HBASE-16217 Pass through the calling user in ObserverContext
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/65834a1c Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/65834a1c Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/65834a1c Branch: refs/heads/master Commit: 65834a1ced6632e28cd8707f2791c3da9025f01c Parents: 9d740f7 Author: Gary Helmling <ga...@apache.org> Authored: Wed Jun 29 16:57:11 2016 -0700 Committer: Gary Helmling <ga...@apache.org> Committed: Thu Jul 21 16:45:09 2016 -0700 ---------------------------------------------------------------------- .../hadoop/hbase/protobuf/ProtobufUtil.java | 5 +- .../hbase/coprocessor/ObserverContext.java | 45 ++- .../hbase/master/MasterCoprocessorHost.java | 91 +++--- .../hadoop/hbase/master/ServerManager.java | 4 +- .../procedure/AddColumnFamilyProcedure.java | 35 +-- .../procedure/CloneSnapshotProcedure.java | 24 +- .../master/procedure/CreateTableProcedure.java | 24 +- .../procedure/DeleteColumnFamilyProcedure.java | 34 +-- .../master/procedure/DeleteTableProcedure.java | 24 +- .../master/procedure/DisableTableProcedure.java | 33 +- .../DispatchMergingRegionsProcedure.java | 8 +- .../master/procedure/EnableTableProcedure.java | 34 +-- .../master/procedure/MasterProcedureUtil.java | 15 +- .../procedure/ModifyColumnFamilyProcedure.java | 34 +-- .../master/procedure/ModifyTableProcedure.java | 34 +-- .../procedure/RestoreSnapshotProcedure.java | 8 +- .../procedure/TruncateTableProcedure.java | 24 +- .../hadoop/hbase/regionserver/HStore.java | 62 +--- .../regionserver/RegionCoprocessorHost.java | 73 +++-- .../RegionMergeTransactionImpl.java | 108 +------ .../RegionServerCoprocessorHost.java | 35 ++- .../regionserver/SecureBulkLoadManager.java | 4 +- .../regionserver/SplitTransactionImpl.java | 112 +------ .../regionserver/compactions/Compactor.java | 37 +-- .../hbase/security/access/AccessController.java | 302 ++++++++++--------- 25 files changed, 483 insertions(+), 726 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java ---------------------------------------------------------------------- diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java index 08c18c6..b3bf041 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java @@ -159,6 +159,7 @@ import org.apache.hadoop.hbase.quotas.ThrottleType; import org.apache.hadoop.hbase.replication.ReplicationLoadSink; import org.apache.hadoop.hbase.replication.ReplicationLoadSource; import org.apache.hadoop.hbase.rsgroup.RSGroupInfo; +import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.security.access.Permission; import org.apache.hadoop.hbase.security.access.TablePermission; import org.apache.hadoop.hbase.security.access.UserPermission; @@ -1874,12 +1875,12 @@ public final class ProtobufUtil { public static void mergeRegions(final RpcController controller, final AdminService.BlockingInterface admin, final HRegionInfo region_a, final HRegionInfo region_b, - final boolean forcible, final UserGroupInformation user) throws IOException { + final boolean forcible, final User user) throws IOException { final MergeRegionsRequest request = RequestConverter.buildMergeRegionsRequest( region_a.getRegionName(), region_b.getRegionName(),forcible); if (user != null) { try { - user.doAs(new PrivilegedExceptionAction<Void>() { + user.runAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { admin.mergeRegions(controller, request); http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/ObserverContext.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/ObserverContext.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/ObserverContext.java index 78279ad..d522ce9 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/ObserverContext.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/ObserverContext.java @@ -23,6 +23,10 @@ import org.apache.hadoop.hbase.classification.InterfaceAudience; import org.apache.hadoop.hbase.classification.InterfaceStability; import org.apache.hadoop.hbase.CoprocessorEnvironment; import org.apache.hadoop.hbase.HBaseInterfaceAudience; +import org.apache.hadoop.hbase.ipc.RpcServer; +import org.apache.hadoop.hbase.security.User; + +import javax.annotation.Nullable; /** * Carries the execution state for a given invocation of an Observer coprocessor @@ -40,8 +44,10 @@ public class ObserverContext<E extends CoprocessorEnvironment> { private E env; private boolean bypass; private boolean complete; + private User caller; - public ObserverContext() { + public ObserverContext(User caller) { + this.caller = caller; } public E getEnvironment() { @@ -92,6 +98,17 @@ public class ObserverContext<E extends CoprocessorEnvironment> { } /** + * Returns the active user for the coprocessor call. + * If an explicit {@code User} instance was provided to the constructor, that will be returned, + * otherwise if we are in the context of an RPC call, the remote user is used. May return null + * if the execution is outside of an RPC context. + */ + @Nullable + public User getCaller() { + return caller; + } + + /** * Instantiates a new ObserverContext instance if the passed reference is * <code>null</code> and sets the environment in the new or existing instance. * This allows deferring the instantiation of a ObserverContext until it is @@ -103,10 +120,34 @@ public class ObserverContext<E extends CoprocessorEnvironment> { * @param <T> The environment type for the context * @return An instance of <code>ObserverContext</code> with the environment set */ + @Deprecated + // TODO: Remove this method, ObserverContext should not depend on RpcServer public static <T extends CoprocessorEnvironment> ObserverContext<T> createAndPrepare( T env, ObserverContext<T> context) { if (context == null) { - context = new ObserverContext<T>(); + context = new ObserverContext<T>(RpcServer.getRequestUser()); + } + context.prepare(env); + return context; + } + + /** + * Instantiates a new ObserverContext instance if the passed reference is + * <code>null</code> and sets the environment in the new or existing instance. + * This allows deferring the instantiation of a ObserverContext until it is + * actually needed. + * + * @param env The coprocessor environment to set + * @param context An existing ObserverContext instance to use, or <code>null</code> + * to create a new instance + * @param user The requesting caller for the execution context + * @param <T> The environment type for the context + * @return An instance of <code>ObserverContext</code> with the environment set + */ + public static <T extends CoprocessorEnvironment> ObserverContext<T> createAndPrepare( + T env, ObserverContext<T> context, User user) { + if (context == null) { + context = new ObserverContext<T>(user); } context.prepare(env); return context; http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterCoprocessorHost.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterCoprocessorHost.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterCoprocessorHost.java index 459fd01..11e20f5 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterCoprocessorHost.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterCoprocessorHost.java @@ -44,10 +44,12 @@ import org.apache.hadoop.hbase.coprocessor.CoprocessorService; import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment; import org.apache.hadoop.hbase.coprocessor.MasterObserver; import org.apache.hadoop.hbase.coprocessor.ObserverContext; +import org.apache.hadoop.hbase.ipc.RpcServer; import org.apache.hadoop.hbase.master.procedure.MasterProcedureEnv; import org.apache.hadoop.hbase.procedure2.ProcedureExecutor; import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.SnapshotDescription; import org.apache.hadoop.hbase.protobuf.generated.QuotaProtos.Quotas; +import org.apache.hadoop.hbase.security.User; /** * Provides the coprocessor framework and environment for master oriented @@ -240,9 +242,10 @@ public class MasterCoprocessorHost }); } - public void preCreateTableAction(final HTableDescriptor htd, final HRegionInfo[] regions) + public void preCreateTableAction(final HTableDescriptor htd, final HRegionInfo[] regions, + final User user) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -253,8 +256,8 @@ public class MasterCoprocessorHost } public void postCompletedCreateTableAction( - final HTableDescriptor htd, final HRegionInfo[] regions) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + final HTableDescriptor htd, final HRegionInfo[] regions, final User user) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -284,8 +287,8 @@ public class MasterCoprocessorHost }); } - public void preDeleteTableAction(final TableName tableName) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + public void preDeleteTableAction(final TableName tableName, final User user) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -295,8 +298,9 @@ public class MasterCoprocessorHost }); } - public void postCompletedDeleteTableAction(final TableName tableName) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + public void postCompletedDeleteTableAction(final TableName tableName, final User user) + throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -326,8 +330,8 @@ public class MasterCoprocessorHost }); } - public void preTruncateTableAction(final TableName tableName) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + public void preTruncateTableAction(final TableName tableName, final User user) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -337,8 +341,9 @@ public class MasterCoprocessorHost }); } - public void postCompletedTruncateTableAction(final TableName tableName) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + public void postCompletedTruncateTableAction(final TableName tableName, final User user) + throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -370,9 +375,10 @@ public class MasterCoprocessorHost }); } - public void preModifyTableAction(final TableName tableName, final HTableDescriptor htd) + public void preModifyTableAction(final TableName tableName, final HTableDescriptor htd, + final User user) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -382,9 +388,10 @@ public class MasterCoprocessorHost }); } - public void postCompletedModifyTableAction(final TableName tableName, final HTableDescriptor htd) + public void postCompletedModifyTableAction(final TableName tableName, final HTableDescriptor htd, + final User user) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -420,9 +427,10 @@ public class MasterCoprocessorHost public boolean preAddColumnFamilyAction( final TableName tableName, - final HColumnDescriptor columnFamily) + final HColumnDescriptor columnFamily, + final User user) throws IOException { - return execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + return execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -434,9 +442,10 @@ public class MasterCoprocessorHost public void postCompletedAddColumnFamilyAction( final TableName tableName, - final HColumnDescriptor columnFamily) + final HColumnDescriptor columnFamily, + final User user) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -472,8 +481,9 @@ public class MasterCoprocessorHost public boolean preModifyColumnFamilyAction( final TableName tableName, - final HColumnDescriptor columnFamily) throws IOException { - return execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + final HColumnDescriptor columnFamily, + final User user) throws IOException { + return execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -485,8 +495,9 @@ public class MasterCoprocessorHost public void postCompletedModifyColumnFamilyAction( final TableName tableName, - final HColumnDescriptor columnFamily) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + final HColumnDescriptor columnFamily, + final User user) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -522,9 +533,10 @@ public class MasterCoprocessorHost public boolean preDeleteColumnFamilyAction( final TableName tableName, - final byte[] columnFamily) + final byte[] columnFamily, + final User user) throws IOException { - return execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + return execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -535,8 +547,8 @@ public class MasterCoprocessorHost } public void postCompletedDeleteColumnFamilyAction( - final TableName tableName, final byte[] columnFamily) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + final TableName tableName, final byte[] columnFamily, final User user) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -566,8 +578,8 @@ public class MasterCoprocessorHost }); } - public void preEnableTableAction(final TableName tableName) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + public void preEnableTableAction(final TableName tableName, final User user) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -577,8 +589,9 @@ public class MasterCoprocessorHost }); } - public void postCompletedEnableTableAction(final TableName tableName) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + public void postCompletedEnableTableAction(final TableName tableName, final User user) + throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -608,8 +621,8 @@ public class MasterCoprocessorHost }); } - public void preDisableTableAction(final TableName tableName) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + public void preDisableTableAction(final TableName tableName, final User user) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -619,8 +632,9 @@ public class MasterCoprocessorHost }); } - public void postCompletedDisableTableAction(final TableName tableName) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + public void postCompletedDisableTableAction(final TableName tableName, final User user) + throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(MasterObserver oserver, ObserverContext<MasterCoprocessorEnvironment> ctx) throws IOException { @@ -1168,6 +1182,11 @@ public class MasterCoprocessorHost private static abstract class CoprocessorOperation extends ObserverContext<MasterCoprocessorEnvironment> { public CoprocessorOperation() { + this(RpcServer.getRequestUser()); + } + + public CoprocessorOperation(User user) { + super(user); } public abstract void call(MasterObserver oserver, http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/master/ServerManager.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/ServerManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/ServerManager.java index ffdbd17..612a8d0 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/ServerManager.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/ServerManager.java @@ -67,13 +67,13 @@ import org.apache.hadoop.hbase.protobuf.generated.ClusterStatusProtos.StoreSeque import org.apache.hadoop.hbase.protobuf.generated.ZooKeeperProtos.SplitLogTask.RecoveryMode; import org.apache.hadoop.hbase.regionserver.HRegionServer; import org.apache.hadoop.hbase.regionserver.RegionOpeningState; +import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.util.Bytes; import org.apache.hadoop.hbase.util.Pair; import org.apache.hadoop.hbase.util.RetryCounter; import org.apache.hadoop.hbase.util.RetryCounterFactory; import org.apache.hadoop.hbase.zookeeper.ZKUtil; import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher; -import org.apache.hadoop.security.UserGroupInformation; import org.apache.zookeeper.KeeperException; import com.google.common.annotations.VisibleForTesting; @@ -884,7 +884,7 @@ public class ServerManager { * @throws IOException */ public void sendRegionsMerge(ServerName server, HRegionInfo region_a, - HRegionInfo region_b, boolean forcible, final UserGroupInformation user) throws IOException { + HRegionInfo region_b, boolean forcible, final User user) throws IOException { if (server == null) throw new NullPointerException("Passed server is null"); if (region_a == null || region_b == null) http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/AddColumnFamilyProcedure.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/AddColumnFamilyProcedure.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/AddColumnFamilyProcedure.java index ce099ed..195f738 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/AddColumnFamilyProcedure.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/AddColumnFamilyProcedure.java @@ -21,7 +21,6 @@ package org.apache.hadoop.hbase.master.procedure; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.security.PrivilegedExceptionAction; import java.util.List; import java.util.concurrent.atomic.AtomicBoolean; @@ -39,7 +38,7 @@ import org.apache.hadoop.hbase.procedure2.StateMachineProcedure; import org.apache.hadoop.hbase.