use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class AlluxioMasterRestServiceHandler method getWebUIData.
/**
* Gets Web UI data page data.
*
* @param requestOffset the request offset
* @param requestLimit the request limit
* @return the response object
*/
@GET
@Path(WEBUI_DATA)
public Response getWebUIData(@DefaultValue("0") @QueryParam("offset") String requestOffset, @DefaultValue("20") @QueryParam("limit") String requestLimit) {
return RestUtils.call(() -> {
MasterWebUIData response = new MasterWebUIData();
if (!ServerConfiguration.getBoolean(PropertyKey.WEB_FILE_INFO_ENABLED)) {
return response;
}
if (SecurityUtils.isSecurityEnabled(ServerConfiguration.global()) && AuthenticatedClientUser.get(ServerConfiguration.global()) == null) {
AuthenticatedClientUser.set(ServerUserState.global().getUser().getName());
}
response.setMasterNodeAddress(mMasterProcess.getRpcAddress().toString()).setFatalError("").setShowPermissions(ServerConfiguration.getBoolean(PropertyKey.SECURITY_AUTHORIZATION_PERMISSION_ENABLED));
List<AlluxioURI> inAlluxioFiles = mFileSystemMaster.getInAlluxioFiles();
Collections.sort(inAlluxioFiles);
List<UIFileInfo> fileInfos = new ArrayList<>(inAlluxioFiles.size());
for (AlluxioURI file : inAlluxioFiles) {
try {
long fileId = mFileSystemMaster.getFileId(file);
FileInfo fileInfo = mFileSystemMaster.getFileInfo(fileId);
if (fileInfo != null && fileInfo.getInAlluxioPercentage() == 100) {
fileInfos.add(new UIFileInfo(fileInfo, ServerConfiguration.global(), new MasterStorageTierAssoc().getOrderedStorageAliases()));
}
} catch (FileDoesNotExistException e) {
response.setFatalError("Error: File does not exist " + e.getLocalizedMessage());
return response;
} catch (AccessControlException e) {
response.setPermissionError("Error: File " + file + " cannot be accessed " + e.getMessage());
return response;
}
}
response.setInAlluxioFileNum(fileInfos.size());
try {
int offset = Integer.parseInt(requestOffset);
int limit = Integer.parseInt(requestLimit);
limit = offset == 0 && limit > fileInfos.size() ? fileInfos.size() : limit;
limit = offset + limit > fileInfos.size() ? fileInfos.size() - offset : limit;
int sum = Math.addExact(offset, limit);
fileInfos = fileInfos.subList(offset, sum);
response.setFileInfos(fileInfos);
} catch (NumberFormatException e) {
response.setFatalError("Error: offset or limit parse error, " + e.getLocalizedMessage());
return response;
} catch (ArithmeticException e) {
response.setFatalError("Error: offset or offset + limit is out of bound, " + e.getLocalizedMessage());
return response;
} catch (IllegalArgumentException e) {
response.setFatalError(e.getLocalizedMessage());
return response;
}
return response;
}, ServerConfiguration.global());
}
use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class JobMaster method createAuditContext.
/**
* Creates a {@link JobMasterAuditContext} instance.
*
* @param command the command to be logged by this {@link AuditContext}
* @return newly-created {@link JobMasterAuditContext} instance
*/
private JobMasterAuditContext createAuditContext(String command) {
// Audit log may be enabled during runtime
AsyncUserAccessAuditLogWriter auditLogWriter = null;
if (ServerConfiguration.getBoolean(PropertyKey.MASTER_AUDIT_LOGGING_ENABLED)) {
auditLogWriter = mAsyncAuditLogWriter;
}
JobMasterAuditContext auditContext = new JobMasterAuditContext(auditLogWriter);
if (auditLogWriter != null) {
String user = null;
String ugi = "";
try {
user = AuthenticatedClientUser.getClientUser(ServerConfiguration.global());
} catch (AccessControlException e) {
ugi = "N/A";
}
if (user != null) {
try {
String primaryGroup = CommonUtils.getPrimaryGroupName(user, ServerConfiguration.global());
ugi = user + "," + primaryGroup;
} catch (IOException e) {
LOG.debug("Failed to get primary group for user {}.", user);
ugi = user + ",N/A";
}
}
AuthType authType = ServerConfiguration.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class);
auditContext.setUgi(ugi).setAuthType(authType).setIp(ClientIpAddressInjector.getIpAddress()).setCommand(command).setAllowed(true).setCreationTimeNs(System.nanoTime());
}
return auditContext;
}
use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class DefaultFileSystemMaster method getNewBlockIdForFile.
