unmodifiableList(action_); + } + public int getActionCount() { + return action_.size(); + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action getAction(int index) { + return action_.get(index); + } + public Builder setAction( + int index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action value) { + if (value == null) { + throw new NullPointerException(); + } + ensureActionIsMutable(); + action_.set(index, value); + onChanged(); + return this; + } + public Builder addAction(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action value) { + if (value == null) { + throw new NullPointerException(); + } + ensureActionIsMutable(); + action_.add(value); + onChanged(); + return this; + } + public Builder addAllAction( + java.lang.Iterable values) { + ensureActionIsMutable(); + super.addAll(values, action_); + onChanged(); + return this; + } + public Builder clearAction() { + action_ = java.util.Collections.emptyList(); + bitField0_ = (bitField0_ & ~0x00000002); + onChanged(); + return this; + } + + // @@protoc_insertion_point(builder_scope:NamespacePermission) + } + + static { + defaultInstance = new NamespacePermission(true); + defaultInstance.initFields(); + } + + // @@protoc_insertion_point(class_scope:NamespacePermission) + } + + public interface GlobalPermissionOrBuilder + extends com.google.protobuf.MessageOrBuilder { + + // repeated .Permission.Action action = 1; + java.util.List getActionList(); + int getActionCount(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action getAction(int index); + } + public static final class GlobalPermission extends + com.google.protobuf.GeneratedMessage + implements GlobalPermissionOrBuilder { + // Use GlobalPermission.newBuilder() to construct. + private GlobalPermission(Builder builder) { + super(builder); + } + private GlobalPermission(boolean noInit) {} + + private static final GlobalPermission defaultInstance; + public static GlobalPermission getDefaultInstance() { + return defaultInstance; + } + + public GlobalPermission getDefaultInstanceForType() { + return defaultInstance; + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_GlobalPermission_descriptor; + } + + protected com.google.protobuf.GeneratedMessage.FieldAccessorTable + internalGetFieldAccessorTable() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_GlobalPermission_fieldAccessorTable; + } + + // repeated .Permission.Action action = 1; + public static final int ACTION_FIELD_NUMBER = 1; + private java.util.List action_; + public java.util.List getActionList() { + return action_; + } + public int getActionCount() { + return action_.size(); + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action getAction(int index) { + return action_.get(index); + } + + private void initFields() { + action_ = java.util.Collections.emptyList(); + } + private byte memoizedIsInitialized = -1; + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized != -1) return isInitialized == 1; + + memoizedIsInitialized = 1; + return true; + } + + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + getSerializedSize(); + for (int i = 0; i < action_.size(); i++) { + output.writeEnum(1, action_.get(i).getNumber()); + } + getUnknownFields().writeTo(output); + } + + private int memoizedSerializedSize = -1; + public int getSerializedSize() { + int size = memoizedSerializedSize; + if (size != -1) return size; + + size = 0; + { + int dataSize = 0; + for (int i = 0; i < action_.size(); i++) { + dataSize += com.google.protobuf.CodedOutputStream + .computeEnumSizeNoTag(action_.get(i).getNumber()); + } + size += dataSize; + size += 1 * action_.size(); + } + size += getUnknownFields().getSerializedSize(); + memoizedSerializedSize = size; + return size; + } + + private static final long serialVersionUID = 0L; + @java.lang.Override + protected java.lang.Object writeReplace() + throws java.io.ObjectStreamException { + return super.writeReplace(); + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission)) { + return super.equals(obj); + } + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission other = (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission) obj; + + boolean result = true; + result = result && getActionList() + .equals(other.getActionList()); + result = result && + getUnknownFields().equals(other.getUnknownFields()); + return result; + } + + @java.lang.Override + public int hashCode() { + int hash = 41; + hash = (19 * hash) + getDescriptorForType().hashCode(); + if (getActionCount() > 0) { + hash = (37 * hash) + ACTION_FIELD_NUMBER; + hash = (53 * hash) + hashEnumList(getActionList()); + } + hash = (29 * hash) + getUnknownFields().hashCode(); + return hash; + } + + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return newBuilder().mergeFrom(data).buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return newBuilder().mergeFrom(data, extensionRegistry) + .buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return newBuilder().mergeFrom(data).buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return newBuilder().mergeFrom(data, extensionRegistry) + .buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission parseFrom(java.io.InputStream input) + throws java.io.IOException { + return newBuilder().mergeFrom(input).buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return newBuilder().mergeFrom(input, extensionRegistry) + .buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + Builder builder = newBuilder(); + if (builder.mergeDelimitedFrom(input)) { + return builder.buildParsed(); + } else { + return null; + } + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + Builder builder = newBuilder(); + if (builder.mergeDelimitedFrom(input, extensionRegistry)) { + return builder.buildParsed(); + } else { + return null; + } + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return newBuilder().mergeFrom(input).buildParsed(); + } + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return newBuilder().mergeFrom(input, extensionRegistry) + .buildParsed(); + } + + public static Builder newBuilder() { return Builder.create(); } + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission prototype) { + return newBuilder().mergeFrom(prototype); + } + public Builder toBuilder() { return newBuilder(this); } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessage.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + public static final class Builder extends + com.google.protobuf.GeneratedMessage.Builder + implements org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermissionOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_GlobalPermission_descriptor; + } + + protected com.google.protobuf.GeneratedMessage.FieldAccessorTable + internalGetFieldAccessorTable() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_GlobalPermission_fieldAccessorTable; + } + + // Construct using org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.newBuilder() + private Builder() { + maybeForceBuilderInitialization(); + } + + private Builder(BuilderParent parent) { + super(parent); + maybeForceBuilderInitialization(); + } + private void maybeForceBuilderInitialization() { + if (com.google.protobuf.GeneratedMessage.alwaysUseFieldBuilders) { + } + } + private static Builder create() { + return new Builder(); + } + + public Builder clear() { + super.clear(); + action_ = java.util.Collections.emptyList(); + bitField0_ = (bitField0_ & ~0x00000001); + return this; + } + + public Builder clone() { + return create().mergeFrom(buildPartial()); + } + + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.getDescriptor(); + } + + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission getDefaultInstanceForType() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.getDefaultInstance(); + } + + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission build() { + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission buildParsed() + throws com.google.protobuf.InvalidProtocolBufferException { + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException( + result).asInvalidProtocolBufferException(); + } + return result; + } + + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission buildPartial() { + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission result = new org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission(this); + int from_bitField0_ = bitField0_; + if (((bitField0_ & 0x00000001) == 0x00000001)) { + action_ = java.util.Collections.unmodifiableList(action_); + bitField0_ = (bitField0_ & ~0x00000001); + } + result.action_ = action_; + onBuilt(); + return result; + } + + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission) { + return mergeFrom((org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission other) { + if (other == org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.getDefaultInstance()) return this; + if (!other.action_.isEmpty()) { + if (action_.isEmpty()) { + action_ = other.action_; + bitField0_ = (bitField0_ & ~0x00000001); + } else { + ensureActionIsMutable(); + action_.addAll(other.action_); + } + onChanged(); + } + this.mergeUnknownFields(other.getUnknownFields()); + return this; + } + + public final boolean isInitialized() { + return true; + } + + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + com.google.protobuf.UnknownFieldSet.Builder unknownFields = + com.google.protobuf.UnknownFieldSet.newBuilder( + this.getUnknownFields()); + while (true) { + int tag = input.readTag(); + switch (tag) { + case 0: + this.setUnknownFields(unknownFields.build()); + onChanged(); + return this; + default: { + if (!parseUnknownField(input, unknownFields, + extensionRegistry, tag)) { + this.setUnknownFields(unknownFields.build()); + onChanged(); + return this; + } + break; + } + case 8: { + int rawValue = input.readEnum(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action value = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action.valueOf(rawValue); + if (value == null) { + unknownFields.mergeVarintField(1, rawValue); + } else { + addAction(value); + } + break; + } + case 10: { + int length = input.readRawVarint32(); + int oldLimit = input.pushLimit(length); + while(input.getBytesUntilLimit() > 0) { + int rawValue = input.readEnum(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action value = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action.valueOf(rawValue); + if (value == null) { + unknownFields.mergeVarintField(1, rawValue); + } else { + addAction(value); + } + } + input.popLimit(oldLimit); break; } } @@ -674,153 +2676,15 @@ public final class AccessControlProtos { return this; } - // optional .TableName tableName = 2; - private org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName tableName_ = org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.getDefaultInstance(); - private com.google.protobuf.SingleFieldBuilder< - org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName, org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.Builder, org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableNameOrBuilder> tableNameBuilder_; - public boolean hasTableName() { - return ((bitField0_ & 0x00000002) == 0x00000002); - } - public org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName getTableName() { - if (tableNameBuilder_ == null) { - return tableName_; - } else { - return tableNameBuilder_.getMessage(); - } - } - public Builder setTableName(org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName value) { - if (tableNameBuilder_ == null) { - if (value == null) { - throw new NullPointerException(); - } - tableName_ = value; - onChanged(); - } else { - tableNameBuilder_.setMessage(value); - } - bitField0_ |= 0x00000002; - return this; - } - public Builder setTableName( - org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.Builder builderForValue) { - if (tableNameBuilder_ == null) { - tableName_ = builderForValue.build(); - onChanged(); - } else { - tableNameBuilder_.setMessage(builderForValue.build()); - } - bitField0_ |= 0x00000002; - return this; - } - public Builder mergeTableName(org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName value) { - if (tableNameBuilder_ == null) { - if (((bitField0_ & 0x00000002) == 0x00000002) && - tableName_ != org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.getDefaultInstance()) { - tableName_ = - org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.newBuilder(tableName_).mergeFrom(value).buildPartial(); - } else { - tableName_ = value; - } - onChanged(); - } else { - tableNameBuilder_.mergeFrom(value); - } - bitField0_ |= 0x00000002; - return this; - } - public Builder clearTableName() { - if (tableNameBuilder_ == null) { - tableName_ = org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.getDefaultInstance(); - onChanged(); - } else { - tableNameBuilder_.clear(); - } - bitField0_ = (bitField0_ & ~0x00000002); - return this; - } - public org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.Builder getTableNameBuilder() { - bitField0_ |= 0x00000002; - onChanged(); - return getTableNameFieldBuilder().getBuilder(); - } - public org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableNameOrBuilder getTableNameOrBuilder() { - if (tableNameBuilder_ != null) { - return tableNameBuilder_.getMessageOrBuilder(); - } else { - return tableName_; - } - } - private com.google.protobuf.SingleFieldBuilder< - org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName, org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.Builder, org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableNameOrBuilder> - getTableNameFieldBuilder() { - if (tableNameBuilder_ == null) { - tableNameBuilder_ = new com.google.protobuf.SingleFieldBuilder< - org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName, org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.Builder, org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableNameOrBuilder>( - tableName_, - getParentForChildren(), - isClean()); - tableName_ = null; - } - return tableNameBuilder_; - } - - // optional bytes family = 3; - private com.google.protobuf.ByteString family_ = com.google.protobuf.ByteString.EMPTY; - public boolean hasFamily() { - return ((bitField0_ & 0x00000004) == 0x00000004); - } - public com.google.protobuf.ByteString getFamily() { - return family_; - } - public Builder setFamily(com.google.protobuf.ByteString value) { - if (value == null) { - throw new NullPointerException(); - } - bitField0_ |= 0x00000004; - family_ = value; - onChanged(); - return this; - } - public Builder clearFamily() { - bitField0_ = (bitField0_ & ~0x00000004); - family_ = getDefaultInstance().getFamily(); - onChanged(); - return this; - } - - // optional bytes qualifier = 4; - private com.google.protobuf.ByteString qualifier_ = com.google.protobuf.ByteString.EMPTY; - public boolean hasQualifier() { - return ((bitField0_ & 0x00000008) == 0x00000008); - } - public com.google.protobuf.ByteString getQualifier() { - return qualifier_; - } - public Builder setQualifier(com.google.protobuf.ByteString value) { - if (value == null) { - throw new NullPointerException(); - } - bitField0_ |= 0x00000008; - qualifier_ = value; - onChanged(); - return this; - } - public Builder clearQualifier() { - bitField0_ = (bitField0_ & ~0x00000008); - qualifier_ = getDefaultInstance().getQualifier(); - onChanged(); - return this; - } - - // @@protoc_insertion_point(builder_scope:Permission) + // @@protoc_insertion_point(builder_scope:GlobalPermission) } static { - defaultInstance = new Permission(true); + defaultInstance = new GlobalPermission(true); defaultInstance.initFields(); } - // @@protoc_insertion_point(class_scope:Permission) + // @@protoc_insertion_point(class_scope:GlobalPermission) } public interface UserPermissionOrBuilder @@ -830,7 +2694,7 @@ public final class AccessControlProtos { boolean hasUser(); com.google.protobuf.ByteString getUser(); - // required .Permission permission = 2; + // required .Permission permission = 3; boolean hasPermission(); org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission getPermission(); org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.PermissionOrBuilder getPermissionOrBuilder(); @@ -874,8 +2738,8 @@ public final class AccessControlProtos { return user_; } - // required .Permission permission = 2; - public static final int PERMISSION_FIELD_NUMBER = 2; + // required .Permission permission = 3; + public static final int PERMISSION_FIELD_NUMBER = 3; private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission permission_; public boolean hasPermission() { return ((bitField0_ & 0x00000002) == 0x00000002); @@ -919,7 +2783,7 @@ public final class AccessControlProtos { output.writeBytes(1, user_); } if (((bitField0_ & 0x00000002) == 0x00000002)) { - output.writeMessage(2, permission_); + output.writeMessage(3, permission_); } getUnknownFields().writeTo(output); } @@ -936,7 +2800,7 @@ public final class AccessControlProtos { } if (((bitField0_ & 0x00000002) == 0x00000002)) { size += com.google.protobuf.CodedOutputStream - .computeMessageSize(2, permission_); + .computeMessageSize(3, permission_); } size += getUnknownFields().getSerializedSize(); memoizedSerializedSize = size; @@ -1233,7 +3097,7 @@ public final class AccessControlProtos { user_ = input.readBytes(); break; } - case 18: { + case 26: { org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Builder subBuilder = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.newBuilder(); if (hasPermission()) { subBuilder.mergeFrom(getPermission()); @@ -1272,7 +3136,7 @@ public final class AccessControlProtos { return this; } - // required .Permission permission = 2; + // required .Permission permission = 3; private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission permission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.getDefaultInstance(); private com.google.protobuf.SingleFieldBuilder< org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.PermissionOrBuilder> permissionBuilder_; @@ -1373,45 +3237,45 @@ public final class AccessControlProtos { // @@protoc_insertion_point(class_scope:UserPermission) } - public interface UserTablePermissionsOrBuilder + public interface UsersAndPermissionsOrBuilder extends com.google.protobuf.MessageOrBuilder { - // repeated .UserTablePermissions.UserPermissions permissions = 1; - java.util.List - getPermissionsList(); - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions getPermissions(int index); - int getPermissionsCount(); - java.util.List - getPermissionsOrBuilderList(); - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissionsOrBuilder getPermissionsOrBuilder( + // repeated .UsersAndPermissions.UserPermissions user_permissions = 1; + java.util.List + getUserPermissionsList(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions getUserPermissions(int index); + int getUserPermissionsCount(); + java.util.List + getUserPermissionsOrBuilderList(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissionsOrBuilder getUserPermissionsOrBuilder( int index); } - public static final class UserTablePermissions extends + public static final class UsersAndPermissions extends com.google.protobuf.GeneratedMessage - implements UserTablePermissionsOrBuilder { - // Use UserTablePermissions.newBuilder() to construct. - private UserTablePermissions(Builder builder) { + implements UsersAndPermissionsOrBuilder { + // Use UsersAndPermissions.newBuilder() to construct. + private UsersAndPermissions(Builder builder) { super(builder); } - private UserTablePermissions(boolean noInit) {} + private UsersAndPermissions(boolean noInit) {} - private static final UserTablePermissions defaultInstance; - public static UserTablePermissions getDefaultInstance() { + private static final UsersAndPermissions defaultInstance; + public static UsersAndPermissions getDefaultInstance() { return defaultInstance; } - public UserTablePermissions getDefaultInstanceForType() { + public UsersAndPermissions getDefaultInstanceForType() { return defaultInstance; } public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { - return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UserTablePermissions_descriptor; + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UsersAndPermissions_descriptor; } protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable() { - return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UserTablePermissions_fieldAccessorTable; + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UsersAndPermissions_fieldAccessorTable; } public interface UserPermissionsOrBuilder @@ -1451,12 +3315,12 @@ public final class AccessControlProtos { public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { - return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UserTablePermissions_UserPermissions_descriptor; + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UsersAndPermissions_UserPermissions_descriptor; } protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable() { - return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UserTablePermissions_UserPermissions_fieldAccessorTable; + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UsersAndPermissions_UserPermissions_fieldAccessorTable; } private int bitField0_; @@ -1557,10 +3421,10 @@ public final class AccessControlProtos { if (obj == this) { return true; } - if (!(obj instanceof org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions)) { + if (!(obj instanceof org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions)) { return super.equals(obj); } - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions other = (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions) obj; + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions other = (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions) obj; boolean result = true; result = result && (hasUser() == other.hasUser()); @@ -1591,41 +3455,41 @@ public final class AccessControlProtos { return hash; } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions parseFrom( + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions parseFrom( com.google.protobuf.ByteString data) throws com.google.protobuf.InvalidProtocolBufferException { return newBuilder().mergeFrom(data).buildParsed(); } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions parseFrom( + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions parseFrom( com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException { return newBuilder().mergeFrom(data, extensionRegistry) .buildParsed(); } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions parseFrom(byte[] data) + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException { return newBuilder().mergeFrom(data).buildParsed(); } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions parseFrom( + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions parseFrom( byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException { return newBuilder().mergeFrom(data, extensionRegistry) .buildParsed(); } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions parseFrom(java.io.InputStream input) + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions parseFrom(java.io.InputStream input) throws java.io.IOException { return newBuilder().mergeFrom(input).buildParsed(); } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions parseFrom( + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions parseFrom( java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws java.io.IOException { return newBuilder().mergeFrom(input, extensionRegistry) .buildParsed(); } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions parseDelimitedFrom(java.io.InputStream input) + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException { Builder builder = newBuilder(); if (builder.mergeDelimitedFrom(input)) { @@ -1634,7 +3498,7 @@ public final class AccessControlProtos { return null; } } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions parseDelimitedFrom( + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions parseDelimitedFrom( java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws java.io.IOException { @@ -1645,12 +3509,12 @@ public final class AccessControlProtos { return null; } } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions parseFrom( + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions parseFrom( com.google.protobuf.CodedInputStream input) throws java.io.IOException { return newBuilder().mergeFrom(input).buildParsed(); } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions parseFrom( + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions parseFrom( com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws java.io.IOException { @@ -1660,7 +3524,7 @@ public final class AccessControlProtos { public static Builder newBuilder() { return Builder.create(); } public Builder newBuilderForType() { return newBuilder(); } - public static Builder newBuilder(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions prototype) { + public static Builder newBuilder(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions prototype) { return newBuilder().mergeFrom(prototype); } public Builder toBuilder() { return newBuilder(this); } @@ -1673,18 +3537,18 @@ public final class AccessControlProtos { } public static final class Builder extends com.google.protobuf.GeneratedMessage.Builder - implements org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissionsOrBuilder { + implements org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissionsOrBuilder { public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { - return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UserTablePermissions_UserPermissions_descriptor; + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UsersAndPermissions_UserPermissions_descriptor; } protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable() { - return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UserTablePermissions_UserPermissions_fieldAccessorTable; + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UsersAndPermissions_UserPermissions_fieldAccessorTable; } - // Construct