org.apache.hadoop.ozone.OzoneAcl

Here are the examples of the java api org.apache.hadoop.ozone.OzoneAcl taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.

95 Examples 7

19 Source : TestOMRequestUtils.java
with Apache License 2.0
from apache

// Create OMRequest for testing adding acl of bucket.
public static OMRequest createBucketAddAclRequest(String volumeName, String bucketName, OzoneAcl acl) {
    AddAclRequest.Builder addAclRequestBuilder = AddAclRequest.newBuilder();
    addAclRequestBuilder.setObj(OzoneObj.toProtobuf(new OzoneObjInfo.Builder().setVolumeName(volumeName).setBucketName(bucketName).setResType(ResourceType.BUCKET).setStoreType(StoreType.OZONE).build()));
    if (acl != null) {
        addAclRequestBuilder.setAcl(OzoneAcl.toProtobuf(acl));
    }
    return OMRequest.newBuilder().setClientId(UUID.randomUUID().toString()).setCmdType(OzoneManagerProtocolProtos.Type.AddAcl).setAddAclRequest(addAclRequestBuilder.build()).build();
}

19 Source : TestOMRequestUtils.java
with Apache License 2.0
from apache

// Create OMRequest for testing removing acl of bucket.
public static OMRequest createBucketRemoveAclRequest(String volumeName, String bucketName, OzoneAcl acl) {
    RemoveAclRequest.Builder removeAclRequestBuilder = RemoveAclRequest.newBuilder();
    removeAclRequestBuilder.setObj(OzoneObj.toProtobuf(new OzoneObjInfo.Builder().setVolumeName(volumeName).setBucketName(bucketName).setResType(ResourceType.BUCKET).setStoreType(StoreType.OZONE).build()));
    if (acl != null) {
        removeAclRequestBuilder.setAcl(OzoneAcl.toProtobuf(acl));
    }
    return OMRequest.newBuilder().setClientId(UUID.randomUUID().toString()).setCmdType(OzoneManagerProtocolProtos.Type.RemoveAcl).setRemoveAclRequest(removeAclRequestBuilder.build()).build();
}

19 Source : OmPrefixInfo.java
with Apache License 2.0
from apache

public boolean addAcl(OzoneAcl acl) {
    return OzoneAclUtil.addAcl(acls, acl);
}

19 Source : OmPrefixInfo.java
with Apache License 2.0
from apache

public boolean removeAcl(OzoneAcl acl) {
    return OzoneAclUtil.removeAcl(acls, acl);
}

19 Source : TestOzoneManagerHAWithACL.java
with Apache License 2.0
from apache

private boolean containsAcl(OzoneAcl ozoneAcl, List<OzoneAcl> ozoneAcls) {
    for (OzoneAcl acl : ozoneAcls) {
        boolean result = compareAcls(ozoneAcl, acl);
        if (result) {
            // We found a match, return.
            return result;
        }
    }
    return false;
}

19 Source : TestOzoneAclUtil.java
with Apache License 2.0
from apache

private void removeAndVerifyAcl(List<OzoneAcl> currentAcls, OzoneAcl removedAcl, boolean expectedResult, int expectedSize) {
    replacedertEquals(expectedResult, OzoneAclUtil.removeAcl(currentAcls, removedAcl));
    if (currentAcls != null) {
        boolean verified = verifyAclRemoved(currentAcls, removedAcl);
        replacedertTrue("removedAcl: " + removedAcl + " should not exist in the" + " current acls: " + currentAcls, verified);
        replacedertEquals(expectedSize, currentAcls.size());
    }
}

19 Source : TestOzoneAclUtil.java
with Apache License 2.0
from apache

private void addAndVerifyAcl(List<OzoneAcl> currentAcls, OzoneAcl addedAcl, boolean expectedResult, int expectedSize) {
    replacedertEquals(expectedResult, OzoneAclUtil.addAcl(currentAcls, addedAcl));
    if (currentAcls != null) {
        boolean verified = verifyAclAdded(currentAcls, addedAcl);
        replacedertTrue("addedAcl: " + addedAcl + " should exist in the" + " current acls: " + currentAcls, verified);
        replacedertEquals(expectedSize, currentAcls.size());
    }
}

19 Source : OmVolumeArgs.java
with Apache License 2.0
from apache

public void removeAcl(OzoneAcl acl) throws OMException {
    this.aclMap.removeAcl(acl);
}

19 Source : OmVolumeArgs.java
with Apache License 2.0
from apache

public void addAcl(OzoneAcl acl) throws OMException {
    this.aclMap.addAcl(acl);
}

19 Source : OmOzoneAclMap.java
with Apache License 2.0
from apache

private void aclExistsError(OzoneAcl acl) throws OMException {
    // throw exception if acl is already added.
    throw new OMException("Acl " + acl + " already exist.", INVALID_REQUEST);
}

19 Source : OmBucketInfo.java
with Apache License 2.0
from apache

/**
 * Remove acl from existing acl list.
 * @param ozoneAcl
 * @return true - if successfully removed, false if not able to remove due
 * to that acl is not in the existing acl list.
 */
public boolean removeAcl(OzoneAcl ozoneAcl) {
    return OzoneAclUtil.removeAcl(acls, ozoneAcl);
}

19 Source : OmBucketInfo.java
with Apache License 2.0
from apache

/**
 * Add an ozoneAcl to list of existing Acl set.
 * @param ozoneAcl
 * @return true - if successfully added, false if not added or acl is
 * already existing in the acl list.
 */
public boolean addAcl(OzoneAcl ozoneAcl) {
    return OzoneAclUtil.addAcl(acls, ozoneAcl);
}

18 Source : AclOption.java
with Apache License 2.0
from apache

/**
 * Defines command-line option for specifying one or more ACLs.
 */
public clreplaced AclOption implements CommandLine.ITypeConverter<OzoneAcl> {

