Examples with AccessControlList alluxio.security.authorization.AccessControlList used on opensource projects

Example 1 with AccessControlList

use of alluxio.security.authorization.AccessControlList in project alluxio by Alluxio.

the class SupportedHdfsAclProvider method getAcl.

@Override
public Pair<AccessControlList, DefaultAccessControlList> getAcl(FileSystem hdfs, String path) throws IOException {
    AclStatus hdfsAcl;
    Path filePath = new Path(path);
    boolean isDir = hdfs.isDirectory(filePath);
    try {
        hdfsAcl = hdfs.getAclStatus(filePath);
    } catch (AclException e) {
        // When dfs.namenode.acls.enabled is false, getAclStatus throws AclException.
        return new Pair<>(null, null);
    }
    AccessControlList acl = new AccessControlList();
    DefaultAccessControlList defaultAcl = new DefaultAccessControlList();
    acl.setOwningUser(hdfsAcl.getOwner().intern());
    acl.setOwningGroup(hdfsAcl.getGroup().intern());
    defaultAcl.setOwningUser(hdfsAcl.getOwner());
    defaultAcl.setOwningGroup(hdfsAcl.getGroup());
    for (AclEntry entry : hdfsAcl.getEntries()) {
        alluxio.security.authorization.AclEntry.Builder builder = new alluxio.security.authorization.AclEntry.Builder();
        builder.setType(getAclEntryType(entry));
        builder.setSubject(entry.getName() == null ? "" : entry.getName());
        FsAction permission = entry.getPermission();
        if (permission.implies(FsAction.READ)) {
            builder.addAction(AclAction.READ);
        } else if (permission.implies(FsAction.WRITE)) {
            builder.addAction(AclAction.WRITE);
        } else if (permission.implies(FsAction.EXECUTE)) {
            builder.addAction(AclAction.EXECUTE);
        }
        if (entry.getScope().equals(AclEntryScope.ACCESS)) {
            acl.setEntry(builder.build());
        } else {
            // default ACL, must be a directory
            defaultAcl.setEntry(builder.build());
        }
    }
    if (isDir) {
        return new Pair<>(acl, defaultAcl);
    } else {
        // a null defaultACL indicates this is a file
        return new Pair<>(acl, null);
    }
}

Example 2 with AccessControlList

use of alluxio.security.authorization.AccessControlList in project alluxio by Alluxio.

the class ProtoUtils method fromProto.

/**
 * @param acl the protobuf representation
 * @return {@link AccessControlList}
 */
public static AccessControlList fromProto(Acl.AccessControlList acl) {
    AccessControlList ret;
    if (acl.hasIsDefault() && acl.getIsDefault()) {
        ret = new DefaultAccessControlList();
    } else {
        ret = new AccessControlList();
    }
    ret.setOwningUser(acl.getOwningUser().intern());
    ret.setOwningGroup(acl.getOwningGroup().intern());
    if (acl.getIsEmpty()) {
        return ret;
    }
    // true if there are any extended entries (named user or named group)
    boolean hasExtended = false;
    for (Acl.NamedAclActions namedActions : acl.getUserActionsList()) {
        String name = namedActions.getName();
        AclActions actions = fromProto(namedActions.getActions());
        AclEntry entry;
        if (name.equals(AccessControlList.OWNING_USER_KEY)) {
            entry = new AclEntry.Builder().setType(AclEntryType.OWNING_USER).setSubject(acl.getOwningUser()).setActions(actions).build();
        } else {
            hasExtended = true;
            entry = new AclEntry.Builder().setType(AclEntryType.NAMED_USER).setSubject(name).setActions(actions).build();
        }
        ret.setEntry(entry);
    }
    for (Acl.NamedAclActions namedActions : acl.getGroupActionsList()) {
        String name = namedActions.getName();
        AclActions actions = fromProto(namedActions.getActions());
        AclEntry entry;
        if (name.equals(AccessControlList.OWNING_GROUP_KEY)) {
            entry = new AclEntry.Builder().setType(AclEntryType.OWNING_GROUP).setSubject(acl.getOwningGroup()).setActions(actions).build();
        } else {
            hasExtended = true;
            entry = new AclEntry.Builder().setType(AclEntryType.NAMED_GROUP).setSubject(name).setActions(actions).build();
        }
        ret.setEntry(entry);
    }
    if (hasExtended) {
        // Only set the mask if there are any extended acl entries.
        AclActions actions = fromProto(acl.getMaskActions());
        AclEntry entry = new AclEntry.Builder().setType(AclEntryType.MASK).setActions(actions).build();
        ret.setEntry(entry);
    }
    AclActions actions = fromProto(acl.getOtherActions());
    AclEntry entry = new AclEntry.Builder().setType(AclEntryType.OTHER).setActions(actions).build();
    ret.setEntry(entry);
    return ret;
}

