This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 0efef76ecd HDDS-8737. Organize Ozone admin related methods into
OzoneAdmins (#4809)
0efef76ecd is described below
commit 0efef76ecdfdb52a77834d8b41cc886872160d50
Author: XiChen <[email protected]>
AuthorDate: Fri Jun 2 10:32:36 2023 +0800
HDDS-8737. Organize Ozone admin related methods into OzoneAdmins (#4809)
---
.../apache/hadoop/ozone/HddsDatanodeService.java | 44 +--------
.../org/apache/hadoop/hdds/server/OzoneAdmins.java | 106 ++++++++++++++++++++-
.../hdds/scm/server/StorageContainerManager.java | 26 +----
.../apache/hadoop/ozone/om/OzoneConfigUtil.java | 35 -------
.../org/apache/hadoop/ozone/om/OzoneManager.java | 22 +----
5 files changed, 113 insertions(+), 120 deletions(-)
diff --git
a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/HddsDatanodeService.java
b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/HddsDatanodeService.java
index b44912d953..7edb8d1836 100644
---
a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/HddsDatanodeService.java
+++
b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/HddsDatanodeService.java
@@ -65,7 +65,6 @@ import
org.apache.hadoop.ozone.container.common.volume.StorageVolume;
import
org.apache.hadoop.ozone.container.keyvalue.helpers.KeyValueContainerUtil;
import org.apache.hadoop.ozone.util.OzoneNetUtils;
import org.apache.hadoop.ozone.util.ShutdownHookManager;
-import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import
org.apache.hadoop.security.authentication.client.AuthenticationException;
@@ -78,8 +77,6 @@ import com.google.common.base.Preconditions;
import static org.apache.hadoop.hdds.protocol.DatanodeDetails.Port.Name.HTTP;
import static org.apache.hadoop.hdds.protocol.DatanodeDetails.Port.Name.HTTPS;
import static
org.apache.hadoop.ozone.OzoneConfigKeys.HDDS_DATANODE_PLUGINS_KEY;
-import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
-import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_GROUPS;
import static
org.apache.hadoop.ozone.conf.OzoneServiceConfig.DEFAULT_SHUTDOWN_HOOK_PRIORITY;
import static org.apache.hadoop.ozone.common.Storage.StorageState.INITIALIZED;
import static org.apache.hadoop.util.ExitUtil.terminate;
@@ -330,12 +327,8 @@ public class HddsDatanodeService extends GenericCli
implements ServicePlugin {
// Get admin list
String starterUser =
UserGroupInformation.getCurrentUser().getShortUserName();
- Collection<String> adminUserNames =
- getOzoneAdminsFromConfig(conf, starterUser);
- Collection<String> adminGroupNames =
- getOzoneAdminsGroupsFromConfig(conf);
- LOG.info("Datanode start with admins: {}", adminUserNames);
- admins = new OzoneAdmins(adminUserNames, adminGroupNames);
+ admins = OzoneAdmins.getOzoneAdmins(starterUser, conf);
+ LOG.info("Datanode start with admins: {}", admins.getAdminUsernames());
clientProtocolServer.start();
startPlugins();
@@ -669,18 +662,7 @@ public class HddsDatanodeService extends GenericCli
implements ServicePlugin {
*/
public void checkAdminUserPrivilege(UserGroupInformation ugi)
throws IOException {
- if (ugi != null && !isAdmin(ugi)) {
- throw new AccessControlException("Access denied for user "
- + ugi.getUserName() + ". Superuser privilege is required.");
- }
- }
-
- /**
- * Return true if a UserGroupInformation is admin, false otherwise.
- * @param callerUgi Caller UserGroupInformation
- */
- public boolean isAdmin(UserGroupInformation callerUgi) {
- return callerUgi != null && admins.isAdmin(callerUgi);
+ admins.checkAdminUserPrivilege(ugi);
}
public String reconfigurePropertyImpl(String property, String newVal)
@@ -692,24 +674,4 @@ public class HddsDatanodeService extends GenericCli
implements ServicePlugin {
return reconfigurableProperties;
}
- /**
- * Return list of OzoneAdministrators from config.
- * The service startup user will default to an admin.
