Here are the examples of the java api org.apache.hadoop.ozone.OzoneAcl taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.
95 Examples
19
Source : TestOMRequestUtils.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
// Create OMRequest for testing adding acl of bucket.
public static OMRequest createBucketAddAclRequest(String volumeName, String bucketName, OzoneAcl acl) {
AddAclRequest.Builder addAclRequestBuilder = AddAclRequest.newBuilder();
addAclRequestBuilder.setObj(OzoneObj.toProtobuf(new OzoneObjInfo.Builder().setVolumeName(volumeName).setBucketName(bucketName).setResType(ResourceType.BUCKET).setStoreType(StoreType.OZONE).build()));
if (acl != null) {
addAclRequestBuilder.setAcl(OzoneAcl.toProtobuf(acl));
}
return OMRequest.newBuilder().setClientId(UUID.randomUUID().toString()).setCmdType(OzoneManagerProtocolProtos.Type.AddAcl).setAddAclRequest(addAclRequestBuilder.build()).build();
}
19
Source : TestOMRequestUtils.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
// Create OMRequest for testing removing acl of bucket.
public static OMRequest createBucketRemoveAclRequest(String volumeName, String bucketName, OzoneAcl acl) {
RemoveAclRequest.Builder removeAclRequestBuilder = RemoveAclRequest.newBuilder();
removeAclRequestBuilder.setObj(OzoneObj.toProtobuf(new OzoneObjInfo.Builder().setVolumeName(volumeName).setBucketName(bucketName).setResType(ResourceType.BUCKET).setStoreType(StoreType.OZONE).build()));
if (acl != null) {
removeAclRequestBuilder.setAcl(OzoneAcl.toProtobuf(acl));
}
return OMRequest.newBuilder().setClientId(UUID.randomUUID().toString()).setCmdType(OzoneManagerProtocolProtos.Type.RemoveAcl).setRemoveAclRequest(removeAclRequestBuilder.build()).build();
}
19
Source : OmPrefixInfo.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
public boolean addAcl(OzoneAcl acl) {
return OzoneAclUtil.addAcl(acls, acl);
}
19
Source : OmPrefixInfo.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
public boolean removeAcl(OzoneAcl acl) {
return OzoneAclUtil.removeAcl(acls, acl);
}
19
Source : TestOzoneManagerHAWithACL.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
private boolean containsAcl(OzoneAcl ozoneAcl, List<OzoneAcl> ozoneAcls) {
for (OzoneAcl acl : ozoneAcls) {
boolean result = compareAcls(ozoneAcl, acl);
if (result) {
// We found a match, return.
return result;
}
}
return false;
}
19
Source : TestOzoneAclUtil.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
private void removeAndVerifyAcl(List<OzoneAcl> currentAcls, OzoneAcl removedAcl, boolean expectedResult, int expectedSize) {
replacedertEquals(expectedResult, OzoneAclUtil.removeAcl(currentAcls, removedAcl));
if (currentAcls != null) {
boolean verified = verifyAclRemoved(currentAcls, removedAcl);
replacedertTrue("removedAcl: " + removedAcl + " should not exist in the" + " current acls: " + currentAcls, verified);
replacedertEquals(expectedSize, currentAcls.size());
}
}
19
Source : TestOzoneAclUtil.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
private void addAndVerifyAcl(List<OzoneAcl> currentAcls, OzoneAcl addedAcl, boolean expectedResult, int expectedSize) {
replacedertEquals(expectedResult, OzoneAclUtil.addAcl(currentAcls, addedAcl));
if (currentAcls != null) {
boolean verified = verifyAclAdded(currentAcls, addedAcl);
replacedertTrue("addedAcl: " + addedAcl + " should exist in the" + " current acls: " + currentAcls, verified);
replacedertEquals(expectedSize, currentAcls.size());
}
}
19
Source : OmVolumeArgs.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
public void removeAcl(OzoneAcl acl) throws OMException {
this.aclMap.removeAcl(acl);
}
19
Source : OmVolumeArgs.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
public void addAcl(OzoneAcl acl) throws OMException {
this.aclMap.addAcl(acl);
}
19
Source : OmOzoneAclMap.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
private void aclExistsError(OzoneAcl acl) throws OMException {
// throw exception if acl is already added.
throw new OMException("Acl " + acl + " already exist.", INVALID_REQUEST);
}
19
Source : OmBucketInfo.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Remove acl from existing acl list.
* @param ozoneAcl
* @return true - if successfully removed, false if not able to remove due
* to that acl is not in the existing acl list.
*/
public boolean removeAcl(OzoneAcl ozoneAcl) {
return OzoneAclUtil.removeAcl(acls, ozoneAcl);
}
19
Source : OmBucketInfo.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Add an ozoneAcl to list of existing Acl set.
* @param ozoneAcl
* @return true - if successfully added, false if not added or acl is
* already existing in the acl list.
*/
public boolean addAcl(OzoneAcl ozoneAcl) {
return OzoneAclUtil.addAcl(acls, ozoneAcl);
}
18
Source : AclOption.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Defines command-line option for specifying one or more ACLs.
