sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ak...@apache.org
Subject sentry git commit: SENTRY-1801: Sentry Namenode Plugin should handle unknown permissions (Alex Kolbasov, reviewed by Vamsee Yarlagadda)
Date Wed, 14 Jun 2017 21:21:37 GMT
Repository: sentry
Updated Branches:
  refs/heads/master dc7f2cf53 -> a2cff586d


SENTRY-1801: Sentry Namenode Plugin should handle unknown permissions (Alex Kolbasov, reviewed
by Vamsee Yarlagadda)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/a2cff586
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/a2cff586
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/a2cff586

Branch: refs/heads/master
Commit: a2cff586da31cedf497ad4f6b6ebd901ac0b0eb3
Parents: dc7f2cf
Author: Alexander Kolbasov <akolb@cloudera.com>
Authored: Wed Jun 14 14:21:18 2017 -0700
Committer: Alexander Kolbasov <akolb@cloudera.com>
Committed: Wed Jun 14 14:21:18 2017 -0700

----------------------------------------------------------------------
 .../sentry/hdfs/UpdateableAuthzPermissions.java | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/a2cff586/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
----------------------------------------------------------------------
diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
index 30f06c4..1f05d73 100644
--- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
+++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java
@@ -17,7 +17,7 @@
  */
 package org.apache.sentry.hdfs;
 
-import java.util.LinkedList;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -35,19 +35,17 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable<PermissionsUpdate>
{
-  public static final ImmutableMap<String, FsAction> ACTION_MAPPING = ImmutableMap.<String,
FsAction>builder()
+  private static final ImmutableMap<String, FsAction> ACTION_MAPPING = ImmutableMap.<String,
FsAction>builder()
           .put("ALL", FsAction.ALL)
           .put("*", FsAction.ALL)
           .put("SELECT", FsAction.READ_EXECUTE)
-          .put("select", FsAction.READ_EXECUTE)
           .put("INSERT", FsAction.WRITE_EXECUTE)
-          .put("insert", FsAction.WRITE_EXECUTE)
           .build();
   
   private static final int MAX_UPDATES_PER_LOCK_USE = 99;
   private static final String UPDATABLE_TYPE_NAME = "perm_authz_update";
   private static final Logger LOG = LoggerFactory.getLogger(UpdateableAuthzPermissions.class);
-  private volatile SentryPermissions perms = new SentryPermissions();
+  private final SentryPermissions perms = new SentryPermissions();
   private final AtomicLong seqNum = new AtomicLong(0);
 
   @Override
@@ -174,7 +172,7 @@ public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable<
             perms.removeParentChildMappings(pUpdate.getAuthzObj());
             break;
           }
-          List<PrivilegeInfo> parentAndChild = new LinkedList<PrivilegeInfo>();
+          List<PrivilegeInfo> parentAndChild = new ArrayList<>();
           parentAndChild.add(pInfo);
           Set<String> children = perms.getChildren(pInfo.getAuthzObj());
           if (children != null) {
@@ -199,16 +197,16 @@ public class UpdateableAuthzPermissions implements AuthzPermissions,
Updateable<
     }
   }
 
-  static FsAction getFAction(String sentryPriv) {
+  private static FsAction getFAction(String sentryPriv) {
     String[] strPrivs = sentryPriv.trim().split(",");
     FsAction retVal = FsAction.NONE;
     for (String strPriv : strPrivs) {
       FsAction action = ACTION_MAPPING.get(strPriv.toUpperCase());
-      /* Passing null to FsAction.or() method causes NullPointerException.
-       * Better to throw more informative exception instead
-       */
       if (action == null) {
-        throw new IllegalArgumentException("Unsupported Action " + strPriv);
+        // Encountered a privilege that is not supported. Since we do not know what
+        // to do with it we just drop all access.
+        LOG.warn("Unsupported privilege {}, disabling all access", strPriv);
+        action = FsAction.NONE;
       }
       retVal = retVal.or(action);
     }


Mime
View raw message