    @CommandLine.Option(names = { "--acls", "--acl", "-al", "-a" }, split = ",", required = true, converter = AclOption.clreplaced, description = "Comma separated ACL list:\n" + "Example: user:user2:a OR user:user1:rw,group:hadoop:a\n" + "r = READ, " + "w = WRITE, " + "c = CREATE, " + "d = DELETE, " + "l = LIST, " + "a = ALL, " + "n = NONE, " + "x = READ_ACL, " + "y = WRITE_ACL.")
    private OzoneAcl[] values;

    private List<OzoneAcl> getAclList() {
        return ImmutableList.copyOf(values);
    }

    public void addTo(OzoneObj obj, ObjectStore objectStore, PrintStream out) throws IOException {
        for (OzoneAcl acl : getAclList()) {
            boolean result = objectStore.addAcl(obj, acl);
            String message = result ? ("ACL %s added successfully.%n") : ("ACL %s already exists.%n");
            out.printf(message, acl);
        }
    }

    public void removeFrom(OzoneObj obj, ObjectStore objectStore, PrintStream out) throws IOException {
        for (OzoneAcl acl : getAclList()) {
            boolean result = objectStore.removeAcl(obj, acl);
            String message = result ? ("ACL %s removed successfully.%n") : ("ACL %s doesn't exist.%n");
            out.printf(message, acl);
        }
    }

    public void setOn(OzoneObj obj, ObjectStore objectStore, PrintStream out) throws IOException {
        objectStore.setAcl(obj, getAclList());
        out.println("ACLs set successfully.");
    }

    @Override
    public OzoneAcl convert(String value) {
        return OzoneAcl.parseAcl(value);
    }
}

18 Source : TestOzoneNativeAuthorizer.java
with Apache License 2.0
from apache

@Test
public void testCheckAccessForPrefix() throws Exception {
    prefixObj = new OzoneObjInfo.Builder().setVolumeName(vol).setBucketName(buck).setPrefixName(prefix).setResType(PREFIX).setStoreType(OZONE).build();
    OzoneAcl userAcl = new OzoneAcl(USER, testUgi.getUserName(), parentDirUserAcl, ACCESS);
    OzoneAcl groupAcl = new OzoneAcl(GROUP, testUgi.getGroups().size() > 0 ? testUgi.getGroups().get(0) : "", parentDirGroupAcl, ACCESS);
    // Set access for volume & bucket. We should directly add to table
    // because old API's update to DB.
    setVolumeAcl(Arrays.asList(userAcl, groupAcl));
    setBucketAcl(Arrays.asList(userAcl, groupAcl));
    resetAclsAndValidateAccess(prefixObj, USER, prefixManager);
    resetAclsAndValidateAccess(prefixObj, GROUP, prefixManager);
    resetAclsAndValidateAccess(prefixObj, WORLD, prefixManager);
    resetAclsAndValidateAccess(prefixObj, ANONYMOUS, prefixManager);
}

18 Source : TestOzoneNativeAuthorizer.java
with Apache License 2.0
from apache

@Test
public void testCheckAccessForKey() throws Exception {
    OzoneAcl userAcl = new OzoneAcl(USER, testUgi.getUserName(), parentDirUserAcl, ACCESS);
    OzoneAcl groupAcl = new OzoneAcl(GROUP, testUgi.getGroups().size() > 0 ? testUgi.getGroups().get(0) : "", parentDirGroupAcl, ACCESS);
    // Set access for volume & bucket. We should directly add to table
    // because old API's update to DB.
    setVolumeAcl(Arrays.asList(userAcl, groupAcl));
    setBucketAcl(Arrays.asList(userAcl, groupAcl));
    resetAclsAndValidateAccess(keyObj, USER, keyManager);
    resetAclsAndValidateAccess(keyObj, GROUP, keyManager);
    resetAclsAndValidateAccess(keyObj, WORLD, keyManager);
    resetAclsAndValidateAccess(keyObj, ANONYMOUS, keyManager);
}

18 Source : TestOzoneNativeAuthorizer.java
with Apache License 2.0
from apache

private void addBucketAcl(OzoneAcl ozoneAcl) throws IOException {
    String bucketKey = metadataManager.getBucketKey(vol, buck);
    OmBucketInfo omBucketInfo = metadataManager.getBucketTable().get(bucketKey);
    omBucketInfo.addAcl(ozoneAcl);
    metadataManager.getBucketTable().addCacheEntry(new CacheKey<>(bucketKey), new CacheValue<>(Optional.of(omBucketInfo), 1L));
}

18 Source : TestOzoneNativeAuthorizer.java
with Apache License 2.0
from apache

@Test
public void testCheckAccessForBucket() throws Exception {
    OzoneAcl userAcl = new OzoneAcl(USER, testUgi.getUserName(), parentDirUserAcl, ACCESS);
    OzoneAcl groupAcl = new OzoneAcl(GROUP, testUgi.getGroups().size() > 0 ? testUgi.getGroups().get(0) : "", parentDirGroupAcl, ACCESS);
    // Set access for volume.
    // We should directly add to table because old API's update to DB.
    setVolumeAcl(Arrays.asList(userAcl, groupAcl));
    resetAclsAndValidateAccess(buckObj, USER, bucketManager);
    resetAclsAndValidateAccess(buckObj, GROUP, bucketManager);
    resetAclsAndValidateAccess(buckObj, WORLD, bucketManager);
    resetAclsAndValidateAccess(buckObj, ANONYMOUS, bucketManager);
}

18 Source : TestOMRequestUtils.java
with Apache License 2.0
from apache

public static OMRequest createVolumeRemoveAclRequest(String volumeName, OzoneAcl acl) {
    RemoveAclRequest.Builder removeAclRequestBuilder = RemoveAclRequest.newBuilder();
    removeAclRequestBuilder.setObj(OzoneObj.toProtobuf(new OzoneObjInfo.Builder().setVolumeName(volumeName).setResType(ResourceType.VOLUME).setStoreType(StoreType.OZONE).build()));
    if (acl != null) {
        removeAclRequestBuilder.setAcl(OzoneAcl.toProtobuf(acl));
    }
    return OMRequest.newBuilder().setClientId(UUID.randomUUID().toString()).setCmdType(OzoneManagerProtocolProtos.Type.RemoveAcl).setRemoveAclRequest(removeAclRequestBuilder.build()).build();
}