*/
public clreplaced AclOption implements CommandLine.ITypeConverter<OzoneAcl> {
@CommandLine.Option(names = { "--acls", "--acl", "-al", "-a" }, split = ",", required = true, converter = AclOption.clreplaced, description = "Comma separated ACL list:\n" + "Example: user:user2:a OR user:user1:rw,group:hadoop:a\n" + "r = READ, " + "w = WRITE, " + "c = CREATE, " + "d = DELETE, " + "l = LIST, " + "a = ALL, " + "n = NONE, " + "x = READ_ACL, " + "y = WRITE_ACL.")
private OzoneAcl[] values;
private List<OzoneAcl> getAclList() {
return ImmutableList.copyOf(values);
}
public void addTo(OzoneObj obj, ObjectStore objectStore, PrintStream out) throws IOException {
for (OzoneAcl acl : getAclList()) {
boolean result = objectStore.addAcl(obj, acl);
String message = result ? ("ACL %s added successfully.%n") : ("ACL %s already exists.%n");
out.printf(message, acl);
}
}
public void removeFrom(OzoneObj obj, ObjectStore objectStore, PrintStream out) throws IOException {
for (OzoneAcl acl : getAclList()) {
boolean result = objectStore.removeAcl(obj, acl);
String message = result ? ("ACL %s removed successfully.%n") : ("ACL %s doesn't exist.%n");
out.printf(message, acl);
}
}
public void setOn(OzoneObj obj, ObjectStore objectStore, PrintStream out) throws IOException {
objectStore.setAcl(obj, getAclList());
out.println("ACLs set successfully.");
}
@Override
public OzoneAcl convert(String value) {
return OzoneAcl.parseAcl(value);
}
}
18
Source : TestOzoneNativeAuthorizer.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
@Test
public void testCheckAccessForPrefix() throws Exception {
prefixObj = new OzoneObjInfo.Builder().setVolumeName(vol).setBucketName(buck).setPrefixName(prefix).setResType(PREFIX).setStoreType(OZONE).build();
OzoneAcl userAcl = new OzoneAcl(USER, testUgi.getUserName(), parentDirUserAcl, ACCESS);
OzoneAcl groupAcl = new OzoneAcl(GROUP, testUgi.getGroups().size() > 0 ? testUgi.getGroups().get(0) : "", parentDirGroupAcl, ACCESS);
// Set access for volume & bucket. We should directly add to table
// because old API's update to DB.
setVolumeAcl(Arrays.asList(userAcl, groupAcl));
setBucketAcl(Arrays.asList(userAcl, groupAcl));
resetAclsAndValidateAccess(prefixObj, USER, prefixManager);
resetAclsAndValidateAccess(prefixObj, GROUP, prefixManager);
resetAclsAndValidateAccess(prefixObj, WORLD, prefixManager);
resetAclsAndValidateAccess(prefixObj, ANONYMOUS, prefixManager);
}
18
Source : TestOzoneNativeAuthorizer.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
@Test
public void testCheckAccessForKey() throws Exception {
OzoneAcl userAcl = new OzoneAcl(USER, testUgi.getUserName(), parentDirUserAcl, ACCESS);
OzoneAcl groupAcl = new OzoneAcl(GROUP, testUgi.getGroups().size() > 0 ? testUgi.getGroups().get(0) : "", parentDirGroupAcl, ACCESS);
// Set access for volume & bucket. We should directly add to table
// because old API's update to DB.
setVolumeAcl(Arrays.asList(userAcl, groupAcl));
setBucketAcl(Arrays.asList(userAcl, groupAcl));
resetAclsAndValidateAccess(keyObj, USER, keyManager);
resetAclsAndValidateAccess(keyObj, GROUP, keyManager);
resetAclsAndValidateAccess(keyObj, WORLD, keyManager);
resetAclsAndValidateAccess(keyObj, ANONYMOUS, keyManager);
}
18
Source : TestOzoneNativeAuthorizer.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
private void addBucketAcl(OzoneAcl ozoneAcl) throws IOException {
String bucketKey = metadataManager.getBucketKey(vol, buck);
OmBucketInfo omBucketInfo = metadataManager.getBucketTable().get(bucketKey);
omBucketInfo.addAcl(ozoneAcl);
metadataManager.getBucketTable().addCacheEntry(new CacheKey<>(bucketKey), new CacheValue<>(Optional.of(omBucketInfo), 1L));
}
18
Source : TestOzoneNativeAuthorizer.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
@Test
public void testCheckAccessForBucket() throws Exception {
OzoneAcl userAcl = new OzoneAcl(USER, testUgi.getUserName(), parentDirUserAcl, ACCESS);
OzoneAcl groupAcl = new OzoneAcl(GROUP, testUgi.getGroups().size() > 0 ? testUgi.getGroups().get(0) : "", parentDirGroupAcl, ACCESS);
// Set access for volume.
// We should directly add to table because old API's update to DB.
