From efc2e027f21c95ac74f3f526b2d3580771d62510 Mon Sep 17 00:00:00 2001
From: Reid Chan <reidchan@apache.org>
Date: Mon, 6 Apr 2020 16:45:16 +0800
Subject: [PATCH 1/4] HBASE-24121 [Authorization] ServiceAuthorizationManager
 isn't dynamically updatable. And it should be.

---
 .../src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java    | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
index ce7a583e2974..271faed06878 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@@ -48,6 +48,7 @@
 import org.apache.hadoop.hbase.regionserver.RSRpcServices;
 import org.apache.hadoop.hbase.regionserver.slowlog.RpcLogDetails;
 import org.apache.hadoop.hbase.regionserver.slowlog.SlowLogRecorder;
+import org.apache.hadoop.hbase.security.HBasePolicyProvider;
 import org.apache.hadoop.hbase.security.SaslUtil;
 import org.apache.hadoop.hbase.security.SaslUtil.QualityOfProtection;
 import org.apache.hadoop.hbase.security.User;
@@ -313,6 +314,7 @@ public void onConfigurationChange(Configuration newConf) {
     if (scheduler instanceof ConfigurationObserver) {
       ((ConfigurationObserver) scheduler).onConfigurationChange(newConf);
     }
+    HBasePolicyProvider.init(newConf, authManager);
   }
 
   protected void initReconfigurable(Configuration confToLoad) {

From 02daa1541707536f523ffab34670f8d97844ef64 Mon Sep 17 00:00:00 2001
From: Reid Chan <reidchan@apache.org>
Date: Tue, 7 Apr 2020 17:40:07 +0800
Subject: [PATCH 2/4] Address review comments

---
 .../main/java/org/apache/hadoop/hbase/ipc/RpcServer.java    | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
index 271faed06878..d9966ebc6068 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@@ -59,6 +59,7 @@
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.authorize.AuthorizationException;
 import org.apache.hadoop.security.authorize.PolicyProvider;
+import org.apache.hadoop.security.authorize.ProxyUsers;
 import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
 import org.apache.hadoop.security.token.SecretManager;
 import org.apache.hadoop.security.token.TokenIdentifier;
@@ -314,7 +315,10 @@ public void onConfigurationChange(Configuration newConf) {
     if (scheduler instanceof ConfigurationObserver) {
       ((ConfigurationObserver) scheduler).onConfigurationChange(newConf);
     }
-    HBasePolicyProvider.init(newConf, authManager);
+    synchronized (authManager) {
+      authManager.refresh(newConf, new HBasePolicyProvider());
+    }
+    ProxyUsers.refreshSuperUserGroupsConfiguration(newConf);
   }
 
   protected void initReconfigurable(Configuration confToLoad) {

From 38881ae685f7553e95970b534adff28a19c83538 Mon Sep 17 00:00:00 2001
From: Reid Chan <reidchan@apache.org>
Date: Thu, 9 Apr 2020 12:30:53 +0800
Subject: [PATCH 3/4] LOG.info for refreshing policy file

---
 .../src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
index d9966ebc6068..51b611d10470 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@@ -315,10 +315,14 @@ public void onConfigurationChange(Configuration newConf) {
     if (scheduler instanceof ConfigurationObserver) {
       ((ConfigurationObserver) scheduler).onConfigurationChange(newConf);
     }
+    // Make sure authManager will read hbase-policy file
+    System.setProperty("hadoop.policy.file", "hbase-policy.xml");
     synchronized (authManager) {
       authManager.refresh(newConf, new HBasePolicyProvider());
     }
+    LOG.info("Refreshed {} successfully", System.getProperties("hadoop.policy.file"));
     ProxyUsers.refreshSuperUserGroupsConfiguration(newConf);
+    LOG.info("Refreshed super and proxy users successfully");
   }
 
   protected void initReconfigurable(Configuration confToLoad) {

From bbadfdf5a9a7b1287196f8420ec46297cebaac53 Mon Sep 17 00:00:00 2001
From: Reid Chan <reidchan@apache.org>
Date: Thu, 9 Apr 2020 13:30:57 +0800
Subject: [PATCH 4/4] Hard code log info

---
 .../src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
index 51b611d10470..6b993fe295f2 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@@ -320,7 +320,7 @@ public void onConfigurationChange(Configuration newConf) {
     synchronized (authManager) {
       authManager.refresh(newConf, new HBasePolicyProvider());
     }
-    LOG.info("Refreshed {} successfully", System.getProperties("hadoop.policy.file"));
+    LOG.info("Refreshed hbase-policy.xml successfully");
     ProxyUsers.refreshSuperUserGroupsConfiguration(newConf);
     LOG.info("Refreshed super and proxy users successfully");
   }