HBASE-19679 Superusers Logging and Data Structures (BELUGA BEHR)
This commit is contained in:
parent
73ab51e946
commit
6708d54478
|
@ -20,8 +20,9 @@
|
||||||
package org.apache.hadoop.hbase.security;
|
package org.apache.hadoop.hbase.security;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.ArrayList;
|
import java.util.Collection;
|
||||||
import java.util.List;
|
import java.util.HashSet;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.hbase.AuthUtil;
|
import org.apache.hadoop.hbase.AuthUtil;
|
||||||
|
@ -40,8 +41,8 @@ public final class Superusers {
|
||||||
/** Configuration key for superusers */
|
/** Configuration key for superusers */
|
||||||
public static final String SUPERUSER_CONF_KEY = "hbase.superuser"; // Not getting a name
|
public static final String SUPERUSER_CONF_KEY = "hbase.superuser"; // Not getting a name
|
||||||
|
|
||||||
private static List<String> superUsers;
|
private static Set<String> superUsers;
|
||||||
private static List<String> superGroups;
|
private static Set<String> superGroups;
|
||||||
private static User systemUser;
|
private static User systemUser;
|
||||||
|
|
||||||
private Superusers(){}
|
private Superusers(){}
|
||||||
|
@ -54,8 +55,8 @@ public final class Superusers {
|
||||||
* @throws IllegalStateException if current user is null
|
* @throws IllegalStateException if current user is null
|
||||||
*/
|
*/
|
||||||
public static void initialize(Configuration conf) throws IOException {
|
public static void initialize(Configuration conf) throws IOException {
|
||||||
superUsers = new ArrayList<>();
|
superUsers = new HashSet<>();
|
||||||
superGroups = new ArrayList<>();
|
superGroups = new HashSet<>();
|
||||||
systemUser = User.getCurrent();
|
systemUser = User.getCurrent();
|
||||||
|
|
||||||
if (systemUser == null) {
|
if (systemUser == null) {
|
||||||
|
@ -63,10 +64,10 @@ public final class Superusers {
|
||||||
+ "authorization checks for internal operations will not work correctly!");
|
+ "authorization checks for internal operations will not work correctly!");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (LOG.isTraceEnabled()) {
|
|
||||||
LOG.trace("Current user name is " + systemUser.getShortName());
|
|
||||||
}
|
|
||||||
String currentUser = systemUser.getShortName();
|
String currentUser = systemUser.getShortName();
|
||||||
|
LOG.trace("Current user name is {}", currentUser);
|
||||||
|
superUsers.add(currentUser);
|
||||||
|
|
||||||
String[] superUserList = conf.getStrings(SUPERUSER_CONF_KEY, new String[0]);
|
String[] superUserList = conf.getStrings(SUPERUSER_CONF_KEY, new String[0]);
|
||||||
for (String name : superUserList) {
|
for (String name : superUserList) {
|
||||||
if (AuthUtil.isGroupPrincipal(name)) {
|
if (AuthUtil.isGroupPrincipal(name)) {
|
||||||
|
@ -75,7 +76,6 @@ public final class Superusers {
|
||||||
superUsers.add(name);
|
superUsers.add(name);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
superUsers.add(currentUser);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -88,12 +88,11 @@ public final class Superusers {
|
||||||
public static boolean isSuperUser(User user) {
|
public static boolean isSuperUser(User user) {
|
||||||
if (superUsers == null) {
|
if (superUsers == null) {
|
||||||
throw new IllegalStateException("Super users/super groups lists"
|
throw new IllegalStateException("Super users/super groups lists"
|
||||||
+ " haven't been initialized properly.");
|
+ " have not been initialized properly.");
|
||||||
}
|
}
|
||||||
if (superUsers.contains(user.getShortName())) {
|
if (superUsers.contains(user.getShortName())) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (String group : user.getGroupNames()) {
|
for (String group : user.getGroupNames()) {
|
||||||
if (superGroups.contains(group)) {
|
if (superGroups.contains(group)) {
|
||||||
return true;
|
return true;
|
||||||
|
@ -102,7 +101,7 @@ public final class Superusers {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static List<String> getSuperUsers() {
|
public static Collection<String> getSuperUsers() {
|
||||||
return superUsers;
|
return superUsers;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -34,6 +34,7 @@ import java.io.IOException;
|
||||||
import java.security.PrivilegedAction;
|
import java.security.PrivilegedAction;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
@ -1677,7 +1678,7 @@ public class TestAccessController extends SecureTestUtil {
|
||||||
acl.close();
|
acl.close();
|
||||||
}
|
}
|
||||||
|
|
||||||
List<String> superUsers = Superusers.getSuperUsers();
|
Collection<String> superUsers = Superusers.getSuperUsers();
|
||||||
List<UserPermission> adminPerms = new ArrayList<>(superUsers.size() + 1);
|
List<UserPermission> adminPerms = new ArrayList<>(superUsers.size() + 1);
|
||||||
adminPerms.add(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()),
|
adminPerms.add(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()),
|
||||||
AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW")));
|
AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW")));
|
||||||
|
|
Loading…
Reference in New Issue