setVolumeAcl(Arrays.asList(userAcl, groupAcl));
resetAclsAndValidateAccess(buckObj, USER, bucketManager);
resetAclsAndValidateAccess(buckObj, GROUP, bucketManager);
resetAclsAndValidateAccess(buckObj, WORLD, bucketManager);
resetAclsAndValidateAccess(buckObj, ANONYMOUS, bucketManager);
}
18
Source : TestOMRequestUtils.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
public static OMRequest createVolumeRemoveAclRequest(String volumeName, OzoneAcl acl) {
RemoveAclRequest.Builder removeAclRequestBuilder = RemoveAclRequest.newBuilder();
removeAclRequestBuilder.setObj(OzoneObj.toProtobuf(new OzoneObjInfo.Builder().setVolumeName(volumeName).setResType(ResourceType.VOLUME).setStoreType(StoreType.OZONE).build()));
if (acl != null) {
removeAclRequestBuilder.setAcl(OzoneAcl.toProtobuf(acl));
}
return OMRequest.newBuilder().setClientId(UUID.randomUUID().toString()).setCmdType(OzoneManagerProtocolProtos.Type.RemoveAcl).setRemoveAclRequest(removeAclRequestBuilder.build()).build();
}
18
Source : TestOMRequestUtils.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
public static OMRequest createVolumeAddAclRequest(String volumeName, OzoneAcl acl) {
AddAclRequest.Builder addAclRequestBuilder = AddAclRequest.newBuilder();
addAclRequestBuilder.setObj(OzoneObj.toProtobuf(new OzoneObjInfo.Builder().setVolumeName(volumeName).setResType(ResourceType.VOLUME).setStoreType(StoreType.OZONE).build()));
if (acl != null) {
addAclRequestBuilder.setAcl(OzoneAcl.toProtobuf(acl));
}
return OMRequest.newBuilder().setClientId(UUID.randomUUID().toString()).setCmdType(OzoneManagerProtocolProtos.Type.AddAcl).setAddAclRequest(addAclRequestBuilder.build()).build();
}
18
Source : TestOMKeyAclRequest.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
private OMRequest createRemoveAclKeyRequest(OzoneAcl acl) {
OzoneObj obj = OzoneObjInfo.Builder.newBuilder().setBucketName(bucketName).setVolumeName(volumeName).setKeyName(keyName).setResType(OzoneObj.ResourceType.KEY).setStoreType(OzoneObj.StoreType.OZONE).build();
RemoveAclRequest removeAclRequest = RemoveAclRequest.newBuilder().setObj(OzoneObj.toProtobuf(obj)).setAcl(OzoneAcl.toProtobuf(acl)).build();
return OMRequest.newBuilder().setClientId(UUID.randomUUID().toString()).setCmdType(OzoneManagerProtocolProtos.Type.RemoveAcl).setRemoveAclRequest(removeAclRequest).build();
}
18
Source : PrefixManagerImpl.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
public OMPrefixAclOpResult removeAcl(OzoneObj ozoneObj, OzoneAcl ozoneAcl, OmPrefixInfo prefixInfo) throws IOException {
boolean removed = false;
if (prefixInfo != null) {
removed = prefixInfo.removeAcl(ozoneAcl);
}
// Nothing is matching to remove.
if (removed) {
// Update in-memory prefix tree.
if (prefixInfo.getAcls().isEmpty()) {
prefixTree.removePrefixPath(ozoneObj.getPath());
if (!isRatisEnabled) {
metadataManager.getPrefixTable().delete(ozoneObj.getPath());
}
} else {
prefixTree.insert(ozoneObj.getPath(), prefixInfo);
if (!isRatisEnabled) {
metadataManager.getPrefixTable().put(ozoneObj.getPath(), prefixInfo);
}
}
}
return new OMPrefixAclOpResult(prefixInfo, removed);
}
18
Source : PrefixManagerImpl.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
public OMPrefixAclOpResult addAcl(OzoneObj ozoneObj, OzoneAcl ozoneAcl, OmPrefixInfo prefixInfo, long transactionLogIndex) throws IOException {
if (prefixInfo == null) {
OmPrefixInfo.Builder prefixInfoBuilder = new OmPrefixInfo.Builder().setName(ozoneObj.getPath());
if (transactionLogIndex > 0) {
prefixInfoBuilder.setObjectID(OmUtils.getObjectIdFromTxId(metadataManager.getOmEpoch(), transactionLogIndex));
prefixInfoBuilder.setUpdateID(transactionLogIndex);
}
prefixInfo = prefixInfoBuilder.build();
}
boolean changed = prefixInfo.addAcl(ozoneAcl);
if (changed) {
// update the in-memory prefix tree
prefixTree.insert(ozoneObj.getPath(), prefixInfo);
if (!isRatisEnabled) {
metadataManager.getPrefixTable().put(ozoneObj.getPath(), prefixInfo);
}
}
return new OMPrefixAclOpResult(prefixInfo, changed);
}
18
Source : OzoneAclStorageUtil.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Convert a list of OzoneAcl(java) to list of OzoneAclInfo(protoc).
* @param protoAcls
* @return list of OzoneAclInfo.
*/
public static List<OzoneAclInfo> toProtobuf(List<OzoneAcl> protoAcls) {
List<OzoneAclInfo> ozoneAclInfos = new ArrayList<>();
for (OzoneAcl acl : protoAcls) {
ozoneAclInfos.add(OzoneAclStorage.toProtobuf(acl));
}
return ozoneAclInfos;
}
18
Source : TestOzoneAclUtil.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Test for OzoneAcls utility clreplaced.
*/
public clreplaced TestOzoneAclUtil {
private static final List<OzoneAcl> DEFAULT_ACLS = getDefaultAcls();
private static final OzoneAcl USER1 = new OzoneAcl(USER, "user1", ACLType.READ_ACL, ACCESS);
private static final OzoneAcl USER2 = new OzoneAcl(USER, "user2", ACLType.WRITE, ACCESS);
private static final OzoneAcl GROUP1 = new OzoneAcl(GROUP, "group1", ACLType.ALL, ACCESS);
@Test
public void testAddAcl() throws IOException {
List<OzoneAcl> currentAcls = getDefaultAcls();
replacedertTrue(currentAcls.size() > 0);
// Add new permission to existing acl entry.
OzoneAcl oldAcl = currentAcls.get(0);
OzoneAcl newAcl = new OzoneAcl(oldAcl.getType(), oldAcl.getName(), ACLType.READ_ACL, ACCESS);
addAndVerifyAcl(currentAcls, newAcl, true, DEFAULT_ACLS.size());
// Add same permission again and verify result
addAndVerifyAcl(currentAcls, newAcl, false, DEFAULT_ACLS.size());
// Add a new user acl entry.
addAndVerifyAcl(currentAcls, USER1, true, DEFAULT_ACLS.size() + 1);
// Add same acl entry again and verify result
addAndVerifyAcl(currentAcls, USER1, false, DEFAULT_ACLS.size() + 1);
// Add a new group acl entry.
addAndVerifyAcl(currentAcls, GROUP1, true, DEFAULT_ACLS.size() + 2);
// Add same acl entry again and verify result
addAndVerifyAcl(currentAcls, GROUP1, false, DEFAULT_ACLS.size() + 2);
}
@Test
public void testRemoveAcl() {
List<OzoneAcl> currentAcls = null;
// add/remove to/from null OzoneAcls
removeAndVerifyAcl(currentAcls, USER1, false, 0);
addAndVerifyAcl(currentAcls, USER1, false, 0);
removeAndVerifyAcl(currentAcls, USER1, false, 0);
currentAcls = getDefaultAcls();
replacedertTrue(currentAcls.size() > 0);
// Add new permission to existing acl entru.
