hadoop git commit: HDFS-14112. Avoid recursive call to external authorizer for getContentSummary.
Repository: hadoop Updated Branches: refs/heads/trunk ae5fbdd9e -> 0081b02e3 HDFS-14112. Avoid recursive call to external authorizer for getContentSummary. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/0081b02e Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/0081b02e Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/0081b02e Branch: refs/heads/trunk Commit: 0081b02e35306cb757c63d0f11a536941d73a139 Parents: ae5fbdd Author: Tsz Wo Nicholas Sze Authored: Thu Nov 29 13:55:21 2018 -0800 Committer: Tsz Wo Nicholas Sze Committed: Thu Nov 29 13:55:21 2018 -0800 -- .../main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java | 4 .../hdfs/server/namenode/FSDirStatAndListingOp.java | 5 + .../apache/hadoop/hdfs/server/namenode/FSDirectory.java | 7 +++ .../hadoop-hdfs/src/main/resources/hdfs-default.xml | 10 ++ 4 files changed, 26 insertions(+) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/0081b02e/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java index 3628b2b..5899c92 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java @@ -284,6 +284,10 @@ public class DFSConfigKeys extends CommonConfigurationKeys { HdfsClientConfigKeys.DFS_WEBHDFS_USER_PATTERN_DEFAULT; public static final String DFS_PERMISSIONS_ENABLED_KEY = HdfsClientConfigKeys.DeprecatedKeys.DFS_PERMISSIONS_ENABLED_KEY; + public static final String DFS_PERMISSIONS_CONTENT_SUMMARY_SUBACCESS_KEY + = "dfs.permissions.ContentSummary.subAccess"; + public static final boolean DFS_PERMISSIONS_CONTENT_SUMMARY_SUBACCESS_DEFAULT + = false; public static final boolean DFS_PERMISSIONS_ENABLED_DEFAULT = true; public static final String DFS_PERMISSIONS_SUPERUSERGROUP_KEY = HdfsClientConfigKeys.DeprecatedKeys.DFS_PERMISSIONS_SUPERUSERGROUP_KEY; http://git-wip-us.apache.org/repos/asf/hadoop/blob/0081b02e/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirStatAndListingOp.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirStatAndListingOp.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirStatAndListingOp.java index 01de236..052e522 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirStatAndListingOp.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirStatAndListingOp.java @@ -128,6 +128,11 @@ class FSDirStatAndListingOp { static ContentSummary getContentSummary( FSDirectory fsd, FSPermissionChecker pc, String src) throws IOException { final INodesInPath iip = fsd.resolvePath(pc, src, DirOp.READ_LINK); +if (fsd.isPermissionEnabled() && fsd.isPermissionContentSummarySubAccess()) { + fsd.checkPermission(pc, iip, false, null, null, null, + FsAction.READ_EXECUTE); + pc = null; +} // getContentSummaryInt() call will check access (if enabled) when // traversing all sub directories. return getContentSummaryInt(fsd, pc, iip); http://git-wip-us.apache.org/repos/asf/hadoop/blob/0081b02e/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java index 712a327..45f859c 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java @@ -175,6 +175,7 @@ public class FSDirectory implements Closeable { private final ReentrantReadWriteLock dirLock; private final boolean isPermissionEnabled; + private final boolean isPermissionContentSummarySubAccess; /** * Support for ACLs is controlled by a configuration flag. If the * configuration flag is false, then the NameNode will reject all @@ -274,6 +275,9 @@ public class FSDirectory implements Closeable {
hadoop git commit: HDFS-14112. Avoid recursive call to external authorizer for getContentSummary.
Repository: hadoop Updated Branches: refs/heads/branch-3.2 e2fa9e8cd -> 9d508f719 HDFS-14112. Avoid recursive call to external authorizer for getContentSummary. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/9d508f71 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/9d508f71 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/9d508f71 Branch: refs/heads/branch-3.2 Commit: 9d508f719be9c1c40fbc133d19256613f4b8fd75 Parents: e2fa9e8 Author: Tsz Wo Nicholas Sze Authored: Thu Nov 29 13:55:21 2018 -0800 Committer: Tsz Wo Nicholas Sze Committed: Thu Nov 29 13:56:43 2018 -0800 -- .../main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java | 4 .../hdfs/server/namenode/FSDirStatAndListingOp.java | 5 + .../apache/hadoop/hdfs/server/namenode/FSDirectory.java | 7 +++ .../hadoop-hdfs/src/main/resources/hdfs-default.xml | 10 ++ 4 files changed, 26 insertions(+) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/9d508f71/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java index d8024dc..c9f10e1 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java @@ -280,6 +280,10 @@ public class DFSConfigKeys extends CommonConfigurationKeys { HdfsClientConfigKeys.DFS_WEBHDFS_USER_PATTERN_DEFAULT; public static final String DFS_PERMISSIONS_ENABLED_KEY = HdfsClientConfigKeys.DeprecatedKeys.DFS_PERMISSIONS_ENABLED_KEY; + public static final String DFS_PERMISSIONS_CONTENT_SUMMARY_SUBACCESS_KEY + = "dfs.permissions.ContentSummary.subAccess"; + public static final boolean DFS_PERMISSIONS_CONTENT_SUMMARY_SUBACCESS_DEFAULT + = false; public static final boolean DFS_PERMISSIONS_ENABLED_DEFAULT = true; public static final String DFS_PERMISSIONS_SUPERUSERGROUP_KEY = HdfsClientConfigKeys.DeprecatedKeys.DFS_PERMISSIONS_SUPERUSERGROUP_KEY; http://git-wip-us.apache.org/repos/asf/hadoop/blob/9d508f71/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirStatAndListingOp.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirStatAndListingOp.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirStatAndListingOp.java index 01de236..052e522 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirStatAndListingOp.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirStatAndListingOp.java @@ -128,6 +128,11 @@ class FSDirStatAndListingOp { static ContentSummary getContentSummary( FSDirectory fsd, FSPermissionChecker pc, String src) throws IOException { final INodesInPath iip = fsd.resolvePath(pc, src, DirOp.READ_LINK); +if (fsd.isPermissionEnabled() && fsd.isPermissionContentSummarySubAccess()) { + fsd.checkPermission(pc, iip, false, null, null, null, + FsAction.READ_EXECUTE); + pc = null; +} // getContentSummaryInt() call will check access (if enabled) when // traversing all sub directories. return getContentSummaryInt(fsd, pc, iip); http://git-wip-us.apache.org/repos/asf/hadoop/blob/9d508f71/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java index 2a976d2..c49e00f 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java @@ -175,6 +175,7 @@ public class FSDirectory implements Closeable { private final ReentrantReadWriteLock dirLock; private final boolean isPermissionEnabled; + private final boolean isPermissionContentSummarySubAccess; /** * Support for ACLs is controlled by a configuration flag. If the * configuration flag is false, then the NameNode will reject all @@ -274,6 +275,9 @@ public class FSDirectory implements Closeab
[18/50] [abbrv] hadoop git commit: HDFS-14112. Avoid recursive call to external authorizer for getContentSummary.
HDFS-14112. Avoid recursive call to external authorizer for getContentSummary. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/0081b02e Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/0081b02e Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/0081b02e Branch: refs/heads/HDFS-12943 Commit: 0081b02e35306cb757c63d0f11a536941d73a139 Parents: ae5fbdd Author: Tsz Wo Nicholas Sze Authored: Thu Nov 29 13:55:21 2018 -0800 Committer: Tsz Wo Nicholas Sze Committed: Thu Nov 29 13:55:21 2018 -0800 -- .../main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java | 4 .../hdfs/server/namenode/FSDirStatAndListingOp.java | 5 + .../apache/hadoop/hdfs/server/namenode/FSDirectory.java | 7 +++ .../hadoop-hdfs/src/main/resources/hdfs-default.xml | 10 ++ 4 files changed, 26 insertions(+) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/0081b02e/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java index 3628b2b..5899c92 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java @@ -284,6 +284,10 @@ public class DFSConfigKeys extends CommonConfigurationKeys { HdfsClientConfigKeys.DFS_WEBHDFS_USER_PATTERN_DEFAULT; public static final String DFS_PERMISSIONS_ENABLED_KEY = HdfsClientConfigKeys.DeprecatedKeys.DFS_PERMISSIONS_ENABLED_KEY; + public static final String DFS_PERMISSIONS_CONTENT_SUMMARY_SUBACCESS_KEY + = "dfs.permissions.ContentSummary.subAccess"; + public static final boolean DFS_PERMISSIONS_CONTENT_SUMMARY_SUBACCESS_DEFAULT + = false; public static final boolean DFS_PERMISSIONS_ENABLED_DEFAULT = true; public static final String DFS_PERMISSIONS_SUPERUSERGROUP_KEY = HdfsClientConfigKeys.DeprecatedKeys.DFS_PERMISSIONS_SUPERUSERGROUP_KEY; http://git-wip-us.apache.org/repos/asf/hadoop/blob/0081b02e/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirStatAndListingOp.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirStatAndListingOp.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirStatAndListingOp.java index 01de236..052e522 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirStatAndListingOp.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirStatAndListingOp.java @@ -128,6 +128,11 @@ class FSDirStatAndListingOp { static ContentSummary getContentSummary( FSDirectory fsd, FSPermissionChecker pc, String src) throws IOException { final INodesInPath iip = fsd.resolvePath(pc, src, DirOp.READ_LINK); +if (fsd.isPermissionEnabled() && fsd.isPermissionContentSummarySubAccess()) { + fsd.checkPermission(pc, iip, false, null, null, null, + FsAction.READ_EXECUTE); + pc = null; +} // getContentSummaryInt() call will check access (if enabled) when // traversing all sub directories. return getContentSummaryInt(fsd, pc, iip); http://git-wip-us.apache.org/repos/asf/hadoop/blob/0081b02e/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java -- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java index 712a327..45f859c 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java @@ -175,6 +175,7 @@ public class FSDirectory implements Closeable { private final ReentrantReadWriteLock dirLock; private final boolean isPermissionEnabled; + private final boolean isPermissionContentSummarySubAccess; /** * Support for ACLs is controlled by a configuration flag. If the * configuration flag is false, then the NameNode will reject all @@ -274,6 +275,9 @@ public class FSDirectory implements Closeable { this.isPermissionEnabled = conf.getBoolean( DFSConfigKeys.DFS_PERMISS