-
Notifications
You must be signed in to change notification settings - Fork 488
Modified VisibilityFilter to handle multiple Authorizations objects #6402
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
62cf5e0
8cc6649
a62c79a
5c6165b
1ea09f4
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -21,6 +21,8 @@ | |
| import static java.nio.charset.StandardCharsets.UTF_8; | ||
|
|
||
| import java.io.IOException; | ||
| import java.util.ArrayList; | ||
| import java.util.Collection; | ||
| import java.util.Map; | ||
|
|
||
| import org.apache.accumulo.access.InvalidAccessExpressionException; | ||
|
|
@@ -44,12 +46,14 @@ | |
| */ | ||
| public class VisibilityFilter extends Filter implements OptionDescriber { | ||
|
|
||
| private static final Logger log = LoggerFactory.getLogger(VisibilityFilter.class); | ||
| private static final BytesAccess.BytesEvaluator EMPTY_EVALUATOR = | ||
| BytesAccess.newEvaluator(Authorizations.EMPTY); | ||
|
|
||
| private BytesAccess.BytesEvaluator accessEvaluator; | ||
| protected Map<ByteSequence,Boolean> cache; | ||
| private final ArrayByteSequence testVis = new ArrayByteSequence(new byte[0]); | ||
|
|
||
| private static final Logger log = LoggerFactory.getLogger(VisibilityFilter.class); | ||
|
|
||
| private static final String AUTHS = "auths"; | ||
| private static final String FILTER_INVALID_ONLY = "filterInvalid"; | ||
|
|
||
|
|
@@ -64,10 +68,29 @@ public void init(SortedKeyValueIterator<Key,Value> source, Map<String,String> op | |
|
|
||
| if (!filterInvalid) { | ||
| String auths = options.get(AUTHS); | ||
| Authorizations authObj = auths == null || auths.isEmpty() ? new Authorizations() | ||
| : new Authorizations(auths.getBytes(UTF_8)); | ||
|
|
||
| this.accessEvaluator = BytesAccess.newEvaluator(authObj); | ||
| if (auths == null || auths.isEmpty()) { | ||
| this.accessEvaluator = EMPTY_EVALUATOR; | ||
| } else if (!auths.contains(Authorizations.HEADER)) { | ||
| this.accessEvaluator = BytesAccess.newEvaluator(new Authorizations(auths.getBytes(UTF_8))); | ||
| } else { | ||
| String[] authParts = auths.split(Authorizations.HEADER); | ||
| if (authParts.length == 0) { | ||
| this.accessEvaluator = EMPTY_EVALUATOR; | ||
| } else { | ||
| Collection<Authorizations> authSet = new ArrayList<>(); | ||
| for (int i = 0; i < authParts.length; i++) { | ||
| String part = authParts[i]; | ||
| if (part.isEmpty()) { | ||
| continue; | ||
| } else { | ||
| // split removes the HEADER, need to add it back | ||
| String serializedAuthString = Authorizations.HEADER + authParts[i]; | ||
| authSet.add(new Authorizations(serializedAuthString.getBytes(UTF_8))); | ||
| } | ||
| } | ||
| this.accessEvaluator = BytesAccess.newEvaluator(authSet); | ||
| } | ||
| } | ||
| } | ||
| this.cache = new LRUMap<>(1000); | ||
| } | ||
|
|
@@ -132,20 +155,31 @@ public IteratorOptions describeOptions() { | |
| IteratorOptions io = super.describeOptions(); | ||
| io.setName("visibilityFilter"); | ||
| io.setDescription("The VisibilityFilter allows you to filter for key/value" | ||
| + " pairs by a set of authorizations or filter invalid labels from corrupt files."); | ||
| + " pairs by a set(s) of authorizations or filter invalid labels from corrupt files."); | ||
| io.addNamedOption(FILTER_INVALID_ONLY, | ||
| "if 'true', the iterator is instructed to ignore the authorizations and" | ||
| + " only filter invalid visibility labels (default: false)"); | ||
| io.addNamedOption(AUTHS, | ||
| "the serialized set of authorizations to filter against (default: empty" | ||
| + " string, accepts only entries visible by all)"); | ||
|
Comment on lines
-139
to
-141
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can't remove this option. The configuration parameter is the main API for this class. Removing or renaming it breaks it.
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ok, I can add it back. I didn't consider the case where someone has this configured on a table prior to a 4.0 upgrade. |
||
| io.addNamedOption(AUTHS, "The set of Authorizations to use when filtering (default: empty" | ||
| + " string, accepts only entries visible by all). The value can" | ||
| + " either be of the older form (\"auth1,auth2\") which only supports" | ||
| + " a single Authorizations object, or the newer form which uses " + Authorizations.HEADER | ||
| + " concatenated with Base64 encoded comma-separated authorization tokens." | ||
| + "The latter case supports one or more Authorizations (\"" + Authorizations.HEADER | ||
| + "Base64(auth1,auth2)\") or (\"" + Authorizations.HEADER + "Base64(auth1,auth2)" | ||
| + Authorizations.HEADER + "auth2,auth3\")"); | ||
| return io; | ||
| } | ||
|
|
||
| public static void setAuthorizations(IteratorSetting setting, Authorizations auths) { | ||
| setting.addOption(AUTHS, auths.serialize()); | ||
| } | ||
|
|
||
| public static void setAuthorizations(IteratorSetting setting, Collection<Authorizations> auths) { | ||
| StringBuilder builder = new StringBuilder(); | ||
| auths.forEach(a -> builder.append(a.serialize())); | ||
| setting.addOption(AUTHS, builder.toString()); | ||
| } | ||
|
|
||
| public static void filterInvalidLabelsOnly(IteratorSetting setting, boolean featureEnabled) { | ||
| setting.addOption(FILTER_INVALID_ONLY, Boolean.toString(featureEnabled)); | ||
| } | ||
|
|
||
Uh oh!
There was an error while loading. Please reload this page.