Search in sources :

Example 36 with AccessControlException

use of alluxio.exception.AccessControlException in project alluxio by Alluxio.

the class FileSystemMaster method processJournalEntry.

@Override
public void processJournalEntry(JournalEntry entry) throws IOException {
    if (entry.hasInodeFile()) {
        mInodeTree.addInodeFileFromJournal(entry.getInodeFile());
        // Add the file to TTL buckets, the insert automatically rejects files w/ Constants.NO_TTL
        InodeFileEntry inodeFileEntry = entry.getInodeFile();
        if (inodeFileEntry.hasTtl()) {
            mTtlBuckets.insert(InodeFile.fromJournalEntry(inodeFileEntry));
        }
    } else if (entry.hasInodeDirectory()) {
        try {
            // Add the directory to TTL buckets, the insert automatically rejects directory
            // w/ Constants.NO_TTL
            InodeDirectoryEntry inodeDirectoryEntry = entry.getInodeDirectory();
            if (inodeDirectoryEntry.hasTtl()) {
                mTtlBuckets.insert(InodeDirectory.fromJournalEntry(inodeDirectoryEntry));
            }
            mInodeTree.addInodeDirectoryFromJournal(entry.getInodeDirectory());
        } catch (AccessControlException e) {
            throw new RuntimeException(e);
        }
    } else if (entry.hasInodeLastModificationTime()) {
        InodeLastModificationTimeEntry modTimeEntry = entry.getInodeLastModificationTime();
        try (LockedInodePath inodePath = mInodeTree.lockFullInodePath(modTimeEntry.getId(), InodeTree.LockMode.WRITE)) {
            inodePath.getInode().setLastModificationTimeMs(modTimeEntry.getLastModificationTimeMs(), true);
        } catch (FileDoesNotExistException e) {
            throw new RuntimeException(e);
        }
    } else if (entry.hasPersistDirectory()) {
        PersistDirectoryEntry typedEntry = entry.getPersistDirectory();
        try (LockedInodePath inodePath = mInodeTree.lockFullInodePath(typedEntry.getId(), InodeTree.LockMode.WRITE)) {
            inodePath.getInode().setPersistenceState(PersistenceState.PERSISTED);
        } catch (FileDoesNotExistException e) {
            throw new RuntimeException(e);
        }
    } else if (entry.hasCompleteFile()) {
        try {
            completeFileFromEntry(entry.getCompleteFile());
        } catch (InvalidPathException | InvalidFileSizeException | FileAlreadyCompletedException e) {
            throw new RuntimeException(e);
        }
    } else if (entry.hasSetAttribute()) {
        try {
            setAttributeFromEntry(entry.getSetAttribute());
        } catch (AccessControlException | FileDoesNotExistException | InvalidPathException e) {
            throw new RuntimeException(e);
        }
    } else if (entry.hasDeleteFile()) {
        deleteFromEntry(entry.getDeleteFile());
    } else if (entry.hasRename()) {
        renameFromEntry(entry.getRename());
    } else if (entry.hasInodeDirectoryIdGenerator()) {
        mDirectoryIdGenerator.initFromJournalEntry(entry.getInodeDirectoryIdGenerator());
    } else if (entry.hasReinitializeFile()) {
        resetBlockFileFromEntry(entry.getReinitializeFile());
    } else if (entry.hasAddMountPoint()) {
        try {
            mountFromEntry(entry.getAddMountPoint());
        } catch (FileAlreadyExistsException | InvalidPathException e) {
            throw new RuntimeException(e);
        }
    } else if (entry.hasDeleteMountPoint()) {
        try {
            unmountFromEntry(entry.getDeleteMountPoint());
        } catch (InvalidPathException e) {
            throw new RuntimeException(e);
        }
    } else if (entry.hasAsyncPersistRequest()) {
        try {
            long fileId = (entry.getAsyncPersistRequest()).getFileId();
            try (LockedInodePath inodePath = mInodeTree.lockFullInodePath(fileId, InodeTree.LockMode.WRITE)) {
                scheduleAsyncPersistenceInternal(inodePath);
            }
            // NOTE: persistence is asynchronous so there is no guarantee the path will still exist
            mAsyncPersistHandler.scheduleAsyncPersistence(getPath(fileId));
        } catch (AlluxioException e) {
            // It's possible that rescheduling the async persist calls fails, because the blocks may no
            // longer be in the memory
            LOG.error(e.getMessage());
        }
    } else {
        throw new IOException(ExceptionMessage.UNEXPECTED_JOURNAL_ENTRY.getMessage(entry));
    }
}
Also used : FileDoesNotExistException(alluxio.exception.FileDoesNotExistException) FileAlreadyExistsException(alluxio.exception.FileAlreadyExistsException) InodeFileEntry(alluxio.proto.journal.File.InodeFileEntry) AccessControlException(alluxio.exception.AccessControlException) IOException(java.io.IOException) InodeLastModificationTimeEntry(alluxio.proto.journal.File.InodeLastModificationTimeEntry) PersistDirectoryEntry(alluxio.proto.journal.File.PersistDirectoryEntry) InvalidPathException(alluxio.exception.InvalidPathException) LockedInodePath(alluxio.master.file.meta.LockedInodePath) InodeDirectoryEntry(alluxio.proto.journal.File.InodeDirectoryEntry) InvalidFileSizeException(alluxio.exception.InvalidFileSizeException) FileAlreadyCompletedException(alluxio.exception.FileAlreadyCompletedException) AlluxioException(alluxio.exception.AlluxioException) UnexpectedAlluxioException(alluxio.exception.UnexpectedAlluxioException)