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos.AddColumnFamilyState; -import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.hbase.security.User; /** * The procedure to add a column family to an existing table. @@ -55,7 +54,7 @@ public class AddColumnFamilyProcedure private TableName tableName; private HTableDescriptor unmodifiedHTableDescriptor; private HColumnDescriptor cfDescriptor; - private UserGroupInformation user; + private User user; private List<HRegionInfo> regionInfoList; private Boolean traceEnabled; @@ -72,8 +71,8 @@ public class AddColumnFamilyProcedure final HColumnDescriptor cfDescriptor) throws IOException { this.tableName = tableName; this.cfDescriptor = cfDescriptor; - this.user = env.getRequestUser().getUGI(); - this.setOwner(this.user.getShortUserName()); + this.user = env.getRequestUser(); + this.setOwner(this.user.getShortName()); this.unmodifiedHTableDescriptor = null; this.regionInfoList = null; this.traceEnabled = null; @@ -378,22 +377,16 @@ public class AddColumnFamilyProcedure throws IOException, InterruptedException { final MasterCoprocessorHost cpHost = env.getMasterCoprocessorHost(); if (cpHost != null) { - user.doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - switch (state) { - case ADD_COLUMN_FAMILY_PRE_OPERATION: - cpHost.preAddColumnFamilyAction(tableName, cfDescriptor); - break; - case ADD_COLUMN_FAMILY_POST_OPERATION: - cpHost.postCompletedAddColumnFamilyAction(tableName, cfDescriptor); - break; - default: - throw new UnsupportedOperationException(this + " unhandled state=" + state); - } - return null; - } - }); + switch (state) { + case ADD_COLUMN_FAMILY_PRE_OPERATION: + cpHost.preAddColumnFamilyAction(tableName, cfDescriptor, user); + break; + case ADD_COLUMN_FAMILY_POST_OPERATION: + cpHost.postCompletedAddColumnFamilyAction(tableName, cfDescriptor, user); + break; + default: + throw new UnsupportedOperationException(this + " unhandled state=" + state); + } } } http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CloneSnapshotProcedure.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CloneSnapshotProcedure.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CloneSnapshotProcedure.java index fcad845..861ac56 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CloneSnapshotProcedure.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CloneSnapshotProcedure.java @@ -53,6 +53,7 @@ import org.apache.hadoop.hbase.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos.CloneSnapshotState; +import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.util.FSTableDescriptors; import org.apache.hadoop.hbase.util.FSUtils; import org.apache.hadoop.hbase.util.Pair; @@ -62,7 +63,6 @@ import org.apache.hadoop.hbase.snapshot.RestoreSnapshotException; import org.apache.hadoop.hbase.snapshot.RestoreSnapshotHelper; import org.apache.hadoop.hbase.snapshot.SnapshotDescriptionUtils; import org.apache.hadoop.hbase.snapshot.SnapshotManifest; -import org.apache.hadoop.security.UserGroupInformation; import com.google.common.base.Preconditions; @@ -74,7 +74,7 @@ public class CloneSnapshotProcedure private final AtomicBoolean aborted = new AtomicBoolean(false); - private UserGroupInformation user; + private User user; private HTableDescriptor hTableDescriptor; private SnapshotDescription snapshot; private List<HRegionInfo> newRegions = null; @@ -106,8 +106,8 @@ public class CloneSnapshotProcedure throws IOException { this.hTableDescriptor = hTableDescriptor; this.snapshot = snapshot; - this.user = env.getRequestUser().getUGI(); - this.setOwner(this.user.getShortUserName()); + this.user = env.getRequestUser(); + this.setOwner(this.user.getShortName()); getMonitorStatus(); } @@ -372,13 +372,7 @@ public class CloneSnapshotProcedure final MasterCoprocessorHost cpHost = env.getMasterCoprocessorHost(); if (cpHost != null) { - user.doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - cpHost.preCreateTableAction(hTableDescriptor, null); - return null; - } - }); + cpHost.preCreateTableAction(hTableDescriptor, null, user); } } @@ -394,13 +388,7 @@ public class CloneSnapshotProcedure if (cpHost != null) { final HRegionInfo[] regions = (newRegions == null) ? null : newRegions.toArray(new HRegionInfo[newRegions.size()]); - user.doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - cpHost.postCompletedCreateTableAction(hTableDescriptor, regions); - return null; - } - }); + cpHost.postCompletedCreateTableAction(hTableDescriptor, regions, user); } } http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CreateTableProcedure.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CreateTableProcedure.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CreateTableProcedure.java index 40b56e0..f6ade6e 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CreateTableProcedure.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CreateTableProcedure.java @@ -47,11 +47,11 @@ import org.apache.hadoop.hbase.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos.CreateTableState; +import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.util.FSTableDescriptors; import org.apache.hadoop.hbase.util.FSUtils; import org.apache.hadoop.hbase.util.ModifyRegionUtils; import org.apache.hadoop.hbase.util.ServerRegionReplicaUtil; -import org.apache.hadoop.security.UserGroupInformation; import com.google.common.collect.Lists; @@ -68,7 +68,7 @@ public class CreateTableProcedure private HTableDescriptor hTableDescriptor; private List<HRegionInfo> newRegions; - private UserGroupInformation user; + private User user; public CreateTableProcedure() { // Required by the Procedure framework to create the procedure on replay @@ -87,8 +87,8 @@ public class CreateTableProcedure throws IOException { this.hTableDescriptor = hTableDescriptor; this.newRegions = newRegions != null ? Lists.newArrayList(newRegions) : null; - this.user = env.getRequestUser().getUGI(); - this.setOwner(this.user.getShortUserName()); + this.user = env.getRequestUser(); + this.setOwner(this.user.getShortName()); // used for compatibility with clients without procedures // they need a sync TableExistsException @@ -307,13 +307,7 @@ public class CreateTableProcedure if (cpHost != null) { final HRegionInfo[] regions = newRegions == null ? null : newRegions.toArray(new HRegionInfo[newRegions.size()]); - user.doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - cpHost.preCreateTableAction(hTableDescriptor, regions); - return null; - } - }); + cpHost.preCreateTableAction(hTableDescriptor, regions, user); } } @@ -323,13 +317,7 @@ public class CreateTableProcedure if (cpHost != null) { final HRegionInfo[] regions = (newRegions == null) ? null : newRegions.toArray(new HRegionInfo[newRegions.size()]); - user.doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - cpHost.postCompletedCreateTableAction(hTableDescriptor, regions); - return null; - } - }); + cpHost.postCompletedCreateTableAction(hTableDescriptor, regions, user); } } http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DeleteColumnFamilyProcedure.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DeleteColumnFamilyProcedure.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DeleteColumnFamilyProcedure.java index 097aaf1..8bcbd82 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DeleteColumnFamilyProcedure.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DeleteColumnFamilyProcedure.java @@ -38,9 +38,9 @@ import org.apache.hadoop.hbase.procedure2.StateMachineProcedure; import org.apache.hadoop.hbase.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos.DeleteColumnFamilyState; +import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.util.ByteStringer; import org.apache.hadoop.hbase.util.Bytes; -import org.apache.hadoop.security.UserGroupInformation; /** * The procedure to delete a column family from an existing table. @@ -57,7 +57,7 @@ public class DeleteColumnFamilyProcedure private TableName tableName; private byte [] familyName; private boolean hasMob; - private UserGroupInformation user; + private User user; private List<HRegionInfo> regionInfoList; private Boolean traceEnabled; @@ -74,8 +74,8 @@ public class DeleteColumnFamilyProcedure final byte[] familyName) throws IOException { this.tableName = tableName; this.familyName = familyName; - this.user = env.getRequestUser().getUGI(); - this.setOwner(this.user.getShortUserName()); + this.user = env.getRequestUser(); + this.setOwner(this.user.getShortName()); this.unmodifiedHTableDescriptor = null; this.regionInfoList = null; this.traceEnabled = null; @@ -403,22 +403,16 @@ public class DeleteColumnFamilyProcedure final DeleteColumnFamilyState state) throws IOException, InterruptedException { final MasterCoprocessorHost cpHost = env.getMasterCoprocessorHost(); if (cpHost != null) { - user.doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - switch (state) { - case DELETE_COLUMN_FAMILY_PRE_OPERATION: - cpHost.preDeleteColumnFamilyAction(tableName, familyName); - break; - case DELETE_COLUMN_FAMILY_POST_OPERATION: - cpHost.postCompletedDeleteColumnFamilyAction(tableName, familyName); - break; - default: - throw new UnsupportedOperationException(this + " unhandled state=" + state); - } - return null; - } - }); + switch (state) { + case DELETE_COLUMN_FAMILY_PRE_OPERATION: + cpHost.preDeleteColumnFamilyAction(tableName, familyName, user); + break; + case DELETE_COLUMN_FAMILY_POST_OPERATION: + cpHost.postCompletedDeleteColumnFamilyAction(tableName, familyName, user); + break; + default: + throw new UnsupportedOperationException(this + " unhandled state=" + state); + } } } http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DeleteTableProcedure.