Revert "HDFS-12895. RBF: Add ACL support for mount table. Contributed by Yiqun Lin."
This reverts commit ee028bfdf1c88a27cd925bed93ebb599a164dd2e.
Conflicts:
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/federation/router/TestRouterAdminCLI.java
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterAdminServer.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterAdminServer.java
index 5fad0c0..7687216 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterAdminServer.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterAdminServer.java
@@ -17,9 +17,6 @@
*/
package org.apache.hadoop.hdfs.server.federation.router;
-import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_PERMISSIONS_ENABLED_DEFAULT;
-import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_PERMISSIONS_ENABLED_KEY;
-
import java.io.IOException;
import java.net.InetSocketAddress;
@@ -38,12 +35,9 @@
import org.apache.hadoop.hdfs.server.federation.store.protocol.RemoveMountTableEntryResponse;
import org.apache.hadoop.hdfs.server.federation.store.protocol.UpdateMountTableEntryRequest;
import org.apache.hadoop.hdfs.server.federation.store.protocol.UpdateMountTableEntryResponse;
-import org.apache.hadoop.hdfs.server.namenode.NameNode;
import org.apache.hadoop.ipc.ProtobufRpcEngine;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.ipc.RPC.Server;
-import org.apache.hadoop.security.AccessControlException;
-import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.service.AbstractService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -71,14 +65,6 @@
private final Server adminServer;
private final InetSocketAddress adminAddress;
- /**
- * Permission related info used for constructing new router permission
- * checker instance.
- */
- private static String routerOwner;
- private static String superGroup;
- private static boolean isPermissionEnabled;
-
public RouterAdminServer(Configuration conf, Router router)
throws IOException {
super(RouterAdminServer.class.getName());
@@ -110,7 +96,6 @@
LOG.info("Admin server binding to {}:{}",
bindHost, confRpcAddress.getPort());
- initializePermissionSettings(this.conf);
this.adminServer = new RPC.Builder(this.conf)
.setProtocol(RouterAdminProtocolPB.class)
.setInstance(clientNNPbService)
@@ -127,22 +112,6 @@
router.setAdminServerAddress(this.adminAddress);
}
- /**
- * Initialize permission related settings.
- *
- * @param routerConf
- * @throws IOException
- */
- private static void initializePermissionSettings(Configuration routerConf)
- throws IOException {
- routerOwner = UserGroupInformation.getCurrentUser().getShortUserName();
- superGroup = routerConf.get(
- DFSConfigKeys.DFS_PERMISSIONS_SUPERUSERGROUP_KEY,
- DFSConfigKeys.DFS_PERMISSIONS_SUPERUSERGROUP_DEFAULT);
- isPermissionEnabled = routerConf.getBoolean(DFS_PERMISSIONS_ENABLED_KEY,
- DFS_PERMISSIONS_ENABLED_DEFAULT);
- }
-
/** Allow access to the client RPC server for testing. */
@VisibleForTesting
Server getAdminServer() {
@@ -211,44 +180,4 @@
GetMountTableEntriesRequest request) throws IOException {
return getMountTableStore().getMountTableEntries(request);
}
-
- /**
- * Get a new permission checker used for making mount table access
- * control. This method will be invoked during each RPC call in router
- * admin server.
- *
- * @return Router permission checker
- * @throws AccessControlException
- */
- public static RouterPermissionChecker getPermissionChecker()
- throws AccessControlException {
- if (!isPermissionEnabled) {
- return null;
- }
-
- try {
- return new RouterPermissionChecker(routerOwner, superGroup,
- NameNode.getRemoteUser());
- } catch (IOException e) {
- throw new AccessControlException(e);
- }
- }
-
- /**
- * Get super user name.
- *
- * @return String super user name.
- */
- public static String getSuperUser() {
- return routerOwner;
- }
-
- /**
- * Get super group name.
- *
- * @return String super group name.
- */
- public static String getSuperGroup(){
- return superGroup;
- }
}
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterPermissionChecker.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterPermissionChecker.java
deleted file mode 100644
index 9d81dce..0000000
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterPermissionChecker.java
+++ /dev/null
@@ -1,82 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.hdfs.server.federation.router;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.fs.permission.FsAction;
-import org.apache.hadoop.fs.permission.FsPermission;
-import org.apache.hadoop.hdfs.server.federation.store.records.MountTable;
-import org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker;
-import org.apache.hadoop.security.AccessControlException;
-import org.apache.hadoop.security.UserGroupInformation;
-
-/**
- * Class that helps in checking permissions in Router-based federation.
