From c2ca90f0fb5177372e9f72917d67b49014a54b5b Mon Sep 17 00:00:00 2001 From: tedyu Date: Sun, 31 Dec 2017 11:32:14 -0800 Subject: [PATCH] HBASE-19678 HBase Admin security capabilities should be represented as a Set (BELUGA BEHR) --- .../hadoop/hbase/security/Superusers.java | 25 +++++++++---------- .../security/access/TestAccessController.java | 3 ++- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/hbase-common/src/main/java/org/apache/hadoop/hbase/security/Superusers.java b/hbase-common/src/main/java/org/apache/hadoop/hbase/security/Superusers.java index c52c764c1e0..108919740c4 100644 --- a/hbase-common/src/main/java/org/apache/hadoop/hbase/security/Superusers.java +++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/security/Superusers.java @@ -20,8 +20,9 @@ package org.apache.hadoop.hbase.security; import java.io.IOException; -import java.util.ArrayList; -import java.util.List; +import java.util.Collection; +import java.util.HashSet; +import java.util.Set; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hbase.AuthUtil; @@ -40,8 +41,8 @@ public final class Superusers { /** Configuration key for superusers */ public static final String SUPERUSER_CONF_KEY = "hbase.superuser"; // Not getting a name - private static List superUsers; - private static List superGroups; + private static Set superUsers; + private static Set superGroups; private static User systemUser; private Superusers(){} @@ -54,8 +55,8 @@ public final class Superusers { * @throws IllegalStateException if current user is null */ public static void initialize(Configuration conf) throws IOException { - superUsers = new ArrayList<>(); - superGroups = new ArrayList<>(); + superUsers = new HashSet<>(); + superGroups = new HashSet<>(); systemUser = User.getCurrent(); if (systemUser == null) { @@ -63,10 +64,10 @@ public final class Superusers { + "authorization checks for internal operations will not work correctly!"); } - if (LOG.isTraceEnabled()) { - LOG.trace("Current user name is " + systemUser.getShortName()); - } String currentUser = systemUser.getShortName(); + LOG.trace("Current user name is {}", currentUser); + superUsers.add(currentUser); + String[] superUserList = conf.getStrings(SUPERUSER_CONF_KEY, new String[0]); for (String name : superUserList) { if (AuthUtil.isGroupPrincipal(name)) { @@ -75,7 +76,6 @@ public final class Superusers { superUsers.add(name); } } - superUsers.add(currentUser); } /** @@ -88,12 +88,11 @@ public final class Superusers { public static boolean isSuperUser(User user) { if (superUsers == null) { throw new IllegalStateException("Super users/super groups lists" - + " haven't been initialized properly."); + + " have not been initialized properly."); } if (superUsers.contains(user.getShortName())) { return true; } - for (String group : user.getGroupNames()) { if (superGroups.contains(group)) { return true; @@ -102,7 +101,7 @@ public final class Superusers { return false; } - public static List getSuperUsers() { + public static Collection getSuperUsers() { return superUsers; } diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index 138a40e3111..f181747d0be 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -34,6 +34,7 @@ import java.io.IOException; import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collection; import java.util.Collections; import java.util.List; @@ -1677,7 +1678,7 @@ public class TestAccessController extends SecureTestUtil { acl.close(); } - List superUsers = Superusers.getSuperUsers(); + Collection superUsers = Superusers.getSuperUsers(); List adminPerms = new ArrayList<>(superUsers.size() + 1); adminPerms.add(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()), AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW")));