18 Source : TestOMRequestUtils.java
with Apache License 2.0
from apache

public static OMRequest createVolumeAddAclRequest(String volumeName, OzoneAcl acl) {
    AddAclRequest.Builder addAclRequestBuilder = AddAclRequest.newBuilder();
    addAclRequestBuilder.setObj(OzoneObj.toProtobuf(new OzoneObjInfo.Builder().setVolumeName(volumeName).setResType(ResourceType.VOLUME).setStoreType(StoreType.OZONE).build()));
    if (acl != null) {
        addAclRequestBuilder.setAcl(OzoneAcl.toProtobuf(acl));
    }
    return OMRequest.newBuilder().setClientId(UUID.randomUUID().toString()).setCmdType(OzoneManagerProtocolProtos.Type.AddAcl).setAddAclRequest(addAclRequestBuilder.build()).build();
}

18 Source : TestOMKeyAclRequest.java
with Apache License 2.0
from apache

private OMRequest createRemoveAclKeyRequest(OzoneAcl acl) {
    OzoneObj obj = OzoneObjInfo.Builder.newBuilder().setBucketName(bucketName).setVolumeName(volumeName).setKeyName(keyName).setResType(OzoneObj.ResourceType.KEY).setStoreType(OzoneObj.StoreType.OZONE).build();
    RemoveAclRequest removeAclRequest = RemoveAclRequest.newBuilder().setObj(OzoneObj.toProtobuf(obj)).setAcl(OzoneAcl.toProtobuf(acl)).build();
    return OMRequest.newBuilder().setClientId(UUID.randomUUID().toString()).setCmdType(OzoneManagerProtocolProtos.Type.RemoveAcl).setRemoveAclRequest(removeAclRequest).build();
}

18 Source : PrefixManagerImpl.java
with Apache License 2.0
from apache

public OMPrefixAclOpResult removeAcl(OzoneObj ozoneObj, OzoneAcl ozoneAcl, OmPrefixInfo prefixInfo) throws IOException {
    boolean removed = false;
    if (prefixInfo != null) {
        removed = prefixInfo.removeAcl(ozoneAcl);
    }
    // Nothing is matching to remove.
    if (removed) {
        // Update in-memory prefix tree.
        if (prefixInfo.getAcls().isEmpty()) {
            prefixTree.removePrefixPath(ozoneObj.getPath());
            if (!isRatisEnabled) {
                metadataManager.getPrefixTable().delete(ozoneObj.getPath());
            }
        } else {
            prefixTree.insert(ozoneObj.getPath(), prefixInfo);
            if (!isRatisEnabled) {
                metadataManager.getPrefixTable().put(ozoneObj.getPath(), prefixInfo);
            }
        }
    }
    return new OMPrefixAclOpResult(prefixInfo, removed);
}

18 Source : PrefixManagerImpl.java
with Apache License 2.0
from apache

public OMPrefixAclOpResult addAcl(OzoneObj ozoneObj, OzoneAcl ozoneAcl, OmPrefixInfo prefixInfo, long transactionLogIndex) throws IOException {
    if (prefixInfo == null) {
        OmPrefixInfo.Builder prefixInfoBuilder = new OmPrefixInfo.Builder().setName(ozoneObj.getPath());
        if (transactionLogIndex > 0) {
            prefixInfoBuilder.setObjectID(OmUtils.getObjectIdFromTxId(metadataManager.getOmEpoch(), transactionLogIndex));
            prefixInfoBuilder.setUpdateID(transactionLogIndex);
        }
        prefixInfo = prefixInfoBuilder.build();
    }
    boolean changed = prefixInfo.addAcl(ozoneAcl);
    if (changed) {
        // update the in-memory prefix tree
        prefixTree.insert(ozoneObj.getPath(), prefixInfo);
        if (!isRatisEnabled) {
            metadataManager.getPrefixTable().put(ozoneObj.getPath(), prefixInfo);
        }
    }
    return new OMPrefixAclOpResult(prefixInfo, changed);
}

18 Source : OzoneAclStorageUtil.java
with Apache License 2.0
from apache

/**
 * Convert a list of OzoneAcl(java) to list of OzoneAclInfo(protoc).
 * @param protoAcls
 * @return list of OzoneAclInfo.
 */
public static List<OzoneAclInfo> toProtobuf(List<OzoneAcl> protoAcls) {
    List<OzoneAclInfo> ozoneAclInfos = new ArrayList<>();
    for (OzoneAcl acl : protoAcls) {
        ozoneAclInfos.add(OzoneAclStorage.toProtobuf(acl));
    }
    return ozoneAclInfos;
}

18 Source : TestOzoneAclUtil.java
with Apache License 2.0
from apache

/**
 * Test for OzoneAcls utility clreplaced.
 */
public clreplaced TestOzoneAclUtil {

    private static final List<OzoneAcl> DEFAULT_ACLS = getDefaultAcls();

    private static final OzoneAcl USER1 = new OzoneAcl(USER, "user1", ACLType.READ_ACL, ACCESS);

    private static final OzoneAcl USER2 = new OzoneAcl(USER, "user2", ACLType.WRITE, ACCESS);

    private static final OzoneAcl GROUP1 = new OzoneAcl(GROUP, "group1", ACLType.ALL, ACCESS);

    @Test
    public void testAddAcl() throws IOException {
        List<OzoneAcl> currentAcls = getDefaultAcls();
        replacedertTrue(currentAcls.size() > 0);
        // Add new permission to existing acl entry.
        OzoneAcl oldAcl = currentAcls.get(0);
        OzoneAcl newAcl = new OzoneAcl(oldAcl.getType(), oldAcl.getName(), ACLType.READ_ACL, ACCESS);
        addAndVerifyAcl(currentAcls, newAcl, true, DEFAULT_ACLS.size());
        // Add same permission again and verify result
        addAndVerifyAcl(currentAcls, newAcl, false, DEFAULT_ACLS.size());
        // Add a new user acl entry.
        addAndVerifyAcl(currentAcls, USER1, true, DEFAULT_ACLS.size() + 1);
        // Add same acl entry again and verify result
        addAndVerifyAcl(currentAcls, USER1, false, DEFAULT_ACLS.size() + 1);
        // Add a new group acl entry.
        addAndVerifyAcl(currentAcls, GROUP1, true, DEFAULT_ACLS.size() + 2);
        // Add same acl entry again and verify result
        addAndVerifyAcl(currentAcls, GROUP1, false, DEFAULT_ACLS.size() + 2);
    }