using org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.newBuilder() + // Construct using org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.newBuilder() private Builder() { maybeForceBuilderInitialization(); } @@ -1721,24 +3585,24 @@ public final class AccessControlProtos { public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() { - return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.getDescriptor(); + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.getDescriptor(); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions getDefaultInstanceForType() { - return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.getDefaultInstance(); + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions getDefaultInstanceForType() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.getDefaultInstance(); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions build() { - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions result = buildPartial(); + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions build() { + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions result = buildPartial(); if (!result.isInitialized()) { throw newUninitializedMessageException(result); } return result; } - private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions buildParsed() + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions buildParsed() throws com.google.protobuf.InvalidProtocolBufferException { - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions result = buildPartial(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions result = buildPartial(); if (!result.isInitialized()) { throw newUninitializedMessageException( result).asInvalidProtocolBufferException(); @@ -1746,8 +3610,8 @@ public final class AccessControlProtos { return result; } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions buildPartial() { - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions result = new org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions(this); + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions buildPartial() { + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions result = new org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions(this); int from_bitField0_ = bitField0_; int to_bitField0_ = 0; if (((from_bitField0_ & 0x00000001) == 0x00000001)) { @@ -1769,16 +3633,16 @@ public final class AccessControlProtos { } public Builder mergeFrom(com.google.protobuf.Message other) { - if (other instanceof org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions) { - return mergeFrom((org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions)other); + if (other instanceof org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions) { + return mergeFrom((org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions)other); } else { super.mergeFrom(other); return this; } } - public Builder mergeFrom(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions other) { - if (other == org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.getDefaultInstance()) return this; + public Builder mergeFrom(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions other) { + if (other == org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.getDefaultInstance()) return this; if (other.hasUser()) { setUser(other.getUser()); } @@ -2076,7 +3940,7 @@ public final class AccessControlProtos { return permissionsBuilder_; } - // @@protoc_insertion_point(builder_scope:UserTablePermissions.UserPermissions) + // @@protoc_insertion_point(builder_scope:UsersAndPermissions.UserPermissions) } static { @@ -2084,40 +3948,40 @@ public final class AccessControlProtos { defaultInstance.initFields(); } - // @@protoc_insertion_point(class_scope:UserTablePermissions.UserPermissions) + // @@protoc_insertion_point(class_scope:UsersAndPermissions.UserPermissions) } - // repeated .UserTablePermissions.UserPermissions permissions = 1; - public static final int PERMISSIONS_FIELD_NUMBER = 1; - private java.util.List permissions_; - public java.util.List getPermissionsList() { - return permissions_; + // repeated .UsersAndPermissions.UserPermissions user_permissions = 1; + public static final int USER_PERMISSIONS_FIELD_NUMBER = 1; + private java.util.List userPermissions_; + public java.util.List getUserPermissionsList() { + return userPermissions_; } - public java.util.List - getPermissionsOrBuilderList() { - return permissions_; + public java.util.List + getUserPermissionsOrBuilderList() { + return userPermissions_; } - public int getPermissionsCount() { - return permissions_.size(); + public int getUserPermissionsCount() { + return userPermissions_.size(); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions getPermissions(int index) { - return permissions_.get(index); + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions getUserPermissions(int index) { + return userPermissions_.get(index); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissionsOrBuilder getPermissionsOrBuilder( + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissionsOrBuilder getUserPermissionsOrBuilder( int index) { - return permissions_.get(index); + return userPermissions_.get(index); } private void initFields() { - permissions_ = java.util.Collections.emptyList(); + userPermissions_ = java.util.Collections.emptyList(); } private byte memoizedIsInitialized = -1; public final boolean isInitialized() { byte isInitialized = memoizedIsInitialized; if (isInitialized != -1) return isInitialized == 1; - for (int i = 0; i < getPermissionsCount(); i++) { - if (!getPermissions(i).isInitialized()) { + for (int i = 0; i < getUserPermissionsCount(); i++) { + if (!getUserPermissions(i).isInitialized()) { memoizedIsInitialized = 0; return false; } @@ -2129,8 +3993,8 @@ public final class AccessControlProtos { public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException { getSerializedSize(); - for (int i = 0; i < permissions_.size(); i++) { - output.writeMessage(1, permissions_.get(i)); + for (int i = 0; i < userPermissions_.size(); i++) { + output.writeMessage(1, userPermissions_.get(i)); } getUnknownFields().writeTo(output); } @@ -2141,9 +4005,9 @@ public final class AccessControlProtos { if (size != -1) return size; size = 0; - for (int i = 0; i < permissions_.size(); i++) { + for (int i = 0; i < userPermissions_.size(); i++) { size += com.google.protobuf.CodedOutputStream - .computeMessageSize(1, permissions_.get(i)); + .computeMessageSize(1, userPermissions_.get(i)); } size += getUnknownFields().getSerializedSize(); memoizedSerializedSize = size; @@ -2162,14 +4026,14 @@ public final class AccessControlProtos { if (obj == this) { return true; } - if (!(obj instanceof org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions)) { + if (!(obj instanceof org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions)) { return super.equals(obj); } - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions other = (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions) obj; + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions other = (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions) obj; boolean result = true; - result = result && getPermissionsList() - .equals(other.getPermissionsList()); + result = result && getUserPermissionsList() + .equals(other.getUserPermissionsList()); result = result && getUnknownFields().equals(other.getUnknownFields()); return result; @@ -2179,49 +4043,49 @@ public final class AccessControlProtos { public int hashCode() { int hash = 41; hash = (19 * hash) + getDescriptorForType().hashCode(); - if (getPermissionsCount() > 0) { - hash = (37 * hash) + PERMISSIONS_FIELD_NUMBER; - hash = (53 * hash) + getPermissionsList().hashCode(); + if (getUserPermissionsCount() > 0) { + hash = (37 * hash) + USER_PERMISSIONS_FIELD_NUMBER; + hash = (53 * hash) + getUserPermissionsList().hashCode(); } hash = (29 * hash) + getUnknownFields().hashCode(); return hash; } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions parseFrom( + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions parseFrom( com.google.protobuf.ByteString data) throws com.google.protobuf.InvalidProtocolBufferException { return newBuilder().mergeFrom(data).buildParsed(); } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions parseFrom( + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions parseFrom( com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException { return newBuilder().mergeFrom(data, extensionRegistry) .buildParsed(); } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions parseFrom(byte[] data) + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException { return newBuilder().mergeFrom(data).buildParsed(); } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions parseFrom( + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions parseFrom( byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException { return newBuilder().mergeFrom(data, extensionRegistry) .buildParsed(); } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions parseFrom(java.io.InputStream input) + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions parseFrom(java.io.InputStream input) throws java.io.IOException { return newBuilder().mergeFrom(input).buildParsed(); } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions parseFrom( + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions parseFrom( java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws java.io.IOException { return newBuilder().mergeFrom(input, extensionRegistry) .buildParsed(); } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions parseDelimitedFrom(java.io.InputStream input) + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException { Builder builder = newBuilder(); if (builder.mergeDelimitedFrom(input)) { @@ -2230,7 +4094,7 @@ public final class AccessControlProtos { return null; } } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions parseDelimitedFrom( + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions parseDelimitedFrom( java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws java.io.IOException { @@ -2241,12 +4105,12 @@ public final class AccessControlProtos { return null; } } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions parseFrom( + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions parseFrom( com.google.protobuf.CodedInputStream input) throws java.io.IOException { return newBuilder().mergeFrom(input).buildParsed(); } - public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions parseFrom( + public static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions parseFrom( com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws java.io.IOException { @@ -2256,7 +4120,7 @@ public final class AccessControlProtos { public static Builder newBuilder() { return Builder.create(); } public Builder newBuilderForType() { return newBuilder(); } - public static Builder newBuilder(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions prototype) { + public static Builder newBuilder(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions prototype) { return newBuilder().mergeFrom(prototype); } public Builder toBuilder() { return newBuilder(this); } @@ -2269,18 +4133,18 @@ public final class AccessControlProtos { } public static final class Builder extends com.google.protobuf.GeneratedMessage.Builder - implements org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissionsOrBuilder { + implements org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissionsOrBuilder { public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() { - return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UserTablePermissions_descriptor; + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UsersAndPermissions_descriptor; } protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable() { - return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UserTablePermissions_fieldAccessorTable; + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UsersAndPermissions_fieldAccessorTable; } - // Construct using org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.newBuilder() + // Construct using org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.newBuilder() private Builder() { maybeForceBuilderInitialization(); } @@ -2291,7 +4155,7 @@ public final class AccessControlProtos { } private void maybeForceBuilderInitialization() { if (com.google.protobuf.GeneratedMessage.alwaysUseFieldBuilders) { - getPermissionsFieldBuilder(); + getUserPermissionsFieldBuilder(); } } private static Builder create() { @@ -2300,11 +4164,11 @@ public final class AccessControlProtos { public Builder clear() { super.clear(); - if (permissionsBuilder_ == null) { - permissions_ = java.util.Collections.emptyList(); + if (userPermissionsBuilder_ == null) { + userPermissions_ = java.util.Collections.emptyList(); bitField0_ = (bitField0_ & ~0x00000001); } else { - permissionsBuilder_.clear(); + userPermissionsBuilder_.clear(); } return this; } @@ -2315,24 +4179,24 @@ public final class AccessControlProtos { public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() { - return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.getDescriptor(); + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.getDescriptor(); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions getDefaultInstanceForType() { - return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.getDefaultInstance(); + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions getDefaultInstanceForType() { + return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.getDefaultInstance(); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions build() { - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions result = buildPartial(); + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions build() { + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions result = buildPartial(); if (!result.isInitialized()) { throw newUninitializedMessageException(result); } return result; } - private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions buildParsed() + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions buildParsed() throws com.google.protobuf.InvalidProtocolBufferException { - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions result = buildPartial(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions result = buildPartial(); if (!result.isInitialized()) { throw newUninitializedMessageException( result).asInvalidProtocolBufferException(); @@ -2340,56 +4204,56 @@ public final class AccessControlProtos { return result; } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions buildPartial() { - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions result = new org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions(this); + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions buildPartial() { + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions result = new org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions(this); int from_bitField0_ = bitField0_; - if (permissionsBuilder_ == null) { + if (userPermissionsBuilder_ == null) { if (((bitField0_ & 0x00000001) == 0x00000001)) { - permissions_ = java.util.Collections.unmodifiableList(permissions_); + userPermissions_ = java.util.Collections.unmodifiableList(userPermissions_); bitField0_ = (bitField0_ & ~0x00000001); } - result.permissions_ = permissions_; + result.userPermissions_ = userPermissions_; } else { - result.permissions_ = permissionsBuilder_.build(); + result.userPermissions_ = userPermissionsBuilder_.build(); } onBuilt(); return result; } public Builder mergeFrom(com.google.protobuf.Message other) { - if (other instanceof org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions) { - return mergeFrom((org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions)other); + if (other instanceof org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions) { + return mergeFrom((org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions)other); } else { super.mergeFrom(other); return this; } } - public Builder mergeFrom(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions other) { - if (other == org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.getDefaultInstance()) return this; - if (permissionsBuilder_ == null) { - if (!other.permissions_.isEmpty()) { - if (permissions_.isEmpty()) { - permissions_ = other.permissions_; + public Builder mergeFrom(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions other) { + if (other == org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.getDefaultInstance()) return this; + if (userPermissionsBuilder_ == null) { + if (!other.userPermissions_.isEmpty()) { + if (userPermissions_.isEmpty()) { + userPermissions_ = other.userPermissions_; bitField0_ = (bitField0_ & ~0x00000001); } else { - ensurePermissionsIsMutable(); - permissions_.addAll(other.permissions_); + ensureUserPermissionsIsMutable(); + userPermissions_.addAll(other.userPermissions_); } onChanged(); } } else { - if (!other.permissions_.isEmpty()) { - if (permissionsBuilder_.isEmpty()) { - permissionsBuilder_.dispose(); - permissionsBuilder_ = null; - permissions_ = other.permissions_; + if (!other.userPermissions_.isEmpty()) { + if (userPermissionsBuilder_.isEmpty()) { + userPermissionsBuilder_.dispose(); + userPermissionsBuilder_ = null; + userPermissions_ = other.userPermissions_; bitField0_ = (bitField0_ & ~0x00000001); - permissionsBuilder_ = + userPermissionsBuilder_ = com.google.protobuf.GeneratedMessage.alwaysUseFieldBuilders ? - getPermissionsFieldBuilder() : null; + getUserPermissionsFieldBuilder() : null; } else { - permissionsBuilder_.addAllMessages(other.permissions_); + userPermissionsBuilder_.addAllMessages(other.userPermissions_); } } } @@ -2398,8 +4262,8 @@ public final class AccessControlProtos { } public final boolean isInitialized() { - for (int i = 0; i < getPermissionsCount(); i++) { - if (!getPermissions(i).isInitialized()) { + for (int i = 0; i < getUserPermissionsCount(); i++) { + if (!getUserPermissions(i).isInitialized()) { return false; } @@ -2431,9 +4295,9 @@ public final class AccessControlProtos { break; } case 10: { - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.Builder subBuilder = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.newBuilder(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.Builder subBuilder = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.newBuilder(); input.readMessage(subBuilder, extensionRegistry); - addPermissions(subBuilder.buildPartial()); + addUserPermissions(subBuilder.buildPartial()); break; } } @@ -2442,210 +4306,210 @@ public final class AccessControlProtos { private int bitField0_; - // repeated .UserTablePermissions.UserPermissions permissions = 1; - private java.util.List permissions_ = + // repeated .UsersAndPermissions.UserPermissions user_permissions = 1; + private java.util.List userPermissions_ = java.util.Collections.emptyList(); - private void ensurePermissionsIsMutable() { + private void ensureUserPermissionsIsMutable() { if (!((bitField0_ & 0x00000001) == 0x00000001)) { - permissions_ = new java.util.ArrayList(permissions_); + userPermissions_ = new java.util.ArrayList(userPermissions_); bitField0_ |= 0x00000001; } } private com.google.protobuf.RepeatedFieldBuilder< - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissionsOrBuilder> permissionsBuilder_; + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissionsOrBuilder> userPermissionsBuilder_; - public java.util.List getPermissionsList() { - if (permissionsBuilder_ == null) { - return java.util.Collections.unmodifiableList(permissions_); + public java.util.List getUserPermissionsList() { + if (userPermissionsBuilder_ == null) { + return java.util.Collections.unmodifiableList(userPermissions_); } else { - return permissionsBuilder_.getMessageList(); + return userPermissionsBuilder_.getMessageList(); } } - public int getPermissionsCount() { - if (permissionsBuilder_ == null) { - return permissions_.size(); + public int getUserPermissionsCount() { + if (userPermissionsBuilder_ == null) { + return userPermissions_.size(); } else { - return permissionsBuilder_.getCount(); + return userPermissionsBuilder_.getCount(); } } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions getPermissions(int index) { - if (permissionsBuilder_ == null) { - return permissions_.get(index); + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions getUserPermissions(int index) { + if (userPermissionsBuilder_ == null) { + return userPermissions_.get(index); } else { - return permissionsBuilder_.getMessage(index); + return userPermissionsBuilder_.getMessage(index); } } - public Builder setPermissions( - int index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions value) { - if (permissionsBuilder_ == null) { + public Builder setUserPermissions( + int index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions value) { + if (userPermissionsBuilder_ == null) { if (value == null) { throw new NullPointerException(); } - ensurePermissionsIsMutable(); - permissions_.set(index, value); + ensureUserPermissionsIsMutable(); + userPermissions_.set(index, value); onChanged(); } else { - permissionsBuilder_.setMessage(index, value); + userPermissionsBuilder_.setMessage(index, value); } return this; } - public Builder setPermissions( - int index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.Builder builderForValue) { - if (permissionsBuilder_ == null) { - ensurePermissionsIsMutable(); - permissions_.set(index, builderForValue.build()); + public Builder setUserPermissions( + int index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.Builder builderForValue) { + if (userPermissionsBuilder_ == null) { + ensureUserPermissionsIsMutable(); + userPermissions_.set(index, builderForValue.build()); onChanged(); } else { - permissionsBuilder_.setMessage(index, builderForValue.build()); + userPermissionsBuilder_.setMessage(index, builderForValue.build()); } return this; } - public Builder addPermissions(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions value) { - if (permissionsBuilder_ == null) { + public Builder addUserPermissions(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions value) { + if (userPermissionsBuilder_ == null) { if (value == null) { throw new NullPointerException(); } - ensurePermissionsIsMutable(); - permissions_.add(value); + ensureUserPermissionsIsMutable(); + userPermissions_.add(value); onChanged(); } else { - permissionsBuilder_.addMessage(value); + userPermissionsBuilder_.addMessage(value); } return this; } - public Builder addPermissions( - int index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions value) { - if (permissionsBuilder_ == null) { + public Builder addUserPermissions( + int index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions value) { + if (userPermissionsBuilder_ == null) { if (value == null) { throw new NullPointerException(); } - ensurePermissionsIsMutable(); - permissions_.add(index, value); + ensureUserPermissionsIsMutable(); + userPermissions_.add(index, value); onChanged(); } else { - permissionsBuilder_.addMessage(index, value); + userPermissionsBuilder_.addMessage(index, value); } return this; } - public Builder addPermissions( - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.Builder builderForValue) { - if (permissionsBuilder_ == null) { - ensurePermissionsIsMutable(); - permissions_.add(builderForValue.build()); + public Builder addUserPermissions( + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.Builder builderForValue) { + if (userPermissionsBuilder_ == null) { + ensureUserPermissionsIsMutable(); + userPermissions_.add(builderForValue.build()); onChanged(); } else { - permissionsBuilder_.addMessage(builderForValue.build()); + userPermissionsBuilder_.addMessage(builderForValue.build()); } return this; } - public Builder addPermissions( - int index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.Builder builderForValue) { - if (permissionsBuilder_ == null) { - ensurePermissionsIsMutable(); - permissions_.add(index, builderForValue.build()); + public Builder addUserPermissions( + int index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.Builder builderForValue) { + if (userPermissionsBuilder_ == null) { + ensureUserPermissionsIsMutable(); + userPermissions_.add(index, builderForValue.build()); onChanged(); } else { - permissionsBuilder_.addMessage(index, builderForValue.build()); + userPermissionsBuilder_.addMessage(index, builderForValue.build()); } return this; } - public Builder addAllPermissions( - java.lang.Iterable values) { - if (permissionsBuilder_ == null) { - ensurePermissionsIsMutable(); - super.addAll(values, permissions_); + public Builder addAllUserPermissions( + java.lang.Iterable values) { + if (userPermissionsBuilder_ == null) { + ensureUserPermissionsIsMutable(); + super.addAll(values, userPermissions_); onChanged(); } else { - permissionsBuilder_.addAllMessages(values); + userPermissionsBuilder_.addAllMessages(values); } return this; } - public Builder clearPermissions() { - if (permissionsBuilder_ == null) { - permissions_ = java.util.Collections.emptyList(); + public Builder clearUserPermissions() { + if (userPermissionsBuilder_ == null) { + userPermissions_ = java.util.Collections.emptyList(); bitField0_ = (bitField0_ & ~0x00000001); onChanged(); } else { - permissionsBuilder_.clear(); + userPermissionsBuilder_.clear(); } return this; } - public Builder removePermissions(int index) { - if (permissionsBuilder_ == null) { - ensurePermissionsIsMutable(); - permissions_.remove(index); + public Builder removeUserPermissions(int index) { + if (userPermissionsBuilder_ == null) { + ensureUserPermissionsIsMutable(); + userPermissions_.remove(index); onChanged(); } else { - permissionsBuilder_.remove(index); + userPermissionsBuilder_.remove(index); } return this; } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.Builder