- */
-public class RouterPermissionChecker extends FSPermissionChecker {
- static final Log LOG = LogFactory.getLog(RouterPermissionChecker.class);
-
- /** Mount table default permission. */
- public static final short MOUNT_TABLE_PERMISSION_DEFAULT = 00755;
-
- public RouterPermissionChecker(String routerOwner, String supergroup,
- UserGroupInformation callerUgi) {
- super(routerOwner, supergroup, callerUgi, null);
- }
-
- /**
- * Whether a mount table entry can be accessed by the current context.
- *
- * @param mountTable
- * MountTable being accessed
- * @param access
- * type of action being performed on the cache pool
- * @throws AccessControlException
- * if mount table cannot be accessed
- */
- public void checkPermission(MountTable mountTable, FsAction access)
- throws AccessControlException {
- if (isSuperUser()) {
- return;
- }
-
- FsPermission mode = mountTable.getMode();
- if (getUser().equals(mountTable.getOwnerName())
- && mode.getUserAction().implies(access)) {
- return;
- }
-
- if (isMemberOfGroup(mountTable.getGroupName())
- && mode.getGroupAction().implies(access)) {
- return;
- }
-
- if (!getUser().equals(mountTable.getOwnerName())
- && !isMemberOfGroup(mountTable.getGroupName())
- && mode.getOtherAction().implies(access)) {
- return;
- }
-
- throw new AccessControlException(
- "Permission denied while accessing mount table "
- + mountTable.getSourcePath()
- + ": user " + getUser() + " does not have " + access.toString()
- + " permissions.");
- }
-}
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/store/impl/MountTableStoreImpl.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/store/impl/MountTableStoreImpl.java
index eb117d6..e6affb2 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/store/impl/MountTableStoreImpl.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/store/impl/MountTableStoreImpl.java
@@ -24,9 +24,6 @@
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
-import org.apache.hadoop.fs.permission.FsAction;
-import org.apache.hadoop.hdfs.server.federation.router.RouterAdminServer;
-import org.apache.hadoop.hdfs.server.federation.router.RouterPermissionChecker;
import org.apache.hadoop.hdfs.server.federation.store.MountTableStore;
import org.apache.hadoop.hdfs.server.federation.store.driver.StateStoreDriver;
import org.apache.hadoop.hdfs.server.federation.store.protocol.AddMountTableEntryRequest;
@@ -39,7 +36,6 @@
import org.apache.hadoop.hdfs.server.federation.store.protocol.UpdateMountTableEntryResponse;
import org.apache.hadoop.hdfs.server.federation.store.records.MountTable;
import org.apache.hadoop.hdfs.server.federation.store.records.Query;
-import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.util.Time;
/**
@@ -56,15 +52,7 @@
@Override
public AddMountTableEntryResponse addMountTableEntry(
AddMountTableEntryRequest request) throws IOException {
- MountTable mountTable = request.getEntry();
- if (mountTable != null) {
- RouterPermissionChecker pc = RouterAdminServer.getPermissionChecker();
- if (pc != null) {
- pc.checkPermission(mountTable, FsAction.WRITE);
- }
- }
-
- boolean status = getDriver().put(mountTable, false, true);
+ boolean status = getDriver().put(request.getEntry(), false, true);
AddMountTableEntryResponse response =
AddMountTableEntryResponse.newInstance();
response.setStatus(status);
@@ -74,15 +62,8 @@
@Override
public UpdateMountTableEntryResponse updateMountTableEntry(
UpdateMountTableEntryRequest request) throws IOException {
- MountTable mountTable = request.getEntry();
- if (mountTable != null) {
- RouterPermissionChecker pc = RouterAdminServer.getPermissionChecker();
- if (pc != null) {
- pc.checkPermission(mountTable, FsAction.WRITE);
- }
- }
-
- boolean status = getDriver().put(mountTable, true, true);
+ MountTable entry = request.getEntry();
+ boolean status = getDriver().put(entry, true, true);
UpdateMountTableEntryResponse response =
UpdateMountTableEntryResponse.newInstance();
response.setStatus(status);
@@ -96,17 +77,8 @@