OzoneAcl oldAcl = currentAcls.get(0);
OzoneAcl newAcl = new OzoneAcl(oldAcl.getType(), oldAcl.getName(), ACLType.READ_ACL, ACCESS);
// Remove non existing acl entry
removeAndVerifyAcl(currentAcls, USER1, false, DEFAULT_ACLS.size());
// Remove non existing acl permission
removeAndVerifyAcl(currentAcls, newAcl, false, DEFAULT_ACLS.size());
// Add new permission to existing acl entry.
addAndVerifyAcl(currentAcls, newAcl, true, DEFAULT_ACLS.size());
// Remove the new permission added.
removeAndVerifyAcl(currentAcls, newAcl, true, DEFAULT_ACLS.size());
removeAndVerifyAcl(currentAcls, oldAcl, true, DEFAULT_ACLS.size() - 1);
}
private void addAndVerifyAcl(List<OzoneAcl> currentAcls, OzoneAcl addedAcl, boolean expectedResult, int expectedSize) {
replacedertEquals(expectedResult, OzoneAclUtil.addAcl(currentAcls, addedAcl));
if (currentAcls != null) {
boolean verified = verifyAclAdded(currentAcls, addedAcl);
replacedertTrue("addedAcl: " + addedAcl + " should exist in the" + " current acls: " + currentAcls, verified);
replacedertEquals(expectedSize, currentAcls.size());
}
}
private void removeAndVerifyAcl(List<OzoneAcl> currentAcls, OzoneAcl removedAcl, boolean expectedResult, int expectedSize) {
replacedertEquals(expectedResult, OzoneAclUtil.removeAcl(currentAcls, removedAcl));
if (currentAcls != null) {
boolean verified = verifyAclRemoved(currentAcls, removedAcl);
replacedertTrue("removedAcl: " + removedAcl + " should not exist in the" + " current acls: " + currentAcls, verified);
replacedertEquals(expectedSize, currentAcls.size());
}
}
private boolean verifyAclRemoved(List<OzoneAcl> acls, OzoneAcl removedAcl) {
for (OzoneAcl acl : acls) {
if (acl.getName().equals(removedAcl.getName()) && acl.getType().equals(removedAcl.getType()) && acl.getAclScope().equals(removedAcl.getAclScope())) {
BitSet temp = (BitSet) acl.getAclBitSet().clone();
temp.and(removedAcl.getAclBitSet());
return !temp.equals(removedAcl.getAclBitSet());
}
}
return true;
}
private boolean verifyAclAdded(List<OzoneAcl> acls, OzoneAcl newAcl) {
for (OzoneAcl acl : acls) {
if (acl.getName().equals(newAcl.getName()) && acl.getType().equals(newAcl.getType()) && acl.getAclScope().equals(newAcl.getAclScope())) {
BitSet temp = (BitSet) acl.getAclBitSet().clone();
temp.and(newAcl.getAclBitSet());
return temp.equals(newAcl.getAclBitSet());
}
}
return false;
}
/**
* Helper function to get default acl list for current user.
*
* @return list of ozoneAcls.
* @throws IOException
*/
private static List<OzoneAcl> getDefaultAcls() {
List<OzoneAcl> ozoneAcls = new ArrayList<>();
// User ACL
UserGroupInformation ugi;
try {
ugi = UserGroupInformation.getCurrentUser();
} catch (IOException ioe) {
ugi = UserGroupInformation.createRemoteUser("user0");
}
OzoneAclConfig aclConfig = newInstanceOf(OzoneAclConfig.clreplaced);
IAccessAuthorizer.ACLType userRights = aclConfig.getUserDefaultRights();
IAccessAuthorizer.ACLType groupRights = aclConfig.getGroupDefaultRights();
OzoneAclUtil.addAcl(ozoneAcls, new OzoneAcl(USER, ugi.getUserName(), userRights, ACCESS));
// Group ACLs of the User
List<String> userGroups = Arrays.asList(ugi.getGroupNames());
userGroups.stream().forEach((group) -> OzoneAclUtil.addAcl(ozoneAcls, new OzoneAcl(GROUP, group, groupRights, ACCESS)));
return ozoneAcls;
}
}
18
Source : OzoneBucket.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Builder for OmBucketInfo.
* /**
* Adds ACLs to the Bucket.
* @param addAcl ACL to be added
* @return true - if acl is successfully added, false if acl already exists
* for the bucket.
* @throws IOException
*/
public boolean addAcls(OzoneAcl addAcl) throws IOException {
return proxy.addAcl(ozoneObj, addAcl);
}
18
Source : OzoneBucket.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Removes ACLs from the bucket.
* @return true - if acl is successfully removed, false if acl to be
* removed does not exist for the bucket.