getPermissionsBuilder( + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.Builder getUserPermissionsBuilder( int index) { - return getPermissionsFieldBuilder().getBuilder(index); + return getUserPermissionsFieldBuilder().getBuilder(index); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissionsOrBuilder getPermissionsOrBuilder( + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissionsOrBuilder getUserPermissionsOrBuilder( int index) { - if (permissionsBuilder_ == null) { - return permissions_.get(index); } else { - return permissionsBuilder_.getMessageOrBuilder(index); + if (userPermissionsBuilder_ == null) { + return userPermissions_.get(index); } else { + return userPermissionsBuilder_.getMessageOrBuilder(index); } } - public java.util.List - getPermissionsOrBuilderList() { - if (permissionsBuilder_ != null) { - return permissionsBuilder_.getMessageOrBuilderList(); + public java.util.List + getUserPermissionsOrBuilderList() { + if (userPermissionsBuilder_ != null) { + return userPermissionsBuilder_.getMessageOrBuilderList(); } else { - return java.util.Collections.unmodifiableList(permissions_); + return java.util.Collections.unmodifiableList(userPermissions_); } } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.Builder addPermissionsBuilder() { - return getPermissionsFieldBuilder().addBuilder( - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.getDefaultInstance()); + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.Builder addUserPermissionsBuilder() { + return getUserPermissionsFieldBuilder().addBuilder( + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.getDefaultInstance()); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.Builder addPermissionsBuilder( + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.Builder addUserPermissionsBuilder( int index) { - return getPermissionsFieldBuilder().addBuilder( - index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.getDefaultInstance()); + return getUserPermissionsFieldBuilder().addBuilder( + index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.getDefaultInstance()); } - public java.util.List - getPermissionsBuilderList() { - return getPermissionsFieldBuilder().getBuilderList(); + public java.util.List + getUserPermissionsBuilderList() { + return getUserPermissionsFieldBuilder().getBuilderList(); } private com.google.protobuf.RepeatedFieldBuilder< - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissionsOrBuilder> - getPermissionsFieldBuilder() { - if (permissionsBuilder_ == null) { - permissionsBuilder_ = new com.google.protobuf.RepeatedFieldBuilder< - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissionsOrBuilder>( - permissions_, + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissionsOrBuilder> + getUserPermissionsFieldBuilder() { + if (userPermissionsBuilder_ == null) { + userPermissionsBuilder_ = new com.google.protobuf.RepeatedFieldBuilder< + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissionsOrBuilder>( + userPermissions_, ((bitField0_ & 0x00000001) == 0x00000001), getParentForChildren(), isClean()); - permissions_ = null; + userPermissions_ = null; } - return permissionsBuilder_; + return userPermissionsBuilder_; } - // @@protoc_insertion_point(builder_scope:UserTablePermissions) + // @@protoc_insertion_point(builder_scope:UsersAndPermissions) } static { - defaultInstance = new UserTablePermissions(true); + defaultInstance = new UsersAndPermissions(true); defaultInstance.initFields(); } - // @@protoc_insertion_point(class_scope:UserTablePermissions) + // @@protoc_insertion_point(class_scope:UsersAndPermissions) } public interface GrantRequestOrBuilder extends com.google.protobuf.MessageOrBuilder { - // required .UserPermission permission = 1; - boolean hasPermission(); - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getPermission(); - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getPermissionOrBuilder(); + // required .UserPermission user_permission = 1; + boolean hasUserPermission(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getUserPermission(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getUserPermissionOrBuilder(); } public static final class GrantRequest extends com.google.protobuf.GeneratedMessage @@ -2676,32 +4540,32 @@ public final class AccessControlProtos { } private int bitField0_; - // required .UserPermission permission = 1; - public static final int PERMISSION_FIELD_NUMBER = 1; - private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission permission_; - public boolean hasPermission() { + // required .UserPermission user_permission = 1; + public static final int USER_PERMISSION_FIELD_NUMBER = 1; + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission userPermission_; + public boolean hasUserPermission() { return ((bitField0_ & 0x00000001) == 0x00000001); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getPermission() { - return permission_; + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getUserPermission() { + return userPermission_; } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getPermissionOrBuilder() { - return permission_; + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getUserPermissionOrBuilder() { + return userPermission_; } private void initFields() { - permission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); + userPermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); } private byte memoizedIsInitialized = -1; public final boolean isInitialized() { byte isInitialized = memoizedIsInitialized; if (isInitialized != -1) return isInitialized == 1; - if (!hasPermission()) { + if (!hasUserPermission()) { memoizedIsInitialized = 0; return false; } - if (!getPermission().isInitialized()) { + if (!getUserPermission().isInitialized()) { memoizedIsInitialized = 0; return false; } @@ -2713,7 +4577,7 @@ public final class AccessControlProtos { throws java.io.IOException { getSerializedSize(); if (((bitField0_ & 0x00000001) == 0x00000001)) { - output.writeMessage(1, permission_); + output.writeMessage(1, userPermission_); } getUnknownFields().writeTo(output); } @@ -2726,7 +4590,7 @@ public final class AccessControlProtos { size = 0; if (((bitField0_ & 0x00000001) == 0x00000001)) { size += com.google.protobuf.CodedOutputStream - .computeMessageSize(1, permission_); + .computeMessageSize(1, userPermission_); } size += getUnknownFields().getSerializedSize(); memoizedSerializedSize = size; @@ -2751,10 +4615,10 @@ public final class AccessControlProtos { org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantRequest other = (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantRequest) obj; boolean result = true; - result = result && (hasPermission() == other.hasPermission()); - if (hasPermission()) { - result = result && getPermission() - .equals(other.getPermission()); + result = result && (hasUserPermission() == other.hasUserPermission()); + if (hasUserPermission()) { + result = result && getUserPermission() + .equals(other.getUserPermission()); } result = result && getUnknownFields().equals(other.getUnknownFields()); @@ -2765,9 +4629,9 @@ public final class AccessControlProtos { public int hashCode() { int hash = 41; hash = (19 * hash) + getDescriptorForType().hashCode(); - if (hasPermission()) { - hash = (37 * hash) + PERMISSION_FIELD_NUMBER; - hash = (53 * hash) + getPermission().hashCode(); + if (hasUserPermission()) { + hash = (37 * hash) + USER_PERMISSION_FIELD_NUMBER; + hash = (53 * hash) + getUserPermission().hashCode(); } hash = (29 * hash) + getUnknownFields().hashCode(); return hash; @@ -2877,7 +4741,7 @@ public final class AccessControlProtos { } private void maybeForceBuilderInitialization() { if (com.google.protobuf.GeneratedMessage.alwaysUseFieldBuilders) { - getPermissionFieldBuilder(); + getUserPermissionFieldBuilder(); } } private static Builder create() { @@ -2886,10 +4750,10 @@ public final class AccessControlProtos { public Builder clear() { super.clear(); - if (permissionBuilder_ == null) { - permission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); + if (userPermissionBuilder_ == null) { + userPermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); } else { - permissionBuilder_.clear(); + userPermissionBuilder_.clear(); } bitField0_ = (bitField0_ & ~0x00000001); return this; @@ -2933,10 +4797,10 @@ public final class AccessControlProtos { if (((from_bitField0_ & 0x00000001) == 0x00000001)) { to_bitField0_ |= 0x00000001; } - if (permissionBuilder_ == null) { - result.permission_ = permission_; + if (userPermissionBuilder_ == null) { + result.userPermission_ = userPermission_; } else { - result.permission_ = permissionBuilder_.build(); + result.userPermission_ = userPermissionBuilder_.build(); } result.bitField0_ = to_bitField0_; onBuilt(); @@ -2954,19 +4818,19 @@ public final class AccessControlProtos { public Builder mergeFrom(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantRequest other) { if (other == org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantRequest.getDefaultInstance()) return this; - if (other.hasPermission()) { - mergePermission(other.getPermission()); + if (other.hasUserPermission()) { + mergeUserPermission(other.getUserPermission()); } this.mergeUnknownFields(other.getUnknownFields()); return this; } public final boolean isInitialized() { - if (!hasPermission()) { + if (!hasUserPermission()) { return false; } - if (!getPermission().isInitialized()) { + if (!getUserPermission().isInitialized()) { return false; } @@ -2998,11 +4862,11 @@ public final class AccessControlProtos { } case 10: { org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder subBuilder = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.newBuilder(); - if (hasPermission()) { - subBuilder.mergeFrom(getPermission()); + if (hasUserPermission()) { + subBuilder.mergeFrom(getUserPermission()); } input.readMessage(subBuilder, extensionRegistry); - setPermission(subBuilder.buildPartial()); + setUserPermission(subBuilder.buildPartial()); break; } } @@ -3011,94 +4875,94 @@ public final class AccessControlProtos { private int bitField0_; - // required .UserPermission permission = 1; - private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission permission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); + // required .UserPermission user_permission = 1; + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission userPermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); private com.google.protobuf.SingleFieldBuilder< - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder> permissionBuilder_; - public boolean hasPermission() { + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder> userPermissionBuilder_; + public boolean hasUserPermission() { return ((bitField0_ & 0x00000001) == 0x00000001); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getPermission() { - if (permissionBuilder_ == null) { - return permission_; + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getUserPermission() { + if (userPermissionBuilder_ == null) { + return userPermission_; } else { - return permissionBuilder_.getMessage(); + return userPermissionBuilder_.getMessage(); } } - public Builder setPermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission value) { - if (permissionBuilder_ == null) { + public Builder setUserPermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission value) { + if (userPermissionBuilder_ == null) { if (value == null) { throw new NullPointerException(); } - permission_ = value; + userPermission_ = value; onChanged(); } else { - permissionBuilder_.setMessage(value); + userPermissionBuilder_.setMessage(value); } bitField0_ |= 0x00000001; return this; } - public Builder setPermission( + public Builder setUserPermission( org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder builderForValue) { - if (permissionBuilder_ == null) { - permission_ = builderForValue.build(); + if (userPermissionBuilder_ == null) { + userPermission_ = builderForValue.build(); onChanged(); } else { - permissionBuilder_.setMessage(builderForValue.build()); + userPermissionBuilder_.setMessage(builderForValue.build()); } bitField0_ |= 0x00000001; return this; } - public Builder mergePermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission value) { - if (permissionBuilder_ == null) { + public Builder mergeUserPermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission value) { + if (userPermissionBuilder_ == null) { if (((bitField0_ & 0x00000001) == 0x00000001) && - permission_ != org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance()) { - permission_ = - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.newBuilder(permission_).mergeFrom(value).buildPartial(); + userPermission_ != org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance()) { + userPermission_ = + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.newBuilder(userPermission_).mergeFrom(value).buildPartial(); } else { - permission_ = value; + userPermission_ = value; } onChanged(); } else { - permissionBuilder_.mergeFrom(value); + userPermissionBuilder_.mergeFrom(value); } bitField0_ |= 0x00000001; return this; } - public Builder clearPermission() { - if (permissionBuilder_ == null) { - permission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); + public Builder clearUserPermission() { + if (userPermissionBuilder_ == null) { + userPermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); onChanged(); } else { - permissionBuilder_.clear(); + userPermissionBuilder_.clear(); } bitField0_ = (bitField0_ & ~0x00000001); return this; } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder getPermissionBuilder() { + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder getUserPermissionBuilder() { bitField0_ |= 0x00000001; onChanged(); - return getPermissionFieldBuilder().getBuilder(); + return getUserPermissionFieldBuilder().getBuilder(); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getPermissionOrBuilder() { - if (permissionBuilder_ != null) { - return permissionBuilder_.getMessageOrBuilder(); + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getUserPermissionOrBuilder() { + if (userPermissionBuilder_ != null) { + return userPermissionBuilder_.getMessageOrBuilder(); } else { - return permission_; + return userPermission_; } } private com.google.protobuf.SingleFieldBuilder< org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder> - getPermissionFieldBuilder() { - if (permissionBuilder_ == null) { - permissionBuilder_ = new com.google.protobuf.SingleFieldBuilder< + getUserPermissionFieldBuilder() { + if (userPermissionBuilder_ == null) { + userPermissionBuilder_ = new com.google.protobuf.SingleFieldBuilder< org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder>( - permission_, + userPermission_, getParentForChildren(), isClean()); - permission_ = null; + userPermission_ = null; } - return permissionBuilder_; + return userPermissionBuilder_; } // @@protoc_insertion_point(builder_scope:GrantRequest) @@ -3415,10 +5279,10 @@ public final class AccessControlProtos { public interface RevokeRequestOrBuilder extends com.google.protobuf.MessageOrBuilder { - // required .UserPermission permission = 1; - boolean hasPermission(); - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getPermission(); - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getPermissionOrBuilder(); + // required .UserPermission user_permission = 1; + boolean hasUserPermission(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getUserPermission(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getUserPermissionOrBuilder(); } public static final class RevokeRequest extends com.google.protobuf.GeneratedMessage @@ -3449,32 +5313,32 @@ public final class AccessControlProtos { } private int bitField0_; - // required .UserPermission permission = 1; - public static final int PERMISSION_FIELD_NUMBER = 1; - private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission permission_; - public boolean hasPermission() { + // required .UserPermission user_permission = 1; + public static final int USER_PERMISSION_FIELD_NUMBER = 1; + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission userPermission_; + public boolean hasUserPermission() { return ((bitField0_ & 0x00000001) == 0x00000001); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getPermission() { - return permission_; + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getUserPermission() { + return userPermission_; } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getPermissionOrBuilder() { - return permission_; + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getUserPermissionOrBuilder() { + return userPermission_; } private void initFields() { - permission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); + userPermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); } private byte memoizedIsInitialized = -1; public final boolean isInitialized() { byte isInitialized = memoizedIsInitialized; if (isInitialized != -1) return isInitialized == 1; - if (!hasPermission()) { + if (!hasUserPermission()) { memoizedIsInitialized = 0; return false; } - if (!getPermission().isInitialized()) { + if (!getUserPermission().isInitialized()) { memoizedIsInitialized = 0; return false; } @@ -3486,7 +5350,7 @@ public final class AccessControlProtos { throws java.io.IOException { getSerializedSize(); if (((bitField0_ & 0x00000001) == 0x00000001)) { - output.writeMessage(1, permission_); + output.writeMessage(1, userPermission_); } getUnknownFields().writeTo(output); } @@ -3499,7 +5363,7 @@ public final class AccessControlProtos { size = 0; if (((bitField0_ & 0x00000001) == 0x00000001)) { size += com.google.protobuf.CodedOutputStream - .computeMessageSize(1, permission_); + .computeMessageSize(1, userPermission_); } size += getUnknownFields().getSerializedSize(); memoizedSerializedSize = size; @@ -3524,10 +5388,10 @@ public final class AccessControlProtos { org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeRequest other = (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeRequest) obj; boolean result = true; - result = result && (hasPermission() == other.hasPermission()); - if (hasPermission()) { - result = result && getPermission() - .equals(other.getPermission()); + result = result && (hasUserPermission() == other.hasUserPermission()); + if (hasUserPermission()) { + result = result && getUserPermission() + .equals(other.getUserPermission()); } result = result && getUnknownFields().equals(other.getUnknownFields()); @@ -3538,9 +5402,9 @@ public final class AccessControlProtos { public int hashCode() { int hash = 41; hash = (19 * hash) + getDescriptorForType().hashCode(); - if (hasPermission()) { - hash = (37 * hash) + PERMISSION_FIELD_NUMBER; - hash = (53 * hash) + getPermission().hashCode(); + if (hasUserPermission()) { + hash = (37 * hash) + USER_PERMISSION_FIELD_NUMBER; + hash = (53 * hash) + getUserPermission().hashCode(); } hash = (29 * hash) + getUnknownFields().hashCode(); return hash; @@ -3650,7 +5514,7 @@ public final class AccessControlProtos { } private void maybeForceBuilderInitialization() { if (com.google.protobuf.GeneratedMessage.alwaysUseFieldBuilders) { - getPermissionFieldBuilder(); + getUserPermissionFieldBuilder(); } } private static Builder create() { @@ -3659,10 +5523,10 @@ public final class AccessControlProtos { public Builder clear() { super.clear(); - if (permissionBuilder_ == null) { - permission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); + if (userPermissionBuilder_ == null) { + userPermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); } else { - permissionBuilder_.clear(); + userPermissionBuilder_.clear(); } bitField0_ = (bitField0_ & ~0x00000001); return this; @@ -3706,10 +5570,10 @@ public final class AccessControlProtos { if (((from_bitField0_ & 0x00000001) == 0x00000001)) { to_bitField0_ |= 0x00000001; } - if (permissionBuilder_ == null) { - result.permission_ = permission_; + if (userPermissionBuilder_ == null) { + result.userPermission_ = userPermission_; } else { - result.permission_ = permissionBuilder_.build(); + result.userPermission_ = userPermissionBuilder_.build(); } result.bitField0_ = to_bitField0_; onBuilt(); @@ -3727,19 +5591,19 @@ public final class AccessControlProtos { public Builder mergeFrom(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeRequest other) { if (other == org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeRequest.getDefaultInstance()) return this; - if (other.hasPermission()) { - mergePermission(other.getPermission()); + if (other.hasUserPermission()) { + mergeUserPermission(other.getUserPermission()); } this.mergeUnknownFields(other.getUnknownFields()); return this; } public final boolean isInitialized() { - if (!hasPermission()) { + if (!hasUserPermission()) { return false; } - if (!getPermission().isInitialized()) { + if (!getUserPermission().isInitialized()) { return false; } @@ -3771,11 +5635,11 @@ public final class AccessControlProtos { } case 10: { org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder subBuilder = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.newBuilder(); - if (hasPermission()) { - subBuilder.mergeFrom(getPermission()); + if (hasUserPermission()) { + subBuilder.mergeFrom(getUserPermission()); } input.readMessage(subBuilder, extensionRegistry); - setPermission(subBuilder.buildPartial()); + setUserPermission(subBuilder.buildPartial()); break; } } @@ -3784,94 +5648,94 @@ public final class AccessControlProtos { private int bitField0_; - // required .UserPermission permission = 1; - private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission permission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); + // required .UserPermission user_permission = 1; + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission userPermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); private com.google.protobuf.SingleFieldBuilder< - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder> permissionBuilder_; - public boolean hasPermission() { + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder> userPermissionBuilder_; + public boolean hasUserPermission() { return ((bitField0_ & 0x00000001) == 0x00000001); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getPermission() { - if (permissionBuilder_ == null) { - return permission_; + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getUserPermission() { + if (userPermissionBuilder_ == null) { + return userPermission_; } else { - return permissionBuilder_.getMessage(); + return userPermissionBuilder_.getMessage(); } } - public Builder setPermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission value) { - if (permissionBuilder_ == null) { + public Builder setUserPermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission value) { + if (userPermissionBuilder_ == null) { if (value == null) { throw new NullPointerException(); } - permission_ = value; + userPermission_ = value; onChanged(); } else { - permissionBuilder_.setMessage(value); + userPermissionBuilder_.setMessage(value); } bitField0_ |= 0x00000001; return this; } - public Builder setPermission( + public Builder setUserPermission( org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder builderForValue) { - if (permissionBuilder_ == null) { - permission_ = builderForValue.build(); + if (userPermissionBuilder_ == null) { + userPermission_ = builderForValue.build(); onChanged(); } else { - permissionBuilder_.setMessage(builderForValue.build()); + userPermissionBuilder_.setMessage(builderForValue.build()); } bitField0_ |= 0x00000001; return this; } - public Builder mergePermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission value) { - if (permissionBuilder_ == null) { + public Builder mergeUserPermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission value) { + if (userPermissionBuilder_ == null) { if (((bitField0_ & 0x00000001) == 0x00000001) && - permission_ != org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance()) { - permission_ = - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.newBuilder(permission_).mergeFrom(value).buildPartial(); + userPermission_ != org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance()) { + userPermission_ = + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.newBuilder(userPermission_).mergeFrom(value).buildPartial(); } else { - permission_ = value; + userPermission_ = value; } onChanged(); } else { - permissionBuilder_.mergeFrom(value); + userPermissionBuilder_.mergeFrom(value); } bitField0_ |= 0x00000001; return this; } - public Builder clearPermission() { - if (permissionBuilder_ == null) { - permission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); + public Builder clearUserPermission() { + if (userPermissionBuilder_ == null) { + userPermission_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance(); onChanged(); } else { - permissionBuilder_.clear(); + userPermissionBuilder_.clear(); } bitField0_ = (bitField0_ & ~0x00000001); return this; } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder getPermissionBuilder() { + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder getUserPermissionBuilder() { bitField0_ |= 0x00000001; onChanged(); - return getPermissionFieldBuilder().getBuilder(); + return getUserPermissionFieldBuilder().getBuilder(); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getPermissionOrBuilder() { - if (permissionBuilder_ != null) { - return permissionBuilder_.getMessageOrBuilder(); + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getUserPermissionOrBuilder() { + if (userPermissionBuilder_ != null) { + return userPermissionBuilder_.getMessageOrBuilder(); } else { - return permission_; + return userPermission_; } } private com.google.protobuf.SingleFieldBuilder< org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder> - getPermissionFieldBuilder() { - if (permissionBuilder_ == null) { - permissionBuilder_ = new com.google.protobuf.SingleFieldBuilder< + getUserPermissionFieldBuilder() { + if (userPermissionBuilder_ == null) { + userPermissionBuilder_ = new com.google.protobuf.SingleFieldBuilder< org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder>( - permission_, + userPermission_, getParentForChildren(), isClean()); - permission_ = null; + userPermission_ = null; } - return permissionBuilder_; + return userPermissionBuilder_; } // @@protoc_insertion_point(builder_scope:RevokeRequest) @@ -4188,10 +6052,18 @@ public final class AccessControlProtos { public interface UserPermissionsRequestOrBuilder extends com.google.protobuf.MessageOrBuilder { - // optional .TableName tableName = 1; + // optional .Permission.Type type = 1; + boolean hasType(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type getType(); + + // optional .TableName table_name = 2; boolean hasTableName(); org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName getTableName(); org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableNameOrBuilder getTableNameOrBuilder(); + + // optional bytes namespace_name = 3; + boolean hasNamespaceName(); + com.google.protobuf.ByteString getNamespaceName(); } public static final class UserPermissionsRequest extends com.google.protobuf.GeneratedMessage @@ -4222,11 +6094,21 @@ public final class AccessControlProtos { } private int bitField0_; - // optional .TableName tableName = 1; - public static final int TABLENAME_FIELD_NUMBER = 1; + // optional .Permission.Type type = 1; + public static final int TYPE_FIELD_NUMBER = 1; + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type type_; + public boolean hasType() { + return ((bitField0_ & 0x00000001) == 0x00000001); + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type getType() { + return type_; + } + + // optional .TableName table_name = 2; + public static final int TABLE_NAME_FIELD_NUMBER = 2; private org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName tableName_; public boolean hasTableName() { - return ((bitField0_ & 0x00000001) == 0x00000001); + return ((bitField0_ & 0x00000002) == 0x00000002); } public org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName getTableName() { return tableName_; @@ -4235,8 +6117,20 @@ public final class AccessControlProtos { return tableName_; } + // optional bytes namespace_name = 3; + public static final int NAMESPACE_NAME_FIELD_NUMBER = 3; + private com.google.protobuf.ByteString namespaceName_; + public boolean hasNamespaceName() { + return ((bitField0_ & 0x00000004) == 0x00000004); + } + public com.google.protobuf.ByteString getNamespaceName() { + return namespaceName_; + } + private void initFields() { + type_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type.Global; tableName_ = org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.getDefaultInstance(); + namespaceName_ = com.google.protobuf.ByteString.EMPTY; } private byte memoizedIsInitialized = -1; public final boolean isInitialized() { @@ -4257,7 +6151,13 @@ public final class AccessControlProtos { throws java.io.IOException { getSerializedSize(); if (((bitField0_ & 0x00000001) == 0x00000001)) { - output.writeMessage(1, tableName_); + output.writeEnum(1, type_.getNumber()); + } + if (((bitField0_ & 0x00000002) == 0x00000002)) { + output.writeMessage(2, tableName_); + } + if (((bitField0_ & 0x00000004) == 0x00000004)) { + output.writeBytes(3, namespaceName_); } getUnknownFields().writeTo(output); } @@ -4270,7 +6170,15 @@ public final class AccessControlProtos { size = 0; if (((bitField0_ & 0x00000001) == 0x00000001)) { size += com.google.protobuf.CodedOutputStream - .computeMessageSize(1, tableName_); + .computeEnumSize(1, type_.getNumber()); + } + if (((bitField0_ & 0x00000002) == 0x00000002)) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(2, tableName_); + } + if (((bitField0_ & 0x00000004) == 0x00000004)) { + size += com.google.protobuf.CodedOutputStream + .computeBytesSize(3, namespaceName_); } size += getUnknownFields().getSerializedSize(); memoizedSerializedSize = size; @@ -4295,11 +6203,21 @@ public final class AccessControlProtos { org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionsRequest other = (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionsRequest) obj; boolean result = true; + result = result && (hasType() == other.hasType()); + if (hasType()) { + result = result && + (getType() == other.getType()); + } result = result && (hasTableName() == other.hasTableName()); if (hasTableName()) { result = result && getTableName() .equals(other.getTableName()); } + result = result && (hasNamespaceName() == other.hasNamespaceName()); + if (hasNamespaceName()) { + result = result && getNamespaceName() + .equals(other.getNamespaceName()); + } result = result && getUnknownFields().equals(other.getUnknownFields()); return result; @@ -4309,10 +6227,18 @@ public final class AccessControlProtos { public int hashCode() { int hash = 41; hash = (19 * hash) + getDescriptorForType().hashCode(); + if (hasType()) { + hash = (37 * hash) + TYPE_FIELD_NUMBER; + hash = (53 * hash) + hashEnum(getType()); + } if (hasTableName()) { - hash = (37 * hash) + TABLENAME_FIELD_NUMBER; + hash = (37 * hash) + TABLE_NAME_FIELD_NUMBER; hash = (53 * hash) + getTableName().hashCode(); } + if (hasNamespaceName()) { + hash = (37 * hash) + NAMESPACE_NAME_FIELD_NUMBER; + hash = (53 * hash) + getNamespaceName().hashCode(); + } hash = (29 * hash) + getUnknownFields().hashCode(); return hash; } @@ -4430,12 +6356,16 @@ public final class AccessControlProtos { public Builder clear() { super.clear(); + type_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type.Global; + bitField0_ = (bitField0_ & ~0x00000001); if (tableNameBuilder_ == null) { tableName_ = org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.getDefaultInstance(); } else { tableNameBuilder_.clear(); } - bitField0_ = (bitField0_ & ~0x00000001); + bitField0_ = (bitField0_ & ~0x00000002); + namespaceName_ = com.google.protobuf.ByteString.EMPTY; + bitField0_ = (bitField0_ & ~0x00000004); return this; } @@ -4477,11 +6407,19 @@ public final class AccessControlProtos { if (((from_bitField0_ & 0x00000001) == 0x00000001)) { to_bitField0_ |= 0x00000001; } + result.type_ = type_; + if (((from_bitField0_ & 0x00000002) == 0x00000002)) { + to_bitField0_ |= 0x00000002; + } if (tableNameBuilder_ == null) { result.tableName_ = tableName_; } else { result.tableName_ = tableNameBuilder_.build(); } + if (((from_bitField0_ & 0x00000004) == 0x00000004)) { + to_bitField0_ |= 0x00000004; + } + result.namespaceName_ = namespaceName_; result.bitField0_ = to_bitField0_; onBuilt(); return result; @@ -4498,9 +6436,15 @@ public final class AccessControlProtos { public Builder mergeFrom(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionsRequest other) { if (other == org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionsRequest.getDefaultInstance()) return this; + if (other.hasType()) { + setType(other.getType()); + } if (other.hasTableName()) { mergeTableName(other.getTableName()); } + if (other.hasNamespaceName()) { + setNamespaceName(other.getNamespaceName()); + } this.mergeUnknownFields(other.getUnknownFields()); return this; } @@ -4538,7 +6482,18 @@ public final class AccessControlProtos { } break; } - case 10: { + case 8: { + int rawValue = input.readEnum(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type value = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type.valueOf(rawValue); + if (value == null) { + unknownFields.mergeVarintField(1, rawValue); + } else { + bitField0_ |= 0x00000001; + type_ = value; + } + break; + } + case 18: { org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.Builder subBuilder = org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.newBuilder(); if (hasTableName()) { subBuilder.mergeFrom(getTableName()); @@ -4547,18 +6502,47 @@ public final class AccessControlProtos { setTableName(subBuilder.buildPartial()); break; } + case 26: { + bitField0_ |= 0x00000004; + namespaceName_ = input.readBytes(); + break; + } } } } private int bitField0_; - // optional .TableName tableName = 1; + // optional .Permission.Type type = 1; + private org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type type_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type.Global; + public boolean hasType() { + return ((bitField0_ & 0x00000001) == 0x00000001); + } + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type getType() { + return type_; + } + public Builder setType(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000001; + type_ = value; + onChanged(); + return this; + } + public Builder clearType() { + bitField0_ = (bitField0_ & ~0x00000001); + type_ = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Type.Global; + onChanged(); + return this; + } + + // optional .TableName table_name = 2; private org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName tableName_ = org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.getDefaultInstance(); private com.google.protobuf.SingleFieldBuilder< org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName, org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.Builder, org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableNameOrBuilder> tableNameBuilder_; public boolean hasTableName() { - return ((bitField0_ & 0x00000001) == 0x00000001); + return ((bitField0_ & 0x00000002) == 0x00000002); } public org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName getTableName() { if (tableNameBuilder_ == null) { @@ -4577,7 +6561,7 @@ public final class AccessControlProtos { } else { tableNameBuilder_.setMessage(value); } - bitField0_ |= 0x00000001; + bitField0_ |= 0x00000002; return this; } public Builder setTableName( @@ -4588,12 +6572,12 @@ public final class AccessControlProtos { } else { tableNameBuilder_.setMessage(builderForValue.build()); } - bitField0_ |= 0x00000001; + bitField0_ |= 0x00000002; return this; } public Builder mergeTableName(org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName value) { if (tableNameBuilder_ == null) { - if (((bitField0_ & 0x00000001) == 0x00000001) && + if (((bitField0_ & 0x00000002) == 0x00000002) && tableName_ != org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.getDefaultInstance()) { tableName_ = org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.newBuilder(tableName_).mergeFrom(value).buildPartial(); @@ -4604,7 +6588,7 @@ public final class AccessControlProtos { } else { tableNameBuilder_.mergeFrom(value); } - bitField0_ |= 0x00000001; + bitField0_ |= 0x00000002; return this; } public Builder clearTableName() { @@ -4614,11 +6598,11 @@ public final class AccessControlProtos { } else { tableNameBuilder_.clear(); } - bitField0_ = (bitField0_ & ~0x00000001); + bitField0_ = (bitField0_ & ~0x00000002); return this; } public org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.TableName.Builder getTableNameBuilder() { - bitField0_ |= 0x00000001; + bitField0_ |= 0x00000002; onChanged(); return getTableNameFieldBuilder().getBuilder(); } @@ -4643,6 +6627,30 @@ public final class AccessControlProtos { return tableNameBuilder_; } + // optional bytes namespace_name = 3; + private com.google.protobuf.ByteString namespaceName_ = com.google.protobuf.ByteString.EMPTY; + public boolean hasNamespaceName() { + return ((bitField0_ & 0x00000004) == 0x00000004); + } + public com.google.protobuf.ByteString getNamespaceName() { + return namespaceName_; + } + public Builder setNamespaceName(com.google.protobuf.ByteString value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000004; + namespaceName_ = value; + onChanged(); + return this; + } + public Builder clearNamespaceName() { + bitField0_ = (bitField0_ & ~0x00000004); + namespaceName_ = getDefaultInstance().getNamespaceName(); + onChanged(); + return this; + } + // @@protoc_insertion_point(builder_scope:UserPermissionsRequest) } @@ -4657,14 +6665,14 @@ public final class AccessControlProtos { public interface UserPermissionsResponseOrBuilder extends com.google.protobuf.MessageOrBuilder { - // repeated .UserPermission permission = 1; + // repeated .UserPermission user_permission = 1; java.util.List - getPermissionList(); - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getPermission(int index); - int getPermissionCount(); + getUserPermissionList(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getUserPermission(int index); + int getUserPermissionCount(); java.util.List - getPermissionOrBuilderList(); - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getPermissionOrBuilder( + getUserPermissionOrBuilderList(); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getUserPermissionOrBuilder( int index); } public static final class UserPermissionsResponse extends @@ -4695,37 +6703,37 @@ public final class AccessControlProtos { return org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.internal_static_UserPermissionsResponse_fieldAccessorTable; } - // repeated .UserPermission permission = 1; - public static final int PERMISSION_FIELD_NUMBER = 1; - private java.util.List permission_; - public java.util.List getPermissionList() { - return permission_; + // repeated .UserPermission user_permission = 1; + public static final int USER_PERMISSION_FIELD_NUMBER = 1; + private java.util.List userPermission_; + public java.util.List getUserPermissionList() { + return userPermission_; } public java.util.List - getPermissionOrBuilderList() { - return permission_; + getUserPermissionOrBuilderList() { + return userPermission_; } - public int getPermissionCount() { - return permission_.size(); + public int getUserPermissionCount() { + return userPermission_.size(); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getPermission(int index) { - return permission_.get(index); + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getUserPermission(int index) { + return userPermission_.get(index); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getPermissionOrBuilder( + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getUserPermissionOrBuilder( int index) { - return permission_.get(index); + return userPermission_.get(index); } private void initFields() { - permission_ = java.util.Collections.emptyList(); + userPermission_ = java.util.Collections.emptyList(); } private byte memoizedIsInitialized = -1; public final boolean isInitialized() { byte isInitialized = memoizedIsInitialized; if (isInitialized != -1) return isInitialized == 1; - for (int i = 0; i < getPermissionCount(); i++) { - if (!getPermission(i).isInitialized()) { + for (int i = 0; i < getUserPermissionCount(); i++) { + if (!getUserPermission(i).isInitialized()) { memoizedIsInitialized = 0; return false; } @@ -4737,8 +6745,8 @@ public final class AccessControlProtos { public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException { getSerializedSize(); - for (int i = 0; i < permission_.size(); i++) { - output.writeMessage(1, permission_.get(i)); + for (int i = 0; i < userPermission_.size(); i++) { + output.writeMessage(1, userPermission_.get(i)); } getUnknownFields().writeTo(output); } @@ -4749,9 +6757,9 @@ public final class AccessControlProtos { if (size != -1) return size; size = 0; - for (int i = 0; i < permission_.size(); i++) { + for (int i = 0; i < userPermission_.size(); i++) { size += com.google.protobuf.CodedOutputStream - .computeMessageSize(1, permission_.get(i)); + .computeMessageSize(1, userPermission_.get(i)); } size += getUnknownFields().getSerializedSize(); memoizedSerializedSize = size; @@ -4776,8 +6784,8 @@ public final class AccessControlProtos { org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionsResponse other = (org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionsResponse) obj; boolean result = true; - result = result && getPermissionList() - .equals(other.getPermissionList()); + result = result && getUserPermissionList() + .equals(other.getUserPermissionList()); result = result && getUnknownFields().equals(other.getUnknownFields()); return result; @@ -4787,9 +6795,9 @@ public final class AccessControlProtos { public int hashCode() { int hash = 41; hash = (19 * hash) + getDescriptorForType().hashCode(); - if (getPermissionCount() > 0) { - hash = (37 * hash) + PERMISSION_FIELD_NUMBER; - hash = (53 * hash) + getPermissionList().hashCode(); + if (getUserPermissionCount() > 0) { + hash = (37 * hash) + USER_PERMISSION_FIELD_NUMBER; + hash = (53 * hash) + getUserPermissionList().hashCode(); } hash = (29 * hash) + getUnknownFields().hashCode(); return hash; @@ -4899,7 +6907,7 @@ public final class AccessControlProtos { } private void maybeForceBuilderInitialization() { if (com.google.protobuf.GeneratedMessage.alwaysUseFieldBuilders) { - getPermissionFieldBuilder(); + getUserPermissionFieldBuilder(); } } private static Builder create() { @@ -4908,11 +6916,11 @@ public final class AccessControlProtos { public Builder clear() { super.clear(); - if (permissionBuilder_ == null) { - permission_ = java.util.Collections.emptyList(); + if (userPermissionBuilder_ == null) { + userPermission_ = java.util.Collections.emptyList(); bitField0_ = (bitField0_ & ~0x00000001); } else { - permissionBuilder_.clear(); + userPermissionBuilder_.clear(); } return this; } @@ -4951,14 +6959,14 @@ public final class AccessControlProtos { public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionsResponse buildPartial() { org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionsResponse result = new org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionsResponse(this); int from_bitField0_ = bitField0_; - if (permissionBuilder_ == null) { + if (userPermissionBuilder_ == null) { if (((bitField0_ & 0x00000001) == 0x00000001)) { - permission_ = java.util.Collections.unmodifiableList(permission_); + userPermission_ = java.util.Collections.unmodifiableList(userPermission_); bitField0_ = (bitField0_ & ~0x00000001); } - result.permission_ = permission_; + result.userPermission_ = userPermission_; } else { - result.permission_ = permissionBuilder_.build(); + result.userPermission_ = userPermissionBuilder_.build(); } onBuilt(); return result; @@ -4975,29 +6983,29 @@ public final class AccessControlProtos { public Builder mergeFrom(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionsResponse other) { if (other == org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionsResponse.getDefaultInstance()) return this; - if (permissionBuilder_ == null) { - if (!other.permission_.isEmpty()) { - if (permission_.isEmpty()) { - permission_ = other.permission_; + if (userPermissionBuilder_ == null) { + if (!other.userPermission_.isEmpty()) { + if (userPermission_.isEmpty()) { + userPermission_ = other.userPermission_; bitField0_ = (bitField0_ & ~0x00000001); } else { - ensurePermissionIsMutable(); - permission_.addAll(other.permission_); + ensureUserPermissionIsMutable(); + userPermission_.addAll(other.userPermission_); } onChanged(); } } else { - if (!other.permission_.isEmpty()) { - if (permissionBuilder_.isEmpty()) { - permissionBuilder_.dispose(); - permissionBuilder_ = null; - permission_ = other.permission_; + if (!other.userPermission_.isEmpty()) { + if (userPermissionBuilder_.isEmpty()) { + userPermissionBuilder_.dispose(); + userPermissionBuilder_ = null; + userPermission_ = other.userPermission_; bitField0_ = (bitField0_ & ~0x00000001); - permissionBuilder_ = + userPermissionBuilder_ = com.google.protobuf.GeneratedMessage.alwaysUseFieldBuilders ? - getPermissionFieldBuilder() : null; + getUserPermissionFieldBuilder() : null; } else { - permissionBuilder_.addAllMessages(other.permission_); + userPermissionBuilder_.addAllMessages(other.userPermission_); } } } @@ -5006,8 +7014,8 @@ public final class AccessControlProtos { } public final boolean isInitialized() { - for (int i = 0; i < getPermissionCount(); i++) { - if (!getPermission(i).isInitialized()) { + for (int i = 0; i < getUserPermissionCount(); i++) { + if (!getUserPermission(i).isInitialized()) { return false; } @@ -5041,7 +7049,7 @@ public final class AccessControlProtos { case 10: { org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder subBuilder = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.newBuilder(); input.readMessage(subBuilder, extensionRegistry); - addPermission(subBuilder.buildPartial()); + addUserPermission(subBuilder.buildPartial()); break; } } @@ -5050,190 +7058,190 @@ public final class AccessControlProtos { private int bitField0_; - // repeated .UserPermission permission = 1; - private java.util.List permission_ = + // repeated .UserPermission user_permission = 1; + private java.util.List userPermission_ = java.util.Collections.emptyList(); - private void ensurePermissionIsMutable() { + private void ensureUserPermissionIsMutable() { if (!((bitField0_ & 0x00000001) == 0x00000001)) { - permission_ = new java.util.ArrayList(permission_); + userPermission_ = new java.util.ArrayList(userPermission_); bitField0_ |= 0x00000001; } } private com.google.protobuf.RepeatedFieldBuilder< - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder> permissionBuilder_; + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder> userPermissionBuilder_; - public java.util.List getPermissionList() { - if (permissionBuilder_ == null) { - return java.util.Collections.unmodifiableList(permission_); + public java.util.List getUserPermissionList() { + if (userPermissionBuilder_ == null) { + return java.util.Collections.unmodifiableList(userPermission_); } else { - return permissionBuilder_.getMessageList(); + return userPermissionBuilder_.getMessageList(); } } - public int getPermissionCount() { - if (permissionBuilder_ == null) { - return permission_.size(); + public int getUserPermissionCount() { + if (userPermissionBuilder_ == null) { + return userPermission_.size(); } else { - return permissionBuilder_.getCount(); + return userPermissionBuilder_.getCount(); } } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getPermission(int index) { - if (permissionBuilder_ == null) { - return permission_.get(index); + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission getUserPermission(int index) { + if (userPermissionBuilder_ == null) { + return userPermission_.get(index); } else { - return permissionBuilder_.getMessage(index); + return userPermissionBuilder_.getMessage(index); } } - public Builder setPermission( + public Builder setUserPermission( int index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission value) { - if (permissionBuilder_ == null) { + if (userPermissionBuilder_ == null) { if (value == null) { throw new NullPointerException(); } - ensurePermissionIsMutable(); - permission_.set(index, value); + ensureUserPermissionIsMutable(); + userPermission_.set(index, value); onChanged(); } else { - permissionBuilder_.setMessage(index, value); + userPermissionBuilder_.setMessage(index, value); } return this; } - public Builder setPermission( + public Builder setUserPermission( int index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder builderForValue) { - if (permissionBuilder_ == null) { - ensurePermissionIsMutable(); - permission_.set(index, builderForValue.build()); + if (userPermissionBuilder_ == null) { + ensureUserPermissionIsMutable(); + userPermission_.set(index, builderForValue.build()); onChanged(); } else { - permissionBuilder_.setMessage(index, builderForValue.build()); + userPermissionBuilder_.setMessage(index, builderForValue.build()); } return this; } - public Builder addPermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission value) { - if (permissionBuilder_ == null) { + public Builder addUserPermission(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission value) { + if (userPermissionBuilder_ == null) { if (value == null) { throw new NullPointerException(); } - ensurePermissionIsMutable(); - permission_.add(value); + ensureUserPermissionIsMutable(); + userPermission_.add(value); onChanged(); } else { - permissionBuilder_.addMessage(value); + userPermissionBuilder_.addMessage(value); } return this; } - public Builder addPermission( + public Builder addUserPermission( int index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission value) { - if (permissionBuilder_ == null) { + if (userPermissionBuilder_ == null) { if (value == null) { throw new NullPointerException(); } - ensurePermissionIsMutable(); - permission_.add(index, value); + ensureUserPermissionIsMutable(); + userPermission_.add(index, value); onChanged(); } else { - permissionBuilder_.addMessage(index, value); + userPermissionBuilder_.addMessage(index, value); } return this; } - public Builder addPermission( + public Builder addUserPermission( org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder builderForValue) { - if (permissionBuilder_ == null) { - ensurePermissionIsMutable(); - permission_.add(builderForValue.build()); + if (userPermissionBuilder_ == null) { + ensureUserPermissionIsMutable(); + userPermission_.add(builderForValue.build()); onChanged(); } else { - permissionBuilder_.addMessage(builderForValue.build()); + userPermissionBuilder_.addMessage(builderForValue.build()); } return this; } - public Builder addPermission( + public Builder addUserPermission( int index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder builderForValue) { - if (permissionBuilder_ == null) { - ensurePermissionIsMutable(); - permission_.add(index, builderForValue.build()); + if (userPermissionBuilder_ == null) { + ensureUserPermissionIsMutable(); + userPermission_.add(index, builderForValue.build()); onChanged(); } else { - permissionBuilder_.addMessage(index, builderForValue.build()); + userPermissionBuilder_.addMessage(index, builderForValue.build()); } return this; } - public Builder addAllPermission( + public Builder addAllUserPermission( java.lang.Iterable values) { - if (permissionBuilder_ == null) { - ensurePermissionIsMutable(); - super.addAll(values, permission_); + if (userPermissionBuilder_ == null) { + ensureUserPermissionIsMutable(); + super.addAll(values, userPermission_); onChanged(); } else { - permissionBuilder_.addAllMessages(values); + userPermissionBuilder_.addAllMessages(values); } return this; } - public Builder clearPermission() { - if (permissionBuilder_ == null) { - permission_ = java.util.Collections.emptyList(); + public Builder clearUserPermission() { + if (userPermissionBuilder_ == null) { + userPermission_ = java.util.Collections.emptyList(); bitField0_ = (bitField0_ & ~0x00000001); onChanged(); } else { - permissionBuilder_.clear(); + userPermissionBuilder_.clear(); } return this; } - public Builder removePermission(int index) { - if (permissionBuilder_ == null) { - ensurePermissionIsMutable(); - permission_.remove(index); + public Builder removeUserPermission(int index) { + if (userPermissionBuilder_ == null) { + ensureUserPermissionIsMutable(); + userPermission_.remove(index); onChanged(); } else { - permissionBuilder_.remove(index); + userPermissionBuilder_.remove(index); } return this; } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder getPermissionBuilder( + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder getUserPermissionBuilder( int index) { - return getPermissionFieldBuilder().getBuilder(index); + return getUserPermissionFieldBuilder().getBuilder(index); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getPermissionOrBuilder( + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder getUserPermissionOrBuilder( int index) { - if (permissionBuilder_ == null) { - return permission_.get(index); } else { - return permissionBuilder_.getMessageOrBuilder(index); + if (userPermissionBuilder_ == null) { + return userPermission_.get(index); } else { + return userPermissionBuilder_.getMessageOrBuilder(index); } } public java.util.List - getPermissionOrBuilderList() { - if (permissionBuilder_ != null) { - return permissionBuilder_.getMessageOrBuilderList(); + getUserPermissionOrBuilderList() { + if (userPermissionBuilder_ != null) { + return userPermissionBuilder_.getMessageOrBuilderList(); } else { - return java.util.Collections.unmodifiableList(permission_); + return java.util.Collections.unmodifiableList(userPermission_); } } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder addPermissionBuilder() { - return getPermissionFieldBuilder().addBuilder( + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder addUserPermissionBuilder() { + return getUserPermissionFieldBuilder().addBuilder( org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance()); } - public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder addPermissionBuilder( + public org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder addUserPermissionBuilder( int index) { - return getPermissionFieldBuilder().addBuilder( + return getUserPermissionFieldBuilder().addBuilder( index, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.getDefaultInstance()); } public java.util.List - getPermissionBuilderList() { - return getPermissionFieldBuilder().getBuilderList(); + getUserPermissionBuilderList() { + return getUserPermissionFieldBuilder().getBuilderList(); } private com.google.protobuf.RepeatedFieldBuilder< org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder> - getPermissionFieldBuilder() { - if (permissionBuilder_ == null) { - permissionBuilder_ = new com.google.protobuf.RepeatedFieldBuilder< + getUserPermissionFieldBuilder() { + if (userPermissionBuilder_ == null) { + userPermissionBuilder_ = new com.google.protobuf.RepeatedFieldBuilder< org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionOrBuilder>( - permission_, + userPermission_, ((bitField0_ & 0x00000001) == 0x00000001), getParentForChildren(), isClean()); - permission_ = null; + userPermission_ = null; } - return permissionBuilder_; + return userPermissionBuilder_; } // @@protoc_insertion_point(builder_scope:UserPermissionsResponse) @@ -6562,20 +8570,35 @@ public final class AccessControlProtos { com.google.protobuf.GeneratedMessage.FieldAccessorTable internal_static_Permission_fieldAccessorTable; private static com.google.protobuf.Descriptors.Descriptor + internal_static_TablePermission_descriptor; + private static + com.google.protobuf.GeneratedMessage.FieldAccessorTable + internal_static_TablePermission_fieldAccessorTable; + private static com.google.protobuf.Descriptors.Descriptor + internal_static_NamespacePermission_descriptor; + private static + com.google.protobuf.GeneratedMessage.FieldAccessorTable + internal_static_NamespacePermission_fieldAccessorTable; + private static com.google.protobuf.Descriptors.Descriptor + internal_static_GlobalPermission_descriptor; + private static + com.google.protobuf.GeneratedMessage.FieldAccessorTable + internal_static_GlobalPermission_fieldAccessorTable; + private static com.google.protobuf.Descriptors.Descriptor internal_static_UserPermission_descriptor; private static com.google.protobuf.GeneratedMessage.FieldAccessorTable internal_static_UserPermission_fieldAccessorTable; private static com.google.protobuf.Descriptors.Descriptor - internal_static_UserTablePermissions_descriptor; + internal_static_UsersAndPermissions_descriptor; private static com.google.protobuf.GeneratedMessage.FieldAccessorTable - internal_static_UserTablePermissions_fieldAccessorTable; + internal_static_UsersAndPermissions_fieldAccessorTable; private static com.google.protobuf.Descriptors.Descriptor - internal_static_UserTablePermissions_UserPermissions_descriptor; + internal_static_UsersAndPermissions_UserPermissions_descriptor; private static com.google.protobuf.GeneratedMessage.FieldAccessorTable - internal_static_UserTablePermissions_UserPermissions_fieldAccessorTable; + internal_static_UsersAndPermissions_UserPermissions_fieldAccessorTable; private static com.google.protobuf.Descriptors.Descriptor internal_static_GrantRequest_descriptor; private static @@ -6625,34 +8648,46 @@ public final class AccessControlProtos { descriptor; static { java.lang.String[] descriptorData = { - "\n\023AccessControl.proto\032\013hbase.proto\"\262\001\n\nP" + - "ermission\022\"\n\006action\030\001 \003(\0162\022.Permission.A" + - "ction\022\035\n\ttableName\030\002 \001(\0132\n.TableName\022\016\n\006" + - "family\030\003 \001(\014\022\021\n\tqualifier\030\004 \001(\014\">\n\006Actio" + - "n\022\010\n\004READ\020\000\022\t\n\005WRITE\020\001\022\010\n\004EXEC\020\002\022\n\n\006CREA" + - "TE\020\003\022\t\n\005ADMIN\020\004\"?\n\016UserPermission\022\014\n\004use" + - "r\030\001 \002(\014\022\037\n\npermission\030\002 \002(\0132\013.Permission" + - "\"\225\001\n\024UserTablePermissions\022:\n\013permissions" + - "\030\001 \003(\0132%.UserTablePermissions.UserPermis" + - "sions\032A\n\017UserPermissions\022\014\n\004user\030\001 \002(\014\022 ", - "\n\013permissions\030\002 \003(\0132\013.Permission\"3\n\014Gran" + - "tRequest\022#\n\npermission\030\001 \002(\0132\017.UserPermi" + - "ssion\"\017\n\rGrantResponse\"4\n\rRevokeRequest\022" + - "#\n\npermission\030\001 \002(\0132\017.UserPermission\"\020\n\016" + - "RevokeResponse\"7\n\026UserPermissionsRequest" + - "\022\035\n\ttableName\030\001 \001(\0132\n.TableName\">\n\027UserP" + - "ermissionsResponse\022#\n\npermission\030\001 \003(\0132\017" + - ".UserPermission\":\n\027CheckPermissionsReque" + - "st\022\037\n\npermission\030\001 \003(\0132\013.Permission\"\032\n\030C" + - "heckPermissionsResponse2\373\001\n\024AccessContro", - "lService\022&\n\005Grant\022\r.GrantRequest\032\016.Grant" + - "Response\022)\n\006Revoke\022\016.RevokeRequest\032\017.Rev" + - "okeResponse\022G\n\022GetUserPermissions\022\027.User" + - "PermissionsRequest\032\030.UserPermissionsResp" + - "onse\022G\n\020CheckPermissions\022\030.CheckPermissi" + - "onsRequest\032\031.CheckPermissionsResponseBI\n" + - "*org.apache.hadoop.hbase.protobuf.genera" + - "tedB\023AccessControlProtosH\001\210\001\001\240\001\001" + "\n\023AccessControl.proto\032\013hbase.proto\"\250\002\n\nP" + + "ermission\022\036\n\004type\030\001 \002(\0162\020.Permission.Typ" + + "e\022,\n\021global_permission\030\002 \001(\0132\021.GlobalPer" + + "mission\0222\n\024namespace_permission\030\003 \001(\0132\024." + + "NamespacePermission\022*\n\020table_permission\030" + + "\004 \001(\0132\020.TablePermission\">\n\006Action\022\010\n\004REA" + + "D\020\000\022\t\n\005WRITE\020\001\022\010\n\004EXEC\020\002\022\n\n\006CREATE\020\003\022\t\n\005" + + "ADMIN\020\004\",\n\004Type\022\n\n\006Global\020\001\022\r\n\tNamespace" + + "\020\002\022\t\n\005Table\020\003\"x\n\017TablePermission\022\036\n\ntabl" + + "e_name\030\001 \001(\0132\n.TableName\022\016\n\006family\030\002 \001(\014", + "\022\021\n\tqualifier\030\003 \001(\014\022\"\n\006action\030\004 \003(\0162\022.Pe" + + "rmission.Action\"Q\n\023NamespacePermission\022\026" + + "\n\016namespace_name\030\001 \001(\014\022\"\n\006action\030\002 \003(\0162\022" + + ".Permission.Action\"6\n\020GlobalPermission\022\"" + + "\n\006action\030\001 \003(\0162\022.Permission.Action\"?\n\016Us" + + "erPermission\022\014\n\004user\030\001 \002(\014\022\037\n\npermission" + + "\030\003 \002(\0132\013.Permission\"\230\001\n\023UsersAndPermissi" + + "ons\022>\n\020user_permissions\030\001 \003(\0132$.UsersAnd" + + "Permissions.UserPermissions\032A\n\017UserPermi" + + "ssions\022\014\n\004user\030\001 \002(\014\022 \n\013permissions\030\002 \003(", + "\0132\013.Permission\"8\n\014GrantRequest\022(\n\017user_p" + + "ermission\030\001 \002(\0132\017.UserPermission\"\017\n\rGran" + + "tResponse\"9\n\rRevokeRequest\022(\n\017user_permi" + + "ssion\030\001 \002(\0132\017.UserPermission\"\020\n\016RevokeRe" + + "sponse\"p\n\026UserPermissionsRequest\022\036\n\004type" + + "\030\001 \001(\0162\020.Permission.Type\022\036\n\ntable_name\030\002" + + " \001(\0132\n.TableName\022\026\n\016namespace_name\030\003 \001(\014" + + "\"C\n\027UserPermissionsResponse\022(\n\017user_perm" + + "ission\030\001 \003(\0132\017.UserPermission\":\n\027CheckPe" + + "rmissionsRequest\022\037\n\npermission\030\001 \003(\0132\013.P", + "ermission\"\032\n\030CheckPermissionsResponse2\373\001" + + "\n\024AccessControlService\022&\n\005Grant\022\r.GrantR" + + "equest\032\016.GrantResponse\022)\n\006Revoke\022\016.Revok" + + "eRequest\032\017.RevokeResponse\022G\n\022GetUserPerm" + + "issions\022\027.UserPermissionsRequest\032\030.UserP" + + "ermissionsResponse\022G\n\020CheckPermissions\022\030" + + ".CheckPermissionsRequest\032\031.CheckPermissi" + + "onsResponseBI\n*org.apache.hadoop.hbase.p" + + "rotobuf.generatedB\023AccessControlProtosH\001" + + "\210\001\001\240\001\001" }; com.google.protobuf.Descriptors.FileDescriptor.InternalDescriptorAssigner assigner = new com.google.protobuf.Descriptors.FileDescriptor.InternalDescriptorAssigner() { @@ -6664,43 +8699,67 @@ public final class AccessControlProtos { internal_static_Permission_fieldAccessorTable = new com.google.protobuf.GeneratedMessage.FieldAccessorTable( internal_static_Permission_descriptor, - new java.lang.String[] { "Action", "TableName", "Family", "Qualifier", }, + new java.lang.String[] { "Type", "GlobalPermission", "NamespacePermission", "TablePermission", }, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.class, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Builder.class); - internal_static_UserPermission_descriptor = + internal_static_TablePermission_descriptor = getDescriptor().getMessageTypes().get(1); + internal_static_TablePermission_fieldAccessorTable = new + com.google.protobuf.GeneratedMessage.FieldAccessorTable( + internal_static_TablePermission_descriptor, + new java.lang.String[] { "TableName", "Family", "Qualifier", "Action", }, + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.class, + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.TablePermission.Builder.class); + internal_static_NamespacePermission_descriptor = + getDescriptor().getMessageTypes().get(2); + internal_static_NamespacePermission_fieldAccessorTable = new + com.google.protobuf.GeneratedMessage.FieldAccessorTable( + internal_static_NamespacePermission_descriptor, + new java.lang.String[] { "NamespaceName", "Action", }, + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.class, + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.NamespacePermission.Builder.class); + internal_static_GlobalPermission_descriptor = + getDescriptor().getMessageTypes().get(3); + internal_static_GlobalPermission_fieldAccessorTable = new + com.google.protobuf.GeneratedMessage.FieldAccessorTable( + internal_static_GlobalPermission_descriptor, + new java.lang.String[] { "Action", }, + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.class, + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GlobalPermission.Builder.class); + internal_static_UserPermission_descriptor = + getDescriptor().getMessageTypes().get(4); internal_static_UserPermission_fieldAccessorTable = new com.google.protobuf.GeneratedMessage.FieldAccessorTable( internal_static_UserPermission_descriptor, new java.lang.String[] { "User", "Permission", }, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.class, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermission.Builder.class); - internal_static_UserTablePermissions_descriptor = - getDescriptor().getMessageTypes().get(2); - internal_static_UserTablePermissions_fieldAccessorTable = new + internal_static_UsersAndPermissions_descriptor = + getDescriptor().getMessageTypes().get(5); + internal_static_UsersAndPermissions_fieldAccessorTable = new com.google.protobuf.GeneratedMessage.FieldAccessorTable( - internal_static_UserTablePermissions_descriptor, - new java.lang.String[] { "Permissions", }, - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.class, - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.Builder.class); - internal_static_UserTablePermissions_UserPermissions_descriptor = - internal_static_UserTablePermissions_descriptor.getNestedTypes().get(0); - internal_static_UserTablePermissions_UserPermissions_fieldAccessorTable = new + internal_static_UsersAndPermissions_descriptor, + new java.lang.String[] { "UserPermissions", }, + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.class, + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.Builder.class); + internal_static_UsersAndPermissions_UserPermissions_descriptor = + internal_static_UsersAndPermissions_descriptor.getNestedTypes().get(0); + internal_static_UsersAndPermissions_UserPermissions_fieldAccessorTable = new com.google.protobuf.GeneratedMessage.FieldAccessorTable( - internal_static_UserTablePermissions_UserPermissions_descriptor, + internal_static_UsersAndPermissions_UserPermissions_descriptor, new java.lang.String[] { "User", "Permissions", }, - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.class, - org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserTablePermissions.UserPermissions.Builder.class); + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.class, + org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UsersAndPermissions.UserPermissions.Builder.class); internal_static_GrantRequest_descriptor = - getDescriptor().getMessageTypes().get(3); + getDescriptor().getMessageTypes().get(6); internal_static_GrantRequest_fieldAccessorTable = new com.google.protobuf.GeneratedMessage.FieldAccessorTable( internal_static_GrantRequest_descriptor, - new java.lang.String[] { "Permission", }, + new java.lang.String[] { "UserPermission", }, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantRequest.class, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantRequest.Builder.class); internal_static_GrantResponse_descriptor = - getDescriptor().getMessageTypes().get(4); + getDescriptor().getMessageTypes().get(7); internal_static_GrantResponse_fieldAccessorTable = new com.google.protobuf.GeneratedMessage.FieldAccessorTable( internal_static_GrantResponse_descriptor, @@ -6708,15 +8767,15 @@ public final class AccessControlProtos { org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantResponse.class, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantResponse.Builder.class); internal_static_RevokeRequest_descriptor = - getDescriptor().getMessageTypes().get(5); + getDescriptor().getMessageTypes().get(8); internal_static_RevokeRequest_fieldAccessorTable = new com.google.protobuf.GeneratedMessage.FieldAccessorTable( internal_static_RevokeRequest_descriptor, - new java.lang.String[] { "Permission", }, + new java.lang.String[] { "UserPermission", }, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeRequest.class, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeRequest.Builder.class); internal_static_RevokeResponse_descriptor = - getDescriptor().getMessageTypes().get(6); + getDescriptor().getMessageTypes().get(9); internal_static_RevokeResponse_fieldAccessorTable = new com.google.protobuf.GeneratedMessage.FieldAccessorTable( internal_static_RevokeResponse_descriptor, @@ -6724,23 +8783,23 @@ public final class AccessControlProtos { org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeResponse.class, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeResponse.Builder.class); internal_static_UserPermissionsRequest_descriptor = - getDescriptor().getMessageTypes().get(7); + getDescriptor().getMessageTypes().get(10); internal_static_UserPermissionsRequest_fieldAccessorTable = new com.google.protobuf.GeneratedMessage.FieldAccessorTable( internal_static_UserPermissionsRequest_descriptor, - new java.lang.String[] { "TableName", }, + new java.lang.String[] { "Type", "TableName", "NamespaceName", }, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionsRequest.class, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionsRequest.Builder.class); internal_static_UserPermissionsResponse_descriptor = - getDescriptor().getMessageTypes().get(8); + getDescriptor().getMessageTypes().get(11); internal_static_UserPermissionsResponse_fieldAccessorTable = new com.google.protobuf.GeneratedMessage.FieldAccessorTable( internal_static_UserPermissionsResponse_descriptor, - new java.lang.String[] { "Permission", }, + new java.lang.String[] { "UserPermission", }, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionsResponse.class, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.UserPermissionsResponse.Builder.class); internal_static_CheckPermissionsRequest_descriptor = - getDescriptor().getMessageTypes().get(9); + getDescriptor().getMessageTypes().get(12); internal_static_CheckPermissionsRequest_fieldAccessorTable = new com.google.protobuf.GeneratedMessage.FieldAccessorTable( internal_static_CheckPermissionsRequest_descriptor, @@ -6748,7 +8807,7 @@ public final class AccessControlProtos { org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest.class, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest.Builder.class); internal_static_CheckPermissionsResponse_descriptor = - getDescriptor().getMessageTypes().get(10); + getDescriptor().getMessageTypes().get(13); internal_static_CheckPermissionsResponse_fieldAccessorTable = new com.google.protobuf.GeneratedMessage.FieldAccessorTable( internal_static_CheckPermissionsResponse_descriptor, diff --git a/hbase-protocol/src/main/protobuf/AccessControl.proto b/hbase-protocol/src/main/protobuf/AccessControl.proto index e361478..60248e3 100644 --- a/hbase-protocol/src/main/protobuf/AccessControl.proto +++ b/hbase-protocol/src/main/protobuf/AccessControl.proto @@ -32,55 +32,76 @@ message Permission { CREATE = 3; ADMIN = 4; } - repeated Action action = 1; - optional TableName tableName = 2; - optional bytes family = 3; - optional bytes qualifier = 4; + enum Type { + Global = 1; + Namespace = 2; + Table = 3; + } + required Type type = 1; + optional GlobalPermission global_permission = 2; + optional NamespacePermission namespace_permission = 3; + optional TablePermission table_permission = 4; +} + +message TablePermission { + optional TableName table_name = 1; + optional bytes family = 2; + optional bytes qualifier = 3; + repeated Permission.Action action = 4; +} + +message NamespacePermission { + optional bytes namespace_name = 1; + repeated Permission.Action action = 2; +} + +message GlobalPermission { + repeated Permission.Action action = 1; } message UserPermission { required bytes user = 1; - required Permission permission = 2; + required Permission permission = 3; } /** - * Content of the /hbase/acl/ znode. + * Content of the /hbase/acl/
znode. */ -message UserTablePermissions { +message UsersAndPermissions { message UserPermissions { required bytes user = 1; repeated Permission permissions = 2; } - repeated UserPermissions permissions = 1; + repeated UserPermissions user_permissions = 1; } message GrantRequest { - required UserPermission permission = 1; + required UserPermission user_permission = 1; } message GrantResponse { } message RevokeRequest { - required UserPermission permission = 1; - + required UserPermission user_permission = 1; } message RevokeResponse { } - message UserPermissionsRequest { - optional TableName tableName = 1; + optional Permission.Type type = 1; + optional TableName table_name = 2; + optional bytes namespace_name = 3; } message UserPermissionsResponse { - repeated UserPermission permission = 1; + repeated UserPermission user_permission = 1; } message CheckPermissionsRequest { - repeated Permission permission = 1; + repeated Permission permission = 1; } message CheckPermissionsResponse { diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/migration/NamespaceUpgrade.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/migration/NamespaceUpgrade.java index 9b0107d..16e33f9 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/migration/NamespaceUpgrade.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/migration/NamespaceUpgrade.java @@ -20,23 +20,38 @@ package org.apache.hadoop.hbase.migration; import com.google.common.collect.Lists; +import com.google.common.primitives.Ints; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.FSDataInputStream; import org.apache.hadoop.fs.FileStatus; import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.Path; +import org.apache.hadoop.fs.PathFilter; import org.apache.hadoop.hbase.HConstants; import org.apache.hadoop.hbase.HRegionInfo; +import org.apache.hadoop.hbase.HTableDescriptor; import org.apache.hadoop.hbase.NamespaceDescriptor; +import org.apache.hadoop.hbase.ServerName; import org.apache.hadoop.hbase.TableName; +import org.apache.hadoop.hbase.catalog.MetaEditor; import org.apache.hadoop.hbase.exceptions.DeserializationException; +import org.apache.hadoop.hbase.