- */
- private Collection<String> getOzoneAdminsFromConfig(
- OzoneConfiguration configuration, String starterUser) {
- Collection<String> ozAdmins = configuration.getTrimmedStringCollection(
- OZONE_ADMINISTRATORS);
- if (!ozAdmins.contains(starterUser)) {
- ozAdmins.add(starterUser);
- }
- return ozAdmins;
- }
-
- Collection<String> getOzoneAdminsGroupsFromConfig(
- OzoneConfiguration configuration) {
- return configuration.getTrimmedStringCollection(
- OZONE_ADMINISTRATORS_GROUPS);
- }
-
}
diff --git
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/OzoneAdmins.java
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/OzoneAdmins.java
index 755d393dc7..12b6b64f49 100644
---
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/OzoneAdmins.java
+++
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/OzoneAdmins.java
@@ -24,9 +24,15 @@ import java.util.Set;
import com.google.common.collect.Sets;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_GROUPS;
import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_WILDCARD;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_READONLY_ADMINISTRATORS;
+import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_READONLY_ADMINISTRATORS_GROUPS;
/**
* This class contains ozone admin user information, username and group,
@@ -56,6 +62,52 @@ public class OzoneAdmins {
Collections.emptySet();
}
+ /**
+ * Returns an OzoneAdmins instance configured with admin users and groups
+ * from the provided configuration. The starter user is added to the
+ * admin user list if not already included.
+ *
+ * @param starterUser initial user to consider in admin list.
+ * @param configuration the configuration settings to apply.
+ * @return a configured OzoneAdmins instance.
+ */
+ public static OzoneAdmins getOzoneAdmins(String starterUser,
+ OzoneConfiguration configuration) {
+ Collection<String> adminUserNames =
+ getOzoneAdminsFromConfig(configuration, starterUser);
+ Collection<String> adminGroupNames =
+ getOzoneAdminsGroupsFromConfig(configuration);
+ return new OzoneAdmins(adminUserNames, adminGroupNames);
+ }
+
+ /**
+ * Creates and returns a read-only admin object. This object includes the
+ * read-only admin users and user groups obtained from the Ozone
+ * configuration.
+ *
+ * @param configuration the configuration settings to apply.
+ * @return a configured OzoneAdmins instance.
+ */
+ public static OzoneAdmins getReadonlyAdmins(
+ OzoneConfiguration configuration) {
+ Collection<String> omReadOnlyAdmins =
+ getOzoneReadOnlyAdminsFromConfig(configuration);
+ Collection<String> omReadOnlyAdminsGroups =
+ getOzoneReadOnlyAdminsGroupsFromConfig(configuration);
+ return new OzoneAdmins(omReadOnlyAdmins, omReadOnlyAdminsGroups);
+ }
+
+ /**
+ * Check ozone admin privilege, throws exception if not admin.
+ */
+ public void checkAdminUserPrivilege(UserGroupInformation ugi)
+ throws AccessControlException {
+ if (ugi != null && !isAdmin(ugi)) {
+ throw new AccessControlException("Access denied for user "
+ + ugi.getUserName() + ". Superuser privilege is required.");
+ }
+ }
+
private boolean hasAdminGroup(Collection<String> userGroups) {
return !Sets.intersection(adminGroups,
new LinkedHashSet<>(userGroups)).isEmpty();
@@ -65,13 +117,14 @@ public class OzoneAdmins {
* Check whether the provided {@link UserGroupInformation user}
* has admin permissions.
*
- * @param user
- * @return
+ * @param user the {@link UserGroupInformation}.
+ * @return true if the user is an administrator, otherwise false.
*/
public boolean isAdmin(UserGroupInformation user) {
- return adminUsernames.contains(OZONE_ADMINISTRATORS_WILDCARD)
+ return user != null && (adminUsernames
+ .contains(OZONE_ADMINISTRATORS_WILDCARD)
|| adminUsernames.contains(user.getShortUserName())
- || hasAdminGroup(user.getGroups());
+ || hasAdminGroup(user.getGroups()));
}
public Collection<String> getAdminGroups() {
@@ -88,4 +141,49 @@ public class OzoneAdmins {
Collections.emptySet();
}
+ /**
+ * Return list of administrators from config.
+ * The starterUser user will default to an admin.
+ * @param conf the configuration settings to apply.
+ * @param starterUser initial user to consider in admin list.
+ */
+ public static Collection<String> getOzoneAdminsFromConfig(
+ OzoneConfiguration conf, String starterUser) {
+ Collection<String> ozAdmins = conf.getTrimmedStringCollection(
+ OZONE_ADMINISTRATORS);
+ if (!ozAdmins.contains(starterUser)) {
+ ozAdmins.add(starterUser);
+ }
+ return ozAdmins;
+ }
+
+ /**
+ * Return list of administrators Groups from config.
+ * The service startup user will default to an admin.
