Repository: sentry Updated Branches: refs/heads/master dc7f2cf53 -> a2cff586d
SENTRY-1801: Sentry Namenode Plugin should handle unknown permissions (Alex Kolbasov, reviewed by Vamsee Yarlagadda) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/a2cff586 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/a2cff586 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/a2cff586 Branch: refs/heads/master Commit: a2cff586da31cedf497ad4f6b6ebd901ac0b0eb3 Parents: dc7f2cf Author: Alexander Kolbasov <[email protected]> Authored: Wed Jun 14 14:21:18 2017 -0700 Committer: Alexander Kolbasov <[email protected]> Committed: Wed Jun 14 14:21:18 2017 -0700 ---------------------------------------------------------------------- .../sentry/hdfs/UpdateableAuthzPermissions.java | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/a2cff586/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java ---------------------------------------------------------------------- diff --git a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java index 30f06c4..1f05d73 100644 --- a/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java +++ b/sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/UpdateableAuthzPermissions.java @@ -17,7 +17,7 @@ */ package org.apache.sentry.hdfs; -import java.util.LinkedList; +import java.util.ArrayList; import java.util.List; import java.util.Map; import java.util.Set; @@ -35,19 +35,17 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable<PermissionsUpdate> { - public static final ImmutableMap<String, FsAction> ACTION_MAPPING = ImmutableMap.<String, FsAction>builder() + private static final ImmutableMap<String, FsAction> ACTION_MAPPING = ImmutableMap.<String, FsAction>builder() .put("ALL", FsAction.ALL) .put("*", FsAction.ALL) .put("SELECT", FsAction.READ_EXECUTE) - .put("select", FsAction.READ_EXECUTE) .put("INSERT", FsAction.WRITE_EXECUTE) - .put("insert", FsAction.WRITE_EXECUTE) .build(); private static final int MAX_UPDATES_PER_LOCK_USE = 99; private static final String UPDATABLE_TYPE_NAME = "perm_authz_update"; private static final Logger LOG = LoggerFactory.getLogger(UpdateableAuthzPermissions.class); - private volatile SentryPermissions perms = new SentryPermissions(); + private final SentryPermissions perms = new SentryPermissions(); private final AtomicLong seqNum = new AtomicLong(0); @Override @@ -174,7 +172,7 @@ public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable< perms.removeParentChildMappings(pUpdate.getAuthzObj()); break; } - List<PrivilegeInfo> parentAndChild = new LinkedList<PrivilegeInfo>(); + List<PrivilegeInfo> parentAndChild = new ArrayList<>(); parentAndChild.add(pInfo); Set<String> children = perms.getChildren(pInfo.getAuthzObj()); if (children != null) { @@ -199,16 +197,16 @@ public class UpdateableAuthzPermissions implements AuthzPermissions, Updateable< } } - static FsAction getFAction(String sentryPriv) { + private static FsAction getFAction(String sentryPriv) { String[] strPrivs = sentryPriv.trim().split(","); FsAction retVal = FsAction.NONE; for (String strPriv : strPrivs) { FsAction action = ACTION_MAPPING.get(strPriv.toUpperCase()); - /* Passing null to FsAction.or() method causes NullPointerException. - * Better to throw more informative exception instead - */ if (action == null) { - throw new IllegalArgumentException("Unsupported Action " + strPriv); + // Encountered a privilege that is not supported. Since we do not know what + // to do with it we just drop all access. + LOG.warn("Unsupported privilege {}, disabling all access", strPriv); + action = FsAction.NONE; } retVal = retVal.or(action); }
