Skip to content

Commit

Permalink
refactor
Browse files Browse the repository at this point in the history
  • Loading branch information
meiyi committed Apr 30, 2019
1 parent e330001 commit 323c6f2
Show file tree
Hide file tree
Showing 3 changed files with 317 additions and 266 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -98,19 +98,6 @@
public class HDFSAclController implements MasterCoprocessor, MasterObserver {
private static final Logger LOG = LoggerFactory.getLogger(HDFSAclController.class);

public static final String HDFS_ACL_ENABLE = "hbase.hdfs.acl.enable";
public static final String HDFS_ACL_THREAD_NUMBER = "hbase.hdfs.acl.thread.number";
// the tmp directory to restore snapshot, it can not be a sub directory of HBase root dir
public static final String SNAPSHOT_RESTORE_TMP_DIR = "hbase.snapshot.restore.tmp.dir";
public static final String SNAPSHOT_RESTORE_TMP_DIR_DEFAULT =
"/hbase/.tmpdir-to-restore-snapshot";
// If enable this feature, set public directories permission to 751
public static final FsPermission ACL_ENABLE_PUBLIC_HFILE_PERMISSION =
new FsPermission((short) 0751);
// If enable this feature, set restore directory permission to 703
public static final FsPermission ACL_ENABLE_RESTORE_HFILE_PERMISSION =
new FsPermission((short) 0703);

private HDFSAclHelper hdfsAclHelper = null;
private PathHelper pathHelper = null;
private FileSystem fs = null;
Expand All @@ -134,31 +121,11 @@ public void preMasterInitialization(final ObserverContext<MasterCoprocessorEnvir
if (masterServices == null) {
throw new RuntimeException("master services can not be null");
}
hdfsAclHelper = new HDFSAclHelper(masterServices);
hdfsAclHelper =
new HDFSAclHelper(masterServices.getConfiguration(), masterServices.getConnection());
pathHelper = hdfsAclHelper.getPathHelper();
fs = pathHelper.getFileSystem();
// Set public directory permission to 751 to make all users have access permission.
// And we also need the access permission of the parent of HBase root directory, but
// it's not set here, because the owner of HBase root directory may don't own permission
// to change it's parent permission to 751.
// The {root/.tmp} and {root/.tmp/data} directories are created to make global user HDFS
// acls can be inherited.
Path[] paths = new Path[] { pathHelper.getRootDir(), pathHelper.getDataDir(),
pathHelper.getTmpDir(), pathHelper.getTmpDataDir(), pathHelper.getArchiveDir(),
pathHelper.getArchiveDataDir(), pathHelper.getSnapshotRootDir() };
for (Path path : paths) {
if (!fs.exists(path)) {
fs.mkdirs(path);
}
fs.setPermission(path, ACL_ENABLE_PUBLIC_HFILE_PERMISSION);
}
// create snapshot restore directory
Path restoreDir = new Path(
mEnv.getConfiguration().get(SNAPSHOT_RESTORE_TMP_DIR, SNAPSHOT_RESTORE_TMP_DIR_DEFAULT));
if (!fs.exists(restoreDir)) {
fs.mkdirs(restoreDir);
fs.setPermission(restoreDir, ACL_ENABLE_RESTORE_HFILE_PERMISSION);
}
hdfsAclHelper.setCommonDirPermission();
}
}

Expand All @@ -185,7 +152,7 @@ public void postStartMaster(ObserverContext<MasterCoprocessorEnvironment> ctx)
@Override
public void preStopMaster(final ObserverContext<MasterCoprocessorEnvironment> c) {
if (hdfsAclHelper != null) {
hdfsAclHelper.stop();
hdfsAclHelper.close();
}
}

Expand Down Expand Up @@ -462,7 +429,7 @@ private void revokeUserTablePermission(Table aclTable, String userName, TableNam
private boolean containReadPermission(UserPermission userPermission) {
if (userPermission != null) {
return Arrays.stream(userPermission.getPermission().getActions())
.anyMatch(action -> action == Permission.Action.READ);
.anyMatch(action -> action == Action.READ);
}
return false;
}
Expand Down Expand Up @@ -498,7 +465,7 @@ private UserPermission getUserTablePermission(Configuration conf, String userNam
}

private boolean isHdfsAclEnabled(Configuration configuration) {
return configuration.getBoolean(HDFS_ACL_ENABLE, false);
return configuration.getBoolean(HDFSAclHelper.HDFS_ACL_ENABLE, false);
}

protected static final class HDFSAclStorage {
Expand Down
Loading

0 comments on commit 323c6f2

Please sign in to comment.