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DeleteTableProcedure.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DeleteTableProcedure.java index 39ec0a6..2881ed5 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DeleteTableProcedure.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DeleteTableProcedure.java @@ -55,8 +55,8 @@ import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos.DeleteTableState; import org.apache.hadoop.hbase.regionserver.HRegion; +import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.util.FSUtils; -import org.apache.hadoop.security.UserGroupInformation; @InterfaceAudience.Private public class DeleteTableProcedure @@ -65,7 +65,7 @@ public class DeleteTableProcedure private static final Log LOG = LogFactory.getLog(DeleteTableProcedure.class); private List<HRegionInfo> regions; - private UserGroupInformation user; + private User user; private TableName tableName; // used for compatibility with old clients @@ -84,8 +84,8 @@ public class DeleteTableProcedure public DeleteTableProcedure(final MasterProcedureEnv env, final TableName tableName, final ProcedurePrepareLatch syncLatch) throws IOException { this.tableName = tableName; - this.user = env.getRequestUser().getUGI(); - this.setOwner(this.user.getShortUserName()); + this.user = env.getRequestUser(); + this.setOwner(this.user.getShortName()); // used for compatibility with clients without procedures // they need a sync TableNotFoundException, TableNotDisabledException, ... @@ -266,13 +266,7 @@ public class DeleteTableProcedure final MasterCoprocessorHost cpHost = env.getMasterCoprocessorHost(); if (cpHost != null) { final TableName tableName = this.tableName; - user.doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - cpHost.preDeleteTableAction(tableName); - return null; - } - }); + cpHost.preDeleteTableAction(tableName, user); } return true; } @@ -284,13 +278,7 @@ public class DeleteTableProcedure final MasterCoprocessorHost cpHost = env.getMasterCoprocessorHost(); if (cpHost != null) { final TableName tableName = this.tableName; - user.doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - cpHost.postCompletedDeleteTableAction(tableName); - return null; - } - }); + cpHost.postCompletedDeleteTableAction(tableName, user); } } http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DisableTableProcedure.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DisableTableProcedure.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DisableTableProcedure.java index 5518b8b..be21590 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DisableTableProcedure.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DisableTableProcedure.java @@ -46,6 +46,7 @@ import org.apache.hadoop.hbase.procedure2.StateMachineProcedure; import org.apache.hadoop.hbase.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos.DisableTableState; +import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.util.EnvironmentEdgeManager; import org.apache.hadoop.security.UserGroupInformation; import org.apache.htrace.Trace; @@ -63,7 +64,7 @@ public class DisableTableProcedure private TableName tableName; private boolean skipTableStateCheck; - private UserGroupInformation user; + private User user; private Boolean traceEnabled = null; @@ -105,8 +106,8 @@ public class DisableTableProcedure final ProcedurePrepareLatch syncLatch) throws IOException { this.tableName = tableName; this.skipTableStateCheck = skipTableStateCheck; - this.user = env.getRequestUser().getUGI(); - this.setOwner(this.user.getShortUserName()); + this.user = env.getRequestUser(); + this.setOwner(this.user.getShortName()); // Compatible with 1.0: We use latch to make sure that this procedure implementation is // compatible with 1.0 asynchronized operations. We need to lock the table and check @@ -458,22 +459,16 @@ public class DisableTableProcedure throws IOException, InterruptedException { final MasterCoprocessorHost cpHost = env.getMasterCoprocessorHost(); if (cpHost != null) { - user.doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - switch (state) { - case DISABLE_TABLE_PRE_OPERATION: - cpHost.preDisableTableAction(tableName); - break; - case DISABLE_TABLE_POST_OPERATION: - cpHost.postCompletedDisableTableAction(tableName); - break; - default: - throw new UnsupportedOperationException(this + " unhandled state=" + state); - } - return null; - } - }); + switch (state) { + case DISABLE_TABLE_PRE_OPERATION: + cpHost.preDisableTableAction(tableName, user); + break; + case DISABLE_TABLE_POST_OPERATION: + cpHost.postCompletedDisableTableAction(tableName, user); + break; + default: + throw new UnsupportedOperationException(this + " unhandled state=" + state); + } } } http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DispatchMergingRegionsProcedure.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DispatchMergingRegionsProcedure.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DispatchMergingRegionsProcedure.java index 0dfb711..b4f1bf0 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DispatchMergingRegionsProcedure.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/DispatchMergingRegionsProcedure.java @@ -46,8 +46,8 @@ import org.apache.hadoop.hbase.procedure2.StateMachineProcedure; import org.apache.hadoop.hbase.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos.DispatchMergingRegionsState; +import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.util.EnvironmentEdgeManager; -import org.apache.hadoop.security.UserGroupInformation; /** * The procedure to Merge a region in a table. @@ -66,7 +66,7 @@ implements TableProcedureInterface { private String regionsToMergeListFullName; private String regionsToMergeListEncodedName; - private UserGroupInformation user; + private User user; private TableName tableName; private HRegionInfo [] regionsToMerge; private boolean forcible; @@ -94,8 +94,8 @@ implements TableProcedureInterface { this.regionsToMerge = regionsToMerge; this.forcible = forcible; - this.user = env.getRequestUser().getUGI(); - this.setOwner(this.user.getShortUserName()); + this.user = env.getRequestUser(); + this.setOwner(this.user.getShortName()); this.timeout = -1; this.regionsToMergeListFullName = getRegionsToMergeListFullNameString(); http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/EnableTableProcedure.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/EnableTableProcedure.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/EnableTableProcedure.java index 141dcd4..1893543 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/EnableTableProcedure.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/EnableTableProcedure.java @@ -50,9 +50,9 @@ import org.apache.hadoop.hbase.procedure2.StateMachineProcedure; import org.apache.hadoop.hbase.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos.EnableTableState; +import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.util.Pair; import org.apache.hadoop.hbase.zookeeper.MetaTableLocator; -import org.apache.hadoop.security.UserGroupInformation; @InterfaceAudience.Private public class EnableTableProcedure @@ -67,7 +67,7 @@ public class EnableTableProcedure private TableName tableName; private boolean skipTableStateCheck; - private UserGroupInformation user; + private User user; private Boolean traceEnabled = null; @@ -103,8 +103,8 @@ public class EnableTableProcedure final ProcedurePrepareLatch syncLatch) throws IOException { this.tableName = tableName; this.skipTableStateCheck = skipTableStateCheck; - this.user = env.getRequestUser().getUGI(); - this.setOwner(this.user.getShortUserName()); + this.user = env.getRequestUser(); + this.setOwner(this.user.getShortName()); // Compatible with 1.0: We use latch to make sure that this procedure implementation is // compatible with 1.0 asynchronized operations. We need to lock the table and check @@ -561,22 +561,16 @@ public class EnableTableProcedure throws IOException, InterruptedException { final MasterCoprocessorHost cpHost = env.getMasterCoprocessorHost(); if (cpHost != null) { - user.doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - switch (state) { - case ENABLE_TABLE_PRE_OPERATION: - cpHost.preEnableTableAction(getTableName()); - break; - case ENABLE_TABLE_POST_OPERATION: - cpHost.postCompletedEnableTableAction(getTableName()); - break; - default: - throw new UnsupportedOperationException(this + " unhandled state=" + state); - } - return null; - } - }); + switch (state) { + case ENABLE_TABLE_PRE_OPERATION: + cpHost.preEnableTableAction(getTableName(), user); + break; + case ENABLE_TABLE_POST_OPERATION: + cpHost.postCompletedEnableTableAction(getTableName(), user); + break; + default: + throw new UnsupportedOperationException(this + " unhandled state=" + state); + } } } } http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/MasterProcedureUtil.