final MountTable partial = MountTable.newInstance();
partial.setSourcePath(srcPath);
final Query<MountTable> query = new Query<>(partial);
- final MountTable deleteEntry = getDriver().get(getRecordClass(), query);
-
- boolean status = false;
- if (deleteEntry != null) {
- RouterPermissionChecker pc = RouterAdminServer.getPermissionChecker();
- if (pc != null) {
- pc.checkPermission(deleteEntry, FsAction.WRITE);
- }
- status = getDriver().remove(deleteEntry);
- }
-
+ int removedRecords = getDriver().remove(getRecordClass(), query);
+ boolean status = (removedRecords == 1);
RemoveMountTableEntryResponse response =
RemoveMountTableEntryResponse.newInstance();
response.setStatus(status);
@@ -116,13 +88,12 @@
@Override
public GetMountTableEntriesResponse getMountTableEntries(
GetMountTableEntriesRequest request) throws IOException {
- RouterPermissionChecker pc =
- RouterAdminServer.getPermissionChecker();
+
// Get all values from the cache
List<MountTable> records = getCachedRecords();
// Sort and filter
- Collections.sort(records, MountTable.SOURCE_COMPARATOR);
+ Collections.sort(records);
String reqSrcPath = request.getSrcPath();
if (reqSrcPath != null && !reqSrcPath.isEmpty()) {
// Return only entries beneath this path
@@ -132,15 +103,6 @@
String srcPath = record.getSourcePath();
if (!srcPath.startsWith(reqSrcPath)) {
it.remove();
- } else if (pc != null) {
- // do the READ permission check
- try {
- pc.checkPermission(record, FsAction.READ);
- } catch (AccessControlException ignored) {
- // Remove this mount table entry if it cannot
- // be accessed by current user.
- it.remove();
- }
}
}
}
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/store/records/MountTable.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/store/records/MountTable.java
index 1b5d2d6..0a3f19d 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/store/records/MountTable.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/store/records/MountTable.java
@@ -28,13 +28,9 @@
import org.apache.commons.lang.builder.HashCodeBuilder;
import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.server.federation.resolver.RemoteLocation;
import org.apache.hadoop.hdfs.server.federation.resolver.order.DestinationOrder;
-import org.apache.hadoop.hdfs.server.federation.router.RouterPermissionChecker;
import org.apache.hadoop.hdfs.server.federation.store.driver.StateStoreSerializer;
-import org.apache.hadoop.hdfs.server.namenode.NameNode;
-import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -131,15 +127,6 @@
// Set the serialized dest string
record.setDestinations(locations);
- // Set permission fields
- UserGroupInformation ugi = NameNode.getRemoteUser();
- record.setOwnerName(ugi.getShortUserName());
- String group = ugi.getGroups().isEmpty() ? ugi.getShortUserName()
- : ugi.getPrimaryGroupName();
- record.setGroupName(group);
- record.setMode(new FsPermission(
- RouterPermissionChecker.MOUNT_TABLE_PERMISSION_DEFAULT));
-
// Validate
record.validate();
return record;
@@ -207,48 +194,6 @@
public abstract void setDestOrder(DestinationOrder order);
/**
- * Get owner name of this mount table entry.
- *
- * @return Owner name
- */
- public abstract String getOwnerName();
-
- /**
- * Set owner name of this mount table entry.
- *
- * @param owner Owner name for mount table entry
- */
- public abstract void setOwnerName(String owner);
-
- /**
- * Get group name of this mount table entry.
- *
- * @return Group name
- */
- public abstract String getGroupName();
-
- /**
- * Set group name of this mount table entry.
- *
- * @param group Group name for mount table entry
- */
- public abstract void setGroupName(String group);
-
- /**
- * Get permission of this mount table entry.
- *
- * @return FsPermission permission mode
- */
- public abstract FsPermission getMode();
-
- /**
- * Set permission for this mount table entry.
- *
- * @param mode Permission for mount table entry
- */
- public abstract void setMode(FsPermission mode);
-
- /**
* Get the default location.
* @return The default location.
