8 vuotta sitten · aa760e960c
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -8,6 +8,8 @@ Release 2.7.5 - UNRELEASED
 
				 
			
 
				   IMPROVEMENTS
			
 
				 
			
 
				+    HADOOP-13442. Optimize UGI group lookups. (Daryn Sharp via kihwal, shv)
			
 
				+
			
 
				   OPTIMIZATIONS
			
 
				 
			
 
				   BUG FIXES
			
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileSystem.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileSystem.java
@@ -26,7 +26,6 @@ import java.net.URI;
 
				 import java.net.URISyntaxException;
			
 
				 import java.security.PrivilegedExceptionAction;
			
 
				 import java.util.ArrayList;
			
 
				-import java.util.Arrays;
			
 
				 import java.util.EnumSet;
			
 
				 import java.util.HashMap;
			
 
				 import java.util.HashSet;
			
@@ -2185,12 +2184,11 @@ public abstract class FileSystem extends Configured implements Closeable {
 
				     FsPermission perm = stat.getPermission();
			
 
				     UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
			
 
				     String user = ugi.getShortUserName();
			
 
				-    List<String> groups = Arrays.asList(ugi.getGroupNames());
			
 
				     if (user.equals(stat.getOwner())) {
			
 
				       if (perm.getUserAction().implies(mode)) {
			
 
				         return;
			
 
				       }
			
 
				-    } else if (groups.contains(stat.getGroup())) {
			
 
				+    } else if (ugi.getGroups().contains(stat.getGroup())) {
			
 
				       if (perm.getGroupAction().implies(mode)) {
			
 
				         return;
			
 
				       }
			
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/viewfs/ViewFileSystem.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/viewfs/ViewFileSystem.java
@@ -829,7 +829,7 @@ public class ViewFileSystem extends FileSystem {
 
				     public FileStatus getFileStatus(Path f) throws IOException {
			
 
				       checkPathIsSlash(f);
			
 
				       return new FileStatus(0, true, 0, 0, creationTime, creationTime,
			
 
				-          PERMISSION_555, ugi.getUserName(), ugi.getGroupNames()[0],
			
 
				+          PERMISSION_555, ugi.getUserName(), ugi.getPrimaryGroupName(),
			
 
				 
			
 
				           new Path(theInternalDir.fullPath).makeQualified(
			
 
				               myUri, ROOT_PATH));
			
@@ -850,7 +850,7 @@ public class ViewFileSystem extends FileSystem {
 
				 
			
 
				           result[i++] = new FileStatus(0, false, 0, 0,
			
 
				             creationTime, creationTime, PERMISSION_555,
			
 
				-            ugi.getUserName(), ugi.getGroupNames()[0],
			
 
				+            ugi.getUserName(), ugi.getPrimaryGroupName(),
			
 
				             link.getTargetLink(),
			
 
				             new Path(inode.fullPath).makeQualified(
			
 
				                 myUri, null));
			
@@ -982,7 +982,7 @@ public class ViewFileSystem extends FileSystem {
 
				     public AclStatus getAclStatus(Path path) throws IOException {
			
 
				       checkPathIsSlash(path);
			
 
				       return new AclStatus.Builder().owner(ugi.getUserName())
			
 
				-          .group(ugi.getGroupNames()[0])
			
 
				+          .group(ugi.getPrimaryGroupName())
			
 
				           .addEntries(AclUtil.getMinimalAcl(PERMISSION_555))
			
 
				           .stickyBit(false).build();
			
 
				     }
			
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/viewfs/ViewFs.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/viewfs/ViewFs.java
@@ -844,14 +844,14 @@ public class ViewFs extends AbstractFileSystem {
 
				     public FileStatus getFileStatus(final Path f) throws IOException {
			
 
				       checkPathIsSlash(f);
			
 
				       return new FileStatus(0, true, 0, 0, creationTime, creationTime,
			
 
				-          PERMISSION_555, ugi.getUserName(), ugi.getGroupNames()[0],
			
 
				+          PERMISSION_555, ugi.getUserName(), ugi.getPrimaryGroupName(),
			
 
				           new Path(theInternalDir.fullPath).makeQualified(
			
 
				               myUri, null));
			
 
				     }
			
 
				     
