Search in sources :

Example 16 with AccessControlException

use of alluxio.exception.AccessControlException in project alluxio by Alluxio.

the class FileSystemMaster method workerHeartbeat.

/**
   * Instructs a worker to persist the files.
   * <p>
   * Needs {@link Mode.Bits#WRITE} permission on the list of files.
   *
   * @param workerId the id of the worker that heartbeats
   * @param persistedFiles the files that persisted on the worker
   * @return the command for persisting the blocks of a file
   * @throws FileDoesNotExistException if the file does not exist
   * @throws InvalidPathException if the file path corresponding to the file id is invalid
   * @throws AccessControlException if permission checking fails
   */
public FileSystemCommand workerHeartbeat(long workerId, List<Long> persistedFiles) throws FileDoesNotExistException, InvalidPathException, AccessControlException {
    for (long fileId : persistedFiles) {
        try {
            // Permission checking for each file is performed inside setAttribute
            setAttribute(getPath(fileId), SetAttributeOptions.defaults().setPersisted(true));
        } catch (FileDoesNotExistException | AccessControlException | InvalidPathException e) {
            LOG.error("Failed to set file {} as persisted, because {}", fileId, e);
        }
    }
    // get the files for the given worker to persist
    List<PersistFile> filesToPersist = mAsyncPersistHandler.pollFilesToPersist(workerId);
    if (!filesToPersist.isEmpty()) {
        LOG.debug("Sent files {} to worker {} to persist", filesToPersist, workerId);
    }
    FileSystemCommandOptions options = new FileSystemCommandOptions();
    options.setPersistOptions(new PersistCommandOptions(filesToPersist));
    return new FileSystemCommand(CommandType.Persist, options);
}
Also used : FileDoesNotExistException(alluxio.exception.FileDoesNotExistException) PersistFile(alluxio.thrift.PersistFile) AccessControlException(alluxio.exception.AccessControlException) PersistCommandOptions(alluxio.thrift.PersistCommandOptions) FileSystemCommandOptions(alluxio.thrift.FileSystemCommandOptions) FileSystemCommand(alluxio.thrift.FileSystemCommand) InvalidPathException(alluxio.exception.InvalidPathException)

Example 17 with AccessControlException

use of alluxio.exception.AccessControlException in project alluxio by Alluxio.

the class FileSystemMaster method setAttributeInternal.

/**
   * @param inodePath the {@link LockedInodePath} to use
   * @param replayed whether the operation is a result of replaying the journal
   * @param opTimeMs the operation time (in milliseconds)
   * @param options the method options
   * @return list of inodes which were marked as persisted
   * @throws FileDoesNotExistException if the file does not exist
   * @throws InvalidPathException if the file path corresponding to the file id is invalid
   * @throws AccessControlException if failed to set permission
   */
private List<Inode<?>> setAttributeInternal(LockedInodePath inodePath, boolean replayed, long opTimeMs, SetAttributeOptions options) throws FileDoesNotExistException, InvalidPathException, AccessControlException {
    List<Inode<?>> persistedInodes = Collections.emptyList();
    Inode<?> inode = inodePath.getInode();
    if (options.getPinned() != null) {
        mInodeTree.setPinned(inodePath, options.getPinned(), opTimeMs);
        inode.setLastModificationTimeMs(opTimeMs);
    }
    if (options.getTtl() != null) {
        long ttl = options.getTtl();
        if (inode.getTtl() != ttl) {
            mTtlBuckets.remove(inode);
            inode.setTtl(ttl);
            mTtlBuckets.insert(inode);
            inode.setLastModificationTimeMs(opTimeMs);
            inode.setTtlAction(options.getTtlAction());
        }
    }
    if (options.getPersisted() != null) {
        Preconditions.checkArgument(inode.isFile(), PreconditionMessage.PERSIST_ONLY_FOR_FILE);
        Preconditions.checkArgument(((InodeFile) inode).isCompleted(), PreconditionMessage.FILE_TO_PERSIST_MUST_BE_COMPLETE);
        InodeFile file = (InodeFile) inode;
        // TODO(manugoyal) figure out valid behavior in the un-persist case
        Preconditions.checkArgument(options.getPersisted(), PreconditionMessage.ERR_SET_STATE_UNPERSIST);
        if (!file.isPersisted()) {
            file.setPersistenceState(PersistenceState.PERSISTED);
            persistedInodes = propagatePersistedInternal(inodePath, false);
            file.setLastModificationTimeMs(opTimeMs);
            Metrics.FILES_PERSISTED.inc();
        }
    }
    boolean ownerGroupChanged = (options.getOwner() != null) || (options.getGroup() != null);
    boolean modeChanged = (options.getMode() != Constants.INVALID_MODE);
    // If the file is persisted in UFS, also update corresponding owner/group/permission.
    if ((ownerGroupChanged || modeChanged) && !replayed && inode.isPersisted()) {
        if ((inode instanceof InodeFile) && !((InodeFile) inode).isCompleted()) {
            LOG.debug("Alluxio does not propagate chown/chgrp/chmod to UFS for incomplete files.");
        } else {
            MountTable.Resolution resolution = mMountTable.resolve(inodePath.getUri());
            String ufsUri = resolution.getUri().toString();
            if (UnderFileSystemUtils.isObjectStorage(ufsUri)) {
                LOG.warn("setOwner/setMode is not supported to object storage UFS via Alluxio. " + "UFS: " + ufsUri + ". This has no effect on the underlying object.");
            } else {
                UnderFileSystem ufs = resolution.getUfs();
                if (ownerGroupChanged) {
                    try {
                        String owner = options.getOwner() != null ? options.getOwner() : inode.getOwner();
                        String group = options.getGroup() != null ? options.getGroup() : inode.getGroup();
                        ufs.setOwner(ufsUri, owner, group);
                    } catch (IOException e) {
                        throw new AccessControlException("Could not setOwner for UFS file " + ufsUri + " . Aborting the setAttribute operation in Alluxio.", e);
                    }
                }
                if (modeChanged) {
                    try {
                        ufs.setMode(ufsUri, options.getMode());
                    } catch (IOException e) {
                        throw new AccessControlException("Could not setMode for UFS file " + ufsUri + " . Aborting the setAttribute operation in Alluxio.", e);
                    }
                }
            }
        }
    }
    // Only commit the set permission to inode after the propagation to UFS succeeded.
    if (options.getOwner() != null) {
        inode.setOwner(options.getOwner());
    }
    if (options.getGroup() != null) {
        inode.setGroup(options.getGroup());
    }
    if (modeChanged) {
        inode.setMode(options.getMode());
    }
    return persistedInodes;
}
Also used : Inode(alluxio.master.file.meta.Inode) AccessControlException(alluxio.exception.AccessControlException) InodeFile(alluxio.master.file.meta.InodeFile) IOException(java.io.IOException) MountTable(alluxio.master.file.meta.MountTable) UnderFileSystem(alluxio.underfs.UnderFileSystem)