*/
@@ -290,19 +235,6 @@
if (this.isReadOnly()) {
sb.append("[RO]");
}
-
- if (this.getOwnerName() != null) {
- sb.append("[owner:").append(this.getOwnerName()).append("]");
- }
-
- if (this.getGroupName() != null) {
- sb.append("[group:").append(this.getGroupName()).append("]");
- }
-
- if (this.getMode() != null) {
- sb.append("[mode:").append(this.getMode()).append("]");
- }
-
return sb.toString();
}
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/store/records/impl/pb/MountTablePBImpl.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/store/records/impl/pb/MountTablePBImpl.java
index 372f209..d2870bd 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/store/records/impl/pb/MountTablePBImpl.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/federation/store/records/impl/pb/MountTablePBImpl.java
@@ -21,7 +21,6 @@
import java.util.LinkedList;
import java.util.List;
-import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.federation.protocol.proto.HdfsServerFederationProtos.MountTableRecordProto;
import org.apache.hadoop.hdfs.federation.protocol.proto.HdfsServerFederationProtos.MountTableRecordProto.Builder;
import org.apache.hadoop.hdfs.federation.protocol.proto.HdfsServerFederationProtos.MountTableRecordProto.DestOrder;
@@ -29,8 +28,6 @@
import org.apache.hadoop.hdfs.federation.protocol.proto.HdfsServerFederationProtos.RemoteLocationProto;
import org.apache.hadoop.hdfs.server.federation.resolver.RemoteLocation;
import org.apache.hadoop.hdfs.server.federation.resolver.order.DestinationOrder;
-import org.apache.hadoop.hdfs.server.federation.router.RouterAdminServer;
-import org.apache.hadoop.hdfs.server.federation.router.RouterPermissionChecker;
import org.apache.hadoop.hdfs.server.federation.store.protocol.impl.pb.FederationProtocolPBTranslator;
import org.apache.hadoop.hdfs.server.federation.store.records.MountTable;
@@ -192,64 +189,6 @@
}
}
- @Override
- public String getOwnerName() {
- MountTableRecordProtoOrBuilder proto = this.translator.getProtoOrBuilder();
- if (!proto.hasOwnerName()) {
- return RouterAdminServer.getSuperUser();
- }
- return proto.getOwnerName();
- }
-
- @Override
- public void setOwnerName(String owner) {
- Builder builder = this.translator.getBuilder();
- if (owner == null) {
- builder.clearOwnerName();
- } else {
- builder.setOwnerName(owner);
- }
- }
-
- @Override
- public String getGroupName() {
- MountTableRecordProtoOrBuilder proto = this.translator.getProtoOrBuilder();
- if (!proto.hasGroupName()) {
- return RouterAdminServer.getSuperGroup();
- }
- return proto.getGroupName();
- }
-
- @Override
- public void setGroupName(String group) {
- Builder builder = this.translator.getBuilder();
- if (group == null) {
- builder.clearGroupName();
- } else {
- builder.setGroupName(group);
- }
- }
-
- @Override
- public FsPermission getMode() {
- MountTableRecordProtoOrBuilder proto = this.translator.getProtoOrBuilder();
- short mode = RouterPermissionChecker.MOUNT_TABLE_PERMISSION_DEFAULT;
- if (proto.hasMode()) {
- mode = (short) proto.getMode();
- }
- return new FsPermission(mode);
- }
-
- @Override
- public void setMode(FsPermission mode) {
- Builder builder = this.translator.getBuilder();
- if (mode == null) {
- builder.clearMode();
- } else {
- builder.setMode(mode.toShort());
- }
- }
-
private DestinationOrder convert(DestOrder order) {
switch (order) {
case LOCAL:
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
index 45876a7..c854b49 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
@@ -46,7 +46,7 @@
*
* Some of the helper methods are gaurded by {@link FSNamesystem#readLock()}.