    @Test
    public void testRemoveAcl() {
        List<OzoneAcl> currentAcls = null;
        // add/remove to/from null OzoneAcls
        removeAndVerifyAcl(currentAcls, USER1, false, 0);
        addAndVerifyAcl(currentAcls, USER1, false, 0);
        removeAndVerifyAcl(currentAcls, USER1, false, 0);
        currentAcls = getDefaultAcls();
        replacedertTrue(currentAcls.size() > 0);
        // Add new permission to existing acl entru.
        OzoneAcl oldAcl = currentAcls.get(0);
        OzoneAcl newAcl = new OzoneAcl(oldAcl.getType(), oldAcl.getName(), ACLType.READ_ACL, ACCESS);
        // Remove non existing acl entry
        removeAndVerifyAcl(currentAcls, USER1, false, DEFAULT_ACLS.size());
        // Remove non existing acl permission
        removeAndVerifyAcl(currentAcls, newAcl, false, DEFAULT_ACLS.size());
        // Add new permission to existing acl entry.
        addAndVerifyAcl(currentAcls, newAcl, true, DEFAULT_ACLS.size());
        // Remove the new permission added.
        removeAndVerifyAcl(currentAcls, newAcl, true, DEFAULT_ACLS.size());
        removeAndVerifyAcl(currentAcls, oldAcl, true, DEFAULT_ACLS.size() - 1);
    }

    private void addAndVerifyAcl(List<OzoneAcl> currentAcls, OzoneAcl addedAcl, boolean expectedResult, int expectedSize) {
        replacedertEquals(expectedResult, OzoneAclUtil.addAcl(currentAcls, addedAcl));
        if (currentAcls != null) {
            boolean verified = verifyAclAdded(currentAcls, addedAcl);
            replacedertTrue("addedAcl: " + addedAcl + " should exist in the" + " current acls: " + currentAcls, verified);
            replacedertEquals(expectedSize, currentAcls.size());
        }
    }

    private void removeAndVerifyAcl(List<OzoneAcl> currentAcls, OzoneAcl removedAcl, boolean expectedResult, int expectedSize) {
        replacedertEquals(expectedResult, OzoneAclUtil.removeAcl(currentAcls, removedAcl));
        if (currentAcls != null) {
            boolean verified = verifyAclRemoved(currentAcls, removedAcl);
            replacedertTrue("removedAcl: " + removedAcl + " should not exist in the" + " current acls: " + currentAcls, verified);
            replacedertEquals(expectedSize, currentAcls.size());
        }
    }

    private boolean verifyAclRemoved(List<OzoneAcl> acls, OzoneAcl removedAcl) {
        for (OzoneAcl acl : acls) {
            if (acl.getName().equals(removedAcl.getName()) && acl.getType().equals(removedAcl.getType()) && acl.getAclScope().equals(removedAcl.getAclScope())) {
                BitSet temp = (BitSet) acl.getAclBitSet().clone();
                temp.and(removedAcl.getAclBitSet());
                return !temp.equals(removedAcl.getAclBitSet());
            }
        }
        return true;
    }

    private boolean verifyAclAdded(List<OzoneAcl> acls, OzoneAcl newAcl) {
        for (OzoneAcl acl : acls) {
            if (acl.getName().equals(newAcl.getName()) && acl.getType().equals(newAcl.getType()) && acl.getAclScope().equals(newAcl.getAclScope())) {
                BitSet temp = (BitSet) acl.getAclBitSet().clone();
                temp.and(newAcl.getAclBitSet());
                return temp.equals(newAcl.getAclBitSet());
            }
        }
        return false;
    }

    /**
     * Helper function to get default acl list for current user.
     *
     * @return list of ozoneAcls.
     * @throws IOException
     */
    private static List<OzoneAcl> getDefaultAcls() {
        List<OzoneAcl> ozoneAcls = new ArrayList<>();
        // User ACL
        UserGroupInformation ugi;
        try {
            ugi = UserGroupInformation.getCurrentUser();
        } catch (IOException ioe) {
            ugi = UserGroupInformation.createRemoteUser("user0");
        }
        OzoneAclConfig aclConfig = newInstanceOf(OzoneAclConfig.clreplaced);
        IAccessAuthorizer.ACLType userRights = aclConfig.getUserDefaultRights();
        IAccessAuthorizer.ACLType groupRights = aclConfig.getGroupDefaultRights();
        OzoneAclUtil.addAcl(ozoneAcls, new OzoneAcl(USER, ugi.getUserName(), userRights, ACCESS));
        // Group ACLs of the User
        List<String> userGroups = Arrays.asList(ugi.getGroupNames());
        userGroups.stream().forEach((group) -> OzoneAclUtil.addAcl(ozoneAcls, new OzoneAcl(GROUP, group, groupRights, ACCESS)));
        return ozoneAcls;
    }
}

18 Source : OzoneBucket.java
with Apache License 2.0
from apache

/**
 * Builder for OmBucketInfo.
 *  /**
 * Adds ACLs to the Bucket.
 * @param addAcl ACL to be added
 * @return true - if acl is successfully added, false if acl already exists
 * for the bucket.
 * @throws IOException
 */
public boolean addAcls(OzoneAcl addAcl) throws IOException {
    return proxy.addAcl(ozoneObj, addAcl);
}

18 Source : OzoneBucket.java
with Apache License 2.0
from apache

/**
 * Removes ACLs from the bucket.
 * @return true - if acl is successfully removed, false if acl to be
 * removed does not exist for the bucket.
 * @throws IOException
 */
public boolean removeAcls(OzoneAcl removeAcl) throws IOException {
    return proxy.removeAcl(ozoneObj, removeAcl);
}

17 Source : TestOzoneNativeAuthorizer.java
with Apache License 2.0
from apache

private void addVolumeAcl(OzoneAcl ozoneAcl) throws IOException {
    String volumeKey = metadataManager.getVolumeKey(volObj.getVolumeName());
    OmVolumeArgs omVolumeArgs = metadataManager.getVolumeTable().get(volumeKey);
    omVolumeArgs.addAcl(ozoneAcl);
    metadataManager.getVolumeTable().addCacheEntry(new CacheKey<>(volumeKey), new CacheValue<>(Optional.of(omVolumeArgs), 1L));
}