Example 18 with AccessControlException

use of alluxio.exception.AccessControlException in project alluxio by Alluxio.

the class PermissionChecker method checkInodeList.

/**
   * This method provides basic permission checking logic on a list of inodes. The input includes
   * user and its group, requested action and inode list (by traversing the path). Then user,
   * group, and the requested action will be evaluated on each of the inodes. It will return if
   * check passed, and throw exception if check failed.
   *
   * @param user who requests access permission
   * @param groups in which user belongs to
   * @param bits bits that capture the action {@link Mode.Bits} by user
   * @param path the path to check permission on
   * @param inodeList file info list of all the inodes retrieved by traversing the path
   * @param checkIsOwner indicates whether to check the user is the owner of the path
   * @throws AccessControlException if permission checking fails
   */
private void checkInodeList(String user, List<String> groups, Mode.Bits bits, String path, List<Inode<?>> inodeList, boolean checkIsOwner) throws AccessControlException {
    int size = inodeList.size();
    Preconditions.checkArgument(size > 0, PreconditionMessage.EMPTY_FILE_INFO_LIST_FOR_PERMISSION_CHECK);
    // bypass checking permission for super user or super group of Alluxio file system.
    if (isPrivilegedUser(user, groups)) {
        return;
    }
    // traverses from root to the parent dir to all inodes included by this path are executable
    for (int i = 0; i < size - 1; i++) {
        checkInode(user, groups, inodeList.get(i), Mode.Bits.EXECUTE, path);
    }
    Inode inode = inodeList.get(inodeList.size() - 1);
    if (checkIsOwner) {
        if (inode == null || user.equals(inode.getOwner())) {
            return;
        }
        throw new AccessControlException(ExceptionMessage.PERMISSION_DENIED.getMessage("user=" + user + " is not the owner of path=" + path));
    }
    checkInode(user, groups, inode, bits, path);
}
Also used : Inode(alluxio.master.file.meta.Inode) AccessControlException(alluxio.exception.AccessControlException)

Aggregations

AccessControlException (alluxio.exception.AccessControlException)18 AlluxioURI (alluxio.AlluxioURI)11 Test (org.junit.Test)9 FileDoesNotExistException (alluxio.exception.FileDoesNotExistException)5 InvalidPathException (alluxio.exception.InvalidPathException)3 Inode (alluxio.master.file.meta.Inode)3 IOException (java.io.IOException)3 ArrayList (java.util.ArrayList)3 AlluxioException (alluxio.exception.AlluxioException)2 FileInfo (alluxio.wire.FileInfo)2 CreateFileOptions (alluxio.client.file.options.CreateFileOptions)1 FileAlreadyCompletedException (alluxio.exception.FileAlreadyCompletedException)1 FileAlreadyExistsException (alluxio.exception.FileAlreadyExistsException)1 InvalidFileSizeException (alluxio.exception.InvalidFileSizeException)1 UnexpectedAlluxioException (alluxio.exception.UnexpectedAlluxioException)1 InodeFile (alluxio.master.file.meta.InodeFile)1 LockedInodePath (alluxio.master.file.meta.LockedInodePath)1 MountTable (alluxio.master.file.meta.MountTable)1 MountInfo (alluxio.master.file.meta.options.MountInfo)1 MountOptions (alluxio.master.file.options.MountOptions)1