You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by zh...@apache.org on 2020/04/23 16:04:39 UTC
[hbase] branch branch-2.2 updated: HBASE-24222 remove
FSUtils.checkAccess and replace with FileSystem.access in HBCK (#1557)
This is an automated email from the ASF dual-hosted git repository.
zhangduo pushed a commit to branch branch-2.2
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2.2 by this push:
new 87e98d8 HBASE-24222 remove FSUtils.checkAccess and replace with FileSystem.access in HBCK (#1557)
87e98d8 is described below
commit 87e98d84e7f760878d5a7b0d08cc1a998b5a1c90
Author: niuyulin <ny...@163.com>
AuthorDate: Thu Apr 23 23:20:38 2020 +0800
HBASE-24222 remove FSUtils.checkAccess and replace with FileSystem.access in HBCK (#1557)
Signed-off-by: Duo Zhang <zh...@apache.org>
---
.../java/org/apache/hadoop/hbase/util/FSUtils.java | 30 ----------------------
.../org/apache/hadoop/hbase/util/HBaseFsck.java | 10 +++-----
2 files changed, 4 insertions(+), 36 deletions(-)
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/FSUtils.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/FSUtils.java
index 1ab68b5..2f86c0d 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/FSUtils.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/FSUtils.java
@@ -57,7 +57,6 @@ import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.PathFilter;
-import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hbase.ClusterId;
import org.apache.hadoop.hbase.HColumnDescriptor;
@@ -72,14 +71,12 @@ import org.apache.hadoop.hbase.fs.HFileSystem;
import org.apache.hadoop.hbase.io.HFileLink;
import org.apache.hadoop.hbase.master.HMaster;
import org.apache.hadoop.hbase.regionserver.StoreFileInfo;
-import org.apache.hadoop.hbase.security.AccessDeniedException;
import org.apache.hadoop.hdfs.DFSClient;
import org.apache.hadoop.hdfs.DFSHedgedReadMetrics;
import org.apache.hadoop.hdfs.DistributedFileSystem;
import org.apache.hadoop.hdfs.protocol.HdfsConstants;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.ipc.RemoteException;
-import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.Progressable;
import org.apache.hadoop.util.ReflectionUtils;
import org.apache.hadoop.util.StringUtils;
@@ -1544,33 +1541,6 @@ public abstract class FSUtils extends CommonFSUtils {
}
/**
- * Throw an exception if an action is not permitted by a user on a file.
- *
- * @param ugi
- * the user
- * @param file
- * the file
- * @param action
- * the action
- */
- public static void checkAccess(UserGroupInformation ugi, FileStatus file,
- FsAction action) throws AccessDeniedException {
- if (ugi.getShortUserName().equals(file.getOwner())) {
- if (file.getPermission().getUserAction().implies(action)) {
- return;
- }
- } else if (ArrayUtils.contains(ugi.getGroupNames(), file.getGroup())) {
- if (file.getPermission().getGroupAction().implies(action)) {
- return;
- }
- } else if (file.getPermission().getOtherAction().implies(action)) {
- return;
- }
- throw new AccessDeniedException("Permission denied:" + " action=" + action
- + " path=" + file.getPath() + " user=" + ugi.getShortUserName());
- }
-
- /**
* This function is to scan the root path of the file system to get the
* degree of locality for each region on each of the servers having at least
* one block of that region.
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/HBaseFsck.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/HBaseFsck.java
index a6ece21..ff1db19 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/HBaseFsck.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/HBaseFsck.java
@@ -116,7 +116,6 @@ import org.apache.hadoop.hbase.replication.ReplicationException;
import org.apache.hadoop.hbase.replication.ReplicationPeerDescription;
import org.apache.hadoop.hbase.replication.ReplicationQueueStorage;
import org.apache.hadoop.hbase.replication.ReplicationStorageFactory;
-import org.apache.hadoop.hbase.security.AccessDeniedException;
import org.apache.hadoop.hbase.security.UserProvider;
import org.apache.hadoop.hbase.util.Bytes.ByteArrayComparator;
import org.apache.hadoop.hbase.util.HbckErrorReporter.ERROR_CODE;
@@ -129,6 +128,7 @@ import org.apache.hadoop.hbase.zookeeper.ZKWatcher;
import org.apache.hadoop.hbase.zookeeper.ZNodePaths;
import org.apache.hadoop.hdfs.protocol.AlreadyBeingCreatedException;
import org.apache.hadoop.ipc.RemoteException;
+import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.ReflectionUtils;
import org.apache.hadoop.util.Tool;
@@ -1935,7 +1935,7 @@ public class HBaseFsck extends Configured implements Closeable {
}
}
- private void preCheckPermission() throws IOException, AccessDeniedException {
+ private void preCheckPermission() throws IOException {
if (shouldIgnorePreCheckPermission()) {
return;
}
@@ -1947,8 +1947,8 @@ public class HBaseFsck extends Configured implements Closeable {
FileStatus[] files = fs.listStatus(hbaseDir);
for (FileStatus file : files) {
try {
- FSUtils.checkAccess(ugi, file, FsAction.WRITE);
- } catch (AccessDeniedException ace) {
+ fs.access(file.getPath(), FsAction.WRITE);
+ } catch (AccessControlException ace) {
LOG.warn("Got AccessDeniedException when preCheckPermission ", ace);
errors.reportError(ERROR_CODE.WRONG_USAGE, "Current user " + ugi.getUserName()
+ " does not have write perms to " + file.getPath()
@@ -3791,8 +3791,6 @@ public class HBaseFsck extends Configured implements Closeable {
// pre-check current user has FS write permission or not
try {
preCheckPermission();
- } catch (AccessDeniedException ace) {
- Runtime.getRuntime().exit(-1);
} catch (IOException ioe) {
Runtime.getRuntime().exit(-1);
}