17 Source : TestOzoneNativeAuthorizer.java
with Apache License 2.0
from apache

private void resetAclsAndValidateAccess(OzoneObj obj, ACLIdenreplacedyType accessType, IOzoneAcl aclImplementor) throws IOException {
    List<OzoneAcl> acls;
    String user = testUgi.getUserName();
    String group = (testUgi.getGroups().size() > 0) ? testUgi.getGroups().get(0) : "";
    RequestContext.Builder builder = new RequestContext.Builder().setClientUgi(testUgi).setAclType(accessType);
    // Get all acls.
    List<ACLType> allAcls = Arrays.stream(ACLType.values()).collect(Collectors.toList());
    /**
     * 1. Reset default acls to an acl.
     * 2. Test if user/group has access only to it.
     * 3. Add remaining acls one by one and then test
     *    if user/group has access to them.
     */
    for (ACLType a1 : allAcls) {
        OzoneAcl newAcl = new OzoneAcl(accessType, getAclName(accessType), a1, ACCESS);
        // Reset acls to only one right.
        if (obj.getResourceType() == VOLUME) {
            setVolumeAcl(Collections.singletonList(newAcl));
        } else if (obj.getResourceType() == BUCKET) {
            setBucketAcl(Collections.singletonList(newAcl));
        } else {
            aclImplementor.setAcl(obj, Collections.singletonList(newAcl));
        }
        // Fetch current acls and validate.
        acls = aclImplementor.getAcl(obj);
        replacedertTrue(acls.size() == 1);
        replacedertTrue(acls.contains(newAcl));
        // Special handling for ALL.
        if (a1.equals(ALL)) {
            validateAll(obj, builder);
            continue;
        }
        // Special handling for NONE.
        if (a1.equals(NONE)) {
            validateNone(obj, builder);
            continue;
        }
        String msg = "Acl to check:" + a1 + " accessType:" + accessType + " path:" + obj.getPath();
        if (a1.equals(CREATE) && obj.getResourceType().equals(VOLUME)) {
            replacedertEquals(msg, nativeAuthorizer.getOzoneAdmins().contains(user), nativeAuthorizer.checkAccess(obj, builder.setAclRights(a1).build()));
        } else {
            replacedertEquals(msg, expectedAclResult, nativeAuthorizer.checkAccess(obj, builder.setAclRights(a1).build()));
        }
        List<ACLType> aclsToBeValidated = Arrays.stream(ACLType.values()).collect(Collectors.toList());
        List<ACLType> aclsToBeAdded = Arrays.stream(ACLType.values()).collect(Collectors.toList());
        aclsToBeValidated.remove(NONE);
        // Do not validate "WRITE" since write acl type requires object to be
        // present in OpenKeyTable.
        aclsToBeValidated.remove(WRITE);
        aclsToBeValidated.remove(a1);
        aclsToBeAdded.remove(NONE);
        aclsToBeAdded.remove(ALL);
        // AclType "CREATE" is skipped from access check on objects
        // since the object will not exist during access check.
        aclsToBeAdded.remove(CREATE);
        // AclType "WRITE" is removed from being tested here,
        // because object must always be present in OpenKeyTable for write
        // acl requests. But, here the objects are already committed
        // and will move to keyTable.
        aclsToBeAdded.remove(WRITE);
        // Fetch acls again.
        for (ACLType a2 : aclsToBeAdded) {
            if (!a2.equals(a1)) {
                acls = aclImplementor.getAcl(obj);
                List right = acls.stream().map(a -> a.getAclList()).collect(Collectors.toList());
                replacedertFalse("Did not expect client to have " + a2 + " acl. " + "Current acls found:" + right + ". Type:" + accessType + "," + " name:" + (accessType == USER ? user : group), nativeAuthorizer.checkAccess(obj, builder.setAclRights(a2).build()));
                // Randomize next type.
                int type = RandomUtils.nextInt(0, 3);
                ACLIdenreplacedyType idenreplacedyType = ACLIdenreplacedyType.values()[type];
                // Add remaining acls one by one and then check access.
                OzoneAcl addAcl = new OzoneAcl(idenreplacedyType, getAclName(idenreplacedyType), a2, ACCESS);
                // For volume and bucket update to cache. As Old API's update to
                // only DB not cache.
                if (obj.getResourceType() == VOLUME) {
                    addVolumeAcl(addAcl);
                } else if (obj.getResourceType() == BUCKET) {
                    addBucketAcl(addAcl);
                } else {
                    aclImplementor.addAcl(obj, addAcl);
                }
                // Fetch acls again.
                acls = aclImplementor.getAcl(obj);
                boolean a2AclFound = false;
                boolean a1AclFound = false;
                for (OzoneAcl acl : acls) {
                    if (acl.getAclList().contains(a2)) {
                        a2AclFound = true;
                    }
                    if (acl.getAclList().contains(a1)) {
                        a1AclFound = true;
                    }
                }
                replacedertTrue("Current acls :" + acls + ". " + "Type:" + accessType + ", name:" + (accessType == USER ? user : group) + " acl:" + a2, a2AclFound);
                replacedertTrue("Expected client to have " + a1 + " acl. Current acls " + "found:" + acls + ". Type:" + accessType + ", name:" + (accessType == USER ? user : group), a1AclFound);
                replacedertEquals("Current acls " + acls + ". Expect acl:" + a2 + " to be set? " + expectedAclResult + " accessType:" + accessType, expectedAclResult, nativeAuthorizer.checkAccess(obj, builder.setAclRights(a2).build()));
                aclsToBeValidated.remove(a2);
                for (ACLType a3 : aclsToBeValidated) {
                    if (!a3.equals(a1) && !a3.equals(a2) && !a3.equals(CREATE)) {
                        replacedertFalse("User shouldn't have right " + a3 + ". " + "Current acl rights for user:" + a1 + "," + a2, nativeAuthorizer.checkAccess(obj, builder.setAclRights(a3).build()));
                    }
                }
            }
        }
    }
}