* @throws IOException
*/
public boolean removeAcls(OzoneAcl removeAcl) throws IOException {
return proxy.removeAcl(ozoneObj, removeAcl);
}
17
Source : TestOzoneNativeAuthorizer.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
private void addVolumeAcl(OzoneAcl ozoneAcl) throws IOException {
String volumeKey = metadataManager.getVolumeKey(volObj.getVolumeName());
OmVolumeArgs omVolumeArgs = metadataManager.getVolumeTable().get(volumeKey);
omVolumeArgs.addAcl(ozoneAcl);
metadataManager.getVolumeTable().addCacheEntry(new CacheKey<>(volumeKey), new CacheValue<>(Optional.of(omVolumeArgs), 1L));
}
17
Source : TestOzoneNativeAuthorizer.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
private void resetAclsAndValidateAccess(OzoneObj obj, ACLIdenreplacedyType accessType, IOzoneAcl aclImplementor) throws IOException {
List<OzoneAcl> acls;
String user = testUgi.getUserName();
String group = (testUgi.getGroups().size() > 0) ? testUgi.getGroups().get(0) : "";
RequestContext.Builder builder = new RequestContext.Builder().setClientUgi(testUgi).setAclType(accessType);
// Get all acls.
List<ACLType> allAcls = Arrays.stream(ACLType.values()).collect(Collectors.toList());
/**
* 1. Reset default acls to an acl.
* 2. Test if user/group has access only to it.
* 3. Add remaining acls one by one and then test
* if user/group has access to them.
*/
for (ACLType a1 : allAcls) {
OzoneAcl newAcl = new OzoneAcl(accessType, getAclName(accessType), a1, ACCESS);
// Reset acls to only one right.
if (obj.getResourceType() == VOLUME) {
setVolumeAcl(Collections.singletonList(newAcl));
} else if (obj.getResourceType() == BUCKET) {
setBucketAcl(Collections.singletonList(newAcl));
} else {
aclImplementor.setAcl(obj, Collections.singletonList(newAcl));
}
// Fetch current acls and validate.
acls = aclImplementor.getAcl(obj);
replacedertTrue(acls.size() == 1);
replacedertTrue(acls.contains(newAcl));
// Special handling for ALL.
if (a1.equals(ALL)) {
validateAll(obj, builder);
continue;
}
// Special handling for NONE.
if (a1.equals(NONE)) {
validateNone(obj, builder);
continue;
}
String msg = "Acl to check:" + a1 + " accessType:" + accessType + " path:" + obj.getPath();
if (a1.equals(CREATE) && obj.getResourceType().equals(VOLUME)) {
replacedertEquals(msg, nativeAuthorizer.getOzoneAdmins().contains(user), nativeAuthorizer.checkAccess(obj, builder.setAclRights(a1).build()));
} else {
replacedertEquals(msg, expectedAclResult, nativeAuthorizer.checkAccess(obj, builder.setAclRights(a1).build()));
}
List<ACLType> aclsToBeValidated = Arrays.stream(ACLType.values()).collect(Collectors.toList());
List<ACLType> aclsToBeAdded = Arrays.stream(ACLType.values()).collect(Collectors.toList());
aclsToBeValidated.remove(NONE);
// Do not validate "WRITE" since write acl type requires object to be
// present in OpenKeyTable.
aclsToBeValidated.remove(WRITE);
aclsToBeValidated.remove(a1);
aclsToBeAdded.remove(NONE);
aclsToBeAdded.remove(ALL);
// AclType "CREATE" is skipped from access check on objects
// since the object will not exist during access check.
aclsToBeAdded.remove(CREATE);
// AclType "WRITE" is removed from being tested here,
// because object must always be present in OpenKeyTable for write
// acl requests. But, here the objects are already committed
// and will move to keyTable.
aclsToBeAdded.remove(WRITE);
// Fetch acls again.
for (ACLType a2 : aclsToBeAdded) {
if (!a2.equals(a1)) {
acls = aclImplementor.getAcl(obj);
List right = acls.stream().map(a -> a.getAclList()).collect(Collectors.toList());
replacedertFalse("Did not expect client to have " + a2 + " acl. " + "Current acls found:" + right + ". Type:" + accessType + "," + " name:" + (accessType == USER ? user : group), nativeAuthorizer.checkAccess(obj, builder.setAclRights(a2).build()));
// Randomize next type.
int type = RandomUtils.nextInt(0, 3);
ACLIdenreplacedyType idenreplacedyType = ACLIdenreplacedyType.values()[type];
// Add remaining acls one by one and then check access.
OzoneAcl addAcl = new OzoneAcl(idenreplacedyType, getAclName(idenreplacedyType), a2, ACCESS);
// For volume and bucket update to cache. As Old API's update to
// only DB not cache.
if (obj.getResourceType() == VOLUME) {
addVolumeAcl(addAcl);
} else if (obj.getResourceType() == BUCKET) {
addBucketAcl(addAcl);
} else {
aclImplementor.addAcl(obj, addAcl);
}
// Fetch acls again.
acls = aclImplementor.getAcl(obj);
boolean a2AclFound = false;
boolean a1AclFound = false;
for (OzoneAcl acl : acls) {
if (acl.getAclList().contains(a2)) {
a2AclFound = true;
}
if (acl.getAclList().contains(a1)) {
a1AclFound = true;
}
}
replacedertTrue("Current acls :" + acls + ". " + "Type:" + accessType + ", name:" + (accessType == USER ? user : group) + " acl:" + a2, a2AclFound);
replacedertTrue("Expected client to have " + a1 + " acl. Current acls " + "found:" + acls + ". Type:" + accessType + ", name:" + (accessType == USER ? user : group), a1AclFound);
replacedertEquals("Current acls " + acls + ". Expect acl:" + a2 + " to be set? " + expectedAclResult + " accessType:" + accessType, expectedAclResult, nativeAuthorizer.checkAccess(obj, builder.setAclRights(a2).build()));
aclsToBeValidated.remove(a2);
for (ACLType a3 : aclsToBeValidated) {
if (!a3.equals(a1) && !a3.equals(a2) && !a3.equals(CREATE)) {
replacedertFalse("User shouldn't have right " + a3 + ". " + "Current acl rights for user:" + a1 + "," + a2, nativeAuthorizer.checkAccess(obj, builder.setAclRights(a3).build()));
}
}
}
}
}
}
17
Source : TestOMKeyAclRequest.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
private OMRequest createSetAclKeyRequest(OzoneAcl acl) {
OzoneObj obj = OzoneObjInfo.Builder.newBuilder().setBucketName(bucketName).setVolumeName(volumeName).setKeyName(keyName).setResType(OzoneObj.ResourceType.KEY).setStoreType(OzoneObj.StoreType.OZONE).build();
SetAclRequest setAclRequest = SetAclRequest.newBuilder().setObj(OzoneObj.toProtobuf(obj)).addAcl(OzoneAcl.toProtobuf(acl)).build();
return OMRequest.newBuilder().setClientId(UUID.randomUUID().toString()).setCmdType(OzoneManagerProtocolProtos.Type.SetAcl).setSetAclRequest(setAclRequest).build();
}
17
Source : TestOMKeyAclRequest.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Create OMRequest which encapsulates OMKeyAddAclRequest.