*/
-public class FSPermissionChecker implements AccessControlEnforcer {
+class FSPermissionChecker implements AccessControlEnforcer {
static final Log LOG = LogFactory.getLog(UserGroupInformation.class);
private static String getPath(byte[][] components, int start, int end) {
@@ -86,7 +86,7 @@
private final INodeAttributeProvider attributeProvider;
- protected FSPermissionChecker(String fsOwner, String supergroup,
+ FSPermissionChecker(String fsOwner, String supergroup,
UserGroupInformation callerUgi,
INodeAttributeProvider attributeProvider) {
this.fsOwner = fsOwner;
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/federation/RouterAdmin.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/federation/RouterAdmin.java
index fd961f2..843f1f1 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/federation/RouterAdmin.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/federation/RouterAdmin.java
@@ -26,7 +26,6 @@
import org.apache.hadoop.classification.InterfaceAudience.Private;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.conf.Configured;
-import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.server.federation.resolver.MountTableManager;
@@ -78,7 +77,7 @@
public void printUsage() {
String usage = "Federation Admin Tools:\n"
+ "\t[-add <source> <nameservice> <destination> "
- + "[-readonly] -owner <owner> -group <group> -mode <mode>]\n"
+ + "[-readonly]\n"
+ "\t[-rm <source>]\n"
+ "\t[-ls <path>]\n";
System.out.println(usage);
@@ -194,9 +193,6 @@
// Optional parameters
boolean readOnly = false;
- String owner = null;
- String group = null;
- FsPermission mode = null;
DestinationOrder order = DestinationOrder.HASH;
while (i < parameters.length) {
if (parameters[i].equals("-readonly")) {
@@ -208,23 +204,11 @@
} catch(Exception e) {
System.err.println("Cannot parse order: " + parameters[i]);
}
- } else if (parameters[i].equals("-owner")) {
- i++;
- owner = parameters[i];
- } else if (parameters[i].equals("-group")) {
- i++;
- group = parameters[i];
- } else if (parameters[i].equals("-mode")) {
- i++;
- short modeValue = Short.parseShort(parameters[i], 8);
- mode = new FsPermission(modeValue);
}
-
i++;
}
- return addMount(mount, nss, dest, readOnly, order,
- new ACLEntity(owner, group, mode));
+ return addMount(mount, nss, dest, readOnly, order);
}
/**
@@ -235,13 +219,11 @@
* @param dest Destination path.
* @param readonly If the mount point is read only.
* @param order Order of the destination locations.
- * @param aclInfo the ACL info for mount point.
* @return If the mount point was added.
* @throws IOException Error adding the mount point.
*/
public boolean addMount(String mount, String[] nss, String dest,
- boolean readonly, DestinationOrder order, ACLEntity aclInfo)
- throws IOException {
+ boolean readonly, DestinationOrder order) throws IOException {
// Get the existing entry
MountTableManager mountTable = client.getMountTableManager();
GetMountTableEntriesRequest getRequest =
@@ -269,20 +251,6 @@
if (order != null) {
newEntry.setDestOrder(order);
}
-
- // Set ACL info for mount table entry
- if (aclInfo.getOwner() != null) {
- newEntry.setOwnerName(aclInfo.getOwner());
- }
-
- if (aclInfo.getGroup() != null) {
- newEntry.setGroupName(aclInfo.getGroup());
- }
-
- if (aclInfo.getMode() != null) {
- newEntry.setMode(aclInfo.getMode());
- }
-
AddMountTableEntryRequest request =
AddMountTableEntryRequest.newInstance(newEntry);
AddMountTableEntryResponse addResponse =
@@ -305,20 +273,6 @@
if (order != null) {
existingEntry.setDestOrder(order);
}
-
- // Update ACL info of mount table entry
- if (aclInfo.getOwner() != null) {
- existingEntry.setOwnerName(aclInfo.getOwner());
- }
-
- if (aclInfo.getGroup() != null) {
- existingEntry.setGroupName(aclInfo.getGroup());
- }
-
- if (aclInfo.getMode() != null) {
- existingEntry.setMode(aclInfo.getMode());
- }
-
UpdateMountTableEntryRequest updateRequest =
UpdateMountTableEntryRequest.newInstance(existingEntry);
UpdateMountTableEntryResponse updateResponse =
@@ -369,8 +323,8 @@
private static void printMounts(List<MountTable> entries) {
System.out.println("Mount Table Entries:");
System.out.println(String.format(
- "%-25s %-25s %-25s %-25s %-25s",
- "Source", "Destinations", "Owner", "Group", "Mode"));
+ "%-25s %-25s",
+ "Source", "Destinations"));
for (MountTable entry : entries) {
StringBuilder destBuilder = new StringBuilder();
for (RemoteLocation location : entry.getDestinations()) {
@@ -380,38 +334,8 @@
destBuilder.append(String.format("%s->%s", location.getNameserviceId(),
location.getDest()));
}
- System.out.print(String.format("%-25s %-25s", entry.getSourcePath(),
+ System.out.println(String.format("%-25s %-25s", entry.getSourcePath(),
destBuilder.toString()));
-
- System.out.println(String.format(" %-25s %-25s %-25s",
- entry.getOwnerName(), entry.getGroupName(), entry.getMode()));
- }
- }
-
- /**
- * Inner class that stores ACL info of mount table.
