HBASE-19679 Superusers Logging and Data Structures (BELUGA BEHR)

This commit is contained in:
tedyu 2018-01-01 14:18:21 -08:00
parent 73ab51e946
commit 6708d54478
2 changed files with 14 additions and 14 deletions

View File

@ -20,8 +20,9 @@
package org.apache.hadoop.hbase.security; package org.apache.hadoop.hbase.security;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList; import java.util.Collection;
import java.util.List; import java.util.HashSet;
import java.util.Set;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.AuthUtil; import org.apache.hadoop.hbase.AuthUtil;
@ -40,8 +41,8 @@ public final class Superusers {
/** Configuration key for superusers */ /** Configuration key for superusers */
public static final String SUPERUSER_CONF_KEY = "hbase.superuser"; // Not getting a name public static final String SUPERUSER_CONF_KEY = "hbase.superuser"; // Not getting a name
private static List<String> superUsers; private static Set<String> superUsers;
private static List<String> superGroups; private static Set<String> superGroups;
private static User systemUser; private static User systemUser;
private Superusers(){} private Superusers(){}
@ -54,8 +55,8 @@ public final class Superusers {
* @throws IllegalStateException if current user is null * @throws IllegalStateException if current user is null
*/ */
public static void initialize(Configuration conf) throws IOException { public static void initialize(Configuration conf) throws IOException {
superUsers = new ArrayList<>(); superUsers = new HashSet<>();
superGroups = new ArrayList<>(); superGroups = new HashSet<>();
systemUser = User.getCurrent(); systemUser = User.getCurrent();
if (systemUser == null) { if (systemUser == null) {
@ -63,10 +64,10 @@ public final class Superusers {
+ "authorization checks for internal operations will not work correctly!"); + "authorization checks for internal operations will not work correctly!");
} }
if (LOG.isTraceEnabled()) {
LOG.trace("Current user name is " + systemUser.getShortName());
}
String currentUser = systemUser.getShortName(); String currentUser = systemUser.getShortName();
LOG.trace("Current user name is {}", currentUser);
superUsers.add(currentUser);
String[] superUserList = conf.getStrings(SUPERUSER_CONF_KEY, new String[0]); String[] superUserList = conf.getStrings(SUPERUSER_CONF_KEY, new String[0]);
for (String name : superUserList) { for (String name : superUserList) {
if (AuthUtil.isGroupPrincipal(name)) { if (AuthUtil.isGroupPrincipal(name)) {
@ -75,7 +76,6 @@ public final class Superusers {
superUsers.add(name); superUsers.add(name);
} }
} }
superUsers.add(currentUser);
} }
/** /**
@ -88,12 +88,11 @@ public final class Superusers {
public static boolean isSuperUser(User user) { public static boolean isSuperUser(User user) {
if (superUsers == null) { if (superUsers == null) {
throw new IllegalStateException("Super users/super groups lists" throw new IllegalStateException("Super users/super groups lists"
+ " haven't been initialized properly."); + " have not been initialized properly.");
} }
if (superUsers.contains(user.getShortName())) { if (superUsers.contains(user.getShortName())) {
return true; return true;
} }
for (String group : user.getGroupNames()) { for (String group : user.getGroupNames()) {
if (superGroups.contains(group)) { if (superGroups.contains(group)) {
return true; return true;
@ -102,7 +101,7 @@ public final class Superusers {
return false; return false;
} }
public static List<String> getSuperUsers() { public static Collection<String> getSuperUsers() {
return superUsers; return superUsers;
} }

View File

@ -34,6 +34,7 @@ import java.io.IOException;
import java.security.PrivilegedAction; import java.security.PrivilegedAction;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
@ -1677,7 +1678,7 @@ public class TestAccessController extends SecureTestUtil {
acl.close(); acl.close();
} }
List<String> superUsers = Superusers.getSuperUsers(); Collection<String> superUsers = Superusers.getSuperUsers();
List<UserPermission> adminPerms = new ArrayList<>(superUsers.size() + 1); List<UserPermission> adminPerms = new ArrayList<>(superUsers.size() + 1);
adminPerms.add(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()), adminPerms.add(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()),
AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW"))); AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW")));