You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ak...@apache.org on 2017/06/14 21:21:37 UTC
sentry git commit: SENTRY-1801: Sentry Namenode Plugin should handle
unknown permissions (Alex Kolbasov, reviewed by Vamsee Yarlagadda)
Repository: sentry
Updated Branches:
refs/heads/master dc7f2cf53 -> a2cff586d
SENTRY-1801: Sentry Namenode Plugin should handle unknown permissions (Alex Kolbasov, reviewed by Vamsee Yarlagadda)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/a2cff586
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/a2cff586
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/a2cff586
Branch: refs/heads/master
Commit: a2cff586da31cedf497ad4f6b6ebd901ac0b0eb3
Parents: dc7f2cf
Author: Alexander Kolbasov <ak...@cloudera.com>
Authored: Wed Jun 14 14:21:18 2017 -0700
Committer: Alexander Kolbasov <ak...@cloudera.com>
Committed: Wed Jun 14 14:21:18 2017 -0700
----------------------------------------------------------------------
.../sentry/hdfs/UpdateableAuthzPermissions.java | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/a2cff586/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
index 30f06c4..1f05d73 100644
--- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
+++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
@@ -17,7 +17,7 @@
*/
package org.apache.sentry.hdfs;
-import java.util.LinkedList;
+import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -35,19 +35,17 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable<PermissionsUpdate> {
- public static final ImmutableMap<String, FsAction> ACTION_MAPPING = ImmutableMap.<String, FsAction>builder()
+ private static final ImmutableMap<String, FsAction> ACTION_MAPPING = ImmutableMap.<String, FsAction>builder()
.put("ALL", FsAction.ALL)
.put("*", FsAction.ALL)
.put("SELECT", FsAction.READ_EXECUTE)
- .put("select", FsAction.READ_EXECUTE)
.put("INSERT", FsAction.WRITE_EXECUTE)
- .put("insert", FsAction.WRITE_EXECUTE)
.build();
private static final int MAX_UPDATES_PER_LOCK_USE = 99;
private static final String UPDATABLE_TYPE_NAME = "perm_authz_update";
private static final Logger LOG = LoggerFactory.getLogger(UpdateableAuthzPermissions.class);
- private volatile SentryPermissions perms = new SentryPermissions();
+ private final SentryPermissions perms = new SentryPermissions();
private final AtomicLong seqNum = new AtomicLong(0);
@Override
@@ -174,7 +172,7 @@ public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable<
perms.removeParentChildMappings(pUpdate.getAuthzObj());
break;
}
- List<PrivilegeInfo> parentAndChild = new LinkedList<PrivilegeInfo>();
+ List<PrivilegeInfo> parentAndChild = new ArrayList<>();
parentAndChild.add(pInfo);
Set<String> children = perms.getChildren(pInfo.getAuthzObj());
if (children != null) {
@@ -199,16 +197,16 @@ public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable<
}
}
- static FsAction getFAction(String sentryPriv) {
+ private static FsAction getFAction(String sentryPriv) {
String[] strPrivs = sentryPriv.trim().split(",");
FsAction retVal = FsAction.NONE;
for (String strPriv : strPrivs) {
FsAction action = ACTION_MAPPING.get(strPriv.toUpperCase());
- /* Passing null to FsAction.or() method causes NullPointerException.
- * Better to throw more informative exception instead
- */
if (action == null) {
- throw new IllegalArgumentException("Unsupported Action " + strPriv);
+ // Encountered a privilege that is not supported. Since we do not know what
+ // to do with it we just drop all access.
+ LOG.warn("Unsupported privilege {}, disabling all access", strPriv);
+ action = FsAction.NONE;
}
retVal = retVal.or(action);
}