[
https://issues.apache.org/jira/browse/HADOOP-12640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15056827#comment-15056827
]
Daniel Templeton commented on HADOOP-12640:
-------------------------------------------
[~belugabehr], thanks for the contribution! Could you please combine the two
patches into a single file?
>From a high level, it looks like this patch changes the behavior of
>{{AccessControlList}} in the way that * is interpreted inline. I don't think
>we want to do that in a refactor.
In your {{AccessControlList}} patch, instead of:
{code}
private Groups groupsMapping = Groups
.getUserToGroupsMappingService(new Configuration());
{code}
Let's do:
{code}
private Groups groupsMapping =
Groups.getUserToGroupsMappingService(new Configuration());
{code}
Since you're fixing the comment, please remove the double "a" here:
{code}
* The String is a a comma separated list of users and groups. The user list
{code}
No need to make the parameters final in the constructors and methods. It's
correct but distracting.
> Code Review AccessControlList
> -----------------------------
>
> Key: HADOOP-12640
> URL: https://issues.apache.org/jira/browse/HADOOP-12640
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.7.1
> Reporter: BELUGA BEHR
> Priority: Minor
> Attachments: AccessControlList.patch, TestAccessControlList.path
>
>
> After some confusion of my own, in particular with
> "mapreduce.job.acl-view-job," I have looked over the AccessControlList
> implementation and cleaned it up and clarified a few points.
> 1) I added tests to show that when including an asterisk in either the
> username or the group field, it overrides everything and allows all access.
> "user1,user2,user3 *" = all access
> "* group1,group2" = all access
> "* *" = all access
> "* " = all access
> " *" = all access
> 2) General clean-up and simplification
> 3) NOT-BACKWARDS COMPATIBLE
> The code currently handled spaces in an asymmetric way. The code splits the
> ACL string on a single space, but limits the resulting array to a size of
> two. So, as long as there are no spaces in the user names section, it works
> fine, but any spaces subsequent to that did not matter.
> "user1,user2,user3 group1, group2,group3" - works as expected
> ["user1,user2,user3", "group1, group2,group3"]
> "user1, user2,user3 group1,group2,group3" - Did not work as expected
> ["user1,","user2,user3, group1, group2,group3"]
> The submitted patch will split on all spaces and log a warning if there are
> more than two elements. This enforces no spaces with the two comma-separated
> lists.
> Update:
> Perhaps this can be expanded to use a semi-colon as the delimiter between
> users and groups, so any interwoven spaces can simply be ignored.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