- */
- static class ACLEntity {
- private final String owner;
- private final String group;
- private final FsPermission mode;
-
- ACLEntity(String owner, String group, FsPermission mode) {
- this.owner = owner;
- this.group = group;
- this.mode = mode;
- }
-
- public String getOwner() {
- return owner;
- }
-
- public String getGroup() {
- return group;
- }
-
- public FsPermission getMode() {
- return mode;
}
}
}
\ No newline at end of file
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/FederationProtocol.proto b/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/FederationProtocol.proto
index 2a34838..5ee9d07 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/FederationProtocol.proto
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/FederationProtocol.proto
@@ -129,10 +129,6 @@
RANDOM = 2;
}
optional DestOrder destOrder = 6 [default = HASH];
-
- optional string ownerName = 10;
- optional string groupName = 11;
- optional int32 mode = 12;
}
message AddMountTableEntryRequestProto {
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/webapps/router/federationhealth.html b/hadoop-hdfs-project/hadoop-hdfs/src/main/webapps/router/federationhealth.html
index 2c6a6da..60cd6b1 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/webapps/router/federationhealth.html
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/webapps/router/federationhealth.html
@@ -376,9 +376,6 @@
<th>Target path</th>
<th>Order</th>
<th>Read only</th>
- <th>Owner</th>
- <th>Group</th>
- <th>Permission</th>
<th>Date Modified</th>
<th>Date Created</th>
</tr>
@@ -391,9 +388,6 @@
<td>{path}</td>
<td>{order}</td>
<td class="dfshealth-node-icon dfshealth-mount-read-only-{readonly}"/>
- <td>{ownerName}</td>
- <td>{groupName}</td>
- <td>{mode}</td>
<td>{dateModified}</td>
<td>{dateCreated}</td>
</tr>
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HDFSCommands.md b/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HDFSCommands.md
index 03661f3..06d4f2a 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HDFSCommands.md
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HDFSCommands.md
@@ -423,7 +423,7 @@
Usage:
hdfs dfsrouteradmin
- [-add <source> <nameservice> <destination> [-readonly] -owner <owner> -group <group> -mode <mode>]
+ [-add <source> <nameservice> <destination> [-readonly]]
[-rm <source>]
[-ls <path>]
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HDFSRouterFederation.md b/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HDFSRouterFederation.md
index b150a6c..9d4263f 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HDFSRouterFederation.md
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HDFSRouterFederation.md
@@ -194,14 +194,6 @@
If a mount point is not set, the Router will map it to the default namespace `dfs.federation.router.default.nameserviceId`.
-Mount table have UNIX-like *permissions*, which restrict which users and groups have access to the mount point. Write permissions allow users to add
-, update or remove mount point. Read permissions allow users to list mount point. Execute permissions are unused.
-
-Mount table permission can be set by following command:
-
- [hdfs]$ $HADOOP_HOME/bin/hdfs dfsrouteradmin -add /tmp ns1 /tmp -owner root -group supergroup -mode 0755
-
-The option mode is UNIX-style permissions for the mount table. Permissions are specified in octal, e.g. 0755. By default, this is set to 0755.