@Override
public long getNewBlockIdForFile(AlluxioURI path) throws FileDoesNotExistException, InvalidPathException, AccessControlException, UnavailableException {
Metrics.GET_NEW_BLOCK_OPS.inc();
try (RpcContext rpcContext = createRpcContext();
LockedInodePath inodePath = mInodeTree.lockFullInodePath(path, LockPattern.WRITE_INODE);
FileSystemMasterAuditContext auditContext = createAuditContext("getNewBlockIdForFile", path, null, inodePath.getInodeOrNull())) {
try {
mPermissionChecker.checkPermission(Mode.Bits.WRITE, inodePath);
} catch (AccessControlException e) {
auditContext.setAllowed(false);
throw e;
}
Metrics.NEW_BLOCKS_GOT.inc();
long blockId = mInodeTree.newBlock(rpcContext, NewBlockEntry.newBuilder().setId(inodePath.getInode().getId()).build());
auditContext.setSucceeded(true);
return blockId;
}
}
use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class DefaultFileSystemMaster method free.
@Override
public void free(AlluxioURI path, FreeContext context) throws FileDoesNotExistException, InvalidPathException, AccessControlException, UnexpectedAlluxioException, IOException {
Metrics.FREE_FILE_OPS.inc();
// No need to syncMetadata before free.
try (RpcContext rpcContext = createRpcContext(context);
LockedInodePath inodePath = mInodeTree.lockFullInodePath(path, LockPattern.WRITE_INODE);
FileSystemMasterAuditContext auditContext = createAuditContext("free", path, null, inodePath.getInodeOrNull())) {
try {
mPermissionChecker.checkPermission(Mode.Bits.READ, inodePath);
} catch (AccessControlException e) {
auditContext.setAllowed(false);
throw e;
}
freeInternal(rpcContext, inodePath, context);
auditContext.setSucceeded(true);
}
}
use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class DefaultFileSystemMaster method setAttribute.
@Override
public void setAttribute(AlluxioURI path, SetAttributeContext context) throws FileDoesNotExistException, AccessControlException, InvalidPathException, IOException {
SetAttributePOptions.Builder options = context.getOptions();
Metrics.SET_ATTRIBUTE_OPS.inc();
// for chown
boolean rootRequired = options.hasOwner();
// for chgrp, chmod
boolean ownerRequired = (options.hasGroup()) || (options.hasMode());
// for other attributes
boolean writeRequired = !rootRequired && !ownerRequired;
if (options.hasOwner() && options.hasGroup()) {
try {
checkUserBelongsToGroup(options.getOwner(), options.getGroup());
} catch (IOException e) {
throw new IOException(String.format("Could not update owner:group for %s to %s:%s. %s", path.toString(), options.getOwner(), options.getGroup(), e.toString()), e);
}
}
String commandName;
boolean checkWritableMountPoint = false;
if (options.hasOwner()) {
commandName = "chown";
checkWritableMountPoint = true;
} else if (options.hasGroup()) {
commandName = "chgrp";
checkWritableMountPoint = true;
} else if (options.hasMode()) {
commandName = "chmod";
checkWritableMountPoint = true;
} else {
commandName = "setAttribute";
}
try (RpcContext rpcContext = createRpcContext(context);
FileSystemMasterAuditContext auditContext = createAuditContext(commandName, path, null, null)) {
// Force recursive sync metadata if it is a pinning and unpinning operation
boolean recursiveSync = options.hasPinned() || options.getRecursive();
syncMetadata(rpcContext, path, context.getOptions().getCommonOptions(), recursiveSync ? DescendantType.ALL : DescendantType.ONE, auditContext, LockedInodePath::getInodeOrNull, (inodePath, permChecker) -> permChecker.checkSetAttributePermission(inodePath, rootRequired, ownerRequired, writeRequired), false);
LockingScheme lockingScheme = createLockingScheme(path, options.getCommonOptions(), LockPattern.WRITE_INODE);
try (LockedInodePath inodePath = mInodeTree.lockInodePath(lockingScheme)) {
auditContext.setSrcInode(inodePath.getInodeOrNull());
if (checkWritableMountPoint) {
mMountTable.checkUnderWritableMountPoint(path);
}
if (!inodePath.fullPathExists()) {
throw new FileDoesNotExistException(ExceptionMessage.PATH_DOES_NOT_EXIST.getMessage(path));
}
try {
mPermissionChecker.checkSetAttributePermission(inodePath, rootRequired, ownerRequired, writeRequired);
if (context.getOptions().getRecursive()) {
try (LockedInodePathList descendants = mInodeTree.getDescendants(inodePath)) {
for (LockedInodePath childPath : descendants) {
mPermissionChecker.checkSetAttributePermission(childPath, rootRequired, ownerRequired, writeRequired);
}
}
}
} catch (AccessControlException e) {
auditContext.setAllowed(false);
throw e;
}
setAttributeInternal(rpcContext, inodePath, context);
auditContext.setSucceeded(true);
}
}
}
Aggregations