+ * @param configuration the configuration settings to apply.
+ */
+ public static Collection<String> getOzoneAdminsGroupsFromConfig(
+ OzoneConfiguration configuration) {
+ return configuration.getTrimmedStringCollection(
+ OZONE_ADMINISTRATORS_GROUPS);
+ }
+
+ /**
+ * Return list of Ozone Read only admin Usernames from config.
+ * @param conf the configuration settings to apply.
+ */
+ public static Collection<String> getOzoneReadOnlyAdminsFromConfig(
+ OzoneConfiguration conf) {
+ return conf.getTrimmedStringCollection(OZONE_READONLY_ADMINISTRATORS);
+ }
+
+ /**
+ * Return list of Ozone Read only admin Groups from config.
+ * @param conf the configuration settings to apply.
+ */
+ public static Collection<String> getOzoneReadOnlyAdminsGroupsFromConfig(
+ OzoneConfiguration conf) {
+ return conf.getTrimmedStringCollection(
+ OZONE_READONLY_ADMINISTRATORS_GROUPS);
+ }
}
diff --git
a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java
b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java
index 2d74dfab83..4c8f7bf16e 100644
---
a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java
+++
b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java
@@ -399,14 +399,8 @@ public final class StorageContainerManager extends
ServiceRuntimeInfoImpl
}
scmStarterUser = UserGroupInformation.getCurrentUser().getShortUserName();
- Collection<String> scmAdminUsernames =
- getOzoneAdminsFromConfig(conf, scmStarterUser);
- LOG.info("SCM start with adminUsers: {}", scmAdminUsernames);
- Collection<String> scmAdminGroups =
- conf.getTrimmedStringCollection(
- OzoneConfigKeys.OZONE_ADMINISTRATORS_GROUPS);
-
- scmAdmins = new OzoneAdmins(scmAdminUsernames, scmAdminGroups);
+ scmAdmins = OzoneAdmins.getOzoneAdmins(scmStarterUser, conf);
+ LOG.info("SCM start with adminUsers: {}", scmAdmins.getAdminUsernames());
datanodeProtocolServer = new SCMDatanodeProtocolServer(conf, this,
eventQueue, scmContext);
@@ -2093,20 +2087,6 @@ public final class StorageContainerManager extends
ServiceRuntimeInfoImpl
return String.valueOf(ServerUtils.getScmDbDir(configuration));
}
- /**
- * Return list of administrators from config.
- * The service startup user will default to an admin.
- */
- private Collection<String> getOzoneAdminsFromConfig(OzoneConfiguration conf,
- String starterUser) {
- Collection<String> ozAdmins = conf.getTrimmedStringCollection(
- OZONE_ADMINISTRATORS);
- if (!ozAdmins.contains(starterUser)) {
- ozAdmins.add(starterUser);
- }
- return ozAdmins;
- }
-
public Collection<String> getScmAdminUsernames() {
return scmAdmins.getAdminUsernames();
}
@@ -2135,7 +2115,7 @@ public final class StorageContainerManager extends
ServiceRuntimeInfoImpl
private String reconfOzoneAdmins(String newVal) {
getConfiguration().set(OZONE_ADMINISTRATORS, newVal);
- Collection<String> admins = getOzoneAdminsFromConfig(
+ Collection<String> admins = OzoneAdmins.getOzoneAdminsFromConfig(
getConfiguration(), scmStarterUser);
scmAdmins.setAdminUsernames(admins);
LOG.info("Load conf {} : {}, and now admins are: {}", OZONE_ADMINISTRATORS,
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneConfigUtil.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneConfigUtil.java
index fcb74ae6b9..c09c5b91af 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneConfigUtil.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneConfigUtil.java
@@ -33,8 +33,6 @@ import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS_GROUPS;
import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_S3_ADMINISTRATORS;
import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_S3_ADMINISTRATORS_GROUPS;
-import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_READONLY_ADMINISTRATORS;
-import static
org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_READONLY_ADMINISTRATORS_GROUPS;
/**
* Utility class for ozone configurations.
@@ -45,20 +43,6 @@ public final class OzoneConfigUtil {
private OzoneConfigUtil() {
}
- /**
- * Return list of OzoneAdministrators from config.
- * The service startup user will default to an admin.
- */
- static Collection<String> getOzoneAdminsFromConfig(OzoneConfiguration conf,
- String starterUser) {
- Collection<String> ozAdmins = conf.getTrimmedStringCollection(
- OZONE_ADMINISTRATORS);
- if (!ozAdmins.contains(starterUser)) {
- ozAdmins.add(starterUser);
- }
- return ozAdmins;
- }
-
/**
* Return list of s3 administrators prop from config.
