Search in sources :

Example 46 with AccessControlException

use of alluxio.exception.AccessControlException in project alluxio by Alluxio.

the class AlluxioMasterRestServiceHandler method getWebUIData.

/**
 * Gets Web UI data page data.
 *
 * @param requestOffset the request offset
 * @param requestLimit the request limit
 * @return the response object
 */
@GET
@Path(WEBUI_DATA)
public Response getWebUIData(@DefaultValue("0") @QueryParam("offset") String requestOffset, @DefaultValue("20") @QueryParam("limit") String requestLimit) {
    return RestUtils.call(() -> {
        MasterWebUIData response = new MasterWebUIData();
        if (!ServerConfiguration.getBoolean(PropertyKey.WEB_FILE_INFO_ENABLED)) {
            return response;
        }
        if (SecurityUtils.isSecurityEnabled(ServerConfiguration.global()) && AuthenticatedClientUser.get(ServerConfiguration.global()) == null) {
            AuthenticatedClientUser.set(ServerUserState.global().getUser().getName());
        }
        response.setMasterNodeAddress(mMasterProcess.getRpcAddress().toString()).setFatalError("").setShowPermissions(ServerConfiguration.getBoolean(PropertyKey.SECURITY_AUTHORIZATION_PERMISSION_ENABLED));
        List<AlluxioURI> inAlluxioFiles = mFileSystemMaster.getInAlluxioFiles();
        Collections.sort(inAlluxioFiles);
        List<UIFileInfo> fileInfos = new ArrayList<>(inAlluxioFiles.size());
        for (AlluxioURI file : inAlluxioFiles) {
            try {
                long fileId = mFileSystemMaster.getFileId(file);
                FileInfo fileInfo = mFileSystemMaster.getFileInfo(fileId);
                if (fileInfo != null && fileInfo.getInAlluxioPercentage() == 100) {
                    fileInfos.add(new UIFileInfo(fileInfo, ServerConfiguration.global(), new MasterStorageTierAssoc().getOrderedStorageAliases()));
                }
            } catch (FileDoesNotExistException e) {
                response.setFatalError("Error: File does not exist " + e.getLocalizedMessage());
                return response;
            } catch (AccessControlException e) {
                response.setPermissionError("Error: File " + file + " cannot be accessed " + e.getMessage());
                return response;
            }
        }
        response.setInAlluxioFileNum(fileInfos.size());
        try {
            int offset = Integer.parseInt(requestOffset);
            int limit = Integer.parseInt(requestLimit);
            limit = offset == 0 && limit > fileInfos.size() ? fileInfos.size() : limit;
            limit = offset + limit > fileInfos.size() ? fileInfos.size() - offset : limit;
            int sum = Math.addExact(offset, limit);
            fileInfos = fileInfos.subList(offset, sum);
            response.setFileInfos(fileInfos);
        } catch (NumberFormatException e) {
            response.setFatalError("Error: offset or limit parse error, " + e.getLocalizedMessage());
            return response;
        } catch (ArithmeticException e) {
            response.setFatalError("Error: offset or offset + limit is out of bound, " + e.getLocalizedMessage());
            return response;
        } catch (IllegalArgumentException e) {
            response.setFatalError(e.getLocalizedMessage());
            return response;
        }
        return response;
    }, ServerConfiguration.global());
}
Also used : FileDoesNotExistException(alluxio.exception.FileDoesNotExistException) ArrayList(java.util.ArrayList) AccessControlException(alluxio.exception.AccessControlException) MasterWebUIData(alluxio.wire.MasterWebUIData) MasterStorageTierAssoc(alluxio.MasterStorageTierAssoc) UIFileInfo(alluxio.util.webui.UIFileInfo) FileInfo(alluxio.wire.FileInfo) UIFileInfo(alluxio.util.webui.UIFileInfo) AlluxioURI(alluxio.AlluxioURI) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET)

Example 47 with AccessControlException

use of alluxio.exception.AccessControlException in project alluxio by Alluxio.

the class JobMaster method createAuditContext.