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/MasterProcedureUtil.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/MasterProcedureUtil.java index d7c0b92..fa0c366 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/MasterProcedureUtil.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/MasterProcedureUtil.java @@ -23,6 +23,7 @@ import org.apache.commons.logging.LogFactory; import org.apache.hadoop.hbase.classification.InterfaceAudience; import org.apache.hadoop.hbase.classification.InterfaceStability; import org.apache.hadoop.hbase.protobuf.generated.RPCProtos.UserInformation; +import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.security.UserGroupInformation; @InterfaceAudience.Private @@ -32,24 +33,24 @@ public final class MasterProcedureUtil { private MasterProcedureUtil() {} - public static UserInformation toProtoUserInfo(UserGroupInformation ugi) { + public static UserInformation toProtoUserInfo(User user) { UserInformation.Builder userInfoPB = UserInformation.newBuilder(); - userInfoPB.setEffectiveUser(ugi.getUserName()); - if (ugi.getRealUser() != null) { - userInfoPB.setRealUser(ugi.getRealUser().getUserName()); + userInfoPB.setEffectiveUser(user.getName()); + if (user.getUGI().getRealUser() != null) { + userInfoPB.setRealUser(user.getUGI().getRealUser().getUserName()); } return userInfoPB.build(); } - public static UserGroupInformation toUserInfo(UserInformation userInfoProto) { + public static User toUserInfo(UserInformation userInfoProto) { if (userInfoProto.hasEffectiveUser()) { String effectiveUser = userInfoProto.getEffectiveUser(); if (userInfoProto.hasRealUser()) { String realUser = userInfoProto.getRealUser(); UserGroupInformation realUserUgi = UserGroupInformation.createRemoteUser(realUser); - return UserGroupInformation.createProxyUser(effectiveUser, realUserUgi); + return User.create(UserGroupInformation.createProxyUser(effectiveUser, realUserUgi)); } - return UserGroupInformation.createRemoteUser(effectiveUser); + return User.create(UserGroupInformation.createRemoteUser(effectiveUser)); } return null; } http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/ModifyColumnFamilyProcedure.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/ModifyColumnFamilyProcedure.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/ModifyColumnFamilyProcedure.java index ee534e9..6a408da 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/ModifyColumnFamilyProcedure.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/ModifyColumnFamilyProcedure.java @@ -39,7 +39,7 @@ import org.apache.hadoop.hbase.procedure2.StateMachineProcedure; import org.apache.hadoop.hbase.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos.ModifyColumnFamilyState; -import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.hbase.security.User; /** * The procedure to modify a column family from an existing table. @@ -55,7 +55,7 @@ public class ModifyColumnFamilyProcedure private TableName tableName; private HTableDescriptor unmodifiedHTableDescriptor; private HColumnDescriptor cfDescriptor; - private UserGroupInformation user; + private User user; private Boolean traceEnabled; @@ -70,8 +70,8 @@ public class ModifyColumnFamilyProcedure final HColumnDescriptor cfDescriptor) throws IOException { this.tableName = tableName; this.cfDescriptor = cfDescriptor; - this.user = env.getRequestUser().getUGI(); - this.setOwner(this.user.getShortUserName()); + this.user = env.getRequestUser(); + this.setOwner(this.user.getShortName()); this.unmodifiedHTableDescriptor = null; this.traceEnabled = null; } @@ -359,22 +359,16 @@ public class ModifyColumnFamilyProcedure final ModifyColumnFamilyState state) throws IOException, InterruptedException { final MasterCoprocessorHost cpHost = env.getMasterCoprocessorHost(); if (cpHost != null) { - user.doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - switch (state) { - case MODIFY_COLUMN_FAMILY_PRE_OPERATION: - cpHost.preModifyColumnFamilyAction(tableName, cfDescriptor); - break; - case MODIFY_COLUMN_FAMILY_POST_OPERATION: - cpHost.postCompletedModifyColumnFamilyAction(tableName, cfDescriptor); - break; - default: - throw new UnsupportedOperationException(this + " unhandled state=" + state); - } - return null; - } - }); + switch (state) { + case MODIFY_COLUMN_FAMILY_PRE_OPERATION: + cpHost.preModifyColumnFamilyAction(tableName, cfDescriptor, user); + break; + case MODIFY_COLUMN_FAMILY_POST_OPERATION: + cpHost.postCompletedModifyColumnFamilyAction(tableName, cfDescriptor, user); + break; + default: + throw new UnsupportedOperationException(this + " unhandled state=" + state); + } } } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/ModifyTableProcedure.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/ModifyTableProcedure.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/ModifyTableProcedure.java index 6c65718..c523f23 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/ModifyTableProcedure.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/ModifyTableProcedure.java @@ -49,8 +49,8 @@ import org.apache.hadoop.hbase.procedure2.StateMachineProcedure; import org.apache.hadoop.hbase.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos.ModifyTableState; +import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.util.ServerRegionReplicaUtil; -import org.apache.hadoop.security.UserGroupInformation; @InterfaceAudience.Private public class ModifyTableProcedure @@ -62,7 +62,7 @@ public class ModifyTableProcedure private HTableDescriptor unmodifiedHTableDescriptor = null; private HTableDescriptor modifiedHTableDescriptor; - private UserGroupInformation user; + private User user; private boolean deleteColumnFamilyInModify; private List<HRegionInfo> regionInfoList; @@ -77,8 +77,8 @@ public class ModifyTableProcedure final HTableDescriptor htd) throws IOException { initilize(); this.modifiedHTableDescriptor = htd; - this.user = env.getRequestUser().getUGI(); - this.setOwner(this.user.getShortUserName()); + this.user = env.getRequestUser(); + this.setOwner(this.user.getShortName()); } private void initilize() { @@ -467,22 +467,16 @@ public class ModifyTableProcedure throws IOException, InterruptedException { final MasterCoprocessorHost cpHost = env.getMasterCoprocessorHost(); if (cpHost != null) { - user.doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - switch (state) { - case MODIFY_TABLE_PRE_OPERATION: - cpHost.preModifyTableAction(getTableName(), modifiedHTableDescriptor); - break; - case MODIFY_TABLE_POST_OPERATION: - cpHost.postCompletedModifyTableAction(getTableName(), modifiedHTableDescriptor); - break; - default: - throw new UnsupportedOperationException(this + " unhandled state=" + state); - } - return null; - } - }); + switch (state) { + case MODIFY_TABLE_PRE_OPERATION: + cpHost.preModifyTableAction(getTableName(), modifiedHTableDescriptor, user); + break; + case MODIFY_TABLE_POST_OPERATION: + cpHost.postCompletedModifyTableAction(getTableName(), modifiedHTableDescriptor, user); + break; + default: + throw new UnsupportedOperationException(this + " unhandled state=" + state); + } } } http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/RestoreSnapshotProcedure.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/RestoreSnapshotProcedure.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/RestoreSnapshotProcedure.java index ab9cc50..23ab3ac 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/RestoreSnapshotProcedure.