Client configuration
--------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/federation/metrics/TestFederationMetrics.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/federation/metrics/TestFederationMetrics.java
index 611a466..186d960 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/federation/metrics/TestFederationMetrics.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/federation/metrics/TestFederationMetrics.java
@@ -86,9 +86,6 @@
json.getString("nameserviceId"));
assertEquals(entry.getDefaultLocation().getDest(),
json.getString("path"));
- assertEquals(entry.getOwnerName(), json.getString("ownerName"));
- assertEquals(entry.getGroupName(), json.getString("groupName"));
- assertEquals(entry.getMode().toString(), json.getString("mode"));
assertNotNullAndNotEmpty(json.getString("dateCreated"));
assertNotNullAndNotEmpty(json.getString("dateModified"));
match++;
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/federation/router/TestRouterAdminCLI.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/federation/router/TestRouterAdminCLI.java
index 9e82967..a3d5bf6 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/federation/router/TestRouterAdminCLI.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/federation/router/TestRouterAdminCLI.java
@@ -38,7 +38,6 @@
import org.apache.hadoop.hdfs.server.federation.store.protocol.GetMountTableEntriesResponse;
import org.apache.hadoop.hdfs.server.federation.store.records.MountTable;
import org.apache.hadoop.hdfs.tools.federation.RouterAdmin;
-import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.ToolRunner;
import org.junit.After;
import org.junit.AfterClass;
@@ -56,8 +55,6 @@
private static RouterAdmin admin;
private static RouterClient client;
- private static final String TEST_USER = "test-user";
-
private final ByteArrayOutputStream out = new ByteArrayOutputStream();
private static final PrintStream OLD_OUT = System.out;
@@ -204,94 +201,4 @@
assertTrue(out.toString().contains(
"Cannot remove mount point " + invalidPath));
}
-
- @Test
- public void testMountTableDefaultACL() throws Exception {
- String[] argv = new String[] {"-add", "/testpath0", "ns0", "/testdir0"};
- Assert.assertEquals(0, ToolRunner.run(admin, argv));
-
- stateStore.loadCache(MountTableStoreImpl.class, true);
- GetMountTableEntriesRequest getRequest = GetMountTableEntriesRequest
- .newInstance("/testpath0");
- GetMountTableEntriesResponse getResponse = client.getMountTableManager()
- .getMountTableEntries(getRequest);
- MountTable mountTable = getResponse.getEntries().get(0);
-
- UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
- String group = ugi.getGroups().isEmpty() ? ugi.getShortUserName()
- : ugi.getPrimaryGroupName();
- assertEquals(ugi.getShortUserName(), mountTable.getOwnerName());
- assertEquals(group, mountTable.getGroupName());
- assertEquals((short) 0755, mountTable.getMode().toShort());
- }
-
- @Test
- public void testMountTablePermissions() throws Exception {
- // re-set system out for testing
- System.setOut(new PrintStream(out));
- // use superuser to add new mount table with only read permission
- String[] argv = new String[] {"-add", "/testpath2-1", "ns0", "/testdir2-1",
- "-owner", TEST_USER, "-group", TEST_USER, "-mode", "0455"};
- assertEquals(0, ToolRunner.run(admin, argv));
-
- String superUser = UserGroupInformation.
- getCurrentUser().getShortUserName();
- // use normal user as current user to test
- UserGroupInformation remoteUser = UserGroupInformation
- .createRemoteUser(TEST_USER);
- UserGroupInformation.setLoginUser(remoteUser);
-
- // verify read permission by executing other commands
- verifyExecutionResult("/testpath2-1", true, -1, -1);
-
- // add new mount table with only write permission
- argv = new String[] {"-add", "/testpath2-2", "ns0", "/testdir2-2",
- "-owner", TEST_USER, "-group", TEST_USER, "-mode", "0255"};
- assertEquals(0, ToolRunner.run(admin, argv));
- verifyExecutionResult("/testpath2-2", false, 0, 0);
-
- // set mount table entry with read and write permission
- argv = new String[] {"-add", "/testpath2-3", "ns0", "/testdir2-3",
- "-owner", TEST_USER, "-group", TEST_USER, "-mode", "0755"};
- assertEquals(0, ToolRunner.run(admin, argv));
- verifyExecutionResult("/testpath2-3", true, 0, 0);
-
- // set back login user
- remoteUser = UserGroupInformation.createRemoteUser(superUser);
- UserGroupInformation.setLoginUser(remoteUser);
- }
-
- /**
- * Verify router admin commands execution result.
- *
- * @param mount
- * target mount table
- * @param canRead
- * whether can list mount tables under specified mount
- * @param addCommandCode
- * expected return code of add command executed for specified mount
- * @param rmCommandCode
- * expected return code of rm command executed for specified mount
- * @throws Exception
- */
- private void verifyExecutionResult(String mount, boolean canRead,
- int addCommandCode, int rmCommandCode) throws Exception {
- String[] argv = null;
- stateStore.loadCache(MountTableStoreImpl.class, true);
-
- out.reset();
- // execute ls command
- argv = new String[] {"-ls", mount};
- assertEquals(0, ToolRunner.run(admin, argv));
- assertEquals(canRead, out.toString().contains(mount));
-
- // execute add/update command
- argv = new String[] {"-add", mount, "ns0", mount + "newdir"};
- assertEquals(addCommandCode, ToolRunner.run(admin, argv));
-
- stateStore.loadCache(MountTableStoreImpl.class, true);
- // execute remove command
- argv = new String[] {"-rm", mount};
- assertEquals(rmCommandCode, ToolRunner.run(admin, argv));
- }
}
\ No newline at end of file