use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class DefaultFileSystemMaster method listStatus.
@Override
public void listStatus(AlluxioURI path, ListStatusContext context, ResultStream<FileInfo> resultStream) throws AccessControlException, FileDoesNotExistException, InvalidPathException, IOException {
Metrics.GET_FILE_INFO_OPS.inc();
LockingScheme lockingScheme = new LockingScheme(path, LockPattern.READ, false);
boolean ufsAccessed = false;
try (RpcContext rpcContext = createRpcContext(context);
FileSystemMasterAuditContext auditContext = createAuditContext("listStatus", path, null, null)) {
DescendantType descendantType = context.getOptions().getRecursive() ? DescendantType.ALL : DescendantType.ONE;
if (!syncMetadata(rpcContext, path, context.getOptions().getCommonOptions(), descendantType, auditContext, LockedInodePath::getInodeOrNull, (inodePath, permChecker) -> permChecker.checkPermission(Mode.Bits.READ, inodePath), false).equals(NOT_NEEDED)) {
// If synced, do not load metadata.
context.getOptions().setLoadMetadataType(LoadMetadataPType.NEVER);
ufsAccessed = true;
}
/*
See the comments in #getFileIdInternal for an explanation on why the loop here is required.
*/
DescendantType loadDescendantType;
if (context.getOptions().getLoadMetadataType() == LoadMetadataPType.NEVER) {
loadDescendantType = DescendantType.NONE;
} else if (context.getOptions().getRecursive()) {
loadDescendantType = DescendantType.ALL;
} else {
loadDescendantType = DescendantType.ONE;
}
// load metadata for 1 level of descendants, or all descendants if recursive
LoadMetadataContext loadMetadataContext = LoadMetadataContext.mergeFrom(LoadMetadataPOptions.newBuilder().setCreateAncestors(true).setLoadType(context.getOptions().getLoadMetadataType()).setLoadDescendantType(GrpcUtils.toProto(loadDescendantType)).setCommonOptions(FileSystemMasterCommonPOptions.newBuilder().setTtl(context.getOptions().getCommonOptions().getTtl()).setTtlAction(context.getOptions().getCommonOptions().getTtlAction())));
boolean loadMetadata = false;
boolean run = true;
while (run) {
run = false;
if (loadMetadata) {
loadMetadataIfNotExist(rpcContext, path, loadMetadataContext, false);
ufsAccessed = true;
}
// We just synced; the new lock pattern should not sync.
try (LockedInodePath inodePath = mInodeTree.lockInodePath(lockingScheme)) {
auditContext.setSrcInode(inodePath.getInodeOrNull());
try {
mPermissionChecker.checkPermission(Mode.Bits.READ, inodePath);
} catch (AccessControlException e) {
auditContext.setAllowed(false);
throw e;
}
if (!loadMetadata) {
Inode inode;
boolean isLoaded = true;
if (inodePath.fullPathExists()) {
inode = inodePath.getInode();
if (inode.isDirectory() && context.getOptions().getLoadMetadataType() != LoadMetadataPType.ALWAYS) {
InodeDirectory inodeDirectory = inode.asDirectory();
isLoaded = inodeDirectory.isDirectChildrenLoaded();
if (context.getOptions().getRecursive()) {
isLoaded = areDescendantsLoaded(inodeDirectory);
}
if (isLoaded) {
// no need to load again.
loadMetadataContext.getOptions().setLoadDescendantType(LoadDescendantPType.NONE);
}
}
} else {
checkLoadMetadataOptions(context.getOptions().getLoadMetadataType(), inodePath.getUri());
}
if (shouldLoadMetadataIfNotExists(inodePath, loadMetadataContext)) {
loadMetadata = true;
run = true;
continue;
}
}
ensureFullPathAndUpdateCache(inodePath);
auditContext.setSrcInode(inodePath.getInode());
MountTable.Resolution resolution;
if (!context.getOptions().hasLoadMetadataOnly() || !context.getOptions().getLoadMetadataOnly()) {
DescendantType descendantTypeForListStatus = (context.getOptions().getRecursive()) ? DescendantType.ALL : DescendantType.ONE;
try {
resolution = mMountTable.resolve(path);
} catch (InvalidPathException e) {
throw new FileDoesNotExistException(e.getMessage(), e);
}
listStatusInternal(context, rpcContext, inodePath, auditContext, descendantTypeForListStatus, resultStream, 0, Metrics.getUfsOpsSavedCounter(resolution.getUfsMountPointUri(), Metrics.UFSOps.GET_FILE_INFO));
if (!ufsAccessed) {
Metrics.getUfsOpsSavedCounter(resolution.getUfsMountPointUri(), Metrics.UFSOps.LIST_STATUS).inc();
}
}
auditContext.setSucceeded(true);
Metrics.FILE_INFOS_GOT.inc();
}
}
}
}
use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class DefaultFileSystemMaster method createFile.