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/RestoreSnapshotProcedure.java @@ -53,12 +53,12 @@ import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos.RestoreSnapshotState; import org.apache.hadoop.hbase.protobuf.generated.HBaseProtos.SnapshotDescription; +import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.snapshot.ClientSnapshotDescriptionUtils; import org.apache.hadoop.hbase.snapshot.RestoreSnapshotHelper; import org.apache.hadoop.hbase.snapshot.SnapshotDescriptionUtils; import org.apache.hadoop.hbase.snapshot.SnapshotManifest; import org.apache.hadoop.hbase.util.Pair; -import org.apache.hadoop.security.UserGroupInformation; @InterfaceAudience.Private public class RestoreSnapshotProcedure @@ -75,7 +75,7 @@ public class RestoreSnapshotProcedure private Map<String, Pair<String, String>> parentsToChildrenPairMap = new HashMap<String, Pair<String, String>>(); - private UserGroupInformation user; + private User user; private SnapshotDescription snapshot; // Monitor @@ -106,8 +106,8 @@ public class RestoreSnapshotProcedure // Snapshot information this.snapshot = snapshot; // User and owner information - this.user = env.getRequestUser().getUGI(); - this.setOwner(this.user.getShortUserName()); + this.user = env.getRequestUser(); + this.setOwner(this.user.getShortName()); // Monitor getMonitorStatus(); http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/TruncateTableProcedure.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/TruncateTableProcedure.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/TruncateTableProcedure.java index b420274..0b60cea 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/TruncateTableProcedure.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/TruncateTableProcedure.java @@ -41,8 +41,8 @@ import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos; import org.apache.hadoop.hbase.protobuf.generated.MasterProcedureProtos.TruncateTableState; import org.apache.hadoop.hbase.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.procedure2.StateMachineProcedure; +import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.util.ModifyRegionUtils; -import org.apache.hadoop.security.UserGroupInformation; @InterfaceAudience.Private public class TruncateTableProcedure @@ -52,7 +52,7 @@ public class TruncateTableProcedure private boolean preserveSplits; private List<HRegionInfo> regions; - private UserGroupInformation user; + private User user; private HTableDescriptor hTableDescriptor; private TableName tableName; @@ -64,8 +64,8 @@ public class TruncateTableProcedure boolean preserveSplits) throws IOException { this.tableName = tableName; this.preserveSplits = preserveSplits; - this.user = env.getRequestUser().getUGI(); - this.setOwner(this.user.getShortUserName()); + this.user = env.getRequestUser(); + this.setOwner(this.user.getShortName()); } @Override @@ -261,13 +261,7 @@ public class TruncateTableProcedure final MasterCoprocessorHost cpHost = env.getMasterCoprocessorHost(); if (cpHost != null) { final TableName tableName = getTableName(); - user.doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - cpHost.preTruncateTableAction(tableName); - return null; - } - }); + cpHost.preTruncateTableAction(tableName, user); } return true; } @@ -277,13 +271,7 @@ public class TruncateTableProcedure final MasterCoprocessorHost cpHost = env.getMasterCoprocessorHost(); if (cpHost != null) { final TableName tableName = getTableName(); - user.doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - cpHost.postCompletedTruncateTableAction(tableName); - return null; - } - }); + cpHost.postCompletedTruncateTableAction(tableName, user); } } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HStore.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HStore.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HStore.java index 4b79153..b32b757 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HStore.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HStore.java @@ -1284,23 +1284,7 @@ public class HStore implements Store { final StoreFile sf = moveFileIntoPlace(newFile); if (this.getCoprocessorHost() != null) { final Store thisStore = this; - if (user == null) { - getCoprocessorHost().postCompact(thisStore, sf, cr); - } else { - try { - user.getUGI().doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - getCoprocessorHost().postCompact(thisStore, sf, cr); - return null; - } - }); - } catch (InterruptedException ie) { - InterruptedIOException iioe = new InterruptedIOException(); - iioe.initCause(ie); - throw iioe; - } - } + getCoprocessorHost().postCompact(thisStore, sf, cr, user); } assert sf != null; sfs.add(sf); @@ -1507,7 +1491,7 @@ public class HStore implements Store { // Move the compaction into place. StoreFile sf = moveFileIntoPlace(newFile); if (this.getCoprocessorHost() != null) { - this.getCoprocessorHost().postCompact(this, sf, null); + this.getCoprocessorHost().postCompact(this, sf, null, null); } replaceStoreFiles(filesToCompact, Lists.newArrayList(sf)); completeCompaction(filesToCompact); @@ -1568,29 +1552,12 @@ public class HStore implements Store { this.lock.readLock().lock(); try { synchronized (filesCompacting) { - final Store thisStore = this; // First, see if coprocessor would want to override selection. if (this.getCoprocessorHost() != null) { final List<StoreFile> candidatesForCoproc = compaction.preSelect(this.filesCompacting); boolean override = false; - if (user == null) { - override = getCoprocessorHost().preCompactSelection(this, candidatesForCoproc, - baseRequest); - } else { - try { - override = user.getUGI().doAs(new PrivilegedExceptionAction<Boolean>() { - @Override - public Boolean run() throws Exception { - return getCoprocessorHost().preCompactSelection(thisStore, candidatesForCoproc, - baseRequest); - } - }); - } catch (InterruptedException ie) { - InterruptedIOException iioe = new InterruptedIOException(); - iioe.initCause(ie); - throw iioe; - } - } + override = getCoprocessorHost().preCompactSelection(this, candidatesForCoproc, + baseRequest, user); if (override) { // Coprocessor is overriding normal file selection. compaction.forceSelect(new CompactionRequest(candidatesForCoproc)); @@ -1618,25 +1585,8 @@ public class HStore implements Store { } } if (this.getCoprocessorHost() != null) { - if (user == null) { - this.getCoprocessorHost().postCompactSelection( - this, ImmutableList.copyOf(compaction.getRequest().getFiles()), baseRequest); - } else { - try { - user.getUGI().doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - getCoprocessorHost().postCompactSelection( - thisStore,ImmutableList.copyOf(compaction.getRequest().getFiles()),baseRequest); - return null; - } - }); - } catch (InterruptedException ie) { - InterruptedIOException iioe = new InterruptedIOException(); - iioe.initCause(ie); - throw iioe; - } - } + this.getCoprocessorHost().postCompactSelection( + this, ImmutableList.copyOf(compaction.getRequest().getFiles()), baseRequest, user); } // Selected files; see if we have a compaction with some custom base request. http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionCoprocessorHost.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionCoprocessorHost.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionCoprocessorHost.java index f6ccaa1..acfaa96 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionCoprocessorHost.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionCoprocessorHost.java @@ -74,9 +74,11 @@ import org.apache.hadoop.hbase.filter.CompareFilter.CompareOp; import org.apache.hadoop.hbase.io.FSDataInputStreamWrapper; import org.apache.hadoop.hbase.io.Reference; import org.apache.hadoop.hbase.io.hfile.CacheConfig; +import org.apache.hadoop.hbase.ipc.RpcServer; import org.apache.hadoop.hbase.regionserver.Region.Operation; import org.apache.hadoop.hbase.regionserver.compactions.CompactionRequest; import org.apache.hadoop.hbase.regionserver.wal.HLogKey; +import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.wal.WALKey; import org.apache.hadoop.hbase.regionserver.wal.WALEdit; import org.apache.hadoop.hbase.util.Bytes; @@ -532,9 +534,9 @@ public class RegionCoprocessorHost */ public InternalScanner preCompactScannerOpen(final Store store, final List<StoreFileScanner> scanners, final ScanType scanType, final long earliestPutTs, - final CompactionRequest request) throws IOException { + final CompactionRequest request, final User user) throws IOException { return execOperationWithResult(null, - coprocessors.isEmpty() ? null : new RegionOperationWithResult<InternalScanner>() { + coprocessors.isEmpty() ? null : new RegionOperationWithResult<InternalScanner>(user) { @Override public void call(RegionObserver oserver, ObserverContext<RegionCoprocessorEnvironment> ctx) throws IOException { @@ -554,8 +556,8 @@ public class RegionCoprocessorHost * @throws IOException */ public boolean preCompactSelection(final Store store, final List<StoreFile> candidates, - final CompactionRequest request) throws IOException { - return execOperation(coprocessors.isEmpty() ? null : new RegionOperation() { + final CompactionRequest request, final User user) throws IOException { + return execOperation(coprocessors.isEmpty() ? null : new RegionOperation(user) { @Override public void call(RegionObserver oserver, ObserverContext<RegionCoprocessorEnvironment> ctx) throws IOException { @@ -572,9 +574,9 @@ public class RegionCoprocessorHost * @param request custom compaction */ public void postCompactSelection(final Store store, final ImmutableList<StoreFile> selected, - final CompactionRequest request) { + final CompactionRequest request, final User user) { try { - execOperation(coprocessors.isEmpty() ? null : new RegionOperation() { + execOperation(coprocessors.isEmpty() ? null : new RegionOperation(user) { @Override public void call(RegionObserver oserver, ObserverContext<RegionCoprocessorEnvironment> ctx) throws IOException { @@ -595,9 +597,10 @@ public class RegionCoprocessorHost * @throws IOException */ public InternalScanner preCompact(final Store store, final InternalScanner scanner, - final ScanType scanType, final CompactionRequest request) throws IOException { + final ScanType scanType, final CompactionRequest request, final User user) + throws IOException { return execOperationWithResult(false, scanner, - coprocessors.isEmpty() ? null : new RegionOperationWithResult<InternalScanner>() { + coprocessors.isEmpty() ? null : new RegionOperationWithResult<InternalScanner>(user) { @Override public void call(RegionObserver oserver, ObserverContext<RegionCoprocessorEnvironment> ctx) throws IOException { @@ -614,8 +617,8 @@ public class RegionCoprocessorHost * @throws IOException */ public void postCompact(final Store store, final StoreFile resultFile, - final CompactionRequest request) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new RegionOperation() { + final CompactionRequest request, final User user) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new RegionOperation(user) { @Override public void call(RegionObserver oserver, ObserverContext<RegionCoprocessorEnvironment> ctx) throws IOException { @@ -704,8 +707,8 @@ public class RegionCoprocessorHost * @throws IOException */ // TODO: Deprecate this - public void preSplit() throws IOException { - execOperation(coprocessors.isEmpty() ? null : new RegionOperation() { + public void preSplit(final User user) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new RegionOperation(user) { @Override public void call(RegionObserver oserver, ObserverContext<RegionCoprocessorEnvironment> ctx) throws IOException { @@ -718,8 +721,8 @@ public class RegionCoprocessorHost * Invoked just before a split * @throws IOException */ - public void preSplit(final byte[] splitRow) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new RegionOperation() { + public void preSplit(final byte[] splitRow, final User user) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new RegionOperation(user) { @Override public void call(RegionObserver oserver, ObserverContext<RegionCoprocessorEnvironment> ctx) throws IOException { @@ -734,8 +737,8 @@ public class RegionCoprocessorHost * @param r the new right-hand daughter region * @throws IOException */ - public void postSplit(final Region l, final Region r) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new RegionOperation() { + public void postSplit(final Region l, final Region r, final User user) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new RegionOperation(user) { @Override public void call(RegionObserver oserver, ObserverContext<RegionCoprocessorEnvironment> ctx) throws IOException { @@ -745,8 +748,8 @@ public class RegionCoprocessorHost } public boolean preSplitBeforePONR(final byte[] splitKey, - final List<Mutation> metaEntries) throws IOException { - return execOperation(coprocessors.isEmpty() ? null : new RegionOperation() { + final List<Mutation> metaEntries, final User user) throws IOException { + return execOperation(coprocessors.isEmpty() ? null : new RegionOperation(user) { @Override public void call(RegionObserver oserver, ObserverContext<RegionCoprocessorEnvironment> ctx) throws IOException { @@ -755,8 +758,8 @@ public class RegionCoprocessorHost }); } - public void preSplitAfterPONR() throws IOException { - execOperation(coprocessors.isEmpty() ? null : new RegionOperation() { + public void preSplitAfterPONR(final User user) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new RegionOperation(user) { @Override public void call(RegionObserver oserver, ObserverContext<RegionCoprocessorEnvironment> ctx) throws IOException { @@ -769,8 +772,8 @@ public class RegionCoprocessorHost * Invoked just before the rollback of a failed split is started * @throws IOException */ - public void preRollBackSplit() throws IOException { - execOperation(coprocessors.isEmpty() ? null : new RegionOperation() { + public void preRollBackSplit(final User user) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new RegionOperation(user) { @Override public void call(RegionObserver oserver, ObserverContext<RegionCoprocessorEnvironment> ctx) throws IOException { @@ -783,8 +786,8 @@ public class RegionCoprocessorHost * Invoked just after the rollback of a failed split is done * @throws IOException */ - public void postRollBackSplit() throws IOException { - execOperation(coprocessors.isEmpty() ? null : new RegionOperation() { + public void postRollBackSplit(final User user) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new RegionOperation(user) { @Override public void call(RegionObserver oserver, ObserverContext<RegionCoprocessorEnvironment> ctx) throws IOException { @@ -1656,6 +1659,14 @@ public class RegionCoprocessorHost private static abstract class CoprocessorOperation extends ObserverContext<RegionCoprocessorEnvironment> { + public CoprocessorOperation() { + this(RpcServer.getRequestUser()); + } + + public CoprocessorOperation(User user) { + super(user); + } + public abstract void call(Coprocessor observer, ObserverContext<RegionCoprocessorEnvironment> ctx) throws IOException; public abstract boolean hasCall(Coprocessor observer); @@ -1663,6 +1674,13 @@ public class RegionCoprocessorHost } private static abstract class RegionOperation extends CoprocessorOperation { + public RegionOperation() { + } + + public RegionOperation(User user) { + super(user); + } + public abstract void call(RegionObserver observer, ObserverContext<RegionCoprocessorEnvironment> ctx) throws IOException; @@ -1677,6 +1695,13 @@ public class RegionCoprocessorHost } private static abstract class RegionOperationWithResult<T> extends RegionOperation { + public RegionOperationWithResult() { + } + + public RegionOperationWithResult(User user) { + super (user); + } + private T result = null; public void setResult(final T result) { this.result = result; } public T getResult() { return this.result; } http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionMergeTransactionImpl.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionMergeTransactionImpl.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionMergeTransactionImpl.java index 5c177d1..9e7f97b 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionMergeTransactionImpl.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionMergeTransactionImpl.java @@ -247,23 +247,7 @@ public class RegionMergeTransactionImpl implements RegionMergeTransaction { } final HRegion mergedRegion = createMergedRegion(server, services, user); if (rsCoprocessorHost != null) { - if (user == null) { - rsCoprocessorHost.postMergeCommit(this.region_a, this.region_b, mergedRegion); - } else { - try { - user.getUGI().doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - rsCoprocessorHost.postMergeCommit(region_a, region_b, mergedRegion); - return null; - } - }); - } catch (InterruptedException ie) { - InterruptedIOException iioe = new InterruptedIOException(); - iioe.initCause(ie); - throw iioe; - } - } + rsCoprocessorHost.postMergeCommit(this.region_a, this.region_b, mergedRegion, user); } stepsAfterPONR(server, services, mergedRegion, user); @@ -277,23 +261,7 @@ public class RegionMergeTransactionImpl implements RegionMergeTransaction { final HRegion mergedRegion, User user) throws IOException { openMergedRegion(server, services, mergedRegion); if (rsCoprocessorHost != null) { - if (user == null) { - rsCoprocessorHost.postMerge(region_a, region_b, mergedRegion); - } else { - try { - user.getUGI().doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - rsCoprocessorHost.postMerge(region_a, region_b, mergedRegion); - return null; - } - }); - } catch (InterruptedException ie) { - InterruptedIOException iioe = new InterruptedIOException(); - iioe.initCause(ie); - throw iioe; - } - } + rsCoprocessorHost.postMerge(region_a, region_b, mergedRegion, user); } } @@ -315,23 +283,7 @@ public class RegionMergeTransactionImpl implements RegionMergeTransaction { } if (rsCoprocessorHost != null) { - boolean ret = false; - if (user == null) { - ret = rsCoprocessorHost.preMerge(region_a, region_b); - } else { - try { - ret = user.getUGI().doAs(new PrivilegedExceptionAction<Boolean>() { - @Override - public Boolean run() throws Exception { - return rsCoprocessorHost.preMerge(region_a, region_b); - } - }); - } catch (InterruptedException ie) { - InterruptedIOException iioe = new InterruptedIOException(); - iioe.initCause(ie); - throw iioe; - } - } + boolean ret = rsCoprocessorHost.preMerge(region_a, region_b, user); if (ret) { throw new IOException("Coprocessor bypassing regions " + this.region_a + " " + this.region_b + " merge."); @@ -347,23 +299,7 @@ public class RegionMergeTransactionImpl implements RegionMergeTransaction { @MetaMutationAnnotation final List<Mutation> metaEntries = new ArrayList<Mutation>(); if (rsCoprocessorHost != null) { - boolean ret = false; - if (user == null) { - ret = rsCoprocessorHost.preMergeCommit(region_a, region_b, metaEntries); - } else { - try { - ret = user.getUGI().doAs(new PrivilegedExceptionAction<Boolean>() { - @Override - public Boolean run() throws Exception { - return rsCoprocessorHost.preMergeCommit(region_a, region_b, metaEntries); - } - }); - } catch (InterruptedException ie) { - InterruptedIOException iioe = new InterruptedIOException(); - iioe.initCause(ie); - throw iioe; - } - } + boolean ret = rsCoprocessorHost.preMergeCommit(region_a, region_b, metaEntries, user); if (ret) { throw new IOException("Coprocessor bypassing regions " + this.region_a + " " @@ -658,23 +594,7 @@ public class RegionMergeTransactionImpl implements RegionMergeTransaction { this.rsServices = services; // Coprocessor callback if (rsCoprocessorHost != null) { - if (user == null) { - rsCoprocessorHost.preRollBackMerge(region_a, region_b); - } else { - try { - user.getUGI().doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - rsCoprocessorHost.preRollBackMerge(region_a, region_b); - return null; - } - }); - } catch (InterruptedException ie) { - InterruptedIOException iioe = new InterruptedIOException(); - iioe.initCause(ie); - throw iioe; - } - } + rsCoprocessorHost.preRollBackMerge(region_a, region_b, user); } boolean result = true; @@ -759,23 +679,7 @@ public class RegionMergeTransactionImpl implements RegionMergeTransaction { } // Coprocessor callback if (rsCoprocessorHost != null) { - if (user == null) { - rsCoprocessorHost.postRollBackMerge(region_a, region_b); - } else { - try { - user.getUGI().doAs(new PrivilegedExceptionAction<Void>() { - @Override - public Void run() throws Exception { - rsCoprocessorHost.postRollBackMerge(region_a, region_b); - return null; - } - }); - } catch (InterruptedException ie) { - InterruptedIOException iioe = new InterruptedIOException(); - iioe.initCause(ie); - throw iioe; - } - } + rsCoprocessorHost.postRollBackMerge(region_a, region_b, user); } return result; http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java index 50072c3..3f21a72 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java @@ -39,8 +39,10 @@ import org.apache.hadoop.hbase.coprocessor.ObserverContext; import org.apache.hadoop.hbase.coprocessor.RegionServerCoprocessorEnvironment; import org.apache.hadoop.hbase.coprocessor.RegionServerObserver; import org.apache.hadoop.hbase.coprocessor.SingletonCoprocessorService; +import org.apache.hadoop.hbase.ipc.RpcServer; import org.apache.hadoop.hbase.protobuf.generated.AdminProtos.WALEntry; import org.apache.hadoop.hbase.replication.ReplicationEndpoint; +import org.apache.hadoop.hbase.security.User; @InterfaceAudience.LimitedPrivate(HBaseInterfaceAudience.COPROC) @InterfaceStability.Evolving @@ -91,8 +93,8 @@ public class RegionServerCoprocessorHost extends }); } - public boolean preMerge(final HRegion regionA, final HRegion regionB) throws IOException { - return execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + public boolean preMerge(final HRegion regionA, final HRegion regionB, final User user) throws IOException { + return execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(RegionServerObserver oserver, ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException { @@ -101,9 +103,10 @@ public class RegionServerCoprocessorHost extends }); } - public void postMerge(final HRegion regionA, final HRegion regionB, final HRegion mergedRegion) + public void postMerge(final HRegion regionA, final HRegion regionB, final HRegion mergedRegion, + final User user) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(RegionServerObserver oserver, ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException { @@ -113,8 +116,9 @@ public class RegionServerCoprocessorHost extends } public boolean preMergeCommit(final HRegion regionA, final HRegion regionB, - final @MetaMutationAnnotation List<Mutation> metaEntries) throws IOException { - return execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + final @MetaMutationAnnotation List<Mutation> metaEntries, final User user) + throws IOException { + return execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(RegionServerObserver oserver, ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException { @@ -124,8 +128,8 @@ public class RegionServerCoprocessorHost extends } public void postMergeCommit(final HRegion regionA, final HRegion regionB, - final HRegion mergedRegion) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + final HRegion mergedRegion, final User user) throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(RegionServerObserver oserver, ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException { @@ -134,8 +138,9 @@ public class RegionServerCoprocessorHost extends }); } - public void preRollBackMerge(final HRegion regionA, final HRegion regionB) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + public void preRollBackMerge(final HRegion regionA, final HRegion regionB, final User user) + throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(RegionServerObserver oserver, ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException { @@ -144,8 +149,9 @@ public class RegionServerCoprocessorHost extends }); } - public void postRollBackMerge(final HRegion regionA, final HRegion regionB) throws IOException { - execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation() { + public void postRollBackMerge(final HRegion regionA, final HRegion regionB, final User user) + throws IOException { + execOperation(coprocessors.isEmpty() ? null : new CoprocessorOperation(user) { @Override public void call(RegionServerObserver oserver, ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException { @@ -220,6 +226,11 @@ public class RegionServerCoprocessorHost extends private static abstract class CoprocessorOperation extends ObserverContext<RegionServerCoprocessorEnvironment> { public CoprocessorOperation() { + this(RpcServer.getRequestUser()); + } + + public CoprocessorOperation(User user) { + super(user); } public abstract void call(RegionServerObserver oserver, http://git-wip-us.apache.org/repos/asf/hbase/blob/65834a1c/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager.java index b47b31d..7a43c5d 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/SecureBulkLoadManager.java @@ -151,7 +151,7 @@ public class SecureBulkLoadManager { if (bulkLoadObservers != null && bulkLoadObservers.size() != 0) { ObserverContext<RegionCoprocessorEnvironment> ctx = - new ObserverContext<RegionCoprocessorEnvironment>(); + new ObserverContext<RegionCoprocessorEnvironment>(getActiveUser()); ctx.prepare((RegionCoprocessorEnvironment) region.getCoprocessorHost() .findCoprocessorEnvironment(BulkLoadObserver.class).get(0)); @@ -173,7 +173,7 @@ public class SecureBulkLoadManager { if (bulkLoadObservers != null && bulkLoadObservers.size() != 0) { ObserverContext<RegionCoprocessorEnvironment> ctx = - new ObserverContext<RegionCoprocessorEnvironment>(); + new ObserverContext<RegionCoprocessorEnvironment>(getActiveUser()); ctx.prepare((RegionCoprocessorEnvironment) region.getCoprocessorHost() .findCoprocessorEnvironment(BulkLoadObserver.class).get(0));
