You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by ad...@apache.org on 2018/08/25 00:39:48 UTC
kudu git commit: authz: clear up some role terminology
Repository: kudu
Updated Branches:
refs/heads/master 2c572cbd4 -> 264b5b20f
authz: clear up some role terminology
The service user was being referred to as "ServiceUser" in the tserver and
"Service" in the master. I found this confusing so I renamed it, and did a
little extra cleanup while I was there.
Change-Id: I91d84b70c8cbfd7aa1021211caad43a4b0fd5989
Reviewed-on: http://gerrit.cloudera.org:8080/11324
Reviewed-by: Dan Burkert <da...@apache.org>
Reviewed-by: Alexey Serbin <as...@cloudera.com>
Tested-by: Adar Dembo <ad...@cloudera.com>
Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/264b5b20
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/264b5b20
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/264b5b20
Branch: refs/heads/master
Commit: 264b5b20ff0a9b74d3406c7eedbfce24be0a97a1
Parents: 2c572cb
Author: Adar Dembo <ad...@cloudera.com>
Authored: Fri Aug 24 12:57:32 2018 -0700
Committer: Adar Dembo <ad...@cloudera.com>
Committed: Sat Aug 25 00:09:42 2018 +0000
----------------------------------------------------------------------
src/kudu/master/master.proto | 6 +++---
src/kudu/master/master_service.cc | 12 ++++++------
src/kudu/master/master_service.h | 14 +++++++-------
src/kudu/tserver/tablet_service.cc | 15 +++++++--------
src/kudu/tserver/tablet_service.h | 8 ++++----
5 files changed, 27 insertions(+), 28 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kudu/blob/264b5b20/src/kudu/master/master.proto
----------------------------------------------------------------------
diff --git a/src/kudu/master/master.proto b/src/kudu/master/master.proto
index 6ad72cf..9754af5 100644
--- a/src/kudu/master/master.proto
+++ b/src/kudu/master/master.proto
@@ -780,7 +780,7 @@ service MasterService {
// TS->Master RPCs
// ------------------------------------------------------------
rpc TSHeartbeat(TSHeartbeatRequestPB) returns (TSHeartbeatResponsePB) {
- option (kudu.rpc.authz_method) = "AuthorizeService";
+ option (kudu.rpc.authz_method) = "AuthorizeServiceUser";
}
// Client->Master RPCs
@@ -831,7 +831,7 @@ service MasterService {
option (kudu.rpc.authz_method) = "AuthorizeClient";
}
rpc Ping(PingRequestPB) returns (PingResponsePB) {
- option (kudu.rpc.authz_method) = "AuthorizeClientOrService";
+ option (kudu.rpc.authz_method) = "AuthorizeClientOrServiceUser";
}
rpc ReplaceTablet(ReplaceTabletRequestPB) returns (ReplaceTabletResponsePB) {
option (kudu.rpc.authz_method) = "AuthorizeSuperUser";
@@ -844,6 +844,6 @@ service MasterService {
// cluster.
rpc GetMasterRegistration(GetMasterRegistrationRequestPB) returns
(GetMasterRegistrationResponsePB) {
- option (kudu.rpc.authz_method) = "AuthorizeClientOrService";
+ option (kudu.rpc.authz_method) = "AuthorizeClientOrServiceUser";
}
}
http://git-wip-us.apache.org/repos/asf/kudu/blob/264b5b20/src/kudu/master/master_service.cc
----------------------------------------------------------------------
diff --git a/src/kudu/master/master_service.cc b/src/kudu/master/master_service.cc
index 1df802e..3e19929 100644
--- a/src/kudu/master/master_service.cc
+++ b/src/kudu/master/master_service.cc
@@ -115,18 +115,18 @@ bool MasterServiceImpl::AuthorizeClient(const Message* /*req*/,
return server_->Authorize(context, ServerBase::SUPER_USER | ServerBase::USER);
}
-bool MasterServiceImpl::AuthorizeService(const Message* /*req*/,
- Message* /*resp*/,
- rpc::RpcContext* context) {
+bool MasterServiceImpl::AuthorizeServiceUser(const Message* /*req*/,
+ Message* /*resp*/,
+ rpc::RpcContext* context) {
// We don't allow superusers to pretend to be tablet servers -- there are no
// operator tools that do anything like this and since we sign requests for
// tablet servers, we should be extra tight here.
return server_->Authorize(context, ServerBase::SERVICE_USER);
}
-bool MasterServiceImpl::AuthorizeClientOrService(const Message* /*req*/,
- Message* /*resp*/,
- rpc::RpcContext* context) {
+bool MasterServiceImpl::AuthorizeClientOrServiceUser(const Message* /*req*/,
+ Message* /*resp*/,
+ rpc::RpcContext* context) {
return server_->Authorize(context, ServerBase::SUPER_USER | ServerBase::USER |
ServerBase::SERVICE_USER);
}
http://git-wip-us.apache.org/repos/asf/kudu/blob/264b5b20/src/kudu/master/master_service.h
----------------------------------------------------------------------
diff --git a/src/kudu/master/master_service.h b/src/kudu/master/master_service.h
index f263f14..8282291 100644
--- a/src/kudu/master/master_service.h
+++ b/src/kudu/master/master_service.h
@@ -80,16 +80,16 @@ class MasterServiceImpl : public MasterServiceIf {
// Authorize an RPC call which must be from a client.
bool AuthorizeClient(const google::protobuf::Message* req,
google::protobuf::Message* resp,
- rpc::RpcContext *context) override;
+ rpc::RpcContext* context) override;
// Authorize an RPC call which must be from within the Kudu service.