@Override
public FileInfo createFile(AlluxioURI path, CreateFileContext context) throws AccessControlException, InvalidPathException, FileAlreadyExistsException, BlockInfoException, IOException, FileDoesNotExistException {
if (isOperationComplete(context)) {
Metrics.COMPLETED_OPERATION_RETRIED_COUNT.inc();
LOG.warn("A completed \"createFile\" operation has been retried. {}", context);
return getFileInfo(path, GetStatusContext.create(GetStatusPOptions.newBuilder().setCommonOptions(FileSystemMasterCommonPOptions.newBuilder().setSyncIntervalMs(-1)).setLoadMetadataType(LoadMetadataPType.NEVER).setUpdateTimestamps(false)));
}
Metrics.CREATE_FILES_OPS.inc();
try (RpcContext rpcContext = createRpcContext(context);
FileSystemMasterAuditContext auditContext = createAuditContext("createFile", path, null, null)) {
syncMetadata(rpcContext, path, context.getOptions().getCommonOptions(), DescendantType.ONE, auditContext, (inodePath) -> context.getOptions().getRecursive() ? inodePath.getLastExistingInode() : inodePath.getParentInodeOrNull(), (inodePath, permChecker) -> permChecker.checkParentPermission(Mode.Bits.WRITE, inodePath), false);
LockingScheme lockingScheme = createLockingScheme(path, context.getOptions().getCommonOptions(), LockPattern.WRITE_EDGE);
try (LockedInodePath inodePath = mInodeTree.lockInodePath(lockingScheme)) {
auditContext.setSrcInode(inodePath.getParentInodeOrNull());
if (context.getOptions().getRecursive()) {
auditContext.setSrcInode(inodePath.getLastExistingInode());
}
try {
mPermissionChecker.checkParentPermission(Mode.Bits.WRITE, inodePath);
} catch (AccessControlException e) {
auditContext.setAllowed(false);
throw e;
}
mMountTable.checkUnderWritableMountPoint(path);
if (context.isPersisted()) {
// Check if ufs is writable
checkUfsMode(path, OperationType.WRITE);
}
createFileInternal(rpcContext, inodePath, context);
auditContext.setSrcInode(inodePath.getInode()).setSucceeded(true);
cacheOperation(context);
return getFileInfoInternal(inodePath);
}
}
}
use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class DefaultFileSystemMaster method rename.
@Override
public void rename(AlluxioURI srcPath, AlluxioURI dstPath, RenameContext context) throws FileAlreadyExistsException, FileDoesNotExistException, InvalidPathException, IOException, AccessControlException {
if (isOperationComplete(context)) {
Metrics.COMPLETED_OPERATION_RETRIED_COUNT.inc();
LOG.warn("A completed \"rename\" operation has been retried. {}", context);
return;
}
Metrics.RENAME_PATH_OPS.inc();
try (RpcContext rpcContext = createRpcContext(context);
FileSystemMasterAuditContext auditContext = createAuditContext("rename", srcPath, dstPath, null)) {
syncMetadata(rpcContext, srcPath, context.getOptions().getCommonOptions(), DescendantType.ONE, auditContext, LockedInodePath::getParentInodeOrNull, (inodePath, permChecker) -> permChecker.checkParentPermission(Mode.Bits.WRITE, inodePath), false);
syncMetadata(rpcContext, dstPath, context.getOptions().getCommonOptions(), DescendantType.ONE, auditContext, LockedInodePath::getParentInodeOrNull, (inodePath, permChecker) -> permChecker.checkParentPermission(Mode.Bits.WRITE, inodePath), false);
LockingScheme srcLockingScheme = createLockingScheme(srcPath, context.getOptions().getCommonOptions(), LockPattern.WRITE_EDGE);
LockingScheme dstLockingScheme = createLockingScheme(dstPath, context.getOptions().getCommonOptions(), LockPattern.WRITE_EDGE);
try (InodePathPair inodePathPair = mInodeTree.lockInodePathPair(srcLockingScheme.getPath(), srcLockingScheme.getPattern(), dstLockingScheme.getPath(), dstLockingScheme.getPattern())) {
LockedInodePath srcInodePath = inodePathPair.getFirst();
LockedInodePath dstInodePath = inodePathPair.getSecond();
auditContext.setSrcInode(srcInodePath.getParentInodeOrNull());
try {
mPermissionChecker.checkParentPermission(Mode.Bits.WRITE, srcInodePath);
mPermissionChecker.checkParentPermission(Mode.Bits.WRITE, dstInodePath);
} catch (AccessControlException e) {
auditContext.setAllowed(false);
throw e;
}
mMountTable.checkUnderWritableMountPoint(srcPath);
mMountTable.checkUnderWritableMountPoint(dstPath);
renameInternal(rpcContext, srcInodePath, dstInodePath, context);
auditContext.setSrcInode(srcInodePath.getInode()).setSucceeded(true);
cacheOperation(context);
LOG.debug("Renamed {} to {}", srcPath, dstPath);
}
}
}
use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class DefaultFileSystemMaster method mount.