Example 3 with AccessControlList

use of alluxio.security.authorization.AccessControlList in project alluxio by Alluxio.

the class ProtoUtils method toProto.

/**
 * @param acl {@link AccessControlList}
 * @return protobuf representation
 */
public static Acl.AccessControlList toProto(AccessControlList acl) {
    Acl.AccessControlList.Builder builder = Acl.AccessControlList.newBuilder();
    builder.setOwningUser(acl.getOwningUser());
    builder.setOwningGroup(acl.getOwningGroup());
    // base entries
    builder.addUserActions(Acl.NamedAclActions.newBuilder().setName(AccessControlList.OWNING_USER_KEY).setActions(toProto(acl.getOwningUserActions())).build());
    builder.addGroupActions(Acl.NamedAclActions.newBuilder().setName(AccessControlList.OWNING_GROUP_KEY).setActions(toProto(acl.getOwningGroupActions())).build());
    builder.setOtherActions(toProto(acl.getOtherActions()));
    if (acl.getExtendedEntries() != null) {
        builder.addAllUserActions(getNamedUsersProto(acl.getExtendedEntries()));
        builder.addAllGroupActions(getNamedGroupsProto(acl.getExtendedEntries()));
        builder.setMaskActions(toProto(acl.getExtendedEntries().getMask()));
    }
    if (acl instanceof DefaultAccessControlList) {
        DefaultAccessControlList defaultAcl = (DefaultAccessControlList) acl;
        builder.setIsDefault(true);
        builder.setIsEmpty(defaultAcl.isEmpty());
    } else {
        builder.setIsDefault(false);
        // non default acl is always not empty
        builder.setIsEmpty(false);
    }
    return builder.build();
}

Example 4 with AccessControlList

use of alluxio.security.authorization.AccessControlList in project alluxio by Alluxio.

the class FileInfoTest method createRandom.

