big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HADOOP-10824. Refactor KMSACLs to avoid locking. (Benoy Antony via umamahesh)

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1610969 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Uma Maheswara Rao G 2014-07-16 11:24:41 +00:00
parent dc31d66f8a
commit 80d7f0911c
2 changed files with 10 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hadoop-common-project/hadoop-common/CHANGES.txt
View File

@ -178,6 +178,8 @@ Trunk (Unreleased)
HADOOP-10736. Add key attributes to the key shell. (Mike Yoder via wang) HADOOP-10736. Add key attributes to the key shell. (Mike Yoder via wang)
HADOOP-10824. Refactor KMSACLs to avoid locking. (Benoy Antony via umamahesh)
BUG FIXES BUG FIXES
HADOOP-9451. Fault single-layer config if node group topology is enabled. HADOOP-9451. Fault single-layer config if node group topology is enabled.

31
hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java
View File

@ -28,8 +28,6 @@
import java.util.concurrent.Executors; import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
/** /**
* Provides access to the <code>AccessControlList</code>s used by KMS, * Provides access to the <code>AccessControlList</code>s used by KMS,
@ -52,13 +50,11 @@ public String getConfigKey() {
public static final int RELOADER_SLEEP_MILLIS = 1000; public static final int RELOADER_SLEEP_MILLIS = 1000;
Map<Type, AccessControlList> acls; private volatile Map<Type, AccessControlList> acls;
private ReadWriteLock lock;
private ScheduledExecutorService executorService; private ScheduledExecutorService executorService;
private long lastReload; private long lastReload;
KMSACLs(Configuration conf) { KMSACLs(Configuration conf) {
lock = new ReentrantReadWriteLock();
if (conf == null) { if (conf == null) {
conf = loadACLs(); conf = loadACLs();
} }
@ -70,17 +66,13 @@ public KMSACLs() {
} }
private void setACLs(Configuration conf) { private void setACLs(Configuration conf) {
lock.writeLock().lock(); Map<Type, AccessControlList> tempAcls = new HashMap<Type, AccessControlList>();
try { for (Type aclType : Type.values()) {
acls = new HashMap<Type, AccessControlList>(); String aclStr = conf.get(aclType.getConfigKey(), ACL_DEFAULT);
for (Type aclType : Type.values()) { tempAcls.put(aclType, new AccessControlList(aclStr));
String aclStr = conf.get(aclType.getConfigKey(), ACL_DEFAULT); LOG.info("'{}' ACL '{}'", aclType, aclStr);
acls.put(aclType, new AccessControlList(aclStr));
LOG.info("'{}' ACL '{}'", aclType, aclStr);
}
} finally {
lock.writeLock().unlock();
} }
acls = tempAcls;
} }
@Override @Override
@ -120,14 +112,7 @@ private Configuration loadACLs() {
public boolean hasAccess(Type type, String user) { public boolean hasAccess(Type type, String user) {
UserGroupInformation ugi = UserGroupInformation.createRemoteUser(user); UserGroupInformation ugi = UserGroupInformation.createRemoteUser(user);
AccessControlList acl = null; return acls.get(type).isUserAllowed(ugi);
lock.readLock().lock();
try {
acl = acls.get(type);
} finally {
lock.readLock().unlock();
}
return acl.isUserAllowed(ugi);
} }
} }