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.regionserver.HRegion; +import org.apache.hadoop.hbase.regionserver.HRegionFileSystem; +import org.apache.hadoop.hbase.regionserver.wal.HLog; +import org.apache.hadoop.hbase.regionserver.wal.HLogFactory; +import org.apache.hadoop.hbase.regionserver.wal.HLogUtil; +import org.apache.hadoop.hbase.security.access.AccessControlLists; import org.apache.hadoop.hbase.snapshot.SnapshotDescriptionUtils; +import org.apache.hadoop.hbase.util.Bytes; +import org.apache.hadoop.hbase.util.FSTableDescriptors; import org.apache.hadoop.hbase.util.FSUtils; import org.apache.hadoop.util.Tool; import java.io.IOException; +import java.util.Comparator; import java.util.List; /** @@ -58,6 +73,7 @@ public class NamespaceUpgrade implements Tool { private Path sysNsDir; private Path defNsDir; private Path baseDirs[]; + private Path backupDir; public NamespaceUpgrade() throws IOException { } @@ -70,6 +86,7 @@ public class NamespaceUpgrade implements Tool { baseDirs = new Path[]{rootDir, new Path(rootDir, HConstants.HFILE_ARCHIVE_DIRECTORY), new Path(rootDir, HConstants.HBASE_TEMP_DIRECTORY)}; + backupDir = new Path(rootDir, HConstants.MIGRATION_NAME); } @@ -84,11 +101,14 @@ public class NamespaceUpgrade implements Tool { makeNamespaceDirs(); + migrateMeta(); + + migrateACL(); + migrateTables(); migrateSnapshots(); - migrateMeta(); FSUtils.setVersion(fs, rootDir); } @@ -185,6 +205,156 @@ public class NamespaceUpgrade implements Tool { + oldMetaRegionDir + " to " + newMetaRegionDir); } } + + Path oldRootDir = new Path(rootDir, "-ROOT-"); + if(!fs.rename(oldRootDir, backupDir)) { + throw new IllegalStateException("Failed to old data: "+oldRootDir+" to "+backupDir); + } + } + + public void migrateACL() throws IOException { + + TableName oldTableName = TableName.valueOf("_acl_"); + Path oldTablePath = new Path(rootDir, oldTableName.getNameAsString()); + + if(!fs.exists(oldTablePath)) { + return; + } + + LOG.info("Migrating ACL table"); + + TableName newTableName = AccessControlLists.ACL_TABLE_NAME; + Path newTablePath = FSUtils.getTableDir(rootDir, newTableName); + HTableDescriptor oldDesc = + readTableDescriptor(fs, getCurrentTableInfoStatus(fs, oldTablePath)); + + if(FSTableDescriptors.getTableInfoPath(fs, newTablePath) == null) { + LOG.info("Creating new tableDesc for ACL"); + HTableDescriptor newDesc = new HTableDescriptor(oldDesc); + newDesc.setName(newTableName); + new FSTableDescriptors(this.conf).createTableDescriptorForTableDirectory( + newTablePath, newDesc, true); + } + + + ServerName fakeServer = new ServerName("nsupgrade",96,123); + String metaLogName = HLogUtil.getHLogDirectoryName(fakeServer.toString()); + HLog metaHLog = HLogFactory.createMetaHLog(fs, rootDir, + metaLogName, conf, null, + fakeServer.toString()); + HRegion meta = HRegion.openHRegion(rootDir, HRegionInfo.FIRST_META_REGIONINFO, + HTableDescriptor.META_TABLEDESC, metaHLog, conf); + HRegion region = null; + try { + for(Path regionDir : FSUtils.getRegionDirs(fs, oldTablePath)) { + LOG.info("Migrating ACL region "+regionDir.getName()); + HRegionInfo oldRegionInfo = HRegionFileSystem.loadRegionInfoFileContent(fs, regionDir); + HRegionInfo newRegionInfo = + new HRegionInfo(newTableName, + oldRegionInfo.getStartKey(), + oldRegionInfo.getEndKey(), + oldRegionInfo.isSplit(), + oldRegionInfo.getRegionId()); + newRegionInfo.setOffline(oldRegionInfo.isOffline()); + region = + new HRegion( + HRegionFileSystem.openRegionFromFileSystem(conf, fs, oldTablePath, + oldRegionInfo, false), + metaHLog, + conf, + oldDesc, + null); + region.initialize(); + //Run major compaction to archive old stores + //to keep any snapshots to _acl_ unbroken + region.compactStores(true); + region.waitForFlushesAndCompactions(); + region.close(); + + //Create new region dir + Path newRegionDir = new Path(newTablePath, newRegionInfo.getEncodedName()); + if(!fs.exists(newRegionDir)) { + if(!fs.mkdirs(newRegionDir)) { + throw new IllegalStateException("Failed to create new region dir: " + newRegionDir); + } + } + + //create new region info file, delete in case one exists + HRegionFileSystem.openRegionFromFileSystem(conf, fs, newTablePath, newRegionInfo, false); + + //migrate region contents + for(FileStatus file : fs.listStatus(regionDir, new FSUtils.UserTableDirFilter(fs))) { + if(file.getPath().getName().equals(HRegionFileSystem.REGION_INFO_FILE)) + continue; + if(!fs.rename(file.getPath(), newRegionDir)) { + throw new IllegalStateException("Failed to move file "+file.getPath()+" to " + + newRegionDir); + } + } + meta.put(MetaEditor.makePutFromRegionInfo(newRegionInfo)); + meta.delete(MetaEditor.makeDeleteFromRegionInfo(oldRegionInfo)); + } + } finally { + meta.flushcache(); + meta.waitForFlushesAndCompactions(); + meta.close(); + metaHLog.closeAndDelete(); + if(region != null) { + region.close(); + } + } + if(!fs.rename(oldTablePath, backupDir)) { + throw new IllegalStateException("Failed to old data: "+oldTablePath+" to "+backupDir); + } + } + + //Culled from FSTableDescriptors + private static HTableDescriptor readTableDescriptor(FileSystem fs, + FileStatus status) throws IOException { + int len = Ints.checkedCast(status.getLen()); + byte [] content = new byte[len]; + FSDataInputStream fsDataInputStream = fs.open(status.getPath()); + try { + fsDataInputStream.readFully(content); + } finally { + fsDataInputStream.close(); + } + HTableDescriptor htd = null; + try { + htd = HTableDescriptor.parseFrom(content); + } catch (DeserializationException e) { + throw new IOException("content=" + Bytes.toShort(content), e); + } + return htd; + } + + private static final PathFilter TABLEINFO_PATHFILTER = new PathFilter() { + @Override + public boolean accept(Path p) { + // Accept any file that starts with TABLEINFO_NAME + return p.getName().startsWith(".tableinfo"); + } + }; + + static final Comparator TABLEINFO_FILESTATUS_COMPARATOR = + new Comparator() { + @Override + public int compare(FileStatus left, FileStatus right) { + return -left.compareTo(right); + }}; + + // logic culled from FSTableDescriptors + static FileStatus getCurrentTableInfoStatus(FileSystem fs, Path dir) + throws IOException { + FileStatus [] status = FSUtils.listStatus(fs, dir, TABLEINFO_PATHFILTER); + if (status == null || status.length < 1) return null; + FileStatus mostCurrent = null; + for (FileStatus file : status) { + if (mostCurrent == null || TABLEINFO_FILESTATUS_COMPARATOR.compare(file, mostCurrent) < 0) { + mostCurrent = file; + } + } + return mostCurrent; } public static boolean verifyNSUpgrade(FileSystem fs, Path rootDir) diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java index 5f670b7..3cecfc7 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java @@ -23,6 +23,7 @@ import java.io.DataInput; import java.io.DataInputStream; import java.io.IOException; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import java.util.Map; import java.util.Set; @@ -38,6 +39,7 @@ import org.apache.hadoop.hbase.HColumnDescriptor; import org.apache.hadoop.hbase.HConstants; import org.apache.hadoop.hbase.HTableDescriptor; import org.apache.hadoop.hbase.KeyValue; +import org.apache.hadoop.hbase.NamespaceDescriptor; import org.apache.hadoop.hbase.catalog.MetaReader; import org.apache.hadoop.hbase.client.Delete; import org.apache.hadoop.hbase.client.Get; @@ -89,17 +91,17 @@ import com.google.protobuf.InvalidProtocolBufferException; */ public class AccessControlLists { /** Internal storage table for access control lists */ - public static final String ACL_TABLE_NAME_STR = "_acl_"; - public static final byte[] ACL_TABLE_NAME = Bytes.toBytes(ACL_TABLE_NAME_STR); - public static final TableName ACL_TABLE = - TableName.valueOf(ACL_TABLE_NAME); - public static final byte[] ACL_GLOBAL_NAME = ACL_TABLE_NAME; + public static final TableName ACL_TABLE_NAME = + TableName.valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR, "acl"); + public static final byte[] ACL_GLOBAL_NAME = ACL_TABLE_NAME.getName(); /** Column family used to store ACL grants */ public static final String ACL_LIST_FAMILY_STR = "l"; public static final byte[] ACL_LIST_FAMILY = Bytes.toBytes(ACL_LIST_FAMILY_STR); + public static final char NAMESPACE_PREFIX = '@'; + /** Table descriptor for ACL internal table */ - public static final HTableDescriptor ACL_TABLEDESC = new HTableDescriptor(ACL_TABLE); + public static final HTableDescriptor ACL_TABLEDESC = new HTableDescriptor(ACL_TABLE_NAME); static { ACL_TABLEDESC.addFamily( new HColumnDescriptor(ACL_LIST_FAMILY, @@ -125,7 +127,7 @@ public class AccessControlLists { * @param master reference to HMaster */ static void init(MasterServices master) throws IOException { - if (!MetaReader.tableExists(master.getCatalogTracker(), ACL_TABLE)) { + if (!MetaReader.tableExists(master.getCatalogTracker(), ACL_TABLE_NAME)) { master.createTable(ACL_TABLEDESC, null); } } @@ -139,8 +141,8 @@ public class AccessControlLists { static void addUserPermission(Configuration conf, UserPermission userPerm) throws IOException { Permission.Action[] actions = userPerm.getActions(); - - Put p = new Put(userPerm.isGlobal() ? ACL_GLOBAL_NAME : userPerm.getTable().getName()); + byte[] rowKey = userPermissionRowKey(userPerm); + Put p = new Put(rowKey); byte[] key = userPermissionKey(userPerm); if ((actions == null) || (actions.length == 0)) { @@ -155,8 +157,8 @@ public class AccessControlLists { } p.add(ACL_LIST_FAMILY, key, value); if (LOG.isDebugEnabled()) { - LOG.debug("Writing permission for table "+ - userPerm.getTable()+" "+ + LOG.debug("Writing permission with rowKey "+ + Bytes.toString(rowKey)+" "+ Bytes.toString(key)+": "+Bytes.toStringBinary(value) ); } @@ -184,8 +186,7 @@ public class AccessControlLists { */ static void removeUserPermission(Configuration conf, UserPermission userPerm) throws IOException { - - Delete d = new Delete(userPerm.isGlobal() ? ACL_GLOBAL_NAME : userPerm.getTable().getName()); + Delete d = new Delete(userPermissionRowKey(userPerm)); byte[] key = userPermissionKey(userPerm); if (LOG.isDebugEnabled()) { @@ -222,7 +223,27 @@ public class AccessControlLists { } /** - * Remove specified table column from the _acl_ table. + * Remove specified namespace from the acl table. + */ + static void removeNamespacePermissions(Configuration conf, String namespace) + throws IOException{ + Delete d = new Delete(Bytes.toBytes(toNamespaceEntry(namespace))); + + if (LOG.isDebugEnabled()) { + LOG.debug("Removing permissions of removed namespace "+ namespace); + } + + HTable acls = null; + try { + acls = new HTable(conf, ACL_TABLE_NAME); + acls.delete(d); + } finally { + if (acls != null) acls.close(); + } + } + + /** + * Remove specified table column from the acl table. */ static void removeTablePermissions(Configuration conf, TableName tableName, byte[] column) throws IOException{ @@ -269,6 +290,18 @@ public class AccessControlLists { } } + static byte[] userPermissionRowKey(UserPermission userPerm) { + byte[] row; + if(userPerm.hasNamespace()) { + row = Bytes.toBytes(toNamespaceEntry(userPerm.getNamespace())); + } else if(userPerm.isGlobal()) { + row = ACL_GLOBAL_NAME; + } else { + row = userPerm.getTable().getName(); + } + return row; + } + /** * Build qualifier key from user permission: * username @@ -295,14 +328,14 @@ public class AccessControlLists { * metadata table. */ static boolean isAclRegion(HRegion region) { - return ACL_TABLE.equals(region.getTableDesc().getTableName()); + return ACL_TABLE_NAME.equals(region.getTableDesc().getTableName()); } /** * Returns {@code true} if the given table is {@code _acl_} metadata table. */ static boolean isAclTable(HTableDescriptor desc) { - return ACL_TABLE.equals(desc.getTableName()); + return ACL_TABLE_NAME.equals(desc.getTableName()); } /** @@ -313,16 +346,16 @@ public class AccessControlLists { * @return a map of the permissions for this table. * @throws IOException */ - static Map> loadAll( + static Map> loadAll( HRegion aclRegion) throws IOException { if (!isAclRegion(aclRegion)) { - throw new IOException("Can only load permissions from "+ACL_TABLE_NAME_STR); + throw new IOException("Can only load permissions from "+ACL_TABLE_NAME); } - Map> allPerms = - new TreeMap>(); + Map> allPerms = + new TreeMap>(); // do a full scan of _acl_ table @@ -338,21 +371,21 @@ public class AccessControlLists { boolean hasNext = iScanner.next(row); ListMultimap perms = ArrayListMultimap.create(); - TableName table = null; + byte[] entry = null; for (KeyValue kv : row) { - if (table == null) { - table = TableName.valueOf(kv.getRow()); + if (entry == null) { + entry = kv.getRow(); } Pair permissionsOfUserOnTable = - parseTablePermissionRecord(table, kv); + parsePermissionRecord(entry, kv); if (permissionsOfUserOnTable != null) { String username = permissionsOfUserOnTable.getFirst(); TablePermission permissions = permissionsOfUserOnTable.getSecond(); perms.put(username, permissions); } } - if (table != null) { - allPerms.put(table, perms); + if (entry != null) { + allPerms.put(entry, perms); } if (!hasNext) { break; @@ -371,10 +404,10 @@ public class AccessControlLists { * Load all permissions from the region server holding {@code _acl_}, * primarily intended for testing purposes. */ - static Map> loadAll( + static Map> loadAll( Configuration conf) throws IOException { - Map> allPerms = - new TreeMap>(); + Map> allPerms = + new TreeMap>(Bytes.BYTES_RAWCOMPARATOR); // do a full scan of _acl_, filtering on only first table region rows @@ -387,10 +420,9 @@ public class AccessControlLists { acls = new HTable(conf, ACL_TABLE_NAME); scanner = acls.getScanner(scan); for (Result row : scanner) { - TableName tableName = TableName.valueOf(row.getRow()); ListMultimap resultPerms = - parseTablePermissions(tableName, row); - allPerms.put(tableName, resultPerms); + parsePermissions(row.getRow(), row); + allPerms.put(row.getRow(), resultPerms); } } finally { if (scanner != null) scanner.close(); @@ -400,6 +432,16 @@ public class AccessControlLists { return allPerms; } + static ListMultimap getTablePermissions(Configuration conf, + TableName tableName) throws IOException { + return getPermissions(conf, tableName != null ? tableName.getName() : null); + } + + static ListMultimap getNamespacePermissions(Configuration conf, + String namespace) throws IOException { + return getPermissions(conf, Bytes.toBytes(toNamespaceEntry(namespace))); + } + /** * Reads user permission assignments stored in the l: column * family of the first table row in _acl_. @@ -409,23 +451,23 @@ public class AccessControlLists { * used for storage. *

*/ - static ListMultimap getTablePermissions(Configuration conf, - TableName tableName) throws IOException { - if (tableName == null) tableName = ACL_TABLE; + static ListMultimap getPermissions(Configuration conf, + byte[] entryName) throws IOException { + if (entryName == null) entryName = ACL_TABLE_NAME.getName(); // for normal user tables, we just read the table row from _acl_ ListMultimap perms = ArrayListMultimap.create(); HTable acls = null; try { - acls = new HTable(conf, ACL_TABLE); - Get get = new Get(tableName.getName()); + acls = new HTable(conf, ACL_TABLE_NAME); + Get get = new Get(entryName); get.addFamily(ACL_LIST_FAMILY); Result row = acls.get(get); if (!row.isEmpty()) { - perms = parseTablePermissions(tableName, row); + perms = parsePermissions(entryName, row); } else { - LOG.info("No permissions found in " + ACL_TABLE_NAME_STR + " for table " - + tableName); + LOG.info("No permissions found in " + ACL_TABLE_NAME + " for acl entry " + + Bytes.toString(entryName)); } } finally { if (acls != null) acls.close(); @@ -438,11 +480,21 @@ public class AccessControlLists { * Returns the currently granted permissions for a given table as a list of * user plus associated permissions. */ + static List getUserTablePermissions( + Configuration conf, TableName tableName) throws IOException { + return getUserPermissions(conf, tableName.getName()); + } + + static List getUserNamespacePermissions( + Configuration conf, String namespace) throws IOException { + return getUserPermissions(conf, Bytes.toBytes(toNamespaceEntry(namespace))); + } + static List getUserPermissions( - Configuration conf, TableName tableName) + Configuration conf, byte[] entryName) throws IOException { - ListMultimap allPerms = getTablePermissions( - conf, tableName); + ListMultimap allPerms = getPermissions( + conf, entryName); List perms = new ArrayList(); @@ -455,14 +507,14 @@ public class AccessControlLists { return perms; } - private static ListMultimap parseTablePermissions( - TableName table, Result result) { - ListMultimap perms = ArrayListMultimap.create(); + private static ListMultimap parsePermissions( + byte[] entryName, Result result) { + ListMultimap perms = ArrayListMultimap.create(); if (result != null && result.size() > 0) { for (KeyValue kv : result.raw()) { Pair permissionsOfUserOnTable = - parseTablePermissionRecord(table, kv); + parsePermissionRecord(entryName, kv); if (permissionsOfUserOnTable != null) { String username = permissionsOfUserOnTable.getFirst(); @@ -474,8 +526,8 @@ public class AccessControlLists { return perms; } - private static Pair parseTablePermissionRecord( - TableName table, KeyValue kv) { + private static Pair parsePermissionRecord( + byte[] entryName, KeyValue kv) { // return X given a set of permissions encoded in the permissionRecord kv. byte[] family = kv.getFamily(); @@ -494,6 +546,15 @@ public class AccessControlLists { // check for a column family appended to the key // TODO: avoid the string conversion to make this more efficient String username = Bytes.toString(key); + + //Handle namespace entry + if(isNamespaceEntry(entryName)) { + return new Pair(username, + new TablePermission(Bytes.toString(fromNamespaceEntry(entryName)), value)); + } + + //Handle table and global entry + //TODO global entry should be handled differently int idx = username.indexOf(ACL_KEY_DELIMITER); byte[] permFamily = null; byte[] permQualifier = null; @@ -509,8 +570,8 @@ public class AccessControlLists { } } - return new Pair( - username, new TablePermission(table, permFamily, permQualifier, value)); + return new Pair(username, + new TablePermission(TableName.valueOf(entryName), permFamily, permQualifier, value)); } /** @@ -534,8 +595,8 @@ public class AccessControlLists { if (ProtobufUtil.isPBMagicPrefix(data)) { int pblen = ProtobufUtil.lengthOfPBMagic(); try { - AccessControlProtos.UserTablePermissions perms = - AccessControlProtos.UserTablePermissions.newBuilder().mergeFrom( + AccessControlProtos.UsersAndPermissions perms = + AccessControlProtos.UsersAndPermissions.newBuilder().mergeFrom( data, pblen, data.length - pblen).build(); return ProtobufUtil.toUserTablePermissions(perms); } catch (InvalidProtocolBufferException e) { @@ -579,4 +640,37 @@ public class AccessControlLists { return aclKey.substring(GROUP_PREFIX.length()); } + + public static boolean isNamespaceEntry(String entryName) { + return entryName.charAt(0) == NAMESPACE_PREFIX; + } + + public static boolean isNamespaceEntry(byte[] entryName) { + return entryName[0] == NAMESPACE_PREFIX; + } + + public static String toNamespaceEntry(String namespace) { + return NAMESPACE_PREFIX + namespace; + } + + public static String fromNamespaceEntry(String namespace) { + if(namespace.charAt(0) != NAMESPACE_PREFIX) + throw new IllegalArgumentException("Argument is not a valid namespace entry"); + return namespace.substring(1); + } + + public static byte[] toNamespaceEntry(byte[] namespace) { + byte[] ret = new byte[namespace.length+1]; + ret[0] = NAMESPACE_PREFIX; + System.arraycopy(namespace, 0, ret, 1, namespace.length); + return ret; + } + + public static byte[] fromNamespaceEntry(byte[] namespace) { + if(namespace[0] != NAMESPACE_PREFIX) { + throw new IllegalArgumentException("Argument is not a valid namespace entry: " + + Bytes.toString(namespace)); + } + return Arrays.copyOfRange(namespace, 1, namespace.length); + } } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java index 5636b34..f30d03d 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java @@ -26,6 +26,8 @@ import java.util.TreeSet; import com.google.protobuf.RpcCallback; import com.google.protobuf.RpcController; import com.google.protobuf.Service; + +import org.apache.commons.lang.ArrayUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; @@ -139,16 +141,16 @@ public class AccessController extends BaseRegionObserver void initialize(RegionCoprocessorEnvironment e) throws IOException { final HRegion region = e.getRegion(); - Map> tables = + Map> tables = AccessControlLists.loadAll(region); // For each table, write out the table's permissions to the respective // znode for that table. - for (Map.Entry> t: + for (Map.Entry> t: tables.entrySet()) { - TableName table = t.getKey(); + byte[] entry = t.getKey(); ListMultimap perms = t.getValue(); byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms, e.getConfiguration()); - this.authManager.getZKPermissionWatcher().writeToZookeeper(table, serialized); + this.authManager.getZKPermissionWatcher().writeToZookeeper(entry, serialized); } } @@ -159,8 +161,8 @@ public class AccessController extends BaseRegionObserver */ void updateACL(RegionCoprocessorEnvironment e, final Map> familyMap) { - Set tableSet = - new TreeSet(); + Set entries = + new TreeSet(Bytes.BYTES_RAWCOMPARATOR); for (Map.Entry> f : familyMap.entrySet()) { List cells = f.getValue(); for (Cell cell: cells) { @@ -168,21 +170,21 @@ public class AccessController extends BaseRegionObserver if (Bytes.equals(kv.getBuffer(), kv.getFamilyOffset(), kv.getFamilyLength(), AccessControlLists.ACL_LIST_FAMILY, 0, AccessControlLists.ACL_LIST_FAMILY.length)) { - tableSet.add(TableName.valueOf(kv.getRow())); + entries.add(kv.getRow()); } } } - ZKPermissionWatcher zkw = this.authManager.getZKPermissionWatcher(); Configuration conf = regionEnv.getConfiguration(); - for (TableName tableName: tableSet) { + for (byte[] entry: entries) { try { ListMultimap perms = - AccessControlLists.getTablePermissions(conf, tableName); + AccessControlLists.getPermissions(conf, entry); byte[] serialized = AccessControlLists.writePermissionsAsBytes(perms, conf); - zkw.writeToZookeeper(tableName, serialized); + zkw.writeToZookeeper(entry, serialized); } catch (IOException ex) { - LOG.error("Failed updating permissions mirror for '" + tableName + "'", ex); + LOG.error("Failed updating permissions mirror for '" + Bytes.toString(entry) + "'", + ex); } } } @@ -353,6 +355,35 @@ public class AccessController extends BaseRegionObserver } /** + * Authorizes that the current user has any of the given permissions for the + * given table, column family and column qualifier. + * @param namespace + * @throws IOException if obtaining the current user fails + * @throws AccessDeniedException if user has no authorization + */ + private void requirePermission(String request, String namespace, + Action... permissions) throws IOException { + User user = getActiveUser(); + AuthResult result = null; + + for (Action permission : permissions) { + if (authManager.authorize(user, namespace, permission)) { + result = AuthResult.allow(request, "Table permission granted", user, + permission, namespace); + break; + } else { + // rest of the world + result = AuthResult.deny(request, "Insufficient permissions", user, + permission, namespace); + } + } + logResult(result); + if (!result.isAllowed()) { + throw new AccessDeniedException("Insufficient permissions " + result.toContextString()); + } + } + + /** * Authorizes that the current user has global privileges for the given action. * @param perm The action being requested * @throws IOException if obtaining the current user fails @@ -393,7 +424,7 @@ public class AccessController extends BaseRegionObserver * being authorized, based on the given parameters. * @param perm Action being requested * @param tableName Affected table name. - * @param familiMap Affected column families. + * @param familyMap Affected column families. */ private void requireGlobalPermission(String request, Permission.Action perm, TableName tableName, Map> familyMap) throws IOException { @@ -409,6 +440,26 @@ public class AccessController extends BaseRegionObserver } /** + * Checks that the user has the given global permission. The generated + * audit log message will contain context information for the operation + * being authorized, based on the given parameters. + * @param perm Action being requested + * @param namespace + */ + private void requireGlobalPermission(String request, Permission.Action perm, + String namespace) throws IOException { + User user = getActiveUser(); + if (authManager.authorize(user, perm)) { + logResult(AuthResult.allow(request, "Global check allowed", user, perm, namespace)); + } else { + logResult(AuthResult.deny(request, "Global check failed", user, perm, namespace)); + throw new AccessDeniedException("Insufficient permissions for user '" + + (user != null ? user.getShortName() : "null") +"' (global, action=" + + perm.toString() + ")"); + } + } + + /** * Returns true if the current user is allowed the given action * over at least one of the column qualifiers in the given column families. */ @@ -491,7 +542,13 @@ public class AccessController extends BaseRegionObserver for (byte[] family: families) { familyMap.put(family, null); } - requireGlobalPermission("createTable", Permission.Action.CREATE, desc.getTableName(), familyMap); + try { + requireGlobalPermission("createTable", Permission.Action.CREATE, desc.getTableName(), familyMap); + } catch (AccessDeniedException exp) { + LOG.debug("Access denied at HBase admin level, now checking at namespace level.", exp); + requirePermission("createTable", desc.getTableName().getNamespaceAsString(), + Permission.Action.WRITE); + } } @Override @@ -632,7 +689,7 @@ public class AccessController extends BaseRegionObserver throws IOException { if (Bytes.equals(tableName.getName(), AccessControlLists.ACL_GLOBAL_NAME)) { throw new AccessDeniedException("Not allowed to disable " - + AccessControlLists.ACL_TABLE_NAME_STR + " table."); + + AccessControlLists.ACL_TABLE_NAME + " table."); } requirePermission("disableTable", tableName, null, null, Action.ADMIN, Action.CREATE); } @@ -779,27 +836,33 @@ public class AccessController extends BaseRegionObserver @Override public void preCreateNamespace(ObserverContext ctx, - NamespaceDescriptor ns) throws IOException { + NamespaceDescriptor ns) throws IOException { + requireGlobalPermission("createNamespace", Action.ADMIN, ns.getName()); } @Override public void postCreateNamespace(ObserverContext ctx, - NamespaceDescriptor ns) throws IOException { + NamespaceDescriptor ns) throws IOException { } @Override - public void preDeleteNamespace(ObserverContext ctx, - String namespace) throws IOException { + public void preDeleteNamespace(ObserverContext ctx, String namespace) + throws IOException { + requireGlobalPermission("deleteNamespace", Action.ADMIN, namespace); } @Override public void postDeleteNamespace(ObserverContext ctx, String namespace) throws IOException { + AccessControlLists.removeNamespacePermissions(ctx.getEnvironment().getConfiguration(), + namespace); + LOG.info(namespace + "entry deleted in "+AccessControlLists.ACL_TABLE_NAME+" table."); } @Override public void preModifyNamespace(ObserverContext ctx, - NamespaceDescriptor ns) throws IOException { + NamespaceDescriptor ns) throws IOException { + requireGlobalPermission("modifyNamespace", Action.ADMIN, ns.getName()); } @Override @@ -1139,7 +1202,7 @@ public class AccessController extends BaseRegionObserver action, e, Collections.EMPTY_MAP); if (!authResult.isAllowed()) { for(UserPermission userPerm: - AccessControlLists.getUserPermissions(regionEnv.getConfiguration(), tableName)) { + AccessControlLists.getUserTablePermissions(regionEnv.getConfiguration(), tableName)) { for(Permission.Action userAction: userPerm.getActions()) { if(userAction.equals(action)) { return AuthResult.allow(method, "Access allowed", requestUser, @@ -1188,7 +1251,7 @@ public class AccessController extends BaseRegionObserver public void grant(RpcController controller, AccessControlProtos.GrantRequest request, RpcCallback done) { - UserPermission perm = ProtobufUtil.toUserPermission(request.getPermission()); + UserPermission perm = ProtobufUtil.toUserPermission(request.getUserPermission()); AccessControlProtos.GrantResponse response = null; try { // verify it's only running at .acl. @@ -1197,7 +1260,15 @@ public class AccessController extends BaseRegionObserver LOG.debug("Received request to grant access permission " + perm.toString()); } - requirePermission("grant", perm.getTable(), perm.getFamily(), perm.getQualifier(), Action.ADMIN); + switch(request.getUserPermission().getPermission().getType()) { + case Global : + case Table : + requirePermission("grant", perm.getTable(), perm.getFamily(), + perm.getQualifier(), Action.ADMIN); + break; + case Namespace : + requireGlobalPermission("grant", Action.ADMIN, perm.getNamespace()); + } AccessControlLists.addUserPermission(regionEnv.getConfiguration(), perm); if (AUDITLOG.isTraceEnabled()) { @@ -1206,7 +1277,7 @@ public class AccessController extends BaseRegionObserver } } else { throw new CoprocessorException(AccessController.class, "This method " - + "can only execute at " + Bytes.toString(AccessControlLists.ACL_TABLE_NAME) + " table."); + + "can only execute at " + AccessControlLists.ACL_TABLE_NAME + " table."); } response = AccessControlProtos.GrantResponse.getDefaultInstance(); } catch (IOException ioe) { @@ -1220,7 +1291,7 @@ public class AccessController extends BaseRegionObserver public void revoke(RpcController controller, AccessControlProtos.RevokeRequest request, RpcCallback done) { - UserPermission perm = ProtobufUtil.toUserPermission(request.getPermission()); + UserPermission perm = ProtobufUtil.toUserPermission(request.getUserPermission()); AccessControlProtos.RevokeResponse