*/
private OMRequest createAddAclkeyRequest(OzoneAcl acl) {
OzoneObj obj = OzoneObjInfo.Builder.newBuilder().setBucketName(bucketName).setVolumeName(volumeName).setKeyName(keyName).setResType(OzoneObj.ResourceType.KEY).setStoreType(OzoneObj.StoreType.OZONE).build();
AddAclRequest addAclRequest = AddAclRequest.newBuilder().setObj(OzoneObj.toProtobuf(obj)).setAcl(OzoneAcl.toProtobuf(acl)).build();
return OMRequest.newBuilder().setClientId(UUID.randomUUID().toString()).setCmdType(OzoneManagerProtocolProtos.Type.AddAcl).setAddAclRequest(addAclRequest).build();
}
17
Source : PrefixManagerImpl.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Add acl for Ozone object. Return true if acl is added successfully else
* false.
*
* @param obj Ozone object for which acl should be added.
* @param acl ozone acl to be added.
* @throws IOException if there is error.
*/
@Override
public boolean addAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
validateOzoneObj(obj);
String prefixPath = obj.getPath();
metadataManager.getLock().acquireWriteLock(PREFIX_LOCK, prefixPath);
try {
OmPrefixInfo prefixInfo = metadataManager.getPrefixTable().get(prefixPath);
OMPrefixAclOpResult omPrefixAclOpResult = addAcl(obj, acl, prefixInfo, 0L);
return omPrefixAclOpResult.isSuccess();
} catch (IOException ex) {
if (!(ex instanceof OMException)) {
LOG.error("Add acl operation failed for prefix path:{} acl:{}", prefixPath, acl, ex);
}
throw ex;
} finally {
metadataManager.getLock().releaseWriteLock(PREFIX_LOCK, prefixPath);
}
}
17
Source : OzoneAclUtil.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Convert a list of OzoneAcl(java) to list of OzoneAclInfo(protoc).
* @param protoAcls
* @return list of OzoneAclInfo.
*/
public static List<OzoneAclInfo> toProtobuf(List<OzoneAcl> protoAcls) {
List<OzoneAclInfo> ozoneAclInfos = new ArrayList<>();
for (OzoneAcl acl : protoAcls) {
ozoneAclInfos.add(OzoneAcl.toProtobuf(acl));
}
return ozoneAclInfos;
}
17
Source : OmOzoneAclMap.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
private BitSet checkAndGet(OzoneAcl acl, BitSet curBitSet) throws OMException {
// Check if we are adding new rights to existing acl.
BitSet temp = (BitSet) acl.getAclBitSet().clone();
BitSet curRights = (BitSet) curBitSet.clone();
temp.or(curRights);
if (temp.equals(curRights)) {
aclExistsError(acl);
}
return temp;
}
17
Source : ObjectStore.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Remove acl for Ozone object. Return true if acl is removed successfully
* else false.
*
* @param obj Ozone object.
* @param acl Ozone acl to be removed.
* @return true if acl is added successfully, else false.
* @throws IOException if there is error.
*/
public boolean removeAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
return proxy.removeAcl(obj, acl);
}
17
Source : ObjectStore.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Add acl for Ozone object. Return true if acl is added successfully else
* false.
* @param obj Ozone object for which acl should be added.
* @param acl ozone acl to be added.
* @return true if acl is added successfully, else false.
* @throws IOException if there is error.
*/
public boolean addAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
return proxy.addAcl(obj, acl);
}
16
Source : AclOption.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
public void addTo(OzoneObj obj, ObjectStore objectStore, PrintStream out) throws IOException {
for (OzoneAcl acl : getAclList()) {
boolean result = objectStore.addAcl(obj, acl);
String message = result ? ("ACL %s added successfully.%n") : ("ACL %s already exists.%n");
out.printf(message, acl);
}
}
16
Source : AclOption.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
public void removeFrom(OzoneObj obj, ObjectStore objectStore, PrintStream out) throws IOException {
for (OzoneAcl acl : getAclList()) {
boolean result = objectStore.removeAcl(obj, acl);
String message = result ? ("ACL %s removed successfully.%n") : ("ACL %s doesn't exist.%n");
out.printf(message, acl);
}
}
16
Source : BucketManagerImpl.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Remove acl for Ozone object. Return true if acl is removed successfully
* else false.
*
* @param obj Ozone object.
* @param acl Ozone acl to be removed.
* @throws IOException if there is error.
