Example 1 with AclEntry
use of org.apache.hadoop.fs.permission.AclEntry in project hadoop by apache.
the class TestChRootedFileSystem method testAclMethodsPathTranslation.
/**
* Tests that ChRootedFileSystem delegates calls for every ACL method to the
* underlying FileSystem with all Path arguments translated as required to
* enforce chroot.
*/
@Test
public void testAclMethodsPathTranslation() throws IOException {
Configuration conf = new Configuration();
conf.setClass("fs.mockfs.impl", MockFileSystem.class, FileSystem.class);
URI chrootUri = URI.create("mockfs://foo/a/b");
ChRootedFileSystem chrootFs = new ChRootedFileSystem(chrootUri, conf);
FileSystem mockFs = ((FilterFileSystem) chrootFs.getRawFileSystem()).getRawFileSystem();
Path chrootPath = new Path("/c");
Path rawPath = new Path("/a/b/c");
List<AclEntry> entries = Collections.emptyList();
chrootFs.modifyAclEntries(chrootPath, entries);
verify(mockFs).modifyAclEntries(rawPath, entries);
chrootFs.removeAclEntries(chrootPath, entries);
verify(mockFs).removeAclEntries(rawPath, entries);
chrootFs.removeDefaultAcl(chrootPath);
verify(mockFs).removeDefaultAcl(rawPath);
chrootFs.removeAcl(chrootPath);
verify(mockFs).removeAcl(rawPath);
chrootFs.setAcl(chrootPath, entries);
verify(mockFs).setAcl(rawPath, entries);
chrootFs.getAclStatus(chrootPath);
verify(mockFs).getAclStatus(rawPath);
}
Also used :
Path(org.apache.hadoop.fs.Path)
Configuration(org.apache.hadoop.conf.Configuration)
FileSystem(org.apache.hadoop.fs.FileSystem)
ChRootedFileSystem(org.apache.hadoop.fs.viewfs.ChRootedFileSystem)
FilterFileSystem(org.apache.hadoop.fs.FilterFileSystem)
FilterFileSystem(org.apache.hadoop.fs.FilterFileSystem)
AclEntry(org.apache.hadoop.fs.permission.AclEntry)
URI(java.net.URI)
ChRootedFileSystem(org.apache.hadoop.fs.viewfs.ChRootedFileSystem)
Test(org.junit.Test)
Example 2 with AclEntry
use of org.apache.hadoop.fs.permission.AclEntry in project hadoop by apache.
the class TestSafeMode method testOperationsWhileInSafeMode.
/**
* Run various fs operations while the NN is in safe mode,
* assert that they are either allowed or fail as expected.
*/
@Test
public void testOperationsWhileInSafeMode() throws IOException, InterruptedException {
final Path file1 = new Path("/file1");
assertFalse(dfs.setSafeMode(SafeModeAction.SAFEMODE_GET));
DFSTestUtil.createFile(fs, file1, 1024, (short) 1, 0);
assertTrue("Could not enter SM", dfs.setSafeMode(SafeModeAction.SAFEMODE_ENTER));
runFsFun("Set quota while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
((DistributedFileSystem) fs).setQuota(file1, 1, 1);
}
});
runFsFun("Set perm while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
fs.setPermission(file1, FsPermission.getDefault());
}
});
runFsFun("Set owner while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
fs.setOwner(file1, "user", "group");
}
});
runFsFun("Set repl while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
fs.setReplication(file1, (short) 1);
}
});
runFsFun("Append file while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
DFSTestUtil.appendFile(fs, file1, "new bytes");
}
});
runFsFun("Truncate file while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
fs.truncate(file1, 0);
}
});
runFsFun("Delete file while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
fs.delete(file1, false);
}
});
runFsFun("Rename file while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
fs.rename(file1, new Path("file2"));
}
});
runFsFun("Set time while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
fs.setTimes(file1, 0, 0);
}
});
runFsFun("modifyAclEntries while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
fs.modifyAclEntries(file1, Lists.<AclEntry>newArrayList());
}
});
runFsFun("removeAclEntries while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
fs.removeAclEntries(file1, Lists.<AclEntry>newArrayList());
}
});
runFsFun("removeDefaultAcl while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
fs.removeDefaultAcl(file1);
}
});
runFsFun("removeAcl while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
fs.removeAcl(file1);
}
});
runFsFun("setAcl while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
fs.setAcl(file1, Lists.<AclEntry>newArrayList());
}
});
runFsFun("setXAttr while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
fs.setXAttr(file1, "user.a1", null);
}
});
runFsFun("removeXAttr while in SM", new FSRun() {
@Override
public void run(FileSystem fs) throws IOException {
fs.removeXAttr(file1, "user.a1");
}
});
try {
DFSTestUtil.readFile(fs, file1);
} catch (IOException ioe) {
fail("Set times failed while in SM");
}
try {
fs.getAclStatus(file1);
} catch (IOException ioe) {
fail("getAclStatus failed while in SM");
}
// Test access
UserGroupInformation ugiX = UserGroupInformation.createRemoteUser("userX");
FileSystem myfs = ugiX.doAs(new PrivilegedExceptionAction<FileSystem>() {
@Override
public FileSystem run() throws IOException {
return FileSystem.get(conf);
}
});
myfs.access(file1, FsAction.READ);
try {
myfs.access(file1, FsAction.WRITE);
fail("The access call should have failed.");
} catch (AccessControlException e) {
// expected
}
assertFalse("Could not leave SM", dfs.setSafeMode(SafeModeAction.SAFEMODE_LEAVE));
}
Also used :
Path(org.apache.hadoop.fs.Path)
FileSystem(org.apache.hadoop.fs.FileSystem)
AclEntry(org.apache.hadoop.fs.permission.AclEntry)
AccessControlException(org.apache.hadoop.security.AccessControlException)
IOException(java.io.IOException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Test(org.junit.Test)
Example 3 with AclEntry
use of org.apache.hadoop.fs.permission.AclEntry in project hadoop by apache.
the class FSOperations method aclStatusToJSON.
