Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-12641 Grant all permissions of hbase zookeeper node to hbase superuser in a secure cluster (Liu Shaohui) 

Conflicts:
	hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
	hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperWatcher.java
This commit is contained in:
stack 2014-12-27 21:11:57 -08:00
parent 978d90b557
commit 826bcf1bb9
2 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
View File

@ -61,9 +61,11 @@ import org.apache.zookeeper.KeeperException.NoNodeException;
import org.apache.zookeeper.Op;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.ZooDefs.Ids;
import org.apache.zookeeper.ZooDefs.Perms;
import org.apache.zookeeper.ZooKeeper;
import org.apache.zookeeper.client.ZooKeeperSaslClient;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.data.Stat;
import org.apache.zookeeper.proto.CreateRequest;
import org.apache.zookeeper.proto.DeleteRequest;
@ -952,7 +954,16 @@ public class ZKUtil {
}
private static ArrayList<ACL> createACL(ZooKeeperWatcher zkw, String node) {
if (!node.startsWith(zkw.baseZNode)) {
return Ids.OPEN_ACL_UNSAFE;
}
if (isSecureZooKeeper(zkw.getConfiguration())) {
String superUser = zkw.getConfiguration().get("hbase.superuser");
ArrayList<ACL> acls = new ArrayList<ACL>();
// add permission to hbase supper user
if (superUser != null) {
acls.add(new ACL(Perms.ALL, new Id("auth", superUser)));
}
// Certain znodes are accessed directly by the client,
// so they must be readable by non-authenticated clients
if ((node.equals(zkw.baseZNode) == true) ||
@ -963,9 +974,12 @@ public class ZKUtil {
(node.equals(zkw.backupMasterAddressesZNode) == true) ||
(node.startsWith(zkw.assignmentZNode) == true) ||
(node.startsWith(zkw.tableZNode) == true)) {
return ZooKeeperWatcher.CREATOR_ALL_AND_WORLD_READABLE;
acls.addAll(Ids.CREATOR_ALL_ACL);
acls.addAll(Ids.READ_ACL_UNSAFE);
} else {
acls.addAll(Ids.CREATOR_ALL_ACL);
}
return Ids.CREATOR_ALL_ACL;
return acls;
} else {
return Ids.OPEN_ACL_UNSAFE;
}
@ -1321,8 +1335,8 @@ public class ZKUtil {
deleteNodeRecursively(zkw, joinZNode(node, child));
}
}
//Zookeeper Watches are one time triggers; When children of parent nodes are deleted recursively.
//Must set another watch, get notified of delete node
//Zookeeper Watches are one time triggers; When children of parent nodes are deleted recursively.
//Must set another watch, get notified of delete node
if (zkw.getRecoverableZooKeeper().exists(node, zkw) != null){
zkw.getRecoverableZooKeeper().delete(node, -1);
}
@ -1857,7 +1871,7 @@ public class ZKUtil {
try {
data = ZKUtil.getData(zkw, znode);
} catch(KeeperException e) {
if (e instanceof KeeperException.SessionExpiredException
if (e instanceof KeeperException.SessionExpiredException
|| e instanceof KeeperException.AuthFailedException) {
// non-recoverable errors so stop here
throw new InterruptedException("interrupted due to " + e);

1
hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperWatcher.java
View File

@ -110,7 +110,6 @@ public class ZooKeeperWatcher implements Watcher, Abortable, Closeable {
// znode containing namespace descriptors
public static String namespaceZNode = "namespace";
// Certain ZooKeeper nodes need to be world-readable
public static final ArrayList<ACL> CREATOR_ALL_AND_WORLD_READABLE =
new ArrayList<ACL>() { {