Example 37 with AccessControlException

use of alluxio.exception.AccessControlException in project alluxio by Alluxio.

the class FileSystemMaster method workerHeartbeat.

/**
   * Instructs a worker to persist the files.
   * <p>
   * Needs {@link Mode.Bits#WRITE} permission on the list of files.
   *
   * @param workerId the id of the worker that heartbeats
   * @param persistedFiles the files that persisted on the worker
   * @return the command for persisting the blocks of a file
   * @throws FileDoesNotExistException if the file does not exist
   * @throws InvalidPathException if the file path corresponding to the file id is invalid
   * @throws AccessControlException if permission checking fails
   */
public FileSystemCommand workerHeartbeat(long workerId, List<Long> persistedFiles) throws FileDoesNotExistException, InvalidPathException, AccessControlException {
    for (long fileId : persistedFiles) {
        try {
            // Permission checking for each file is performed inside setAttribute
            setAttribute(getPath(fileId), SetAttributeOptions.defaults().setPersisted(true));
        } catch (FileDoesNotExistException | AccessControlException | InvalidPathException e) {
            LOG.error("Failed to set file {} as persisted, because {}", fileId, e);
        }
    }
    // get the files for the given worker to persist
    List<PersistFile> filesToPersist = mAsyncPersistHandler.pollFilesToPersist(workerId);
    if (!filesToPersist.isEmpty()) {
        LOG.debug("Sent files {} to worker {} to persist", filesToPersist, workerId);
    }
    FileSystemCommandOptions options = new FileSystemCommandOptions();
    options.setPersistOptions(new PersistCommandOptions(filesToPersist));
    return new FileSystemCommand(CommandType.Persist, options);
}
Also used : FileDoesNotExistException(alluxio.exception.FileDoesNotExistException) PersistFile(alluxio.thrift.PersistFile) AccessControlException(alluxio.exception.AccessControlException) PersistCommandOptions(alluxio.thrift.PersistCommandOptions) FileSystemCommandOptions(alluxio.thrift.FileSystemCommandOptions) FileSystemCommand(alluxio.thrift.FileSystemCommand) InvalidPathException(alluxio.exception.InvalidPathException)

Example 38 with AccessControlException

use of alluxio.exception.AccessControlException in project alluxio by Alluxio.

the class FileSystemMaster method setAttributeInternal.