*/
@Override
public boolean removeAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
Objects.requireNonNull(obj);
Objects.requireNonNull(acl);
if (!obj.getResourceType().equals(OzoneObj.ResourceType.BUCKET)) {
throw new IllegalArgumentException("Unexpected argument preplaceded to " + "BucketManager. OzoneObj type:" + obj.getResourceType());
}
String volume = obj.getVolumeName();
String bucket = obj.getBucketName();
boolean removed = false;
metadataManager.getLock().acquireWriteLock(BUCKET_LOCK, volume, bucket);
try {
String dbBucketKey = metadataManager.getBucketKey(volume, bucket);
OmBucketInfo bucketInfo = metadataManager.getBucketTable().get(dbBucketKey);
if (bucketInfo == null) {
LOG.debug("Bucket:{}/{} does not exist", volume, bucket);
throw new OMException("Bucket " + bucket + " is not found", BUCKET_NOT_FOUND);
}
removed = bucketInfo.removeAcl(acl);
if (removed) {
metadataManager.getBucketTable().put(dbBucketKey, bucketInfo);
}
} catch (IOException ex) {
if (!(ex instanceof OMException)) {
LOG.error("Remove acl operation failed for bucket:{}/{} acl:{}", volume, bucket, acl, ex);
}
throw ex;
} finally {
metadataManager.getLock().releaseWriteLock(BUCKET_LOCK, volume, bucket);
}
return removed;
}
16
Source : BucketManagerImpl.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Add acl for Ozone object. Return true if acl is added successfully else
* false.
*
* @param obj Ozone object for which acl should be added.
* @param acl ozone acl to be added.
* @throws IOException if there is error.
*/
@Override
public boolean addAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
Objects.requireNonNull(obj);
Objects.requireNonNull(acl);
if (!obj.getResourceType().equals(OzoneObj.ResourceType.BUCKET)) {
throw new IllegalArgumentException("Unexpected argument preplaceded to " + "BucketManager. OzoneObj type:" + obj.getResourceType());
}
String volume = obj.getVolumeName();
String bucket = obj.getBucketName();
boolean changed = false;
metadataManager.getLock().acquireWriteLock(BUCKET_LOCK, volume, bucket);
try {
String dbBucketKey = metadataManager.getBucketKey(volume, bucket);
OmBucketInfo bucketInfo = metadataManager.getBucketTable().get(dbBucketKey);
if (bucketInfo == null) {
LOG.debug("Bucket:{}/{} does not exist", volume, bucket);
throw new OMException("Bucket " + bucket + " is not found", BUCKET_NOT_FOUND);
}
changed = bucketInfo.addAcl(acl);
if (changed) {
metadataManager.getBucketTable().put(dbBucketKey, bucketInfo);
}
} catch (IOException ex) {
if (!(ex instanceof OMException)) {
LOG.error("Add acl operation failed for bucket:{}/{} acl:{}", volume, bucket, acl, ex);
}
throw ex;
} finally {
metadataManager.getLock().releaseWriteLock(BUCKET_LOCK, volume, bucket);
}
return changed;
}
16
Source : TestOzoneAclUtil.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
private boolean verifyAclRemoved(List<OzoneAcl> acls, OzoneAcl removedAcl) {
for (OzoneAcl acl : acls) {
if (acl.getName().equals(removedAcl.getName()) && acl.getType().equals(removedAcl.getType()) && acl.getAclScope().equals(removedAcl.getAclScope())) {
BitSet temp = (BitSet) acl.getAclBitSet().clone();
temp.and(removedAcl.getAclBitSet());
return !temp.equals(removedAcl.getAclBitSet());
}
}
return true;
}
16
Source : OzoneAclUtil.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Check if acl right requested for given RequestContext exist
* in provided acl list.
* Acl validation rules:
* 1. If user/group has ALL bit set than all user should have all rights.
* 2. If user/group has NONE bit set than user/group will not have any right.
* 3. For all other individual rights individual bits should be set.
*
* @param acls
* @param context
* @return return true if acl list contains right requsted in context.
*/
public static boolean checkAclRights(List<OzoneAcl> acls, RequestContext context) throws OMException {
String[] userGroups = context.getClientUgi().getGroupNames();
String userName = context.getClientUgi().getUserName();
ACLType aclToCheck = context.getAclRights();
for (OzoneAcl acl : acls) {
if (checkAccessInAcl(acl, userGroups, userName, aclToCheck)) {
return true;
}
}
return false;
}
16
Source : OzoneAclUtil.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Check if acl right requested for given RequestContext exist
* in provided acl list.
* Acl validation rules:
* 1. If user/group has ALL bit set than all user should have all rights.
* 2. If user/group has NONE bit set than user/group will not have any right.
* 3. For all other individual rights individual bits should be set.
*
* @param acls
* @param context
* @return return true if acl list contains right requsted in context.