- bool AuthorizeService(const google::protobuf::Message* req,
- google::protobuf::Message* resp,
- rpc::RpcContext *context) override;
+ bool AuthorizeServiceUser(const google::protobuf::Message* req,
+ google::protobuf::Message* resp,
+ rpc::RpcContext* context) override;
- bool AuthorizeClientOrService(const google::protobuf::Message* req,
- google::protobuf::Message* resp,
- rpc::RpcContext *context) override;
+ bool AuthorizeClientOrServiceUser(const google::protobuf::Message* req,
+ google::protobuf::Message* resp,
+ rpc::RpcContext* context) override;
bool AuthorizeSuperUser(const google::protobuf::Message* req,
google::protobuf::Message* resp,
http://git-wip-us.apache.org/repos/asf/kudu/blob/264b5b20/src/kudu/tserver/tablet_service.cc
----------------------------------------------------------------------
diff --git a/src/kudu/tserver/tablet_service.cc b/src/kudu/tserver/tablet_service.cc
index 4cf88ea..668c8d1 100644
--- a/src/kudu/tserver/tablet_service.cc
+++ b/src/kudu/tserver/tablet_service.cc
@@ -622,19 +622,18 @@ TabletServiceImpl::TabletServiceImpl(TabletServer* server)
}
bool TabletServiceImpl::AuthorizeClientOrServiceUser(const google::protobuf::Message* /*req*/,
- google::protobuf::Message* /*resp*/,
- rpc::RpcContext* rpc) {
- return server_->Authorize(rpc, ServerBase::SUPER_USER | ServerBase::USER |
+ google::protobuf::Message* /*resp*/,
+ rpc::RpcContext* context) {
+ return server_->Authorize(context, ServerBase::SUPER_USER | ServerBase::USER |
ServerBase::SERVICE_USER);
}
bool TabletServiceImpl::AuthorizeClient(const google::protobuf::Message* /*req*/,
google::protobuf::Message* /*resp*/,
- rpc::RpcContext* rpc) {
- return server_->Authorize(rpc, ServerBase::SUPER_USER | ServerBase::USER);
+ rpc::RpcContext* context) {
+ return server_->Authorize(context, ServerBase::SUPER_USER | ServerBase::USER);
}
-
void TabletServiceImpl::Ping(const PingRequestPB* /*req*/,
PingResponsePB* /*resp*/,
rpc::RpcContext* context) {
@@ -648,8 +647,8 @@ TabletServiceAdminImpl::TabletServiceAdminImpl(TabletServer* server)
bool TabletServiceAdminImpl::AuthorizeServiceUser(const google::protobuf::Message* /*req*/,
google::protobuf::Message* /*resp*/,
- rpc::RpcContext* rpc) {
- return server_->Authorize(rpc, ServerBase::SUPER_USER | ServerBase::SERVICE_USER);
+ rpc::RpcContext* context) {
+ return server_->Authorize(context, ServerBase::SUPER_USER | ServerBase::SERVICE_USER);
}
void TabletServiceAdminImpl::AlterSchema(const AlterSchemaRequestPB* req,
http://git-wip-us.apache.org/repos/asf/kudu/blob/264b5b20/src/kudu/tserver/tablet_service.h
----------------------------------------------------------------------
diff --git a/src/kudu/tserver/tablet_service.h b/src/kudu/tserver/tablet_service.h
index 7f44768..8b3261e 100644
--- a/src/kudu/tserver/tablet_service.h
+++ b/src/kudu/tserver/tablet_service.h
@@ -98,11 +98,11 @@ class TabletServiceImpl : public TabletServerServiceIf {
bool AuthorizeClient(const google::protobuf::Message* req,
google::protobuf::Message* resp,
- rpc::RpcContext* rpc) override;
+ rpc::RpcContext* context) override;
bool AuthorizeClientOrServiceUser(const google::protobuf::Message* req,
google::protobuf::Message* resp,
- rpc::RpcContext* rpc) override;
+ rpc::RpcContext* context) override;
virtual void Ping(const PingRequestPB* req,
PingResponsePB* resp,
@@ -174,7 +174,7 @@ class TabletServiceAdminImpl : public TabletServerAdminServiceIf {
bool AuthorizeServiceUser(const google::protobuf::Message* req,
google::protobuf::Message* resp,
- rpc::RpcContext* rpc) override;
+ rpc::RpcContext* context) override;
virtual void CreateTablet(const CreateTabletRequestPB* req,
CreateTabletResponsePB* resp,
@@ -201,7 +201,7 @@ class ConsensusServiceImpl : public consensus::ConsensusServiceIf {
bool AuthorizeServiceUser(const google::protobuf::Message* req,
google::protobuf::Message* resp,
- rpc::RpcContext* rpc) override;
+ rpc::RpcContext* context) override;
virtual void UpdateConsensus(const consensus::ConsensusRequestPB* req,
consensus::ConsensusResponsePB* resp,