			
 
				     @Override
			
 
				     public FileStatus getFileLinkStatus(final Path f)
			
 
				-        throws FileNotFoundException {
			
 
				+        throws IOException {
			
 
				       // look up i internalDirs children - ignore first Slash
			
 
				       INode<AbstractFileSystem> inode =
			
 
				         theInternalDir.children.get(f.toUri().toString().substring(1)); 
			
@@ -864,13 +864,13 @@ public class ViewFs extends AbstractFileSystem {
 
				         INodeLink<AbstractFileSystem> inodelink = 
			
 
				           (INodeLink<AbstractFileSystem>) inode;
			
 
				         result = new FileStatus(0, false, 0, 0, creationTime, creationTime,
			
 
				-            PERMISSION_555, ugi.getUserName(), ugi.getGroupNames()[0],
			
 
				+            PERMISSION_555, ugi.getUserName(), ugi.getPrimaryGroupName(),
			
 
				             inodelink.getTargetLink(),
			
 
				             new Path(inode.fullPath).makeQualified(
			
 
				                 myUri, null));
			
 
				       } else {
			
 
				         result = new FileStatus(0, true, 0, 0, creationTime, creationTime,
			
 
				-          PERMISSION_555, ugi.getUserName(), ugi.getGroupNames()[0],
			
 
				+          PERMISSION_555, ugi.getUserName(), ugi.getPrimaryGroupName(),
			
 
				           new Path(inode.fullPath).makeQualified(
			
 
				               myUri, null));
			
 
				       }
			
@@ -915,7 +915,7 @@ public class ViewFs extends AbstractFileSystem {
 
				 
			
 
				           result[i++] = new FileStatus(0, false, 0, 0,
			
 
				             creationTime, creationTime,
			
 
				-            PERMISSION_555, ugi.getUserName(), ugi.getGroupNames()[0],
			
 
				+            PERMISSION_555, ugi.getUserName(), ugi.getPrimaryGroupName(),
			
 
				             link.getTargetLink(),
			
 
				             new Path(inode.fullPath).makeQualified(
			
 
				                 myUri, null));
			
@@ -1049,7 +1049,7 @@ public class ViewFs extends AbstractFileSystem {
 
				     public AclStatus getAclStatus(Path path) throws IOException {
			
 
				       checkPathIsSlash(path);
			
 
				       return new AclStatus.Builder().owner(ugi.getUserName())
			
 
				-          .group(ugi.getGroupNames()[0])
			
 
				+          .group(ugi.getPrimaryGroupName())
			
 
				           .addEntries(AclUtil.getMinimalAcl(PERMISSION_555))
			
 
				           .stickyBit(false).build();
			
 
				     }
			
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/io/SecureIOUtils.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/io/SecureIOUtils.java
@@ -23,7 +23,6 @@ import java.io.FileInputStream;
 
				 import java.io.FileOutputStream;
			
 
				 import java.io.IOException;
			
 
				 import java.io.RandomAccessFile;
			
 
				-import java.util.Arrays;
			
 
				 
			
 
				 import org.apache.hadoop.conf.Configuration;
			
 
				 import org.apache.hadoop.fs.FSDataInputStream;
			
@@ -276,7 +275,7 @@ public class SecureIOUtils {
 
				             UserGroupInformation.createRemoteUser(expectedOwner);
			
 
				         final String adminsGroupString = "Administrators";
			
 
				         success = owner.equals(adminsGroupString)
			
 
				-            && Arrays.asList(ugi.getGroupNames()).contains(adminsGroupString);
			
 
				+            && ugi.getGroups().contains(adminsGroupString);
			
 
				       } else {
			
 
				         success = false;
			
 
				       }
			
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Groups.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Groups.java
@@ -18,14 +18,17 @@
 
				 package org.apache.hadoop.security;
			
 
				 
			
 
				 import java.io.IOException;
			
 
				+import java.util.ArrayList;
			
 
				 import java.util.Collection;
			
 
				 import java.util.Collections;
			
 
				 import java.util.HashMap;
			
 
				+import java.util.LinkedHashSet;
			
 
				 import java.util.List;
			
 
				 import java.util.Map;
			
 
				 import java.util.Set;
			
 
				 import java.util.concurrent.ExecutionException;
			
 
				 import java.util.concurrent.TimeUnit;
			
