You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by sh...@apache.org on 2017/09/14 01:10:44 UTC
hadoop git commit: HDFS-10711. Optimize FSPermissionChecker group
membership check. Contributed by Daryn Sharp.
Repository: hadoop
Updated Branches:
refs/heads/branch-2.7 b637f95cf -> 0507a013e
HDFS-10711. Optimize FSPermissionChecker group membership check. Contributed by Daryn Sharp.
(cherry picked from commit 43d1279df048b96553fb98bc404a661ca15c4611)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/0507a013
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/0507a013
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/0507a013
Branch: refs/heads/branch-2.7
Commit: 0507a013eec709be7eb276b730cf855610f3c9c4
Parents: b637f95
Author: Kihwal Lee <ki...@apache.org>
Authored: Fri Sep 2 11:24:20 2016 -0500
Committer: Konstantin V Shvachko <sh...@apache.org>
Committed: Wed Sep 13 18:09:27 2017 -0700
----------------------------------------------------------------------
hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 3 +++
.../hdfs/server/namenode/FSDirAttrOp.java | 2 +-
.../server/namenode/FSPermissionChecker.java | 23 ++++++--------------
3 files changed, 11 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/0507a013/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
index 3213ad2..06fe292 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
@@ -17,6 +17,9 @@ Release 2.7.5 - UNRELEASED
OPTIMIZATIONS
+ HDFS-10711. Optimize FSPermissionChecker group membership check.
+ (Daryn Sharp via kihwal)
+
BUG FIXES
HDFS-12157. Do fsyncDirectory(..) outside of FSDataset lock.
http://git-wip-us.apache.org/repos/asf/hadoop/blob/0507a013/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java
index 1aef7dc..f7a3b97 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java
@@ -81,7 +81,7 @@ public class FSDirAttrOp {
throw new AccessControlException("User " + username
+ " is not a super user (non-super user cannot change owner).");
}
- if (group != null && !pc.containsGroup(group)) {
+ if (group != null && !pc.isMemberOfGroup(group)) {
throw new AccessControlException(
"User " + username + " does not belong to " + group);
}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/0507a013/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
index 726319f..c9b1c76 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
@@ -17,10 +17,7 @@
*/
package org.apache.hadoop.hdfs.server.namenode;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
+import java.util.Collection;
import java.util.Stack;
import org.apache.commons.logging.Log;
@@ -81,7 +78,7 @@ class FSPermissionChecker implements AccessControlEnforcer {
private final UserGroupInformation callerUgi;
private final String user;
- private final Set<String> groups;
+ private final Collection<String> groups;
private final boolean isSuper;
private final INodeAttributeProvider attributeProvider;
@@ -92,15 +89,13 @@ class FSPermissionChecker implements AccessControlEnforcer {
this.fsOwner = fsOwner;
this.supergroup = supergroup;
this.callerUgi = callerUgi;
- HashSet<String> s =
- new HashSet<String>(Arrays.asList(callerUgi.getGroupNames()));
- groups = Collections.unmodifiableSet(s);
+ this.groups = callerUgi.getGroups();
user = callerUgi.getShortUserName();
isSuper = user.equals(fsOwner) || groups.contains(supergroup);
this.attributeProvider = attributeProvider;
}
- public boolean containsGroup(String group) {
+ public boolean isMemberOfGroup(String group) {
return groups.contains(group);
}
@@ -108,10 +103,6 @@ class FSPermissionChecker implements AccessControlEnforcer {
return user;
}
- public Set<String> getGroups() {
- return groups;
- }
-
public boolean isSuperUser() {
return isSuper;
}
@@ -337,7 +328,7 @@ class FSPermissionChecker implements AccessControlEnforcer {
final FsAction checkAction;
if (getUser().equals(inode.getUserName())) { //user class
checkAction = mode.getUserAction();
- } else if (getGroups().contains(inode.getGroupName())) { //group class
+ } else if (isMemberOfGroup(inode.getGroupName())) { //group class
checkAction = mode.getGroupAction();
} else { //other class
checkAction = mode.getOtherAction();
@@ -407,7 +398,7 @@ class FSPermissionChecker implements AccessControlEnforcer {
// member of multiple groups that have entries that grant access, then
// it doesn't matter which is chosen, so exit early after first match.
String group = name == null ? inode.getGroupName() : name;
- if (getGroups().contains(group)) {
+ if (isMemberOfGroup(group)) {
FsAction masked = AclEntryStatusFormat.getPermission(entry).and(
mode.getGroupAction());
if (masked.implies(access)) {
@@ -470,7 +461,7 @@ class FSPermissionChecker implements AccessControlEnforcer {
&& mode.getUserAction().implies(access)) {
return;
}
- if (getGroups().contains(pool.getGroupName())
+ if (isMemberOfGroup(pool.getGroupName())
&& mode.getGroupAction().implies(access)) {
return;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org