response = null; try { // only allowed to be called on _acl_ region @@ -1229,8 +1300,15 @@ public class AccessController extends BaseRegionObserver LOG.debug("Received request to revoke access permission " + perm.toString()); } - requirePermission("revoke", perm.getTable(), perm.getFamily(), - perm.getQualifier(), Action.ADMIN); + switch(request.getUserPermission().getPermission().getType()) { + case Global : + case Table : + requirePermission("revoke", perm.getTable(), perm.getFamily(), + perm.getQualifier(), Action.ADMIN); + break; + case Namespace : + requireGlobalPermission("revoke", Action.ADMIN, perm.getNamespace()); + } AccessControlLists.removeUserPermission(regionEnv.getConfiguration(), perm); if (AUDITLOG.isTraceEnabled()) { @@ -1239,7 +1317,7 @@ public class AccessController extends BaseRegionObserver } } else { throw new CoprocessorException(AccessController.class, "This method " - + "can only execute at " + Bytes.toString(AccessControlLists.ACL_TABLE_NAME) + " table."); + + "can only execute at " + AccessControlLists.ACL_TABLE_NAME + " table."); } response = AccessControlProtos.RevokeResponse.getDefaultInstance(); } catch (IOException ioe) { @@ -1254,21 +1332,30 @@ public class AccessController extends BaseRegionObserver AccessControlProtos.UserPermissionsRequest request, RpcCallback done) { AccessControlProtos.UserPermissionsResponse response = null; - TableName table = null; - if (request.hasTableName()) { - table = ProtobufUtil.toTableName(request.getTableName()); - } try { // only allowed to be called on _acl_ region if (aclRegion) { - requirePermission("userPermissions", table, null, null, Action.ADMIN); + List perms = null; + if(request.getType() == AccessControlProtos.Permission.Type.Table) { + TableName table = null; + if (request.hasTableName()) { + table = ProtobufUtil.toTableName(request.getTableName()); + } + requirePermission("userPermissions", table, null, null, Action.ADMIN); - List perms = AccessControlLists.getUserPermissions( - regionEnv.getConfiguration(), table); + perms = AccessControlLists.getUserTablePermissions( + regionEnv.getConfiguration(), table); + } else if (request.getType() == AccessControlProtos.Permission.Type.Namespace) { + perms = AccessControlLists.getUserNamespacePermissions( + regionEnv.getConfiguration(), request.getNamespaceName().toStringUtf8()); + } else { + perms = AccessControlLists.getUserPermissions( + regionEnv.getConfiguration(), null); + } response = ResponseConverter.buildUserPermissionsResponse(perms); } else { throw new CoprocessorException(AccessController.class, "This method " - + "can only execute at " + Bytes.toString(AccessControlLists.ACL_TABLE_NAME) + " table."); + + "can only execute at " + AccessControlLists.ACL_TABLE_NAME + " table."); } } catch (IOException ioe) { // pass exception back up @@ -1371,7 +1458,8 @@ public class AccessController extends BaseRegionObserver private boolean isSpecialTable(HRegionInfo regionInfo) { TableName tableName = regionInfo.getTableName(); - return tableName.equals(AccessControlLists.ACL_TABLE) + return tableName.equals(AccessControlLists.ACL_TABLE_NAME) + || tableName.equals(TableName.NAMESPACE_TABLE_NAME) || tableName.equals(TableName.META_TABLE_NAME); } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java index b2623f4..3c8dc87 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java @@ -36,6 +36,7 @@ import org.apache.hadoop.hbase.util.Bytes; @InterfaceStability.Evolving public class AuthResult { private final boolean allowed; + private final String namespace; private final TableName table; private final Permission.Action action; private final String request; @@ -58,6 +59,7 @@ public class AuthResult { this.qualifier = qualifier; this.action = action; this.families = null; + this.namespace = null; } public AuthResult(boolean allowed, String request, String reason, User user, @@ -72,6 +74,21 @@ public class AuthResult { this.qualifier = null; this.action = action; this.families = families; + this.namespace = null; + } + + public AuthResult(boolean allowed, String request, String reason, User user, + Permission.Action action, String namespace) { + this.allowed = allowed; + this.request = request; + this.reason = reason; + this.user = user; + this.namespace = namespace; + this.action = action; + this.table = null; + this.family = null; + this.qualifier = null; + this.families = null; } public boolean isAllowed() { @@ -153,11 +170,13 @@ public class AuthResult { .append(user != null ? user.getName() : "UNKNOWN") .append(", "); sb.append("scope=") - .append(table == null ? "GLOBAL" : table) + .append(namespace != null ? namespace : table == null ? "GLOBAL" : table); + if(namespace == null) { + sb.append(", ") + .append("family=") + .append(toFamilyString()) .append(", "); - sb.append("family=") - .append(toFamilyString()) - .append(", "); + } sb.append("action=") .append(action != null ? action.toString() : "") .append(")"); @@ -169,6 +188,11 @@ public class AuthResult { } public static AuthResult allow(String request, String reason, User user, + Permission.Action action, String namespace) { + return new AuthResult(true, request, reason, user, action, namespace); + } + + public static AuthResult allow(String request, String reason, User user, Permission.Action action, TableName table, byte[] family, byte[] qualifier) { return new AuthResult(true, request, reason, user, action, table, family, qualifier); } @@ -180,6 +204,11 @@ public class AuthResult { } public static AuthResult deny(String request, String reason, User user, + Permission.Action action, String namespace) { + return new AuthResult(false, request, reason, user, action, namespace); + } + + public static AuthResult deny(String request, String reason, User user, Permission.Action action, TableName table, byte[] family, byte[] qualifier) { return new AuthResult(false, request, reason, user, action, table, family, qualifier); } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java index e99f69a..971253b 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java @@ -96,6 +96,9 @@ public class TableAuthManager { private ConcurrentSkipListMap> tableCache = new ConcurrentSkipListMap>(); + private ConcurrentSkipListMap> nsCache = + new ConcurrentSkipListMap>(); + private Configuration conf; private ZKPermissionWatcher zkperms; @@ -147,7 +150,7 @@ public class TableAuthManager { return this.zkperms; } - public void refreshCacheFromWritable(TableName table, + public void refreshTableCacheFromWritable(TableName table, byte[] data) throws IOException { if (data != null && data.length > 0) { ListMultimap perms; @@ -169,6 +172,22 @@ public class TableAuthManager { } } + public void refreshNamespaceCacheFromWritable(String namespace, byte[] data) throws IOException { + if (data != null && data.length > 0) { + ListMultimap perms; + try { + perms = AccessControlLists.readPermissions(data, conf); + } catch (DeserializationException e) { + throw new IOException(e); + } + if (perms != null) { + updateNsCache(namespace, perms); + } + } else { + LOG.debug("Skipping permission cache refresh because writable data is empty"); + } + } + /** * Updates the internal global permissions cache * @@ -216,6 +235,29 @@ public class TableAuthManager { tableCache.put(table, newTablePerms); } + /** + * Updates the internal permissions cache for a single table, splitting + * the permissions listed into separate caches for users and groups to optimize + * group lookups. + * + * @param namespace + * @param tablePerms + */ + private void updateNsCache(String namespace, + ListMultimap tablePerms) { + PermissionCache newTablePerms = new PermissionCache(); + + for (Map.Entry entry : tablePerms.entries()) { + if (AccessControlLists.isGroupPrincipal(entry.getKey())) { + newTablePerms.putGroup(AccessControlLists.getGroupName(entry.getKey()), entry.getValue()); + } else { + newTablePerms.putUser(entry.getKey(), entry.getValue()); + } + } + + nsCache.put(namespace, newTablePerms); + } + private PermissionCache getTablePermissions(TableName table) { if (!tableCache.containsKey(table)) { tableCache.putIfAbsent(table, new PermissionCache()); @@ -223,6 +265,13 @@ public class TableAuthManager { return tableCache.get(table); } + private PermissionCache getNamespacePermissions(String namespace) { + if (!nsCache.containsKey(namespace)) { + nsCache.putIfAbsent(namespace, new PermissionCache()); + } + return nsCache.get(namespace); + } + /** * Authorizes a global permission * @param perms @@ -329,6 +378,45 @@ public class TableAuthManager { return false; } + public boolean authorize(User user, String namespace, Permission.Action action) { + if (authorizeUser(user.getShortName(), action)) { + return true; + } + PermissionCache tablePerms = nsCache.get(namespace); + if (tablePerms != null) { + List userPerms = tablePerms.getUser(user.getShortName()); + if (authorize(userPerms, namespace, action)) { + return true; + } + + String[] groupNames = user.getGroupNames(); + if (groupNames != null) { + for (String group : groupNames) { + List groupPerms = tablePerms.getGroup(group); + if (authorize(groupPerms, namespace, action)) { + return true; + } + } + } + } + return false; + } + + private boolean authorize(List perms, String namespace, + Permission.Action action) { + if (perms != null) { + for (TablePermission p : perms) { + if (p.implies(namespace, action)) { + return true; + } + } + } else if (LOG.isDebugEnabled()) { + LOG.debug("No permissions for authorize() check, table=" + namespace); + } + + return false; + } + /** * Checks global authorization for a specific action for a user, based on the * stored user permissions. @@ -358,7 +446,7 @@ public class TableAuthManager { if (authorizeUser(username, action)) { return true; } - if (table == null) table = AccessControlLists.ACL_TABLE; + if (table == null) table = AccessControlLists.ACL_TABLE_NAME; return authorize(getTablePermissions(table).getUser(username), table, family, qualifier, action); } @@ -387,7 +475,7 @@ public class TableAuthManager { if (authorizeGroup(groupName, action)) { return true; } - if (table == null) table = AccessControlLists.ACL_TABLE; + if (table == null) table = AccessControlLists.ACL_TABLE_NAME; return authorize(getTablePermissions(table).getGroup(groupName), table, family, action); } @@ -481,11 +569,11 @@ public class TableAuthManager { return false; } - public void remove(byte[] table) { - remove(TableName.valueOf(table)); + public void removeNamespace(byte[] ns) { + nsCache.remove(ns); } - public void remove(TableName table) { + public void removeTable(TableName table) { tableCache.remove(table); } @@ -496,11 +584,11 @@ public class TableAuthManager { * @param table * @param perms */ - public void setUserPermissions(String username, TableName table, + public void setTableUserPermissions(String username, TableName table, List perms) { PermissionCache tablePerms = getTablePermissions(table); tablePerms.replaceUser(username, perms); - writeToZooKeeper(table, tablePerms); + writeTableToZooKeeper(table, tablePerms); } /** @@ -510,20 +598,58 @@ public class TableAuthManager { * @param table * @param perms */ - public void setGroupPermissions(String group, TableName table, + public void setTableGroupPermissions(String group, TableName table, List perms) { PermissionCache tablePerms = getTablePermissions(table); tablePerms.replaceGroup(group, perms); - writeToZooKeeper(table, tablePerms); + writeTableToZooKeeper(table, tablePerms); + } + + /** + * Overwrites the existing permission set for a given user for a table, and + * triggers an update for zookeeper synchronization. + * @param username + * @param namespace + * @param perms + */ + public void setNamespaceUserPermissions(String username, String namespace, + List perms) { + PermissionCache tablePerms = getNamespacePermissions(namespace); + tablePerms.replaceUser(username, perms); + writeNamespaceToZooKeeper(namespace, tablePerms); + } + + /** + * Overwrites the existing permission set for a group and triggers an update + * for zookeeper synchronization. + * @param group + * @param namespace + * @param perms + */ + public void setNamespaceGroupPermissions(String group, String namespace, + List perms) { + PermissionCache tablePerms = getNamespacePermissions(namespace); + tablePerms.replaceGroup(group, perms); + writeNamespaceToZooKeeper(namespace, tablePerms); + } + + public void writeTableToZooKeeper(TableName table, + PermissionCache tablePerms) { + byte[] serialized = new byte[0]; + if (tablePerms != null) { + serialized = AccessControlLists.writePermissionsAsBytes(tablePerms.getAllPermissions(), conf); + } + zkperms.writeToZookeeper(table.getName(), serialized); } - public void writeToZooKeeper(TableName table, + public void writeNamespaceToZooKeeper(String namespace, PermissionCache tablePerms) { byte[] serialized = new byte[0]; if (tablePerms != null) { serialized = AccessControlLists.writePermissionsAsBytes(tablePerms.getAllPermissions(), conf); } - zkperms.writeToZookeeper(table, serialized); + zkperms.writeToZookeeper(Bytes.toBytes(AccessControlLists.toNamespaceEntry(namespace)), + serialized); } static Map managerMap = diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java index be4538d..ccec446 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java @@ -85,7 +85,11 @@ public class ZKPermissionWatcher extends ZooKeeperListener { public void nodeDeleted(String path) { if (aclZNode.equals(ZKUtil.getParent(path))) { String table = ZKUtil.getNodeName(path); - authManager.remove(Bytes.toBytes(table)); + if(AccessControlLists.isNamespaceEntry(table)) { + authManager.removeNamespace(Bytes.toBytes(table)); + } else { + authManager.removeTable(TableName.valueOf(table)); + } } } @@ -93,14 +97,14 @@ public class ZKPermissionWatcher extends ZooKeeperListener { public void nodeDataChanged(String path) { if (aclZNode.equals(ZKUtil.getParent(path))) { // update cache on an existing table node - TableName table = TableName.valueOf(ZKUtil.getNodeName(path)); + String entry = ZKUtil.getNodeName(path); try { byte[] data = ZKUtil.getDataAndWatch(watcher, path); - authManager.refreshCacheFromWritable(table, data); + refreshAuthManager(entry, data); } catch (KeeperException ke) { - LOG.error("Error reading data from zookeeper for node "+table, ke); + LOG.error("Error reading data from zookeeper for node " + entry, ke); // only option is to abort - watcher.abort("Zookeeper error getting data for node " + table, ke); + watcher.abort("Zookeeper error getting data for node " + entry, ke); } catch (IOException ioe) { LOG.error("Error reading permissions writables", ioe); } @@ -126,36 +130,45 @@ public class ZKPermissionWatcher extends ZooKeeperListener { for (ZKUtil.NodeAndData n : nodes) { if (n.isEmpty()) continue; String path = n.getNode(); - TableName table = TableName.valueOf(ZKUtil.getNodeName(path)); + String entry = (ZKUtil.getNodeName(path)); try { - byte[] nodeData = n.getData(); - if (LOG.isDebugEnabled()) { - LOG.debug("Updating permissions cache from node "+table+" with data: "+ - Bytes.toStringBinary(nodeData)); - } - authManager.refreshCacheFromWritable(table, nodeData); + refreshAuthManager(entry, n.getData()); } catch (IOException ioe) { - LOG.error("Failed parsing permissions for table '" + table + + LOG.error("Failed parsing permissions for table '" + entry + "' from zk", ioe); } } } + private void refreshAuthManager(String entry, byte[] nodeData) throws IOException { + if (LOG.isDebugEnabled()) { + LOG.debug("Updating permissions cache from node "+entry+" with data: "+ + Bytes.toStringBinary(nodeData)); + } + if(AccessControlLists.isNamespaceEntry(entry)) { + authManager.refreshNamespaceCacheFromWritable( + AccessControlLists.fromNamespaceEntry(entry), nodeData); + } else { + authManager.refreshTableCacheFromWritable(TableName.valueOf(entry), nodeData); + } + } + /*** * Write a table's access controls to the permissions mirror in zookeeper - * @param tableName + * @param entry * @param permsData */ - public void writeToZookeeper(TableName tableName, byte[] permsData) { + public void writeToZookeeper(byte[] entry, byte[] permsData) { + String entryName = Bytes.toString(entry); String zkNode = ZKUtil.joinZNode(watcher.baseZNode, ACL_NODE); - zkNode = ZKUtil.joinZNode(zkNode, tableName.getNameAsString()); + zkNode = ZKUtil.joinZNode(zkNode, entryName); try { ZKUtil.createWithParents(watcher, zkNode); ZKUtil.updateExistingNodeData(watcher, zkNode, permsData, -1); } catch (KeeperException e) { - LOG.error("Failed updating permissions for table '" + - tableName + "'", e); + LOG.error("Failed updating permissions for entry '" + + entryName + "'", e); watcher.abort("Failed writing node "+zkNode+" to zookeeper", e); } } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/thrift/generated/Hbase.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/thrift/generated/Hbase.java index 372d920..f361689 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/thrift/generated/Hbase.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/thrift/generated/Hbase.java @@ -3822,7 +3822,8 @@ public class Hbase { } } - public static class createTable extends org.apache.thrift.ProcessFunction { + public static class + createTable extends org.apache.thrift.ProcessFunction { public createTable() { super("createTable"); } diff --git a/hbase-server/src/main/ruby/hbase/security.rb b/hbase-server/src/main/ruby/hbase/security.rb index f471132..3335c6e 100644 --- a/hbase-server/src/main/ruby/hbase/security.rb +++ b/hbase-server/src/main/ruby/hbase/security.rb @@ -36,26 +36,6 @@ module Hbase # TODO: need to validate user name - # Verify that the specified permission is valid - if (permissions == nil || permissions.length == 0) - raise(ArgumentError, "Invalid permission: no actions associated with user") - end - - if (table_name != nil) - # Table should exist - raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name) - - tablebytes=table_name.to_java_bytes - htd = @admin.getTableDescriptor(tablebytes) - - if (family != nil) - raise(ArgumentError, "Can't find a family: #{family}") unless htd.hasFamily(family.to_java_bytes) - end - - fambytes = family.to_java_bytes if (family != nil) - qualbytes = qualifier.to_java_bytes if (qualifier != nil) - end - begin meta_table = org.apache.hadoop.hbase.client.HTable.new(@config, org.apache.hadoop.hbase.security.access.AccessControlLists::ACL_TABLE_NAME) @@ -67,10 +47,48 @@ module Hbase perm = org.apache.hadoop.hbase.security.access.Permission.new( permissions.to_java_bytes) - # invoke cp endpoint to perform access controlse - org.apache.hadoop.hbase.protobuf.ProtobufUtil.grant( - protocol, user, tablebytes, fambytes, - qualbytes, perm.getActions()) + # Verify that the specified permission is valid + if (permissions == nil || permissions.length == 0) + raise(ArgumentError, "Invalid permission: no actions associated with user") + end + + if (table_name != nil) + #check if the tablename passed is actually a namespace + if (isNamespace?(table_name)) + # Namespace should exist first. + namespace_name = table_name[1...table_name.length] + raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless namespace_exists?(namespace_name) + + #We pass the namespace name along with "@" so that we can differentiate a namespace from a table. + tablebytes=table_name.to_java_bytes + # invoke cp endpoint to perform access controlse + org.apache.hadoop.hbase.protobuf.ProtobufUtil.grant( + protocol, user, tablebytes, perm.getActions()) + else + # Table should exist + raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name) + + tableName = org.apache.hadoop.hbase.TableName.valueOf(table_name.to_java_bytes) + htd = @admin.getTableDescriptor(tablebytes) + + if (family != nil) + raise(ArgumentError, "Can't find a family: #{family}") unless htd.hasFamily(family.to_java_bytes) + end + + fambytes = family.to_java_bytes if (family != nil) + qualbytes = qualifier.to_java_bytes if (qualifier != nil) + + # invoke cp endpoint to perform access controlse + org.apache.hadoop.hbase.protobuf.ProtobufUtil.grant( + protocol, user, tableName, fambytes, + qualbytes, perm.getActions()) + end + else + # invoke cp endpoint to perform access controlse + org.apache.hadoop.hbase.protobuf.ProtobufUtil.grant( + protocol, user, perm.getActions()) + end + ensure meta_table.close() end @@ -82,21 +100,6 @@ module Hbase # TODO: need to validate user name - if (table_name != nil) - # Table should exist - raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name) - - tablebytes=table_name.to_java_bytes - htd = @admin.getTableDescriptor(tablebytes) - - if (family != nil) - raise(ArgumentError, "Can't find family: #{family}") unless htd.hasFamily(family.to_java_bytes) - end - - fambytes = family.to_java_bytes if (family != nil) - qualbytes = qualifier.to_java_bytes if (qualifier != nil) - end - begin meta_table = org.apache.hadoop.hbase.client.HTable.new(@config, org.apache.hadoop.hbase.security.access.AccessControlLists::ACL_TABLE_NAME) @@ -106,9 +109,41 @@ module Hbase protocol = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos:: AccessControlService.newBlockingStub(service) - # invoke cp endpoint to perform access controlse - org.apache.hadoop.hbase.protobuf.ProtobufUtil.revoke( - protocol, user, tablebytes, fambytes, qualbytes) + if (table_name != nil) + #check if the tablename passed is actually a namespace + if (isNamespace?(table_name)) + # Namespace should exist first. + namespace_name = table_name[1...table_name.length] + raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless namespace_exists?(namespace_name) + + #We pass the namespace name along with "@" so that we can differentiate a namespace from a table. + tablebytes=table_name.to_java_bytes + # invoke cp endpoint to perform access controlse + org.apache.hadoop.hbase.protobuf.ProtobufUtil.revoke( + protocol, user, tablebytes) + else + # Table should exist + raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name) + + tableName = org.apache.hadoop.hbase.TableName.valueOf(table_name.to_java_bytes) + htd = @admin.getTableDescriptor(tableName) + + if (family != nil) + raise(ArgumentError, "Can't find a family: #{family}") unless htd.hasFamily(family.to_java_bytes) + end + + fambytes = family.to_java_bytes if (family != nil) + qualbytes = qualifier.to_java_bytes if (qualifier != nil) + + # invoke cp endpoint to perform access controlse + org.apache.hadoop.hbase.protobuf.ProtobufUtil.revoke( + protocol, user, tableName, fambytes, qualbytes) + end + else + # invoke cp endpoint to perform access controlse + org.apache.hadoop.hbase.protobuf.ProtobufUtil.revoke( + protocol, user) + end ensure meta_table.close() end @@ -118,12 +153,6 @@ module Hbase def user_permission(table_name=nil) security_available? - if (table_name != nil) - raise(ArgumentError, "Can't find table: #{table_name}") unless exists?(table_name) - - tablebytes=table_name.to_java_bytes - end - begin meta_table = org.apache.hadoop.hbase.client.HTable.new(@config, org.apache.hadoop.hbase.security.access.AccessControlLists::ACL_TABLE_NAME) @@ -133,9 +162,23 @@ module Hbase protocol = org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos:: AccessControlService.newBlockingStub(service) - # invoke cp endpoint to perform access controlse - perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions( - protocol, tablebytes) + if (table_name != nil) + #check if namespace is passed. + if (isNamespace?(table_name)) + # Namespace should exist first. + namespace_name = table_name[1...table_name.length] + raise(ArgumentError, "Can't find a namespace: #{namespace_name}") unless namespace_exists?(namespace_name) + # invoke cp endpoint to perform access controls + perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions( + protocol, table_name.to_java_bytes) + else + raise(ArgumentError, "Can't find table: #{table_name}") unless exists?(table_name) + perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions( + protocol, org.apache.hadoop.hbase.TableName.valueOf(table_name)) + end + else + perms = org.apache.hadoop.hbase.protobuf.ProtobufUtil.getUserPermissions(protocol) + end ensure meta_table.close() end @@ -167,11 +210,24 @@ module Hbase @admin.tableExists(table_name) end + def isNamespace?(table_name) + table_name.start_with?('@') + end + + # Does Namespace exist + def namespace_exists?(namespace_name) + namespaceDesc = @admin.getNamespaceDescriptor(namespace_name) + if(namespaceDesc == nil) + return false + else + return true + end + end + # Make sure that security tables are available def security_available?() raise(ArgumentError, "DISABLED: Security features are not available") \ unless exists?(org.apache.hadoop.hbase.security.access.AccessControlLists::ACL_TABLE_NAME) end - end end diff --git a/hbase-server/src/test/data/TestNamespaceUpgrade.tgz b/hbase-server/src/test/data/TestNamespaceUpgrade.tgz index f18430b..db6e9c3 100644 Binary files a/hbase-server/src/test/data/TestNamespaceUpgrade.tgz and b/hbase-server/src/test/data/TestNamespaceUpgrade.tgz differ diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestSecureLoadIncrementalHFiles.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestSecureLoadIncrementalHFiles.java index 044b26a..a88dded 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestSecureLoadIncrementalHFiles.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestSecureLoadIncrementalHFiles.java @@ -49,7 +49,7 @@ public class TestSecureLoadIncrementalHFiles extends TestLoadIncrementalHFiles{ util.startMiniCluster(); // Wait for the ACL table to become available - util.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME); + util.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName()); } } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestSecureLoadIncrementalHFilesSplitRecovery.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestSecureLoadIncrementalHFilesSplitRecovery.java index 245055b..49e1f4c 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestSecureLoadIncrementalHFilesSplitRecovery.