HBASE-19678 HBase Admin security capabilities should be represented as a Set - revert due to wrong issue

This commit is contained in:
tedyu 2018-01-01 14:16:46 -08:00
parent c2ca90f0fb
commit c394f3919e
2 changed files with 14 additions and 14 deletions

View File

@ -20,9 +20,8 @@
package org.apache.hadoop.hbase.security; package org.apache.hadoop.hbase.security;
import java.io.IOException; import java.io.IOException;
import java.util.Collection; import java.util.ArrayList;
import java.util.HashSet; import java.util.List;
import java.util.Set;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.AuthUtil; import org.apache.hadoop.hbase.AuthUtil;
@ -41,8 +40,8 @@ public final class Superusers {
/** Configuration key for superusers */ /** Configuration key for superusers */
public static final String SUPERUSER_CONF_KEY = "hbase.superuser"; // Not getting a name public static final String SUPERUSER_CONF_KEY = "hbase.superuser"; // Not getting a name
private static Set<String> superUsers; private static List<String> superUsers;
private static Set<String> superGroups; private static List<String> superGroups;
private static User systemUser; private static User systemUser;
private Superusers(){} private Superusers(){}
@ -55,8 +54,8 @@ public final class Superusers {
* @throws IllegalStateException if current user is null * @throws IllegalStateException if current user is null
*/ */
public static void initialize(Configuration conf) throws IOException { public static void initialize(Configuration conf) throws IOException {
superUsers = new HashSet<>(); superUsers = new ArrayList<>();
superGroups = new HashSet<>(); superGroups = new ArrayList<>();
systemUser = User.getCurrent(); systemUser = User.getCurrent();
if (systemUser == null) { if (systemUser == null) {
@ -64,10 +63,10 @@ public final class Superusers {
+ "authorization checks for internal operations will not work correctly!"); + "authorization checks for internal operations will not work correctly!");
} }
if (LOG.isTraceEnabled()) {
LOG.trace("Current user name is " + systemUser.getShortName());
}
String currentUser = systemUser.getShortName(); String currentUser = systemUser.getShortName();
LOG.trace("Current user name is {}", currentUser);
superUsers.add(currentUser);
String[] superUserList = conf.getStrings(SUPERUSER_CONF_KEY, new String[0]); String[] superUserList = conf.getStrings(SUPERUSER_CONF_KEY, new String[0]);
for (String name : superUserList) { for (String name : superUserList) {
if (AuthUtil.isGroupPrincipal(name)) { if (AuthUtil.isGroupPrincipal(name)) {
@ -76,6 +75,7 @@ public final class Superusers {
superUsers.add(name); superUsers.add(name);
} }
} }
superUsers.add(currentUser);
} }
/** /**
@ -88,11 +88,12 @@ public final class Superusers {
public static boolean isSuperUser(User user) { public static boolean isSuperUser(User user) {
if (superUsers == null) { if (superUsers == null) {
throw new IllegalStateException("Super users/super groups lists" throw new IllegalStateException("Super users/super groups lists"
+ " have not been initialized properly."); + " haven't been initialized properly.");
} }
if (superUsers.contains(user.getShortName())) { if (superUsers.contains(user.getShortName())) {
return true; return true;
} }
for (String group : user.getGroupNames()) { for (String group : user.getGroupNames()) {
if (superGroups.contains(group)) { if (superGroups.contains(group)) {
return true; return true;
@ -101,7 +102,7 @@ public final class Superusers {
return false; return false;
} }
public static Collection<String> getSuperUsers() { public static List<String> getSuperUsers() {
return superUsers; return superUsers;
} }

View File

@ -34,7 +34,6 @@ import java.io.IOException;
import java.security.PrivilegedAction; import java.security.PrivilegedAction;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
@ -1678,7 +1677,7 @@ public class TestAccessController extends SecureTestUtil {
acl.close(); acl.close();
} }
Collection<String> superUsers = Superusers.getSuperUsers(); List<String> superUsers = Superusers.getSuperUsers();
List<UserPermission> adminPerms = new ArrayList<>(superUsers.size() + 1); List<UserPermission> adminPerms = new ArrayList<>(superUsers.size() + 1);
adminPerms.add(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()), adminPerms.add(new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()),
AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW"))); AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW")));