storm-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From etha...@apache.org
Subject [storm] branch master updated: [STORM-3629] Logviewer should always allow admins to access logs
Date Fri, 01 May 2020 14:07:32 GMT
This is an automated email from the ASF dual-hosted git repository.

ethanli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/storm.git


The following commit(s) were added to refs/heads/master by this push:
     new c786116  [STORM-3629] Logviewer should always allow admins to access logs
     new 5d84e5e  Merge pull request #3258 from Ethanlm/STORM-3629
c786116 is described below

commit c78611630233dfef5a14835be93e525b672a50da
Author: Meng Li (Ethan) <ethanopensource@gmail.com>
AuthorDate: Wed Apr 29 17:43:00 2020 -0500

    [STORM-3629] Logviewer should always allow admins to access logs
---
 .../logviewer/handler/LogviewerLogPageHandler.java |  2 +-
 .../daemon/logviewer/utils/ResourceAuthorizer.java | 30 ++++++++++++----------
 2 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/storm-webapp/src/main/java/org/apache/storm/daemon/logviewer/handler/LogviewerLogPageHandler.java
b/storm-webapp/src/main/java/org/apache/storm/daemon/logviewer/handler/LogviewerLogPageHandler.java
index a8882df..b8be6ad 100644
--- a/storm-webapp/src/main/java/org/apache/storm/daemon/logviewer/handler/LogviewerLogPageHandler.java
+++ b/storm-webapp/src/main/java/org/apache/storm/daemon/logviewer/handler/LogviewerLogPageHandler.java
@@ -266,7 +266,7 @@ public class LogviewerLogPageHandler {
                 return LogviewerResponseBuilder.buildResponsePageNotFound();
             }
         } else {
-            if (resourceAuthorizer.getLogUserGroupWhitelist(fileName) != null) {
+            if (resourceAuthorizer.getLogUserGroupWhitelist(fileName) == null) {
                 return LogviewerResponseBuilder.buildResponsePageNotFound();
             } else {
                 return LogviewerResponseBuilder.buildResponseUnauthorizedUser(user);
diff --git a/storm-webapp/src/main/java/org/apache/storm/daemon/logviewer/utils/ResourceAuthorizer.java
b/storm-webapp/src/main/java/org/apache/storm/daemon/logviewer/utils/ResourceAuthorizer.java
index 32f56d7..d62e721 100644
--- a/storm-webapp/src/main/java/org/apache/storm/daemon/logviewer/utils/ResourceAuthorizer.java
+++ b/storm-webapp/src/main/java/org/apache/storm/daemon/logviewer/utils/ResourceAuthorizer.java
@@ -84,25 +84,27 @@ public class ResourceAuthorizer {
             return false;
         }
         LogUserGroupWhitelist whitelist = getLogUserGroupWhitelist(fileName);
-        if (whitelist == null) {
-            return false;
-        } else {
-            List<String> logsUsers = new ArrayList<>();
-            logsUsers.addAll(ObjectReader.getStrings(stormConf.get(DaemonConfig.LOGS_USERS)));
-            logsUsers.addAll(ObjectReader.getStrings(stormConf.get(Config.NIMBUS_ADMINS)));
+
+        List<String> logsUsers = new ArrayList<>();
+        logsUsers.addAll(ObjectReader.getStrings(stormConf.get(DaemonConfig.LOGS_USERS)));
+        logsUsers.addAll(ObjectReader.getStrings(stormConf.get(Config.NIMBUS_ADMINS)));
+        if (whitelist != null) {
             logsUsers.addAll(whitelist.getUserWhitelist());
+        }
 
-            List<String> logsGroups = new ArrayList<>();
-            logsGroups.addAll(ObjectReader.getStrings(stormConf.get(DaemonConfig.LOGS_GROUPS)));
-            logsGroups.addAll(ObjectReader.getStrings(stormConf.get(Config.NIMBUS_ADMINS_GROUPS)));
+        List<String> logsGroups = new ArrayList<>();
+        logsGroups.addAll(ObjectReader.getStrings(stormConf.get(DaemonConfig.LOGS_GROUPS)));
+        logsGroups.addAll(ObjectReader.getStrings(stormConf.get(Config.NIMBUS_ADMINS_GROUPS)));
+        if (whitelist != null) {
             logsGroups.addAll(whitelist.getGroupWhitelist());
+        }
 
-            String userName = principalToLocal.toLocal(user);
-            Set<String> groups = getUserGroups(userName);
+        String userName = principalToLocal.toLocal(user);
+        Set<String> groups = getUserGroups(userName);
+
+        return logsUsers.stream().anyMatch(u -> u.equals(userName))
+            || Sets.intersection(groups, new HashSet<>(logsGroups)).size() > 0;
 
-            return logsUsers.stream().anyMatch(u -> u.equals(userName))
-                    || Sets.intersection(groups, new HashSet<>(logsGroups)).size()
> 0;
-        }
     }
 
     /**


Mime
View raw message