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/mapreduce/TestSecureLoadIncrementalHFilesSplitRecovery.java @@ -54,7 +54,7 @@ public class TestSecureLoadIncrementalHFilesSplitRecovery extends TestLoadIncrem util.startMiniCluster(); // Wait for the ACL table to become available - util.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME); + util.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName()); } //Disabling this test as it does not work in secure mode diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/migration/TestNamespaceUpgrade.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/migration/TestNamespaceUpgrade.java index e3a3f46..bd19d9c 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/migration/TestNamespaceUpgrade.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/migration/TestNamespaceUpgrade.java @@ -23,6 +23,7 @@ import static org.junit.Assert.*; import java.io.File; import java.io.IOException; +import java.util.List; import junit.framework.Assert; @@ -41,8 +42,11 @@ import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.Waiter; import org.apache.hadoop.hbase.client.HTable; import org.apache.hadoop.hbase.client.Result; +import org.apache.hadoop.hbase.client.ResultScanner; import org.apache.hadoop.hbase.client.Scan; import org.apache.hadoop.hbase.protobuf.generated.AdminProtos; +import org.apache.hadoop.hbase.regionserver.HRegion; +import org.apache.hadoop.hbase.security.access.AccessControlLists; import org.apache.hadoop.hbase.util.Bytes; import org.apache.hadoop.hbase.util.FSUtils; import org.apache.hadoop.util.ToolRunner; @@ -64,6 +68,9 @@ import org.junit.experimental.categories.Category; * Contains snapshots with snapshot{num}Keys as the contents: * snapshot1Keys, snapshot2Keys * + * Image also contains _acl_ table with one region and two storefiles. + * This is needed to test the acl table migration. + * */ @Category(MediumTests.class) public class TestNamespaceUpgrade { @@ -103,6 +110,7 @@ public class TestNamespaceUpgrade { Configuration toolConf = TEST_UTIL.getConfiguration(); conf.set(HConstants.HBASE_DIR, TEST_UTIL.getDefaultRootDirPath().toString()); ToolRunner.run(toolConf, new NamespaceUpgrade(), new String[]{"--upgrade"}); + doFsCommand(shell, new String [] {"-lsr", "/"}); assertTrue(FSUtils.getVersion(fs, hbaseRootDir).equals(HConstants.FILE_SYSTEM_VERSION)); TEST_UTIL.startMiniHBaseCluster(1, 1); @@ -115,6 +123,22 @@ public class TestNamespaceUpgrade { Assert.assertEquals(currentKeys.length, count); } assertEquals(2, TEST_UTIL.getHBaseAdmin().listNamespaceDescriptors().length); + + //verify ACL table is migrated + HTable secureTable = new HTable(conf, AccessControlLists.ACL_TABLE_NAME); + ResultScanner scanner = secureTable.getScanner(new Scan()); + int count = 0; + for(Result r : scanner) { + count++; + } + assertEquals(3, count); + assertFalse(TEST_UTIL.getHBaseAdmin().tableExists("_acl_")); + + //verify ACL table was compacted + List regions = TEST_UTIL.getMiniHBaseCluster().getRegions(secureTable.getName()); + for(HRegion region : regions) { + assertEquals(1, region.getStores().size()); + } } private static File untar(final File testdir) throws IOException { diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java index f069766..e7db7c5 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java @@ -18,11 +18,25 @@ package org.apache.hadoop.hbase.security.access; +import static org.junit.Assert.fail; + import java.io.IOException; +import java.lang.reflect.UndeclaredThrowableException; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.hbase.TableName; +import org.apache.hadoop.hbase.client.HTable; +import org.apache.hadoop.hbase.client.RetriesExhaustedWithDetailsException; +import org.apache.hadoop.hbase.protobuf.ProtobufUtil; +import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService; +import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest; +import org.apache.hadoop.hbase.security.AccessDeniedException; import org.apache.hadoop.hbase.security.User; +import com.google.protobuf.ServiceException; + /** * Utility methods for testing security */ @@ -37,4 +51,105 @@ public class SecureTestUtil { String currentUser = User.getCurrent().getName(); conf.set("hbase.superuser", "admin,"+currentUser); } + + public void verifyAllowed(User user, PrivilegedExceptionAction... actions) throws Exception { + for (PrivilegedExceptionAction action : actions) { + try { + user.runAs(action); + } catch (AccessDeniedException ade) { + fail("Expected action to pass for user '" + user.getShortName() + "' but was denied"); + } + } + } + + public void verifyAllowed(PrivilegedExceptionAction action, User... users) throws Exception { + for (User user : users) { + verifyAllowed(user, action); + } + } + + public void verifyDenied(User user, PrivilegedExceptionAction... actions) throws Exception { + for (PrivilegedExceptionAction action : actions) { + try { + user.runAs(action); + fail("Expected AccessDeniedException for user '" + user.getShortName() + "'"); + } catch (IOException e) { + boolean isAccessDeniedException = false; + if(e instanceof RetriesExhaustedWithDetailsException) { + // in case of batch operations, and put, the client assembles a + // RetriesExhaustedWithDetailsException instead of throwing an + // AccessDeniedException + for(Throwable ex : ((RetriesExhaustedWithDetailsException) e).getCauses()) { + if (ex instanceof AccessDeniedException) { + isAccessDeniedException = true; + break; + } + } + } + else { + // For doBulkLoad calls AccessDeniedException + // is buried in the stack trace + Throwable ex = e; + do { + if (ex instanceof AccessDeniedException) { + isAccessDeniedException = true; + break; + } + } while((ex = ex.getCause()) != null); + } + if (!isAccessDeniedException) { + fail("Not receiving AccessDeniedException for user '" + user.getShortName() + "'"); + } + } catch (UndeclaredThrowableException ute) { + // TODO why we get a PrivilegedActionException, which is unexpected? + Throwable ex = ute.getUndeclaredThrowable(); + if (ex instanceof PrivilegedActionException) { + ex = ((PrivilegedActionException) ex).getException(); + } + if (ex instanceof ServiceException) { + ServiceException se = (ServiceException)ex; + if (se.getCause() != null && se.getCause() instanceof AccessDeniedException) { + // expected result + return; + } + } + fail("Not receiving AccessDeniedException for user '" + user.getShortName() + "'"); + } + } + } + + public void verifyDenied(PrivilegedExceptionAction action, User... users) throws Exception { + for (User user : users) { + verifyDenied(user, action); + } + } + + public void checkTablePerms(Configuration conf, byte[] table, byte[] family, byte[] column, + Permission.Action... actions) throws IOException { + Permission[] perms = new Permission[actions.length]; + for (int i = 0; i < actions.length; i++) { + perms[i] = new TablePermission(TableName.valueOf(table), family, column, actions[i]); + } + + checkTablePerms(conf, table, perms); + } + + public void checkTablePerms(Configuration conf, byte[] table, Permission... perms) throws IOException { + CheckPermissionsRequest.Builder request = CheckPermissionsRequest.newBuilder(); + for (Permission p : perms) { + request.addPermission(ProtobufUtil.toPermission(p)); + } + HTable acl = new HTable(conf, table); + try { + AccessControlService.BlockingInterface protocol = + AccessControlService.newBlockingStub(acl.coprocessorService(new byte[0])); + try { + protocol.checkPermissions(null, request.build()); + } catch (ServiceException se) { + ProtobufUtil.toIOException(se); + } + } finally { + acl.close(); + } + } } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java index 901d979..461cf45 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessControlFilter.java @@ -77,7 +77,7 @@ public class TestAccessControlFilter { conf.set("hbase.superuser", conf.get("hbase.superuser", "") + String.format(",%s.hfs.0,%s.hfs.1,%s.hfs.2", baseuser, baseuser, baseuser)); TEST_UTIL.startMiniCluster(); - TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME); + TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName()); ADMIN = User.createUserForTesting(conf, "admin", new String[]{"supergroup"}); READER = User.createUserForTesting(conf, "reader", new String[0]); diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index c50f1aa..fe03020 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -18,8 +18,8 @@ package org.apache.hadoop.hbase.security.access; -import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -103,7 +103,7 @@ import com.google.protobuf.ServiceException; */ @Category(LargeTests.class) @SuppressWarnings("rawtypes") -public class TestAccessController { +public class TestAccessController extends SecureTestUtil { private static final Log LOG = LogFactory.getLog(TestAccessController.class); @Rule public TestTableName TEST_TABLE = new TestTableName(); private static HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility(); @@ -156,7 +156,7 @@ public class TestAccessController { Coprocessor.PRIORITY_HIGHEST, 1, conf); // Wait for the ACL table to become available - TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME); + TEST_UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName()); // create a set of test users SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); @@ -196,7 +196,6 @@ public class TestAccessController { AccessControlService.newBlockingStub(service); protocol.grant(null, RequestConverter.buildGrantRequest(USER_ADMIN.getShortName(), - null, null, null, AccessControlProtos.Permission.Action.ADMIN, AccessControlProtos.Permission.Action.CREATE, AccessControlProtos.Permission.Action.READ, @@ -235,17 +234,6 @@ public class TestAccessController { assertEquals(0, AccessControlLists.getTablePermissions(conf, TEST_TABLE.getTableName()).size()); } - public void verifyAllowed(User user, PrivilegedExceptionAction... actions) throws Exception { - for (PrivilegedExceptionAction action : actions) { - try { - user.runAs(action); - } catch (AccessDeniedException ade) { - fail("Expected action to pass for user '" + user.getShortName() + "' but was denied: " + - ade.toString()); - } - } - } - public void verifyAllowed(PrivilegedExceptionAction action, User... users) throws Exception { for (User user : users) { verifyAllowed(user, action); @@ -415,7 +403,7 @@ public class TestAccessController { PrivilegedExceptionAction disableAclTable = new PrivilegedExceptionAction() { public Object run() throws Exception { ACCESS_CONTROLLER.preDisableTable(ObserverContext.createAndPrepare(CP_ENV, null), - AccessControlLists.ACL_TABLE); + AccessControlLists.ACL_TABLE_NAME); return null; } }; @@ -1164,7 +1152,7 @@ public class TestAccessController { ProtobufUtil.grant(protocol, tblUser.getShortName(), tableName, null, null, Permission.Action.READ); ProtobufUtil.grant(protocol, gblUser.getShortName(), - null, null, null, Permission.Action.READ); + Permission.Action.READ); } finally { acl.close(); } @@ -1188,7 +1176,7 @@ public class TestAccessController { ProtobufUtil.grant(protocol, tblUser.getShortName(), tableName, null, null, Permission.Action.WRITE); ProtobufUtil.grant(protocol, gblUser.getShortName(), - null, null, null, Permission.Action.WRITE); + Permission.Action.WRITE); } finally { acl.close(); } @@ -1212,7 +1200,7 @@ public class TestAccessController { ProtobufUtil.grant(protocol, tblUser.getShortName(), tableName, null, null, Permission.Action.READ, Permission.Action.WRITE); ProtobufUtil.revoke(protocol, tblUser.getShortName(), tableName, null, null); - ProtobufUtil.revoke(protocol, gblUser.getShortName(), null, null, null); + ProtobufUtil.revoke(protocol, gblUser.getShortName()); } finally { acl.close(); } @@ -1236,7 +1224,7 @@ public class TestAccessController { ProtobufUtil.grant(protocol, tblUser.getShortName(), tableName, family1, null, Permission.Action.READ); ProtobufUtil.grant(protocol, gblUser.getShortName(), - null, null, null, Permission.Action.READ); + Permission.Action.READ); } finally { acl.close(); } @@ -1262,7 +1250,7 @@ public class TestAccessController { ProtobufUtil.grant(protocol, tblUser.getShortName(), tableName, family2, null, Permission.Action.WRITE); ProtobufUtil.grant(protocol, gblUser.getShortName(), - null, null, null, Permission.Action.WRITE); + Permission.Action.WRITE); } finally { acl.close(); } @@ -1287,7 +1275,7 @@ public class TestAccessController { AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(service); ProtobufUtil.revoke(protocol, tblUser.getShortName(), tableName, family2, null); - ProtobufUtil.revoke(protocol, gblUser.getShortName(), null, null, null); + ProtobufUtil.revoke(protocol, gblUser.getShortName()); } finally { acl.close(); } @@ -1607,12 +1595,12 @@ public class TestAccessController { BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW); AccessControlService.BlockingInterface protocol = AccessControlService.newBlockingStub(service); - perms = ProtobufUtil.getUserPermissions(protocol, null); + perms = ProtobufUtil.getUserPermissions(protocol); } finally { acl.close(); } UserPermission adminPerm = new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()), - AccessControlLists.ACL_TABLE, null, null, Bytes.toBytes("ACRW")); + AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW")); assertTrue("Only user admin has permission on table _acl_ per setup", perms.size() == 1 && hasFoundUserPermission(adminPerm, perms)); } @@ -1632,7 +1620,10 @@ public class TestAccessController { CheckPermissionsRequest.Builder request = CheckPermissionsRequest.newBuilder(); for (Action a : actions) { request.addPermission(AccessControlProtos.Permission.newBuilder() - .addAction(ProtobufUtil.toPermissionAction(a)).build()); + .setType(AccessControlProtos.Permission.Type.Global) + .setGlobalPermission( + AccessControlProtos.GlobalPermission.newBuilder() + .addAction(ProtobufUtil.toPermissionAction(a)).build())); } HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME); try { @@ -1813,8 +1804,11 @@ public class TestAccessController { // check for wrong table region CheckPermissionsRequest checkRequest = CheckPermissionsRequest.newBuilder() .addPermission(AccessControlProtos.Permission.newBuilder() - .setTableName(ProtobufUtil.toProtoTableName(TEST_TABLE.getTableName())) - .addAction(AccessControlProtos.Permission.Action.CREATE) + .setType(AccessControlProtos.Permission.Type.Table) + .setTablePermission( + AccessControlProtos.TablePermission.newBuilder() + .setTableName(ProtobufUtil.toProtoTableName(TEST_TABLE.getTableName())) + .addAction(AccessControlProtos.Permission.Action.CREATE)) ).build(); acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME); try { @@ -1935,7 +1929,7 @@ public class TestAccessController { // User name for the new RegionServer we plan to add. String activeUserForNewRs = currentUser + ".hfs." + hbaseCluster.getLiveRegionServerThreads().size(); - ProtobufUtil.grant(protocol, activeUserForNewRs, null, null, null, + ProtobufUtil.grant(protocol, activeUserForNewRs, Permission.Action.ADMIN, Permission.Action.CREATE, Permission.Action.READ, Permission.Action.WRITE); } finally { diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.java new file mode 100644 index 0000000..9ac5c62 --- /dev/null +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestNamespaceCommands.java @@ -0,0 +1,217 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.hbase.security.access; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +import java.security.PrivilegedExceptionAction; +import java.util.List; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.hbase.Coprocessor; +import org.apache.hadoop.hbase.HBaseTestingUtility; +import org.apache.hadoop.hbase.HColumnDescriptor; +import org.apache.hadoop.hbase.HConstants; +import org.apache.hadoop.hbase.HTableDescriptor; +import org.apache.hadoop.hbase.MediumTests; +import org.apache.hadoop.hbase.NamespaceDescriptor; +import org.apache.hadoop.hbase.TableName; +import org.apache.hadoop.hbase.client.Get; +import org.apache.hadoop.hbase.client.HTable; +import org.apache.hadoop.hbase.client.Result; +import org.apache.hadoop.hbase.coprocessor.CoprocessorHost; +import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment; +import org.apache.hadoop.hbase.coprocessor.ObserverContext; +import org.apache.hadoop.hbase.master.MasterCoprocessorHost; +import org.apache.hadoop.hbase.protobuf.ProtobufUtil; +import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService; +import org.apache.hadoop.hbase.security.User; +import org.apache.hadoop.hbase.security.access.Permission.Action; +import org.apache.hadoop.hbase.util.Bytes; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import com.google.common.collect.ListMultimap; +import com.google.protobuf.BlockingRpcChannel; + +@Category(MediumTests.class) +@SuppressWarnings("rawtypes") +public class TestNamespaceCommands extends SecureTestUtil { + private static HBaseTestingUtility UTIL = new HBaseTestingUtility(); + private static String TestNamespace = "ns1"; + private static Configuration conf; + private static MasterCoprocessorEnvironment CP_ENV; + private static AccessController ACCESS_CONTROLLER; + +//user with all permissions + private static User SUPERUSER; + // user with rw permissions + private static User USER_RW; + // user with create table permissions alone + private static User USER_CREATE; + // user with permission on namespace for testing all operations. + private static User USER_NSP_WRITE; + + @BeforeClass + public static void beforeClass() throws Exception { + conf = UTIL.getConfiguration(); + SecureTestUtil.enableSecurity(conf); + conf.set(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY, AccessController.class.getName()); + UTIL.startMiniCluster(); + SUPERUSER = User.createUserForTesting(conf, "admin", new String[] { "supergroup" }); + USER_RW = User.createUserForTesting(conf, "rw_user", new String[0]); + USER_CREATE = User.createUserForTesting(conf, "create_user", new String[0]); + USER_NSP_WRITE = User.createUserForTesting(conf, "namespace_write", new String[0]); + UTIL.getHBaseAdmin().createNamespace(NamespaceDescriptor.create(TestNamespace).build()); + + // Wait for the ACL table to become available + UTIL.waitTableAvailable(AccessControlLists.ACL_TABLE_NAME.getName(), 8000); + + HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME); + MasterCoprocessorHost cpHost = UTIL.getMiniHBaseCluster().getMaster().getCoprocessorHost(); + cpHost.load(AccessController.class, Coprocessor.PRIORITY_HIGHEST, conf); + ACCESS_CONTROLLER = (AccessController) cpHost.findCoprocessor(AccessController.class.getName()); + try { + BlockingRpcChannel service = + acl.coprocessorService(HConstants.EMPTY_START_ROW); + AccessControlService.BlockingInterface protocol = + AccessControlService.newBlockingStub(service); + ProtobufUtil.grant(protocol, USER_NSP_WRITE.getShortName(), + TestNamespace, Action.WRITE); + } finally { + acl.close(); + } + } + + @AfterClass + public static void afterClass() throws Exception { + UTIL.getHBaseAdmin().deleteNamespace(TestNamespace); + UTIL.shutdownMiniCluster(); + } + + @Test + public void testAclTableEntries() throws Exception { + String userTestNamespace = "userTestNsp"; + AccessControlService.BlockingInterface protocol = null; + HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME); + try { + BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW); + protocol = AccessControlService.newBlockingStub(service); + ProtobufUtil.grant(protocol, userTestNamespace, TestNamespace, Permission.Action.WRITE); + Result result = acl.get(new Get(Bytes.toBytes(userTestNamespace))); + assertTrue(result != null); + ListMultimap perms = + AccessControlLists.getNamespacePermissions(conf, TestNamespace); + assertEquals(2, perms.size()); + List namespacePerms = perms.get(userTestNamespace); + assertTrue(perms.containsKey(userTestNamespace)); + assertEquals(1, namespacePerms.size()); + assertEquals(TestNamespace, + namespacePerms.get(0).getNamespace()); + assertEquals(null, namespacePerms.get(0).getFamily()); + assertEquals(null, namespacePerms.get(0).getQualifier()); + assertEquals(1, namespacePerms.get(0).getActions().length); + assertEquals(Permission.Action.WRITE, namespacePerms.get(0).getActions()[0]); + // Now revoke and check. + ProtobufUtil.revoke(protocol, userTestNamespace, TestNamespace, + Permission.Action.WRITE); + perms = AccessControlLists.getNamespacePermissions(conf, TestNamespace); + assertEquals(1, perms.size()); + } finally { + acl.close(); + } + } + + @Test + public void testTableCreate() throws Exception { + PrivilegedExceptionAction createTable = new PrivilegedExceptionAction() { + public Object run() throws Exception { + HTableDescriptor htd = + new HTableDescriptor(TableName.valueOf(TestNamespace, "testnewtable")); + htd.addFamily(new HColumnDescriptor("TestFamily")); + ACCESS_CONTROLLER.preCreateTable(ObserverContext.createAndPrepare(CP_ENV, null), htd, null); + return null; + } + }; + // verify that superuser and namespace admin can create tables in namespace. + verifyAllowed(createTable, SUPERUSER, USER_NSP_WRITE); + // all others should be denied + verifyDenied(createTable, USER_CREATE, USER_RW); + } + + @Test + public void testModifyNamespace() throws Exception { + PrivilegedExceptionAction modifyNamespace = new PrivilegedExceptionAction() { + public Object run() throws Exception { + ACCESS_CONTROLLER.preModifyNamespace(ObserverContext.createAndPrepare(CP_ENV, null), + NamespaceDescriptor.create(TestNamespace).addConfiguration("abc", "156").build()); + return null; + } + }; + // verify that superuser or hbase admin can modify namespaces. + verifyAllowed(modifyNamespace, SUPERUSER); + // all others should be denied + verifyDenied(modifyNamespace, USER_NSP_WRITE, USER_CREATE, USER_RW); + } + + @Test + public void testGrantRevoke() throws Exception{ + //Only HBase super user should be able to grant and revoke permissions to + // namespaces. + final String testUser = "testUser"; + PrivilegedExceptionAction grantAction = new PrivilegedExceptionAction() { + public Object run() throws Exception { + HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME); + try { + BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW); + AccessControlService.BlockingInterface protocol = + AccessControlService.newBlockingStub(service); + ProtobufUtil.grant(protocol, testUser, TestNamespace, Action.WRITE); + } finally { + acl.close(); + } + return null; + } + }; + + PrivilegedExceptionAction revokeAction = new PrivilegedExceptionAction() { + public Object run() throws Exception { + HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME); + try { + BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW); + AccessControlService.BlockingInterface protocol = + AccessControlService.newBlockingStub(service); + ProtobufUtil.revoke(protocol, testUser, TestNamespace, Action.WRITE); + } finally { + acl.close(); + } + return null; + } + }; + + verifyAllowed(grantAction, SUPERUSER); + verifyDenied(grantAction, USER_CREATE, USER_RW); + + verifyAllowed(revokeAction, SUPERUSER); + verifyDenied(revokeAction, USER_CREATE, USER_RW); + + } +} diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java index d943bc0..894ebcd 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java @@ -97,7 +97,7 @@ public class TestTablePermissions { UTIL.startMiniCluster(); // Wait for the ACL table to become available - UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME); + UTIL.waitTableEnabled(AccessControlLists.ACL_TABLE_NAME.getName()); ZKW = new ZooKeeperWatcher(UTIL.getConfiguration(), "TestTablePermissions", ABORTABLE); @@ -116,7 +116,7 @@ public class TestTablePermissions { Configuration conf = UTIL.getConfiguration(); AccessControlLists.removeTablePermissions(conf, TEST_TABLE); AccessControlLists.removeTablePermissions(conf, TEST_TABLE2); - AccessControlLists.removeTablePermissions(conf, AccessControlLists.ACL_TABLE); + AccessControlLists.removeTablePermissions(conf, AccessControlLists.ACL_TABLE_NAME); } /** @@ -240,12 +240,12 @@ public class TestTablePermissions { TablePermission.Action.READ, TablePermission.Action.WRITE)); // check full load - Map> allPerms = + Map> allPerms = AccessControlLists.loadAll(conf); assertEquals("Full permission map should have entries for both test tables", 2, allPerms.size()); - userPerms = allPerms.get(TEST_TABLE).get("hubert"); + userPerms = allPerms.get(TEST_TABLE.getName()).get("hubert"); assertNotNull(userPerms); assertEquals(1, userPerms.size()); permission = userPerms.get(0); @@ -253,7 +253,7 @@ public class TestTablePermissions { assertEquals(1, permission.getActions().length); assertEquals(TablePermission.Action.READ, permission.getActions()[0]); - userPerms = allPerms.get(TEST_TABLE2).get("hubert"); + userPerms = allPerms.get(TEST_TABLE2.getName()).get("hubert"); assertNotNull(userPerms); assertEquals(1, userPerms.size()); permission = userPerms.get(0); @@ -310,7 +310,7 @@ public class TestTablePermissions { ListMultimap permissions = createPermissions(); byte[] permsData = AccessControlLists.writePermissionsAsBytes(permissions, conf); - ListMultimap copy = + ListMultimap copy = AccessControlLists.readPermissions(permsData, conf); checkMultimapEqual(permissions, copy); diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java index ca5b066..44e8b2f 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestZKPermissionsWatcher.java @@ -108,7 +108,7 @@ public class TestZKPermissionsWatcher { List acl = new ArrayList(); acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ, TablePermission.Action.WRITE)); - AUTH_A.setUserPermissions("george", TEST_TABLE, acl); + AUTH_A.setTableUserPermissions("george", TEST_TABLE, acl); Thread.sleep(100); // check it @@ -132,7 +132,7 @@ public class TestZKPermissionsWatcher { // update ACL: hubert R acl = new ArrayList(); acl.add(new TablePermission(TEST_TABLE, null, TablePermission.Action.READ)); - AUTH_B.setUserPermissions("hubert", TEST_TABLE, acl); + AUTH_B.setTableUserPermissions("hubert", TEST_TABLE, acl); Thread.sleep(100); // check it