/**
   * @param inodePath the {@link LockedInodePath} to use
   * @param replayed whether the operation is a result of replaying the journal
   * @param opTimeMs the operation time (in milliseconds)
   * @param options the method options
   * @return list of inodes which were marked as persisted
   * @throws FileDoesNotExistException if the file does not exist
   * @throws InvalidPathException if the file path corresponding to the file id is invalid
   * @throws AccessControlException if failed to set permission
   */
private List<Inode<?>> setAttributeInternal(LockedInodePath inodePath, boolean replayed, long opTimeMs, SetAttributeOptions options) throws FileDoesNotExistException, InvalidPathException, AccessControlException {
    List<Inode<?>> persistedInodes = Collections.emptyList();
    Inode<?> inode = inodePath.getInode();
    if (options.getPinned() != null) {
        mInodeTree.setPinned(inodePath, options.getPinned(), opTimeMs);
        inode.setLastModificationTimeMs(opTimeMs);
    }
    if (options.getTtl() != null) {
        long ttl = options.getTtl();
        if (inode.getTtl() != ttl) {
            mTtlBuckets.remove(inode);
            inode.setTtl(ttl);
            mTtlBuckets.insert(inode);
            inode.setLastModificationTimeMs(opTimeMs);
            inode.setTtlAction(options.getTtlAction());
        }
    }
    if (options.getPersisted() != null) {
        Preconditions.checkArgument(inode.isFile(), PreconditionMessage.PERSIST_ONLY_FOR_FILE);
        Preconditions.checkArgument(((InodeFile) inode).isCompleted(), PreconditionMessage.FILE_TO_PERSIST_MUST_BE_COMPLETE);
        InodeFile file = (InodeFile) inode;
        // TODO(manugoyal) figure out valid behavior in the un-persist case
        Preconditions.checkArgument(options.getPersisted(), PreconditionMessage.ERR_SET_STATE_UNPERSIST);
        if (!file.isPersisted()) {
            file.setPersistenceState(PersistenceState.PERSISTED);
            persistedInodes = propagatePersistedInternal(inodePath, false);
            file.setLastModificationTimeMs(opTimeMs);
            Metrics.FILES_PERSISTED.inc();
        }
    }
    boolean ownerGroupChanged = (options.getOwner() != null) || (options.getGroup() != null);
    boolean modeChanged = (options.getMode() != Constants.INVALID_MODE);
    // If the file is persisted in UFS, also update corresponding owner/group/permission.
    if ((ownerGroupChanged || modeChanged) && !replayed && inode.isPersisted()) {
        if ((inode instanceof InodeFile) && !((InodeFile) inode).isCompleted()) {
            LOG.debug("Alluxio does not propagate chown/chgrp/chmod to UFS for incomplete files.");
        } else {
            MountTable.Resolution resolution = mMountTable.resolve(inodePath.getUri());
            String ufsUri = resolution.getUri().toString();
            if (UnderFileSystemUtils.isObjectStorage(ufsUri)) {
                LOG.warn("setOwner/setMode is not supported to object storage UFS via Alluxio. " + "UFS: " + ufsUri + ". This has no effect on the underlying object.");
            } else {
                UnderFileSystem ufs = resolution.getUfs();
                if (ownerGroupChanged) {
                    try {
                        String owner = options.getOwner() != null ? options.getOwner() : inode.getOwner();
                        String group = options.getGroup() != null ? options.getGroup() : inode.getGroup();
                        ufs.setOwner(ufsUri, owner, group);
                    } catch (IOException e) {
                        throw new AccessControlException("Could not setOwner for UFS file " + ufsUri + " . Aborting the setAttribute operation in Alluxio.", e);
                    }
                }
                if (modeChanged) {
                    try {
                        ufs.setMode(ufsUri, options.getMode());
                    } catch (IOException e) {
                        throw new AccessControlException("Could not setMode for UFS file " + ufsUri + " . Aborting the setAttribute operation in Alluxio.", e);
                    }
                }
            }
        }
    }
    // Only commit the set permission to inode after the propagation to UFS succeeded.
    if (options.getOwner() != null) {
        inode.setOwner(options.getOwner());
    }
    if (options.getGroup() != null) {
        inode.setGroup(options.getGroup());
    }
    if (modeChanged) {
        inode.setMode(options.getMode());
    }
    return persistedInodes;
}
Also used : Inode(alluxio.master.file.meta.Inode) AccessControlException(alluxio.exception.AccessControlException) InodeFile(alluxio.master.file.meta.InodeFile) IOException(java.io.IOException) MountTable(alluxio.master.file.meta.MountTable) UnderFileSystem(alluxio.underfs.UnderFileSystem)

Example 39 with AccessControlException

use of alluxio.exception.AccessControlException in project alluxio by Alluxio.

the class PermissionChecker method checkInodeList.