public static FileInfo createRandom() {
    FileInfo result = new FileInfo();
    Random random = new Random();
    long fileId = random.nextLong();
    String name = CommonUtils.randomAlphaNumString(random.nextInt(10));
    String path = CommonUtils.randomAlphaNumString(random.nextInt(10));
    String ufsPath = CommonUtils.randomAlphaNumString(random.nextInt(10));
    long mountId = random.nextLong();
    long length = random.nextLong();
    long blockSizeBytes = random.nextLong();
    long creationTimeMs = random.nextLong();
    boolean completed = random.nextBoolean();
    boolean folder = random.nextBoolean();
    boolean pinned = random.nextBoolean();
    boolean cacheable = random.nextBoolean();
    boolean persisted = random.nextBoolean();
    List<Long> blockIds = new ArrayList<>();
    long numBlockIds = random.nextInt(10);
    for (int i = 0; i < numBlockIds; i++) {
        blockIds.add(random.nextLong());
    }
    int inMemoryPercentage = random.nextInt();
    int inAlluxioPercentage = random.nextInt();
    long lastModificationTimeMs = random.nextLong();
    long lastAccessTimeMs = random.nextLong();
    long ttl = random.nextLong();
    String userName = CommonUtils.randomAlphaNumString(random.nextInt(10));
    String groupName = CommonUtils.randomAlphaNumString(random.nextInt(10));
    int permission = random.nextInt();
    String persistenceState = CommonUtils.randomAlphaNumString(random.nextInt(10));
    boolean mountPoint = random.nextBoolean();
    List<FileBlockInfo> fileBlocksInfos = new ArrayList<>();
    long numFileBlockInfos = random.nextInt(10);
    for (int i = 0; i < numFileBlockInfos; i++) {
        fileBlocksInfos.add(FileBlockInfoTest.createRandom());
    }
    int replicationMax = random.nextInt(10);
    int replicationMin = random.nextInt(10);
    Map<String, byte[]> xttrs = new HashMap<>();
    for (int i = 0; i < random.nextInt(10); i++) {
        xttrs.put(CommonUtils.randomAlphaNumString(random.nextInt(10)), CommonUtils.randomBytes(random.nextInt(10)));
    }
    result.setBlockIds(blockIds);
    result.setBlockSizeBytes(blockSizeBytes);
    result.setCacheable(cacheable);
    result.setCompleted(completed);
    result.setCreationTimeMs(creationTimeMs);
    result.setFileBlockInfos(fileBlocksInfos);
    result.setFileId(fileId);
    result.setFolder(folder);
    result.setGroup(groupName);
    result.setInMemoryPercentage(inMemoryPercentage);
    result.setLastModificationTimeMs(lastModificationTimeMs);
    result.setLastAccessTimeMs(lastAccessTimeMs);
    result.setLength(length);
    result.setMode(permission);
    result.setMountPoint(mountPoint);
    result.setReplicationMax(replicationMax);
    result.setReplicationMin(replicationMin);
    result.setName(name);
    result.setOwner(userName);
    result.setPath(path);
    result.setPersisted(persisted);
    result.setPersistenceState(persistenceState);
    result.setPinned(pinned);
    result.setTtl(ttl);
    result.setTtlAction(TtlAction.DELETE);
    result.setMountId(mountId);
    result.setUfsPath(ufsPath);
    result.setInAlluxioPercentage(inAlluxioPercentage);
    List<String> stringEntries = Arrays.asList("user::rw-", "group::r--", "other::rwx");
    AccessControlList acl = AccessControlList.fromStringEntries(userName, groupName, stringEntries);
    result.setAcl(acl);
    List<String> defaultStringEntries = Arrays.asList("default:user::rw-", "default:group::r--", "default:other::rwx");
    result.setDefaultAcl((DefaultAccessControlList) AccessControlList.fromStringEntries(userName, groupName, defaultStringEntries));
    result.setXAttr(xttrs);
    return result;
}

Example 5 with AccessControlList

use of alluxio.security.authorization.AccessControlList in project alluxio by Alluxio.

the class MutableInodeDirectory method fromJournalEntry.

/**
 * Converts the entry to an {@link MutableInodeDirectory}.
 *
 * @param entry the entry to convert
 * @return the {@link MutableInodeDirectory} representation
 */
public static MutableInodeDirectory fromJournalEntry(InodeDirectoryEntry entry) {
    // If journal entry has no mode set, set default mode for backwards-compatibility.
    MutableInodeDirectory ret = new MutableInodeDirectory(entry.getId()).setCreationTimeMs(entry.getCreationTimeMs()).setName(entry.getName()).setParentId(entry.getParentId()).setPersistenceState(PersistenceState.valueOf(entry.getPersistenceState())).setPinned(entry.getPinned()).setLastModificationTimeMs(entry.getLastModificationTimeMs(), true).setLastAccessTimeMs(entry.hasLastAccessTimeMs() ? entry.getLastAccessTimeMs() : entry.getLastModificationTimeMs(), true).setMountPoint(entry.getMountPoint()).setTtl(entry.getTtl()).setTtlAction(ProtobufUtils.fromProtobuf(entry.getTtlAction())).setDirectChildrenLoaded(entry.getDirectChildrenLoaded());
    if (entry.hasAcl()) {
        ret.mAcl = ProtoUtils.fromProto(entry.getAcl());
    } else {
        // Backward compatibility.
        AccessControlList acl = new AccessControlList();
        acl.setOwningUser(entry.getOwner().intern());
        acl.setOwningGroup(entry.getGroup().intern());
        short mode = entry.hasMode() ? (short) entry.getMode() : Constants.DEFAULT_FILE_SYSTEM_MODE;
        acl.setMode(mode);
        ret.mAcl = acl;
    }
    if (entry.hasDefaultAcl()) {
        ret.mDefaultAcl = (DefaultAccessControlList) ProtoUtils.fromProto(entry.getDefaultAcl());
    } else {
        ret.mDefaultAcl = new DefaultAccessControlList();
    }
    ret.setMediumTypes(new HashSet<>(entry.getMediumTypeList()));
    if (entry.getXAttrCount() > 0) {
        ret.setXAttr(CommonUtils.convertFromByteString(entry.getXAttrMap()));
    }
    return ret;
}