-
Notifications
You must be signed in to change notification settings - Fork 444
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
updates column visibility to use accumulo access library #3746
Conversation
Updates ColumnVisibility and VisibilityEvaluator to use the Accumulo Access control library : https://github.com/apache/accumulo-access This library is not yet released, so building requires installing it locally.
core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java
Outdated
Show resolved
Hide resolved
…ibility.java Co-authored-by: Dave Marion <dlmarion@apache.org>
core/src/main/java/org/apache/accumulo/core/clientImpl/AccumuloAccessUtils.java
Outdated
Show resolved
Hide resolved
*/ | ||
public org.apache.accumulo.access.Authorizations toAccessAuthorizations() { | ||
if (auths.isEmpty()) { | ||
return org.apache.accumulo.access.Authorizations.of(Set.of()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If org.apache.accumulo.access.Authorizations.EMPTY
is not made public in apache/accumulo-access#70, then we should get a reference to an empty authorizations object and return it here instead of calling Set.of
here. Considering this is called from the VisibilityFilter, we should make this as optimized as possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at the impl of Set.of()
in my ide it does not allocate any objects, it always returns a statically initialized immutable empty set. Then with the eventual changes in accumulo-access this line will do no obj allocations, however it does that in a very round about way.
Should probably add a Authorizations.of()
method to follow javas conventions. Also would make it consistent w/ AccessExpression.of()
. If Authorizations.of()
existed then this could be more straightforward.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a constant iin 5b825ab, seemed the best options w/ the current constraints of the beta API. Can easily change it later.
core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java
Show resolved
Hide resolved
I added Update: Build finished, new snapshot artifacts at https://repository.apache.org/content/repositories/snapshots/org/apache/accumulo/accumulo-access/1.0.0-SNAPSHOT/. Update #2: Since Accumulo's parent pom is the Apache Parent POM, we don't need to do anything to reference snapshot releases in the ASF repo. It's already included in the Parent POM. |
Updates ColumnVisibility and VisibilityEvaluator to use the Accumulo Access control library :
https://github.com/apache/accumulo-access
This library is not yet released, so building requires installing it locally.