 
				+import java.util.concurrent.atomic.AtomicReference;
			
 
				 
			
 
				 import com.google.common.annotations.VisibleForTesting;
			
 
				 import com.google.common.base.Ticker;
			
@@ -33,6 +36,7 @@ import com.google.common.cache.CacheBuilder;
 
				 import com.google.common.cache.Cache;
			
 
				 import com.google.common.cache.CacheLoader;
			
 
				 import com.google.common.cache.LoadingCache;
			
 
				+
			
 
				 import org.apache.hadoop.HadoopIllegalArgumentException;
			
 
				 import org.apache.hadoop.classification.InterfaceAudience;
			
 
				 import org.apache.hadoop.classification.InterfaceAudience.Private;
			
@@ -42,7 +46,6 @@ import org.apache.hadoop.fs.CommonConfigurationKeys;
 
				 import org.apache.hadoop.util.ReflectionUtils;
			
 
				 import org.apache.hadoop.util.StringUtils;
			
 
				 import org.apache.hadoop.util.Timer;
			
 
				-
			
 
				 import org.apache.commons.logging.Log;
			
 
				 import org.apache.commons.logging.LogFactory;
			
 
				 
			
@@ -62,8 +65,8 @@ public class Groups {
 
				   private final GroupMappingServiceProvider impl;
			
 
				 
			
 
				   private final LoadingCache<String, List<String>> cache;
			
 
				-  private final Map<String, List<String>> staticUserToGroupsMap =
			
 
				-      new HashMap<String, List<String>>();
			
 
				+  private final AtomicReference<Map<String, List<String>>> staticMapRef =
			
 
				+      new AtomicReference<>();
			
 
				   private final long cacheTimeout;
			
 
				   private final long negativeCacheTimeout;
			
 
				   private final long warningDeltaMs;
			
@@ -129,6 +132,8 @@ public class Groups {
 
				         CommonConfigurationKeys.HADOOP_USER_GROUP_STATIC_OVERRIDES_DEFAULT);
			
 
				     Collection<String> mappings = StringUtils.getStringCollection(
			
 
				         staticMapping, ";");
			
 
				+    Map<String, List<String>> staticUserToGroupsMap =
			
 
				+        new HashMap<String, List<String>>();
			
 
				     for (String users : mappings) {
			
 
				       Collection<String> userToGroups = StringUtils.getStringCollection(users,
			
 
				           "=");
			
@@ -147,6 +152,8 @@ public class Groups {
 
				       }
			
 
				       staticUserToGroupsMap.put(user, groups);
			
 
				     }
			
 
				+    staticMapRef.set(
			
 
				+        staticUserToGroupsMap.isEmpty() ? null : staticUserToGroupsMap);
			
 
				   }
			
 
				 
			
 
				   private boolean isNegativeCacheEnabled() {
			
@@ -166,9 +173,12 @@ public class Groups {
 
				    */
			
 
				   public List<String> getGroups(final String user) throws IOException {
			
 
				     // No need to lookup for groups of static users
			
 
				-    List<String> staticMapping = staticUserToGroupsMap.get(user);
			
 
				-    if (staticMapping != null) {
			
 
				-      return staticMapping;
			
 
				+    Map<String, List<String>> staticUserToGroupsMap = staticMapRef.get();
			
 
				+    if (staticUserToGroupsMap != null) {
			
 
				+      List<String> staticMapping = staticUserToGroupsMap.get(user);
			
 
				+      if (staticMapping != null) {
			
 
				+        return staticMapping;
			
 
				+      }
			
 
				     }
			
 
				 
			
 
				     // Check the negative cache first
			
@@ -228,7 +238,9 @@ public class Groups {
 
				         throw noGroupsForUser(user);
			
 
				       }
			
 
				 
			
 
				-      return groups;
			
 
				+      // return immutable de-duped list
			
 
				+      return Collections.unmodifiableList(
			
 
				+          new ArrayList<>(new LinkedHashSet<>(groups)));
			
 
				     }
			
 
				 
			
 