17 Source : TestOMKeyAclRequest.java
with Apache License 2.0
from apache

private OMRequest createSetAclKeyRequest(OzoneAcl acl) {
    OzoneObj obj = OzoneObjInfo.Builder.newBuilder().setBucketName(bucketName).setVolumeName(volumeName).setKeyName(keyName).setResType(OzoneObj.ResourceType.KEY).setStoreType(OzoneObj.StoreType.OZONE).build();
    SetAclRequest setAclRequest = SetAclRequest.newBuilder().setObj(OzoneObj.toProtobuf(obj)).addAcl(OzoneAcl.toProtobuf(acl)).build();
    return OMRequest.newBuilder().setClientId(UUID.randomUUID().toString()).setCmdType(OzoneManagerProtocolProtos.Type.SetAcl).setSetAclRequest(setAclRequest).build();
}

17 Source : TestOMKeyAclRequest.java
with Apache License 2.0
from apache

/**
 * Create OMRequest which encapsulates OMKeyAddAclRequest.
 */
private OMRequest createAddAclkeyRequest(OzoneAcl acl) {
    OzoneObj obj = OzoneObjInfo.Builder.newBuilder().setBucketName(bucketName).setVolumeName(volumeName).setKeyName(keyName).setResType(OzoneObj.ResourceType.KEY).setStoreType(OzoneObj.StoreType.OZONE).build();
    AddAclRequest addAclRequest = AddAclRequest.newBuilder().setObj(OzoneObj.toProtobuf(obj)).setAcl(OzoneAcl.toProtobuf(acl)).build();
    return OMRequest.newBuilder().setClientId(UUID.randomUUID().toString()).setCmdType(OzoneManagerProtocolProtos.Type.AddAcl).setAddAclRequest(addAclRequest).build();
}

17 Source : PrefixManagerImpl.java
with Apache License 2.0
from apache

/**
 * Add acl for Ozone object. Return true if acl is added successfully else
 * false.
 *
 * @param obj Ozone object for which acl should be added.
 * @param acl ozone acl to be added.
 * @throws IOException if there is error.
 */
@Override
public boolean addAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
    validateOzoneObj(obj);
    String prefixPath = obj.getPath();
    metadataManager.getLock().acquireWriteLock(PREFIX_LOCK, prefixPath);
    try {
        OmPrefixInfo prefixInfo = metadataManager.getPrefixTable().get(prefixPath);
        OMPrefixAclOpResult omPrefixAclOpResult = addAcl(obj, acl, prefixInfo, 0L);
        return omPrefixAclOpResult.isSuccess();
    } catch (IOException ex) {
        if (!(ex instanceof OMException)) {
            LOG.error("Add acl operation failed for prefix path:{} acl:{}", prefixPath, acl, ex);
        }
        throw ex;
    } finally {
        metadataManager.getLock().releaseWriteLock(PREFIX_LOCK, prefixPath);
    }
}

17 Source : OzoneAclUtil.java
with Apache License 2.0
from apache

/**
 * Convert a list of OzoneAcl(java) to list of OzoneAclInfo(protoc).
 * @param protoAcls
 * @return list of OzoneAclInfo.
 */
public static List<OzoneAclInfo> toProtobuf(List<OzoneAcl> protoAcls) {
    List<OzoneAclInfo> ozoneAclInfos = new ArrayList<>();
    for (OzoneAcl acl : protoAcls) {
        ozoneAclInfos.add(OzoneAcl.toProtobuf(acl));
    }
    return ozoneAclInfos;
}

17 Source : OmOzoneAclMap.java
with Apache License 2.0
from apache

private BitSet checkAndGet(OzoneAcl acl, BitSet curBitSet) throws OMException {
    // Check if we are adding new rights to existing acl.
    BitSet temp = (BitSet) acl.getAclBitSet().clone();
    BitSet curRights = (BitSet) curBitSet.clone();
    temp.or(curRights);
    if (temp.equals(curRights)) {
        aclExistsError(acl);
    }
    return temp;
}

17 Source : ObjectStore.java
with Apache License 2.0
from apache

/**
 * Remove acl for Ozone object. Return true if acl is removed successfully
 * else false.
 *
 * @param obj Ozone object.
 * @param acl Ozone acl to be removed.
 * @return true if acl is added successfully, else false.
 * @throws IOException if there is error.
 */
public boolean removeAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
    return proxy.removeAcl(obj, acl);
}

17 Source : ObjectStore.java
with Apache License 2.0
from apache

/**
 * Add acl for Ozone object. Return true if acl is added successfully else
 * false.
 * @param obj Ozone object for which acl should be added.
 * @param acl ozone acl to be added.
 * @return true if acl is added successfully, else false.
 * @throws IOException if there is error.
 */
public boolean addAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
    return proxy.addAcl(obj, acl);
}

16 Source : AclOption.java
with Apache License 2.0
from apache

public void addTo(OzoneObj obj, ObjectStore objectStore, PrintStream out) throws IOException {
    for (OzoneAcl acl : getAclList()) {
        boolean result = objectStore.addAcl(obj, acl);
        String message = result ? ("ACL %s added successfully.%n") : ("ACL %s already exists.%n");
        out.printf(message, acl);
    }
}

16 Source : AclOption.java
with Apache License 2.0
from apache

public void removeFrom(OzoneObj obj, ObjectStore objectStore, PrintStream out) throws IOException {
    for (OzoneAcl acl : getAclList()) {
        boolean result = objectStore.removeAcl(obj, acl);
        String message = result ? ("ACL %s removed successfully.%n") : ("ACL %s doesn't exist.%n");
        out.printf(message, acl);
    }
}

