From b5f802042b327557bd30bc9d9d85de7cb3778e90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E4=B8=96=E5=BD=AC10204932?= Date: Wed, 5 Jul 2017 14:59:05 +0800 Subject: [PATCH] HBASE-18323 Remove multiple ACLs for the same user in kerberos --- .../src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java | 3 --- .../src/test/java/org/apache/hadoop/hbase/zookeeper/TestZKUtil.java | 5 ++--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java index 08b059e..703d869 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java @@ -925,10 +925,7 @@ public class ZKUtil { // Certain znodes are accessed directly by the client, // so they must be readable by non-authenticated clients if (zkw.isClientReadable(node)) { - acls.addAll(Ids.CREATOR_ALL_ACL); acls.addAll(Ids.READ_ACL_UNSAFE); - } else { - acls.addAll(Ids.CREATOR_ALL_ACL); } return acls; } else { diff --git a/hbase-client/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZKUtil.java b/hbase-client/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZKUtil.java index 076569b..39f1ba6 100644 --- a/hbase-client/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZKUtil.java +++ b/hbase-client/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZKUtil.java @@ -58,9 +58,8 @@ public class TestZKUtil { String node = "/hbase/testSecuritySingleSuperuser"; ZooKeeperWatcher watcher = new ZooKeeperWatcher(conf, node, null, false); List aclList = ZKUtil.createACL(watcher, node, true); - Assert.assertEquals(aclList.size(), 2); // 1+1, since ACL will be set for the creator by default + Assert.assertEquals(aclList.size(), 1); Assert.assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1")))); - Assert.assertTrue(aclList.contains(Ids.CREATOR_ALL_ACL.iterator().next())); } @Test @@ -70,7 +69,7 @@ public class TestZKUtil { String node = "/hbase/testCreateACL"; ZooKeeperWatcher watcher = new ZooKeeperWatcher(conf, node, null, false); List aclList = ZKUtil.createACL(watcher, node, true); - Assert.assertEquals(aclList.size(), 4); // 3+1, since ACL will be set for the creator by default + Assert.assertEquals(aclList.size(), 3); Assert.assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group1")))); Assert.assertFalse(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "@group2")))); Assert.assertTrue(aclList.contains(new ACL(Perms.ALL, new Id("sasl", "user1")))); -- 1.9.1