/**
   * This method provides basic permission checking logic on a list of inodes. The input includes
   * user and its group, requested action and inode list (by traversing the path). Then user,
   * group, and the requested action will be evaluated on each of the inodes. It will return if
   * check passed, and throw exception if check failed.
   *
   * @param user who requests access permission
   * @param groups in which user belongs to
   * @param bits bits that capture the action {@link Mode.Bits} by user
   * @param path the path to check permission on
   * @param inodeList file info list of all the inodes retrieved by traversing the path
   * @param checkIsOwner indicates whether to check the user is the owner of the path
   * @throws AccessControlException if permission checking fails
   */
private void checkInodeList(String user, List<String> groups, Mode.Bits bits, String path, List<Inode<?>> inodeList, boolean checkIsOwner) throws AccessControlException {
    int size = inodeList.size();
    Preconditions.checkArgument(size > 0, PreconditionMessage.EMPTY_FILE_INFO_LIST_FOR_PERMISSION_CHECK);
    // bypass checking permission for super user or super group of Alluxio file system.
    if (isPrivilegedUser(user, groups)) {
        return;
    }
    // traverses from root to the parent dir to all inodes included by this path are executable
    for (int i = 0; i < size - 1; i++) {
        checkInode(user, groups, inodeList.get(i), Mode.Bits.EXECUTE, path);
    }
    Inode inode = inodeList.get(inodeList.size() - 1);
    if (checkIsOwner) {
        if (inode == null || user.equals(inode.getOwner())) {
            return;
        }
        throw new AccessControlException(ExceptionMessage.PERMISSION_DENIED.getMessage("user=" + user + " is not the owner of path=" + path));
    }
    checkInode(user, groups, inode, bits, path);
}
Also used : Inode(alluxio.master.file.meta.Inode) AccessControlException(alluxio.exception.AccessControlException)

Example 40 with AccessControlException

use of alluxio.exception.AccessControlException in project alluxio by Alluxio.

the class PersistenceTest method waitUntilPersisted.

private void waitUntilPersisted(final AlluxioURI testFile) throws Exception {
    // Persistence completion is asynchronous, so waiting is necessary.
    CommonUtils.waitFor("async persistence is completed for file", () -> {
        try {
            FileInfo fileInfo = mFileSystemMaster.getFileInfo(testFile, GET_STATUS_CONTEXT);
            return fileInfo.getPersistenceState().equals(PersistenceState.PERSISTED.toString());
        } catch (FileDoesNotExistException | InvalidPathException | AccessControlException | IOException e) {
            return false;
        }
    }, WaitForOptions.defaults().setTimeoutMs(30000));
    FileInfo fileInfo = mFileSystemMaster.getFileInfo(testFile, GET_STATUS_CONTEXT);
    Map<Long, PersistJob> persistJobs = getPersistJobs();
    Assert.assertEquals(0, getPersistRequests().size());
    // We update the file info before removing the persist job, so we must wait here.
    CommonUtils.waitFor("persist jobs list to be empty", () -> persistJobs.isEmpty(), WaitForOptions.defaults().setTimeoutMs(5 * Constants.SECOND_MS));
    Assert.assertEquals(PersistenceState.PERSISTED.toString(), fileInfo.getPersistenceState());
    Assert.assertNotEquals(Constants.INVALID_UFS_FINGERPRINT, fileInfo.getUfsFingerprint());
}
Also used : FileDoesNotExistException(alluxio.exception.FileDoesNotExistException) FileInfo(alluxio.wire.FileInfo) AccessControlException(alluxio.exception.AccessControlException) IOException(java.io.IOException) InvalidPathException(alluxio.exception.InvalidPathException)

Aggregations

AccessControlException (alluxio.exception.AccessControlException)64 AlluxioURI (alluxio.AlluxioURI)29 LockedInodePath (alluxio.master.file.meta.LockedInodePath)21 Test (org.junit.Test)21 FileDoesNotExistException (alluxio.exception.FileDoesNotExistException)16 LockingScheme (alluxio.master.file.meta.LockingScheme)15 InvalidPathException (alluxio.exception.InvalidPathException)12 BaseIntegrationTest (alluxio.testutils.BaseIntegrationTest)11 IOException (java.io.IOException)11 ArrayList (java.util.ArrayList)10 Inode (alluxio.master.file.meta.Inode)9 MountTable (alluxio.master.file.meta.MountTable)7 FileInfo (alluxio.wire.FileInfo)7 AlluxioException (alluxio.exception.AlluxioException)4 LockedInodePathList (alluxio.master.file.meta.LockedInodePathList)4 Mode (alluxio.security.authorization.Mode)4 UnderFileSystem (alluxio.underfs.UnderFileSystem)4 FileBlockInfo (alluxio.wire.FileBlockInfo)4 DescendantType (alluxio.file.options.DescendantType)3 FileSystemMasterCommonPOptions (alluxio.grpc.FileSystemMasterCommonPOptions)3