/** Converts an <code>AclStatus</code> object into a JSON object.
*
* @param aclStatus AclStatus object
*
* @return The JSON representation of the ACLs for the file
*/
@SuppressWarnings({ "unchecked" })
private static Map<String, Object> aclStatusToJSON(AclStatus aclStatus) {
Map<String, Object> json = new LinkedHashMap<String, Object>();
Map<String, Object> inner = new LinkedHashMap<String, Object>();
JSONArray entriesArray = new JSONArray();
inner.put(HttpFSFileSystem.OWNER_JSON, aclStatus.getOwner());
inner.put(HttpFSFileSystem.GROUP_JSON, aclStatus.getGroup());
inner.put(HttpFSFileSystem.ACL_STICKY_BIT_JSON, aclStatus.isStickyBit());
for (AclEntry e : aclStatus.getEntries()) {
entriesArray.add(e.toString());
}
inner.put(HttpFSFileSystem.ACL_ENTRIES_JSON, entriesArray);
json.put(HttpFSFileSystem.ACL_STATUS_JSON, inner);
return json;
}
Also used :
JSONArray(org.json.simple.JSONArray)
AclEntry(org.apache.hadoop.fs.permission.AclEntry)
JSONObject(org.json.simple.JSONObject)
LinkedHashMap(java.util.LinkedHashMap)
Example 4 with AclEntry
use of org.apache.hadoop.fs.permission.AclEntry in project hadoop by apache.
the class BaseTestHttpFSWith method assertSameAcls.
/**
* Runs assertions testing that two AclStatus objects contain the same info
* @param a First AclStatus
* @param b Second AclStatus
* @throws Exception
*/
private void assertSameAcls(AclStatus a, AclStatus b) throws Exception {
assertTrue(a.getOwner().equals(b.getOwner()));
assertTrue(a.getGroup().equals(b.getGroup()));
assertTrue(a.isStickyBit() == b.isStickyBit());
assertTrue(a.getEntries().size() == b.getEntries().size());
for (AclEntry e : a.getEntries()) {
assertTrue(b.getEntries().contains(e));
}
for (AclEntry e : b.getEntries()) {
assertTrue(a.getEntries().contains(e));
}
}
Also used :
AclEntry(org.apache.hadoop.fs.permission.AclEntry)
Example 5 with AclEntry
use of org.apache.hadoop.fs.permission.AclEntry in project hadoop by apache.
the class FSEditLogOp method readAclEntriesFromXml.
private static List<AclEntry> readAclEntriesFromXml(Stanza st) {
List<AclEntry> aclEntries = Lists.newArrayList();
if (!st.hasChildren("ENTRY"))
return null;
List<Stanza> stanzas = st.getChildren("ENTRY");
for (Stanza s : stanzas) {
AclEntry e = new AclEntry.Builder().setScope(AclEntryScope.valueOf(s.getValue("SCOPE"))).setType(AclEntryType.valueOf(s.getValue("TYPE"))).setName(s.getValueOrNull("NAME")).setPermission(fsActionFromXml(s)).build();
aclEntries.add(e);
}
return aclEntries;
}Aggregations
AclEntry (org.apache.hadoop.fs.permission.AclEntry)136
Test (org.junit.Test)90
AclStatus (org.apache.hadoop.fs.permission.AclStatus)81
Path (org.apache.hadoop.fs.Path)52
FsPermission (org.apache.hadoop.fs.permission.FsPermission)24
ArrayList (java.util.ArrayList)11
FSAclBaseTest (org.apache.hadoop.hdfs.server.namenode.FSAclBaseTest)11
FileSystem (org.apache.hadoop.fs.FileSystem)10
Configuration (org.apache.hadoop.conf.Configuration)7
MockResponse (com.squareup.okhttp.mockwebserver.MockResponse)5
FileStatus (org.apache.hadoop.fs.FileStatus)5
ScopedAclEntries (org.apache.hadoop.fs.permission.ScopedAclEntries)5
DistributedFileSystem (org.apache.hadoop.hdfs.DistributedFileSystem)5
DatanodeInfoBuilder (org.apache.hadoop.hdfs.protocol.DatanodeInfo.DatanodeInfoBuilder)5
List (java.util.List)4
AclEntryScope (org.apache.hadoop.fs.permission.AclEntryScope)4
AclEntryProto (org.apache.hadoop.hdfs.protocol.proto.AclProtos.AclEntryProto)4
IOException (java.io.IOException)3
URI (java.net.URI)3
AclEntryType (org.apache.hadoop.fs.permission.AclEntryType)3