				     /**
			
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
@@ -37,7 +37,6 @@ import java.util.Collection;
 
				 import java.util.Collections;
			
 
				 import java.util.HashMap;
			
 
				 import java.util.Iterator;
			
 
				-import java.util.LinkedHashSet;
			
 
				 import java.util.List;
			
 
				 import java.util.Map;
			
 
				 import java.util.Set;
			
@@ -1475,11 +1474,11 @@ public class UserGroupInformation {
 
				   }
			
 
				 
			
 
				   public String getPrimaryGroupName() throws IOException {
			
 
				-    String[] groups = getGroupNames();
			
 
				-    if (groups.length == 0) {
			
 
				+    List<String> groups = getGroups();
			
 
				+    if (groups.isEmpty()) {
			
 
				       throw new IOException("There is no primary group for UGI " + this);
			
 
				     }
			
 
				-    return groups[0];
			
 
				+    return groups.get(0);
			
 
				   }
			
 
				 
			
 
				   /**
			
@@ -1591,27 +1590,36 @@ public class UserGroupInformation {
 
				     return credentials;
			
 
				   }
			
 
				 
			
 
				+  /**
			
 
				+   * Get the group names for this user. {@ #getGroups(String)} is less
			
 
				+   * expensive alternative when checking for a contained element.
			
 
				+   * @return the list of users with the primary group first. If the command
			
 
				+   *    fails, it returns an empty list.
			
 
				+   */
			
 
				+  public String[] getGroupNames() {
			
 
				+    List<String> groups = getGroups();
			
 
				+    return groups.toArray(new String[groups.size()]);
			
 
				+  }
			
 
				+
			
 
				   /**
			
 
				    * Get the group names for this user.
			
 
				    * @return the list of users with the primary group first. If the command
			
 
				    *    fails, it returns an empty list.
			
 
				    */
			
 
				-  public synchronized String[] getGroupNames() {
			
 
				+  public List<String> getGroups() {
			
 
				     ensureInitialized();
			
 
				     try {
			
 
				-      Set<String> result = new LinkedHashSet<String>
			
 
				-        (groups.getGroups(getShortUserName()));
			
 
				-      return result.toArray(new String[result.size()]);
			
 
				+      return groups.getGroups(getShortUserName());
			
 
				     } catch (IOException ie) {
			
 
				       if (LOG.isDebugEnabled()) {
			
 
				         LOG.debug("Failed to get groups for user " + getShortUserName()
			
 
				             + " by " + ie);
			
 
				         LOG.trace("TRACE", ie);
			
 
				       }
			
 
				-      return StringUtils.emptyStringArray;
			
 
				+      return Collections.emptyList();
			
 
				     }
			
 
				   }
			
 
				-  
			
 
				+
			
 
				   /**
			
 
				    * Return the username.
			
 
				    */
			
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AccessControlList.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AccessControlList.java
@@ -231,7 +231,7 @@ public class AccessControlList implements Writable {
 
				     if (allAllowed || users.contains(ugi.getShortUserName())) {
			
 
				       return true;
			
 
				     } else if (!groups.isEmpty()) {
			
 
				-      for(String group: ugi.getGroupNames()) {
			
 
				+      for (String group : ugi.getGroups()) {
			
 
				         if (groups.contains(group)) {
			
 
				           return true;
			
 
				         }
			
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
@@ -432,8 +432,10 @@ public class TestUserGroupInformation {
 
				     UserGroupInformation uugi = 
			
 
				       UserGroupInformation.createUserForTesting(USER_NAME, GROUP_NAMES);
			
 
				     assertEquals(USER_NAME, uugi.getUserName());
			
 
				-    assertArrayEquals(new String[]{GROUP1_NAME, GROUP2_NAME, GROUP3_NAME},
			
 
				-                      uugi.getGroupNames());
			
 
				+    String[] expected = new String[]{GROUP1_NAME, GROUP2_NAME, GROUP3_NAME};
			
 
				+    assertArrayEquals(expected, uugi.getGroupNames());
			
 
				+    assertArrayEquals(expected, uugi.getGroups().toArray(new String[0]));
			
 
				+    assertEquals(GROUP1_NAME, uugi.getPrimaryGroupName());
			
 
				   }
			
 
				 
			
 
				   @SuppressWarnings("unchecked") // from Mockito mocks