Shibin,
Please keep all communication on public forums (JIRA or mailing lists).
This is very important to make sure that all parties interested can
participate -- we do not want to be exclusionary.
To answer your question, your change below is half-way there:
Your change below would prevent any superuser from having an ACL set
whereas you only want to prevent the hbase service user from having an
ACL set twice. For each user in superUsers, add the ACL if and only if
`user` is not `hbaseUser`.
You also need to have better error handling around the
UGI.getCurrentUser() call (printing a stack trace to stdout is not
sufficient).
On 7/11/17 1:48 AM, [email protected] wrote:
Hi, as i understand ,i change the code like below , this will keep
CREATOR_ALL_ACL semantically which is reasonable.
how about this ,if ok ,i will change the unit test and paste the patch
String[] superUsers =
zkw.getConfiguration().getStrings(Superusers.SUPERUSER_CONF_KEY);
* String hbaseUser = null;*
* try {*
* hbaseUser =
UserGroupInformation.getCurrentUser().getShortUserName();*
* } catch (IOException e) {*
* e.printStackTrace();*
* }*
if (superUsers != null) {
List<String> groups = new ArrayList<>();
for (String user : superUsers) {
if (AuthUtil.isGroupPrincipal(user)) {
// TODO: Set node ACL for groups when ZK supports this feature
groups.add(user);
} else {
* if(!ArrayUtils.contains(superUsers,hbaseUser)) {*
* acls.add(new ACL(Perms.ALL, new Id("sasl", user)));*
* }*
}
}
if (!groups.isEmpty()) {
LOG.warn("Znode ACL setting for group " + groups
+ " is skipped, ZooKeeper doesn't support this feature
presently.");
}
}
张世彬 zhang shibin
IT开发工程师 IT Development Engineer
网管及服务开发一部/中心研究院/系统产品 Network Management & Service
Development Dept. I/Central R&D Institute/System Product
南京市紫荆华路68号中兴通讯二期
M: +8613611508957
E: [email protected]
www.zte.com.cn <http://www.zte.com.cn/>
