use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class FileSystemMaster method workerHeartbeat.
/**
* Instructs a worker to persist the files.
* <p>
* Needs {@link Mode.Bits#WRITE} permission on the list of files.
*
* @param workerId the id of the worker that heartbeats
* @param persistedFiles the files that persisted on the worker
* @return the command for persisting the blocks of a file
* @throws FileDoesNotExistException if the file does not exist
* @throws InvalidPathException if the file path corresponding to the file id is invalid
* @throws AccessControlException if permission checking fails
*/
public FileSystemCommand workerHeartbeat(long workerId, List<Long> persistedFiles) throws FileDoesNotExistException, InvalidPathException, AccessControlException {
for (long fileId : persistedFiles) {
try {
// Permission checking for each file is performed inside setAttribute
setAttribute(getPath(fileId), SetAttributeOptions.defaults().setPersisted(true));
} catch (FileDoesNotExistException | AccessControlException | InvalidPathException e) {
LOG.error("Failed to set file {} as persisted, because {}", fileId, e);
}
}
// get the files for the given worker to persist
List<PersistFile> filesToPersist = mAsyncPersistHandler.pollFilesToPersist(workerId);
if (!filesToPersist.isEmpty()) {
LOG.debug("Sent files {} to worker {} to persist", filesToPersist, workerId);
}
FileSystemCommandOptions options = new FileSystemCommandOptions();
options.setPersistOptions(new PersistCommandOptions(filesToPersist));
return new FileSystemCommand(CommandType.Persist, options);
}
use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class FileSystemMaster method setAttributeInternal.
/**
* @param inodePath the {@link LockedInodePath} to use
* @param replayed whether the operation is a result of replaying the journal
* @param opTimeMs the operation time (in milliseconds)
* @param options the method options
* @return list of inodes which were marked as persisted
* @throws FileDoesNotExistException if the file does not exist
* @throws InvalidPathException if the file path corresponding to the file id is invalid
* @throws AccessControlException if failed to set permission
*/
private List<Inode<?>> setAttributeInternal(LockedInodePath inodePath, boolean replayed, long opTimeMs, SetAttributeOptions options) throws FileDoesNotExistException, InvalidPathException, AccessControlException {
List<Inode<?>> persistedInodes = Collections.emptyList();
Inode<?> inode = inodePath.getInode();
if (options.getPinned() != null) {
mInodeTree.setPinned(inodePath, options.getPinned(), opTimeMs);
inode.setLastModificationTimeMs(opTimeMs);
}
if (options.getTtl() != null) {
long ttl = options.getTtl();
if (inode.getTtl() != ttl) {
mTtlBuckets.remove(inode);
inode.setTtl(ttl);
mTtlBuckets.insert(inode);
inode.setLastModificationTimeMs(opTimeMs);
inode.setTtlAction(options.getTtlAction());
}
}
if (options.getPersisted() != null) {
Preconditions.checkArgument(inode.isFile(), PreconditionMessage.PERSIST_ONLY_FOR_FILE);
Preconditions.checkArgument(((InodeFile) inode).isCompleted(), PreconditionMessage.FILE_TO_PERSIST_MUST_BE_COMPLETE);
InodeFile file = (InodeFile) inode;
// TODO(manugoyal) figure out valid behavior in the un-persist case
Preconditions.checkArgument(options.getPersisted(), PreconditionMessage.ERR_SET_STATE_UNPERSIST);
if (!file.isPersisted()) {
file.setPersistenceState(PersistenceState.PERSISTED);
persistedInodes = propagatePersistedInternal(inodePath, false);
file.setLastModificationTimeMs(opTimeMs);
Metrics.FILES_PERSISTED.inc();
}
}
boolean ownerGroupChanged = (options.getOwner() != null) || (options.getGroup() != null);
boolean modeChanged = (options.getMode() != Constants.INVALID_MODE);
// If the file is persisted in UFS, also update corresponding owner/group/permission.
if ((ownerGroupChanged || modeChanged) && !replayed && inode.isPersisted()) {
if ((inode instanceof InodeFile) && !((InodeFile) inode).isCompleted()) {
LOG.debug("Alluxio does not propagate chown/chgrp/chmod to UFS for incomplete files.");
} else {
MountTable.Resolution resolution = mMountTable.resolve(inodePath.getUri());
String ufsUri = resolution.getUri().toString();
if (UnderFileSystemUtils.isObjectStorage(ufsUri)) {
LOG.warn("setOwner/setMode is not supported to object storage UFS via Alluxio. " + "UFS: " + ufsUri + ". This has no effect on the underlying object.");
} else {
UnderFileSystem ufs = resolution.getUfs();
if (ownerGroupChanged) {
try {
String owner = options.getOwner() != null ? options.getOwner() : inode.getOwner();
String group = options.getGroup() != null ? options.getGroup() : inode.getGroup();
ufs.setOwner(ufsUri, owner, group);
} catch (IOException e) {
throw new AccessControlException("Could not setOwner for UFS file " + ufsUri + " . Aborting the setAttribute operation in Alluxio.", e);
}
}
if (modeChanged) {
try {
ufs.setMode(ufsUri, options.getMode());
} catch (IOException e) {
throw new AccessControlException("Could not setMode for UFS file " + ufsUri + " . Aborting the setAttribute operation in Alluxio.", e);
}
}
}
}
}
// Only commit the set permission to inode after the propagation to UFS succeeded.
if (options.getOwner() != null) {
inode.setOwner(options.getOwner());
}
if (options.getGroup() != null) {
inode.setGroup(options.getGroup());
}
if (modeChanged) {
inode.setMode(options.getMode());
}
return persistedInodes;
}
use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class PermissionChecker method checkInodeList.
/**
* This method provides basic permission checking logic on a list of inodes. The input includes
* user and its group, requested action and inode list (by traversing the path). Then user,
* group, and the requested action will be evaluated on each of the inodes. It will return if
* check passed, and throw exception if check failed.
*
* @param user who requests access permission
* @param groups in which user belongs to
* @param bits bits that capture the action {@link Mode.Bits} by user
* @param path the path to check permission on
* @param inodeList file info list of all the inodes retrieved by traversing the path
* @param checkIsOwner indicates whether to check the user is the owner of the path
* @throws AccessControlException if permission checking fails
*/
private void checkInodeList(String user, List<String> groups, Mode.Bits bits, String path, List<Inode<?>> inodeList, boolean checkIsOwner) throws AccessControlException {
int size = inodeList.size();
Preconditions.checkArgument(size > 0, PreconditionMessage.EMPTY_FILE_INFO_LIST_FOR_PERMISSION_CHECK);
// bypass checking permission for super user or super group of Alluxio file system.
if (isPrivilegedUser(user, groups)) {
return;
}
// traverses from root to the parent dir to all inodes included by this path are executable
for (int i = 0; i < size - 1; i++) {
checkInode(user, groups, inodeList.get(i), Mode.Bits.EXECUTE, path);
}
Inode inode = inodeList.get(inodeList.size() - 1);
if (checkIsOwner) {
if (inode == null || user.equals(inode.getOwner())) {
return;
}
throw new AccessControlException(ExceptionMessage.PERMISSION_DENIED.getMessage("user=" + user + " is not the owner of path=" + path));
}
checkInode(user, groups, inode, bits, path);
}
Aggregations