@Override
public void mount(AlluxioURI alluxioPath, AlluxioURI ufsPath, MountContext context) throws FileAlreadyExistsException, FileDoesNotExistException, InvalidPathException, IOException, AccessControlException {
Metrics.MOUNT_OPS.inc();
try (RpcContext rpcContext = createRpcContext(context);
FileSystemMasterAuditContext auditContext = createAuditContext("mount", alluxioPath, null, null)) {
ufsPath = new AlluxioURI(PathUtils.normalizePath(ufsPath.toString(), AlluxioURI.SEPARATOR));
syncMetadata(rpcContext, alluxioPath, context.getOptions().getCommonOptions(), DescendantType.ONE, auditContext, LockedInodePath::getParentInodeOrNull, (inodePath, permChecker) -> permChecker.checkParentPermission(Mode.Bits.WRITE, inodePath), false);
LockingScheme lockingScheme = createLockingScheme(alluxioPath, context.getOptions().getCommonOptions(), LockPattern.WRITE_EDGE);
try (LockedInodePath inodePath = mInodeTree.lockInodePath(lockingScheme)) {
auditContext.setSrcInode(inodePath.getParentInodeOrNull());
try {
mPermissionChecker.checkParentPermission(Mode.Bits.WRITE, inodePath);
} catch (AccessControlException e) {
auditContext.setAllowed(false);
throw e;
}
mMountTable.checkUnderWritableMountPoint(alluxioPath);
mountInternal(rpcContext, inodePath, ufsPath, context);
auditContext.setSucceeded(true);
Metrics.PATHS_MOUNTED.inc();
}
}
}
use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class DefaultFileSystemMaster method delete.
@Override
public void delete(AlluxioURI path, DeleteContext context) throws IOException, FileDoesNotExistException, DirectoryNotEmptyException, InvalidPathException, AccessControlException {
if (isOperationComplete(context)) {
Metrics.COMPLETED_OPERATION_RETRIED_COUNT.inc();
LOG.warn("A completed \"delete\" operation has been retried. {}", context);
return;
}
Metrics.DELETE_PATHS_OPS.inc();
try (RpcContext rpcContext = createRpcContext(context);
FileSystemMasterAuditContext auditContext = createAuditContext("delete", path, null, null)) {
if (context.getOptions().getAlluxioOnly()) {
LOG.debug("alluxio-only deletion on path {} skips metadata sync", path);
} else {
syncMetadata(rpcContext, path, context.getOptions().getCommonOptions(), context.getOptions().getRecursive() ? DescendantType.ALL : DescendantType.ONE, auditContext, LockedInodePath::getInodeOrNull, (inodePath, permChecker) -> permChecker.checkParentPermission(Mode.Bits.WRITE, inodePath), false);
}
LockingScheme lockingScheme = createLockingScheme(path, context.getOptions().getCommonOptions(), LockPattern.WRITE_EDGE);
try (LockedInodePath inodePath = mInodeTree.lockInodePath(lockingScheme)) {
mPermissionChecker.checkParentPermission(Mode.Bits.WRITE, inodePath);
if (context.getOptions().getRecursive()) {
List<String> failedChildren = new ArrayList<>();
try (LockedInodePathList descendants = mInodeTree.getDescendants(inodePath)) {
for (LockedInodePath childPath : descendants) {
try {
mPermissionChecker.checkPermission(Mode.Bits.WRITE, childPath);
if (mMountTable.isMountPoint(childPath.getUri())) {
mMountTable.checkUnderWritableMountPoint(childPath.getUri());
}
} catch (AccessControlException e) {
failedChildren.add(e.getMessage());
}
}
if (failedChildren.size() > 0) {
throw new AccessControlException(ExceptionMessage.DELETE_FAILED_DIR_CHILDREN.getMessage(path, StringUtils.join(failedChildren, ",")));
}
} catch (AccessControlException e) {
auditContext.setAllowed(false);
throw e;
}
}
mMountTable.checkUnderWritableMountPoint(path);
if (!inodePath.fullPathExists()) {
throw new FileDoesNotExistException(ExceptionMessage.PATH_DOES_NOT_EXIST.getMessage(path));
}
deleteInternal(rpcContext, inodePath, context);
auditContext.setSucceeded(true);
cacheOperation(context);
}
}
}
Aggregations