/**
 * Creates a {@link JobMasterAuditContext} instance.
 *
 * @param command the command to be logged by this {@link AuditContext}
 * @return newly-created {@link JobMasterAuditContext} instance
 */
private JobMasterAuditContext createAuditContext(String command) {
    // Audit log may be enabled during runtime
    AsyncUserAccessAuditLogWriter auditLogWriter = null;
    if (ServerConfiguration.getBoolean(PropertyKey.MASTER_AUDIT_LOGGING_ENABLED)) {
        auditLogWriter = mAsyncAuditLogWriter;
    }
    JobMasterAuditContext auditContext = new JobMasterAuditContext(auditLogWriter);
    if (auditLogWriter != null) {
        String user = null;
        String ugi = "";
        try {
            user = AuthenticatedClientUser.getClientUser(ServerConfiguration.global());
        } catch (AccessControlException e) {
            ugi = "N/A";
        }
        if (user != null) {
            try {
                String primaryGroup = CommonUtils.getPrimaryGroupName(user, ServerConfiguration.global());
                ugi = user + "," + primaryGroup;
            } catch (IOException e) {
                LOG.debug("Failed to get primary group for user {}.", user);
                ugi = user + ",N/A";
            }
        }
        AuthType authType = ServerConfiguration.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class);
        auditContext.setUgi(ugi).setAuthType(authType).setIp(ClientIpAddressInjector.getIpAddress()).setCommand(command).setAllowed(true).setCreationTimeNs(System.nanoTime());
    }
    return auditContext;
}
Also used : AccessControlException(alluxio.exception.AccessControlException) IOException(java.io.IOException) AuthType(alluxio.security.authentication.AuthType) AsyncUserAccessAuditLogWriter(alluxio.master.audit.AsyncUserAccessAuditLogWriter)

Example 48 with AccessControlException

use of alluxio.exception.AccessControlException in project alluxio by Alluxio.

the class DefaultFileSystemMaster method getNewBlockIdForFile.

@Override
public long getNewBlockIdForFile(AlluxioURI path) throws FileDoesNotExistException, InvalidPathException, AccessControlException, UnavailableException {
    Metrics.GET_NEW_BLOCK_OPS.inc();
    try (RpcContext rpcContext = createRpcContext();
        LockedInodePath inodePath = mInodeTree.lockFullInodePath(path, LockPattern.WRITE_INODE);
        FileSystemMasterAuditContext auditContext = createAuditContext("getNewBlockIdForFile", path, null, inodePath.getInodeOrNull())) {
        try {
            mPermissionChecker.checkPermission(Mode.Bits.WRITE, inodePath);
        } catch (AccessControlException e) {
            auditContext.setAllowed(false);
            throw e;
        }
        Metrics.NEW_BLOCKS_GOT.inc();
        long blockId = mInodeTree.newBlock(rpcContext, NewBlockEntry.newBuilder().setId(inodePath.getInode().getId()).build());
        auditContext.setSucceeded(true);
        return blockId;
    }
}
Also used : LockedInodePath(alluxio.master.file.meta.LockedInodePath) AccessControlException(alluxio.exception.AccessControlException)

Example 49 with AccessControlException

use of alluxio.exception.AccessControlException in project alluxio by Alluxio.

the class DefaultFileSystemMaster method free.

@Override
public void free(AlluxioURI path, FreeContext context) throws FileDoesNotExistException, InvalidPathException, AccessControlException, UnexpectedAlluxioException, IOException {
    Metrics.FREE_FILE_OPS.inc();
    // No need to syncMetadata before free.
    try (RpcContext rpcContext = createRpcContext(context);
        LockedInodePath inodePath = mInodeTree.lockFullInodePath(path, LockPattern.WRITE_INODE);
        FileSystemMasterAuditContext auditContext = createAuditContext("free", path, null, inodePath.getInodeOrNull())) {
        try {
            mPermissionChecker.checkPermission(Mode.Bits.READ, inodePath);
        } catch (AccessControlException e) {
            auditContext.setAllowed(false);
            throw e;
        }
        freeInternal(rpcContext, inodePath, context);
        auditContext.setSucceeded(true);
    }
}
Also used : LockedInodePath(alluxio.master.file.meta.LockedInodePath) AccessControlException(alluxio.exception.AccessControlException)

Example 50 with AccessControlException

use of alluxio.exception.AccessControlException in project alluxio by Alluxio.

the class DefaultFileSystemMaster method setAttribute.