16 Source : BucketManagerImpl.java
with Apache License 2.0
from apache

/**
 * Remove acl for Ozone object. Return true if acl is removed successfully
 * else false.
 *
 * @param obj Ozone object.
 * @param acl Ozone acl to be removed.
 * @throws IOException if there is error.
 */
@Override
public boolean removeAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
    Objects.requireNonNull(obj);
    Objects.requireNonNull(acl);
    if (!obj.getResourceType().equals(OzoneObj.ResourceType.BUCKET)) {
        throw new IllegalArgumentException("Unexpected argument preplaceded to " + "BucketManager. OzoneObj type:" + obj.getResourceType());
    }
    String volume = obj.getVolumeName();
    String bucket = obj.getBucketName();
    boolean removed = false;
    metadataManager.getLock().acquireWriteLock(BUCKET_LOCK, volume, bucket);
    try {
        String dbBucketKey = metadataManager.getBucketKey(volume, bucket);
        OmBucketInfo bucketInfo = metadataManager.getBucketTable().get(dbBucketKey);
        if (bucketInfo == null) {
            LOG.debug("Bucket:{}/{} does not exist", volume, bucket);
            throw new OMException("Bucket " + bucket + " is not found", BUCKET_NOT_FOUND);
        }
        removed = bucketInfo.removeAcl(acl);
        if (removed) {
            metadataManager.getBucketTable().put(dbBucketKey, bucketInfo);
        }
    } catch (IOException ex) {
        if (!(ex instanceof OMException)) {
            LOG.error("Remove acl operation failed for bucket:{}/{} acl:{}", volume, bucket, acl, ex);
        }
        throw ex;
    } finally {
        metadataManager.getLock().releaseWriteLock(BUCKET_LOCK, volume, bucket);
    }
    return removed;
}

16 Source : BucketManagerImpl.java
with Apache License 2.0
from apache

/**
 * Add acl for Ozone object. Return true if acl is added successfully else
 * false.
 *
 * @param obj Ozone object for which acl should be added.
 * @param acl ozone acl to be added.
 * @throws IOException if there is error.
 */
@Override
public boolean addAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
    Objects.requireNonNull(obj);
    Objects.requireNonNull(acl);
    if (!obj.getResourceType().equals(OzoneObj.ResourceType.BUCKET)) {
        throw new IllegalArgumentException("Unexpected argument preplaceded to " + "BucketManager. OzoneObj type:" + obj.getResourceType());
    }
    String volume = obj.getVolumeName();
    String bucket = obj.getBucketName();
    boolean changed = false;
    metadataManager.getLock().acquireWriteLock(BUCKET_LOCK, volume, bucket);
    try {
        String dbBucketKey = metadataManager.getBucketKey(volume, bucket);
        OmBucketInfo bucketInfo = metadataManager.getBucketTable().get(dbBucketKey);
        if (bucketInfo == null) {
            LOG.debug("Bucket:{}/{} does not exist", volume, bucket);
            throw new OMException("Bucket " + bucket + " is not found", BUCKET_NOT_FOUND);
        }
        changed = bucketInfo.addAcl(acl);
        if (changed) {
            metadataManager.getBucketTable().put(dbBucketKey, bucketInfo);
        }
    } catch (IOException ex) {
        if (!(ex instanceof OMException)) {
            LOG.error("Add acl operation failed for bucket:{}/{} acl:{}", volume, bucket, acl, ex);
        }
        throw ex;
    } finally {
        metadataManager.getLock().releaseWriteLock(BUCKET_LOCK, volume, bucket);
    }
    return changed;
}

16 Source : TestOzoneAclUtil.java
with Apache License 2.0
from apache

private boolean verifyAclRemoved(List<OzoneAcl> acls, OzoneAcl removedAcl) {
    for (OzoneAcl acl : acls) {
        if (acl.getName().equals(removedAcl.getName()) && acl.getType().equals(removedAcl.getType()) && acl.getAclScope().equals(removedAcl.getAclScope())) {
            BitSet temp = (BitSet) acl.getAclBitSet().clone();
            temp.and(removedAcl.getAclBitSet());
            return !temp.equals(removedAcl.getAclBitSet());
        }
    }
    return true;
}

16 Source : OzoneAclUtil.java
with Apache License 2.0
from apache

/**
 * Check if acl right requested for given RequestContext exist
 * in provided acl list.
 * Acl validation rules:
 * 1. If user/group has ALL bit set than all user should have all rights.
 * 2. If user/group has NONE bit set than user/group will not have any right.
 * 3. For all other individual rights individual bits should be set.
 *
 * @param acls
 * @param context
 * @return return true if acl list contains right requsted in context.
 */
public static boolean checkAclRights(List<OzoneAcl> acls, RequestContext context) throws OMException {
    String[] userGroups = context.getClientUgi().getGroupNames();
    String userName = context.getClientUgi().getUserName();
    ACLType aclToCheck = context.getAclRights();
    for (OzoneAcl acl : acls) {
        if (checkAccessInAcl(acl, userGroups, userName, aclToCheck)) {
            return true;
        }
    }
    return false;
}

16 Source : OzoneAclUtil.java
with Apache License 2.0
from apache

/**
 * Check if acl right requested for given RequestContext exist
 * in provided acl list.
 * Acl validation rules:
 * 1. If user/group has ALL bit set than all user should have all rights.
 * 2. If user/group has NONE bit set than user/group will not have any right.
 * 3. For all other individual rights individual bits should be set.
 *
 * @param acls
 * @param context
 * @return return true if acl list contains right requsted in context.
 */
public static boolean checkAclRight(List<OzoneAcl> acls, RequestContext context) throws OMException {
    String[] userGroups = context.getClientUgi().getGroupNames();
    String userName = context.getClientUgi().getUserName();
    ACLType aclToCheck = context.getAclRights();
    for (OzoneAcl a : acls) {
        if (checkAccessInAcl(a, userGroups, userName, aclToCheck)) {
            return true;
        }
    }
    return false;
}

16 Source : OzoneAclUtil.java
with Apache License 2.0
from apache

private static boolean checkAccessInAcl(OzoneAcl a, String[] groups, String username, ACLType aclToCheck) {
    BitSet rights = a.getAclBitSet();
    switch(a.getType()) {
        case USER:
            if (a.getName().equals(username)) {
                return checkIfAclBitIsSet(aclToCheck, rights);
            }
            break;
        case GROUP:
            for (String grp : groups) {
                if (a.getName().equals(grp)) {
                    return checkIfAclBitIsSet(aclToCheck, rights);
                }
            }
            break;
        default:
            return checkIfAclBitIsSet(aclToCheck, rights);
    }
    return false;
}