*
@@ -79,19 +63,6 @@ public final class OzoneConfigUtil {
return ozAdmins;
}
- /**
- * Return list of Ozone Read only admin Usernames from config.
- */
- static Collection<String> getOzoneReadOnlyAdminsFromConfig(
- OzoneConfiguration conf) {
- return conf.getTrimmedStringCollection(OZONE_READONLY_ADMINISTRATORS);
- }
-
- static Collection<String> getOzoneAdminsGroupsFromConfig(
- OzoneConfiguration conf) {
- return conf.getTrimmedStringCollection(OZONE_ADMINISTRATORS_GROUPS);
- }
-
static Collection<String> getS3AdminsGroupsFromConfig(
OzoneConfiguration conf) {
Collection<String> s3AdminsGroup =
@@ -104,12 +75,6 @@ public final class OzoneConfigUtil {
return s3AdminsGroup;
}
- static Collection<String> getOzoneReadOnlyAdminsGroupsFromConfig(
- OzoneConfiguration conf) {
- return conf.getTrimmedStringCollection(
- OZONE_READONLY_ADMINISTRATORS_GROUPS);
- }
-
public static ReplicationConfig resolveReplicationConfigPreference(
HddsProtos.ReplicationType clientType,
HddsProtos.ReplicationFactor clientFactor,
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
index 9e57c4db8a..263a5b2474 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
@@ -642,23 +642,11 @@ public final class OzoneManager extends
ServiceRuntimeInfoImpl
perfMetrics = OMPerformanceMetrics.register();
// Get admin list
omStarterUser = UserGroupInformation.getCurrentUser().getShortUserName();
- Collection<String> omAdminUsernames =
- OzoneConfigUtil.getOzoneAdminsFromConfig(configuration, omStarterUser);
- Collection<String> omAdminGroups =
- OzoneConfigUtil.getOzoneAdminsGroupsFromConfig(configuration);
- LOG.info("OM start with adminUsers: {}", omAdminUsernames);
- omAdmins = new OzoneAdmins(omAdminUsernames, omAdminGroups);
+ omAdmins = OzoneAdmins.getOzoneAdmins(omStarterUser, conf);
+ LOG.info("OM start with adminUsers: {}", omAdmins.getAdminUsernames());
// Get read only admin list
- Collection<String> omReadOnlyAdmins =
- OzoneConfigUtil.getOzoneReadOnlyAdminsFromConfig(
- configuration);
- Collection<String> omReadOnlyAdminsGroups =
- OzoneConfigUtil.getOzoneReadOnlyAdminsGroupsFromConfig(
- configuration);
-
- readOnlyAdmins = new OzoneAdmins(omReadOnlyAdmins,
- omReadOnlyAdminsGroups);
+ readOnlyAdmins = OzoneAdmins.getReadonlyAdmins(conf);
Collection<String> s3AdminUsernames =
OzoneConfigUtil.getS3AdminsFromConfig(configuration);
@@ -4659,7 +4647,7 @@ public final class OzoneManager extends
ServiceRuntimeInfoImpl
private String reconfOzoneAdmins(String newVal) {
getConfiguration().set(OZONE_ADMINISTRATORS, newVal);
Collection<String> admins =
- OzoneConfigUtil.getOzoneAdminsFromConfig(getConfiguration(),
+ OzoneAdmins.getOzoneAdminsFromConfig(getConfiguration(),
omStarterUser);
omAdmins.setAdminUsernames(admins);
LOG.info("Load conf {} : {}, and now admins are: {}", OZONE_ADMINISTRATORS,
@@ -4670,7 +4658,7 @@ public final class OzoneManager extends
ServiceRuntimeInfoImpl
private String reconfOzoneReadOnlyAdmins(String newVal) {
getConfiguration().set(OZONE_READONLY_ADMINISTRATORS, newVal);
Collection<String> pReadOnlyAdmins =
- OzoneConfigUtil.getOzoneReadOnlyAdminsFromConfig(getConfiguration());
+ OzoneAdmins.getOzoneReadOnlyAdminsFromConfig(getConfiguration());
readOnlyAdmins.setAdminUsernames(pReadOnlyAdmins);
LOG.info("Load conf {} : {}, and now readOnly admins are: {}",
OZONE_READONLY_ADMINISTRATORS, newVal, pReadOnlyAdmins);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