@Override
public void setAttribute(AlluxioURI path, SetAttributeContext context) throws FileDoesNotExistException, AccessControlException, InvalidPathException, IOException {
    SetAttributePOptions.Builder options = context.getOptions();
    Metrics.SET_ATTRIBUTE_OPS.inc();
    // for chown
    boolean rootRequired = options.hasOwner();
    // for chgrp, chmod
    boolean ownerRequired = (options.hasGroup()) || (options.hasMode());
    // for other attributes
    boolean writeRequired = !rootRequired && !ownerRequired;
    if (options.hasOwner() && options.hasGroup()) {
        try {
            checkUserBelongsToGroup(options.getOwner(), options.getGroup());
        } catch (IOException e) {
            throw new IOException(String.format("Could not update owner:group for %s to %s:%s. %s", path.toString(), options.getOwner(), options.getGroup(), e.toString()), e);
        }
    }
    String commandName;
    boolean checkWritableMountPoint = false;
    if (options.hasOwner()) {
        commandName = "chown";
        checkWritableMountPoint = true;
    } else if (options.hasGroup()) {
        commandName = "chgrp";
        checkWritableMountPoint = true;
    } else if (options.hasMode()) {
        commandName = "chmod";
        checkWritableMountPoint = true;
    } else {
        commandName = "setAttribute";
    }
    try (RpcContext rpcContext = createRpcContext(context);
        FileSystemMasterAuditContext auditContext = createAuditContext(commandName, path, null, null)) {
        // Force recursive sync metadata if it is a pinning and unpinning operation
        boolean recursiveSync = options.hasPinned() || options.getRecursive();
        syncMetadata(rpcContext, path, context.getOptions().getCommonOptions(), recursiveSync ? DescendantType.ALL : DescendantType.ONE, auditContext, LockedInodePath::getInodeOrNull, (inodePath, permChecker) -> permChecker.checkSetAttributePermission(inodePath, rootRequired, ownerRequired, writeRequired), false);
        LockingScheme lockingScheme = createLockingScheme(path, options.getCommonOptions(), LockPattern.WRITE_INODE);
        try (LockedInodePath inodePath = mInodeTree.lockInodePath(lockingScheme)) {
            auditContext.setSrcInode(inodePath.getInodeOrNull());
            if (checkWritableMountPoint) {
                mMountTable.checkUnderWritableMountPoint(path);
            }
            if (!inodePath.fullPathExists()) {
                throw new FileDoesNotExistException(ExceptionMessage.PATH_DOES_NOT_EXIST.getMessage(path));
            }
            try {
                mPermissionChecker.checkSetAttributePermission(inodePath, rootRequired, ownerRequired, writeRequired);
                if (context.getOptions().getRecursive()) {
                    try (LockedInodePathList descendants = mInodeTree.getDescendants(inodePath)) {
                        for (LockedInodePath childPath : descendants) {
                            mPermissionChecker.checkSetAttributePermission(childPath, rootRequired, ownerRequired, writeRequired);
                        }
                    }
                }
            } catch (AccessControlException e) {
                auditContext.setAllowed(false);
                throw e;
            }
            setAttributeInternal(rpcContext, inodePath, context);
            auditContext.setSucceeded(true);
        }
    }
}
Also used : LockedInodePath(alluxio.master.file.meta.LockedInodePath) FileDoesNotExistException(alluxio.exception.FileDoesNotExistException) SetAttributePOptions(alluxio.grpc.SetAttributePOptions) LockingScheme(alluxio.master.file.meta.LockingScheme) AccessControlException(alluxio.exception.AccessControlException) IOException(java.io.IOException) LockedInodePathList(alluxio.master.file.meta.LockedInodePathList)

Aggregations

AccessControlException (alluxio.exception.AccessControlException)64 AlluxioURI (alluxio.AlluxioURI)29 LockedInodePath (alluxio.master.file.meta.LockedInodePath)21 Test (org.junit.Test)21 FileDoesNotExistException (alluxio.exception.FileDoesNotExistException)16 LockingScheme (alluxio.master.file.meta.LockingScheme)15 InvalidPathException (alluxio.exception.InvalidPathException)12 BaseIntegrationTest (alluxio.testutils.BaseIntegrationTest)11 IOException (java.io.IOException)11 ArrayList (java.util.ArrayList)10 Inode (alluxio.master.file.meta.Inode)9 MountTable (alluxio.master.file.meta.MountTable)7 FileInfo (alluxio.wire.FileInfo)7 AlluxioException (alluxio.exception.AlluxioException)4 LockedInodePathList (alluxio.master.file.meta.LockedInodePathList)4 Mode (alluxio.security.authorization.Mode)4 UnderFileSystem (alluxio.underfs.UnderFileSystem)4 FileBlockInfo (alluxio.wire.FileBlockInfo)4 DescendantType (alluxio.file.options.DescendantType)3 FileSystemMasterCommonPOptions (alluxio.grpc.FileSystemMasterCommonPOptions)3