*/
public static boolean checkAclRight(List<OzoneAcl> acls, RequestContext context) throws OMException {
String[] userGroups = context.getClientUgi().getGroupNames();
String userName = context.getClientUgi().getUserName();
ACLType aclToCheck = context.getAclRights();
for (OzoneAcl a : acls) {
if (checkAccessInAcl(a, userGroups, userName, aclToCheck)) {
return true;
}
}
return false;
}
16
Source : OzoneAclUtil.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
private static boolean checkAccessInAcl(OzoneAcl a, String[] groups, String username, ACLType aclToCheck) {
BitSet rights = a.getAclBitSet();
switch(a.getType()) {
case USER:
if (a.getName().equals(username)) {
return checkIfAclBitIsSet(aclToCheck, rights);
}
break;
case GROUP:
for (String grp : groups) {
if (a.getName().equals(grp)) {
return checkIfAclBitIsSet(aclToCheck, rights);
}
}
break;
default:
return checkIfAclBitIsSet(aclToCheck, rights);
}
return false;
}
16
Source : OmOzoneAclMap.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
// Add a new acl to the map
public void addAcl(OzoneAcl acl) throws OMException {
Objects.requireNonNull(acl, "Acl should not be null.");
OzoneAclType aclType = OzoneAclType.valueOf(acl.getType().name());
if (acl.getAclScope().equals(OzoneAcl.AclScope.DEFAULT)) {
addDefaultAcl(acl);
return;
}
if (!getAccessAclMap(aclType).containsKey(acl.getName())) {
getAccessAclMap(aclType).put(acl.getName(), acl.getAclBitSet());
} else {
BitSet curBitSet = getAccessAclMap(aclType).get(acl.getName());
BitSet bitSet = checkAndGet(acl, curBitSet);
getAccessAclMap(aclType).replace(acl.getName(), bitSet);
}
}
16
Source : OmOzoneAclMap.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
private void addDefaultAcl(OzoneAcl acl) throws OMException {
OzoneAclInfo ozoneAclInfo = OzoneAcl.toProtobuf(acl);
if (defaultAclList.contains(ozoneAclInfo)) {
aclExistsError(acl);
} else {
for (int i = 0; i < defaultAclList.size(); i++) {
OzoneAclInfo old = defaultAclList.get(i);
if (old.getType() == ozoneAclInfo.getType() && old.getName().equals(ozoneAclInfo.getName())) {
BitSet curBitSet = BitSet.valueOf(old.getRights().toByteArray());
BitSet bitSet = checkAndGet(acl, curBitSet);
ozoneAclInfo = OzoneAclInfo.newBuilder(ozoneAclInfo).setRights(ByteString.copyFrom(bitSet.toByteArray())).build();
defaultAclList.remove(i);
defaultAclList.add(ozoneAclInfo);
return;
}
}
}
defaultAclList.add(ozoneAclInfo);
}
16
Source : OmOzoneAclMap.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
// Add a new acl to the map
public void setAcls(List<OzoneAcl> acls) throws OMException {
Objects.requireNonNull(acls, "Acls should not be null.");
// Remove all Acls.
for (OzoneAclType type : OzoneAclType.values()) {
accessAclMap.get(type.ordinal()).clear();
}
// Add acls.
for (OzoneAcl acl : acls) {
addAcl(acl);
}
}
15
Source : PrefixManagerImpl.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
/**
* Remove acl for Ozone object. Return true if acl is removed successfully
* else false.
*
* @param obj Ozone object.
* @param acl Ozone acl to be removed.
* @throws IOException if there is error.
*/
@Override
public boolean removeAcl(OzoneObj obj, OzoneAcl acl) throws IOException {
validateOzoneObj(obj);
String prefixPath = obj.getPath();
metadataManager.getLock().acquireWriteLock(PREFIX_LOCK, prefixPath);
try {
OmPrefixInfo prefixInfo = metadataManager.getPrefixTable().get(prefixPath);
OMPrefixAclOpResult omPrefixAclOpResult = removeAcl(obj, acl, prefixInfo);
if (!omPrefixAclOpResult.isSuccess()) {
if (LOG.isDebugEnabled()) {
LOG.debug("acl {} does not exist for prefix path {} ", acl, prefixPath);
}
return false;
}
return omPrefixAclOpResult.isSuccess();
} catch (IOException ex) {
if (!(ex instanceof OMException)) {
LOG.error("Remove prefix acl operation failed for prefix path:{}" + " acl:{}", prefixPath, acl, ex);
}
throw ex;
} finally {
metadataManager.getLock().releaseWriteLock(PREFIX_LOCK, prefixPath);
}
}
15
Source : TestInstanceHelper.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
public static OzoneManagerStorageProtos.OzoneAclInfo buildTestOzoneAclInfo(String aclString) {
OzoneAcl oacl = OzoneAcl.parseAcl(aclString);
ByteString rights = ByteString.copyFrom(oacl.getAclBitSet().toByteArray());
return OzoneManagerStorageProtos.OzoneAclInfo.newBuilder().setType(OzoneManagerStorageProtos.OzoneAclInfo.OzoneAclType.USER).setName(oacl.getName()).setRights(rights).setAclScope(OzoneManagerStorageProtos.OzoneAclInfo.OzoneAclScope.ACCESS).build();
}
15
Source : TestOzoneManagerHAWithACL.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
private boolean compareAcls(OzoneAcl givenAcl, OzoneAcl existingAcl) {
if (givenAcl.getType().equals(existingAcl.getType()) && givenAcl.getName().equals(existingAcl.getName()) && givenAcl.getAclScope().equals(existingAcl.getAclScope())) {
BitSet bitSet = (BitSet) givenAcl.getAclBitSet().clone();
bitSet.and(existingAcl.getAclBitSet());
if (bitSet.equals(existingAcl.getAclBitSet())) {
return true;
}
}
return false;
}
15
Source : TestOzoneAclUtil.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
@Test
public void testAddAcl() throws IOException {
List<OzoneAcl> currentAcls = getDefaultAcls();
replacedertTrue(currentAcls.size() > 0);
// Add new permission to existing acl entry.
OzoneAcl oldAcl = currentAcls.get(0);
OzoneAcl newAcl = new OzoneAcl(oldAcl.getType(), oldAcl.getName(), ACLType.READ_ACL, ACCESS);
addAndVerifyAcl(currentAcls, newAcl, true, DEFAULT_ACLS.size());
// Add same permission again and verify result
addAndVerifyAcl(currentAcls, newAcl, false, DEFAULT_ACLS.size());
// Add a new user acl entry.
addAndVerifyAcl(currentAcls, USER1, true, DEFAULT_ACLS.size() + 1);
// Add same acl entry again and verify result
addAndVerifyAcl(currentAcls, USER1, false, DEFAULT_ACLS.size() + 1);
// Add a new group acl entry.
addAndVerifyAcl(currentAcls, GROUP1, true, DEFAULT_ACLS.size() + 2);
// Add same acl entry again and verify result
addAndVerifyAcl(currentAcls, GROUP1, false, DEFAULT_ACLS.size() + 2);
}
See More Examples