16 Source : OmOzoneAclMap.java
with Apache License 2.0
from apache

// Add a new acl to the map
public void addAcl(OzoneAcl acl) throws OMException {
    Objects.requireNonNull(acl, "Acl should not be null.");
    OzoneAclType aclType = OzoneAclType.valueOf(acl.getType().name());
    if (acl.getAclScope().equals(OzoneAcl.AclScope.DEFAULT)) {
        addDefaultAcl(acl);
        return;
    }
    if (!getAccessAclMap(aclType).containsKey(acl.getName())) {
        getAccessAclMap(aclType).put(acl.getName(), acl.getAclBitSet());
    } else {
        BitSet curBitSet = getAccessAclMap(aclType).get(acl.getName());
        BitSet bitSet = checkAndGet(acl, curBitSet);
        getAccessAclMap(aclType).replace(acl.getName(), bitSet);
    }
}

16 Source : OmOzoneAclMap.java
with Apache License 2.0
from apache

private void addDefaultAcl(OzoneAcl acl) throws OMException {
    OzoneAclInfo ozoneAclInfo = OzoneAcl.toProtobuf(acl);
    if (defaultAclList.contains(ozoneAclInfo)) {
        aclExistsError(acl);
    } else {
        for (int i = 0; i < defaultAclList.size(); i++) {
            OzoneAclInfo old = defaultAclList.get(i);
            if (old.getType() == ozoneAclInfo.getType() && old.getName().equals(ozoneAclInfo.getName())) {
                BitSet curBitSet = BitSet.valueOf(old.getRights().toByteArray());
                BitSet bitSet = checkAndGet(acl, curBitSet);
                ozoneAclInfo = OzoneAclInfo.newBuilder(ozoneAclInfo).setRights(ByteString.copyFrom(bitSet.toByteArray())).build();
                defaultAclList.remove(i);
                defaultAclList.add(ozoneAclInfo);
                return;
            }
        }
    }
    defaultAclList.add(ozoneAclInfo);
}

16 Source : OmOzoneAclMap.java
with Apache License 2.0
from apache

// Add a new acl to the map
public void setAcls(List<OzoneAcl> acls) throws OMException {
    Objects.requireNonNull(acls, "Acls should not be null.");
    // Remove all Acls.
    for (OzoneAclType type : OzoneAclType.values()) {
        accessAclMap.get(type.ordinal()).clear();
    }
    // Add acls.
    for (OzoneAcl acl : acls) {
        addAcl(acl);
    }
}

15 Source : PrefixManagerImpl.java
with Apache License 2.0
from apache

/**
 * Remove acl for Ozone object. Return true if acl is removed successfully
 * else false.
 *
 * @param obj Ozone object.
 * @param acl Ozone acl to be removed.
 * @throws IOException if there is error.
 */
@Override
public boolean removeAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
    validateOzoneObj(obj);
    String prefixPath = obj.getPath();
    metadataManager.getLock().acquireWriteLock(PREFIX_LOCK, prefixPath);
    try {
        OmPrefixInfo prefixInfo = metadataManager.getPrefixTable().get(prefixPath);
        OMPrefixAclOpResult omPrefixAclOpResult = removeAcl(obj, acl, prefixInfo);
        if (!omPrefixAclOpResult.isSuccess()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("acl {} does not exist for prefix path {} ", acl, prefixPath);
            }
            return false;
        }
        return omPrefixAclOpResult.isSuccess();
    } catch (IOException ex) {
        if (!(ex instanceof OMException)) {
            LOG.error("Remove prefix acl operation failed for prefix path:{}" + " acl:{}", prefixPath, acl, ex);
        }
        throw ex;
    } finally {
        metadataManager.getLock().releaseWriteLock(PREFIX_LOCK, prefixPath);
    }
}

15 Source : TestInstanceHelper.java
with Apache License 2.0
from apache

public static OzoneManagerStorageProtos.OzoneAclInfo buildTestOzoneAclInfo(String aclString) {
    OzoneAcl oacl = OzoneAcl.parseAcl(aclString);
    ByteString rights = ByteString.copyFrom(oacl.getAclBitSet().toByteArray());
    return OzoneManagerStorageProtos.OzoneAclInfo.newBuilder().setType(OzoneManagerStorageProtos.OzoneAclInfo.OzoneAclType.USER).setName(oacl.getName()).setRights(rights).setAclScope(OzoneManagerStorageProtos.OzoneAclInfo.OzoneAclScope.ACCESS).build();
}

15 Source : TestOzoneManagerHAWithACL.java
with Apache License 2.0
from apache

private boolean compareAcls(OzoneAcl givenAcl, OzoneAcl existingAcl) {
    if (givenAcl.getType().equals(existingAcl.getType()) && givenAcl.getName().equals(existingAcl.getName()) && givenAcl.getAclScope().equals(existingAcl.getAclScope())) {
        BitSet bitSet = (BitSet) givenAcl.getAclBitSet().clone();
        bitSet.and(existingAcl.getAclBitSet());
        if (bitSet.equals(existingAcl.getAclBitSet())) {
            return true;
        }
    }
    return false;
}

15 Source : TestOzoneAclUtil.java
with Apache License 2.0
from apache

@Test
public void testAddAcl() throws IOException {
    List<OzoneAcl> currentAcls = getDefaultAcls();
    replacedertTrue(currentAcls.size() > 0);
    // Add new permission to existing acl entry.
    OzoneAcl oldAcl = currentAcls.get(0);
    OzoneAcl newAcl = new OzoneAcl(oldAcl.getType(), oldAcl.getName(), ACLType.READ_ACL, ACCESS);
    addAndVerifyAcl(currentAcls, newAcl, true, DEFAULT_ACLS.size());
    // Add same permission again and verify result
    addAndVerifyAcl(currentAcls, newAcl, false, DEFAULT_ACLS.size());
    // Add a new user acl entry.
    addAndVerifyAcl(currentAcls, USER1, true, DEFAULT_ACLS.size() + 1);
    // Add same acl entry again and verify result
    addAndVerifyAcl(currentAcls, USER1, false, DEFAULT_ACLS.size() + 1);
    // Add a new group acl entry.
    addAndVerifyAcl(currentAcls, GROUP1, true, DEFAULT_ACLS.size() + 2);
    // Add same acl entry again and verify result
    addAndVerifyAcl(currentAcls, GROUP1, false, DEFAULT_ACLS.size() + 2);
}

See More Examples