You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ki...@apache.org on 2016/09/02 16:24:45 UTC
hadoop git commit: HDFS-10711. Optimize FSPermissionChecker group
membership check. Contributed by Daryn Sharp.
Repository: hadoop
Updated Branches:
refs/heads/branch-2.8 20eb5386d -> 5a779cce8
HDFS-10711. Optimize FSPermissionChecker group membership check. Contributed by Daryn Sharp.
(cherry picked from commit 43d1279df048b96553fb98bc404a661ca15c4611)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/5a779cce
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/5a779cce
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/5a779cce
Branch: refs/heads/branch-2.8
Commit: 5a779cce8e2aec3a3db36dbba4b146bb93602b71
Parents: 20eb538
Author: Kihwal Lee <ki...@apache.org>
Authored: Fri Sep 2 11:24:20 2016 -0500
Committer: Kihwal Lee <ki...@apache.org>
Committed: Fri Sep 2 11:24:20 2016 -0500
----------------------------------------------------------------------
.../hdfs/server/namenode/FSDirAttrOp.java | 2 +-
.../server/namenode/FSPermissionChecker.java | 23 ++++++--------------
2 files changed, 8 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/5a779cce/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java
index 7575f5e..ef618e9 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java
@@ -90,7 +90,7 @@ public class FSDirAttrOp {
if (username != null && !pc.getUser().equals(username)) {
throw new AccessControlException("Non-super user cannot change owner");
}
- if (group != null && !pc.containsGroup(group)) {
+ if (group != null && !pc.isMemberOfGroup(group)) {
throw new AccessControlException("User does not belong to " + group);
}
}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/5a779cce/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
index 726319f..c9b1c76 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
@@ -17,10 +17,7 @@
*/
package org.apache.hadoop.hdfs.server.namenode;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
+import java.util.Collection;
import java.util.Stack;
import org.apache.commons.logging.Log;
@@ -81,7 +78,7 @@ class FSPermissionChecker implements AccessControlEnforcer {
private final UserGroupInformation callerUgi;
private final String user;
- private final Set<String> groups;
+ private final Collection<String> groups;
private final boolean isSuper;
private final INodeAttributeProvider attributeProvider;
@@ -92,15 +89,13 @@ class FSPermissionChecker implements AccessControlEnforcer {
this.fsOwner = fsOwner;
this.supergroup = supergroup;
this.callerUgi = callerUgi;
- HashSet<String> s =
- new HashSet<String>(Arrays.asList(callerUgi.getGroupNames()));
- groups = Collections.unmodifiableSet(s);
+ this.groups = callerUgi.getGroups();
user = callerUgi.getShortUserName();
isSuper = user.equals(fsOwner) || groups.contains(supergroup);
this.attributeProvider = attributeProvider;
}
- public boolean containsGroup(String group) {
+ public boolean isMemberOfGroup(String group) {
return groups.contains(group);
}
@@ -108,10 +103,6 @@ class FSPermissionChecker implements AccessControlEnforcer {
return user;
}
- public Set<String> getGroups() {
- return groups;
- }
-
public boolean isSuperUser() {
return isSuper;
}
@@ -337,7 +328,7 @@ class FSPermissionChecker implements AccessControlEnforcer {
final FsAction checkAction;
if (getUser().equals(inode.getUserName())) { //user class
checkAction = mode.getUserAction();
- } else if (getGroups().contains(inode.getGroupName())) { //group class
+ } else if (isMemberOfGroup(inode.getGroupName())) { //group class
checkAction = mode.getGroupAction();
} else { //other class
checkAction = mode.getOtherAction();
@@ -407,7 +398,7 @@ class FSPermissionChecker implements AccessControlEnforcer {
// member of multiple groups that have entries that grant access, then
// it doesn't matter which is chosen, so exit early after first match.
String group = name == null ? inode.getGroupName() : name;
- if (getGroups().contains(group)) {
+ if (isMemberOfGroup(group)) {
FsAction masked = AclEntryStatusFormat.getPermission(entry).and(
mode.getGroupAction());
if (masked.implies(access)) {
@@ -470,7 +461,7 @@ class FSPermissionChecker implements AccessControlEnforcer {
&& mode.getUserAction().implies(access)) {
return;
}
- if (getGroups().contains(pool.getGroupName())
+ if (isMemberOfGroup(pool.getGroupName())
&& mode.getGroupAction().implies(access)) {
return;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org