You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ak...@apache.org on 2017/06/14 21:21:37 UTC

sentry git commit: SENTRY-1801: Sentry Namenode Plugin should handle unknown permissions (Alex Kolbasov, reviewed by Vamsee Yarlagadda)

Repository: sentry
Updated Branches:
  refs/heads/master dc7f2cf53 -> a2cff586d


SENTRY-1801: Sentry Namenode Plugin should handle unknown permissions (Alex Kolbasov, reviewed by Vamsee Yarlagadda)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/a2cff586
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/a2cff586
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/a2cff586

Branch: refs/heads/master
Commit: a2cff586da31cedf497ad4f6b6ebd901ac0b0eb3
Parents: dc7f2cf
Author: Alexander Kolbasov <ak...@cloudera.com>
Authored: Wed Jun 14 14:21:18 2017 -0700
Committer: Alexander Kolbasov <ak...@cloudera.com>
Committed: Wed Jun 14 14:21:18 2017 -0700

----------------------------------------------------------------------
 .../sentry/hdfs/UpdateableAuthzPermissions.java | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/a2cff586/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
index 30f06c4..1f05d73 100644
--- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
+++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
@@ -17,7 +17,7 @@
  */
 package org.apache.sentry.hdfs;
 
-import java.util.LinkedList;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -35,19 +35,17 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable<PermissionsUpdate> {
-  public static final ImmutableMap<String, FsAction> ACTION_MAPPING = ImmutableMap.<String, FsAction>builder()
+  private static final ImmutableMap<String, FsAction> ACTION_MAPPING = ImmutableMap.<String, FsAction>builder()
           .put("ALL", FsAction.ALL)
           .put("*", FsAction.ALL)
           .put("SELECT", FsAction.READ_EXECUTE)
-          .put("select", FsAction.READ_EXECUTE)
           .put("INSERT", FsAction.WRITE_EXECUTE)
-          .put("insert", FsAction.WRITE_EXECUTE)
           .build();
   
   private static final int MAX_UPDATES_PER_LOCK_USE = 99;
   private static final String UPDATABLE_TYPE_NAME = "perm_authz_update";
   private static final Logger LOG = LoggerFactory.getLogger(UpdateableAuthzPermissions.class);
-  private volatile SentryPermissions perms = new SentryPermissions();
+  private final SentryPermissions perms = new SentryPermissions();
   private final AtomicLong seqNum = new AtomicLong(0);
 
   @Override
@@ -174,7 +172,7 @@ public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable<
             perms.removeParentChildMappings(pUpdate.getAuthzObj());
             break;
           }
-          List<PrivilegeInfo> parentAndChild = new LinkedList<PrivilegeInfo>();
+          List<PrivilegeInfo> parentAndChild = new ArrayList<>();
           parentAndChild.add(pInfo);
           Set<String> children = perms.getChildren(pInfo.getAuthzObj());
           if (children != null) {
@@ -199,16 +197,16 @@ public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable<
     }
   }
 
-  static FsAction getFAction(String sentryPriv) {
+  private static FsAction getFAction(String sentryPriv) {
     String[] strPrivs = sentryPriv.trim().split(",");
     FsAction retVal = FsAction.NONE;
     for (String strPriv : strPrivs) {
       FsAction action = ACTION_MAPPING.get(strPriv.toUpperCase());
-      /* Passing null to FsAction.or() method causes NullPointerException.
-       * Better to throw more informative exception instead
-       */
       if (action == null) {
-        throw new IllegalArgumentException("Unsupported Action " + strPriv);
+        // Encountered a privilege that is not supported. Since we do not know what
+        // to do with it we just drop all access.
+        LOG.warn("Unsupported privilege {}, disabling all access", strPriv);
+        action = FsAction.NONE;
       }
       retVal = retVal.or(action);
     }