Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-12053: SecurityBulkLoadEndPoint set 777 permission on input data files

This commit is contained in:
Jeffrey Zhong 2014-11-26 16:19:22 -08:00
parent 595d2a846c
commit b2cdeacc8c
1 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SecureBulkLoadEndpoint.java
View File

@ -67,7 +67,9 @@ import java.math.BigInteger;
import java.security.PrivilegedAction; import java.security.PrivilegedAction;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map;
/** /**
* Coprocessor service for bulk loads in secure mode. * Coprocessor service for bulk loads in secure mode.
@ -280,9 +282,6 @@ public class SecureBulkLoadEndpoint extends SecureBulkLoadService
fs = FileSystem.get(conf); fs = FileSystem.get(conf);
for(Pair<byte[], String> el: familyPaths) { for(Pair<byte[], String> el: familyPaths) {
Path p = new Path(el.getSecond()); Path p = new Path(el.getSecond());
LOG.trace("Setting permission for: " + p);
fs.setPermission(p, PERM_ALL_ACCESS);
Path stageFamily = new Path(bulkToken, Bytes.toString(el.getFirst())); Path stageFamily = new Path(bulkToken, Bytes.toString(el.getFirst()));
if(!fs.exists(stageFamily)) { if(!fs.exists(stageFamily)) {
fs.mkdirs(stageFamily); fs.mkdirs(stageFamily);
@ -364,11 +363,13 @@ public class SecureBulkLoadEndpoint extends SecureBulkLoadService
private Configuration conf; private Configuration conf;
// Source filesystem // Source filesystem
private FileSystem srcFs = null; private FileSystem srcFs = null;
private Map<String, FsPermission> origPermissions = null;
public SecureBulkLoadListener(FileSystem fs, String stagingDir, Configuration conf) { public SecureBulkLoadListener(FileSystem fs, String stagingDir, Configuration conf) {
this.fs = fs; this.fs = fs;
this.stagingDir = stagingDir; this.stagingDir = stagingDir;
this.conf = conf; this.conf = conf;
this.origPermissions = new HashMap<String, FsPermission>();
} }
@Override @Override
@ -388,13 +389,15 @@ public class SecureBulkLoadEndpoint extends SecureBulkLoadService
LOG.debug("Bulk-load file " + srcPath + " is on different filesystem than " + LOG.debug("Bulk-load file " + srcPath + " is on different filesystem than " +
"the destination filesystem. Copying file over to destination staging dir."); "the destination filesystem. Copying file over to destination staging dir.");
FileUtil.copy(srcFs, p, fs, stageP, false, conf); FileUtil.copy(srcFs, p, fs, stageP, false, conf);
} } else {
else {
LOG.debug("Moving " + p + " to " + stageP); LOG.debug("Moving " + p + " to " + stageP);
FileStatus origFileStatus = fs.getFileStatus(p);
origPermissions.put(srcPath, origFileStatus.getPermission());
if(!fs.rename(p, stageP)) { if(!fs.rename(p, stageP)) {
throw new IOException("Failed to move HFile: " + p + " to " + stageP); throw new IOException("Failed to move HFile: " + p + " to " + stageP);
} }
} }
fs.setPermission(stageP, PERM_ALL_ACCESS);
return stageP.toString(); return stageP.toString();
} }
@ -405,12 +408,23 @@ public class SecureBulkLoadEndpoint extends SecureBulkLoadService
@Override @Override
public void failedBulkLoad(final byte[] family, final String srcPath) throws IOException { public void failedBulkLoad(final byte[] family, final String srcPath) throws IOException {
if (!FSHDFSUtils.isSameHdfs(conf, srcFs, fs)) {
// files are copied so no need to move them back
return;
}
Path p = new Path(srcPath); Path p = new Path(srcPath);
Path stageP = new Path(stagingDir, Path stageP = new Path(stagingDir,
new Path(Bytes.toString(family), p.getName())); new Path(Bytes.toString(family), p.getName()));
LOG.debug("Moving " + stageP + " back to " + p); LOG.debug("Moving " + stageP + " back to " + p);
if(!fs.rename(stageP, p)) if(!fs.rename(stageP, p))
throw new IOException("Failed to move HFile: " + stageP + " to " + p); throw new IOException("Failed to move HFile: " + stageP + " to " + p);
// restore original permission
if (origPermissions.containsKey(srcPath)) {
fs.setPermission(p, origPermissions.get(srcPath));
} else {
LOG.warn("Can't find previous permission for path=" + srcPath);
}
} }
/** /**