Examples with AclEntry alluxio.security.authorization.AclEntry used on opensource projects

Example 1 with AclEntry

use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.

the class ProtoUtils method fromProto.

/**
 * @param acl the protobuf representation
 * @return {@link AccessControlList}
 */
public static AccessControlList fromProto(Acl.AccessControlList acl) {
    AccessControlList ret;
    if (acl.hasIsDefault() && acl.getIsDefault()) {
        ret = new DefaultAccessControlList();
    } else {
        ret = new AccessControlList();
    }
    ret.setOwningUser(acl.getOwningUser().intern());
    ret.setOwningGroup(acl.getOwningGroup().intern());
    if (acl.getIsEmpty()) {
        return ret;
    }
    // true if there are any extended entries (named user or named group)
    boolean hasExtended = false;
    for (Acl.NamedAclActions namedActions : acl.getUserActionsList()) {
        String name = namedActions.getName();
        AclActions actions = fromProto(namedActions.getActions());
        AclEntry entry;
        if (name.equals(AccessControlList.OWNING_USER_KEY)) {
            entry = new AclEntry.Builder().setType(AclEntryType.OWNING_USER).setSubject(acl.getOwningUser()).setActions(actions).build();
        } else {
            hasExtended = true;
            entry = new AclEntry.Builder().setType(AclEntryType.NAMED_USER).setSubject(name).setActions(actions).build();
        }
        ret.setEntry(entry);
    }
    for (Acl.NamedAclActions namedActions : acl.getGroupActionsList()) {
        String name = namedActions.getName();
        AclActions actions = fromProto(namedActions.getActions());
        AclEntry entry;
        if (name.equals(AccessControlList.OWNING_GROUP_KEY)) {
            entry = new AclEntry.Builder().setType(AclEntryType.OWNING_GROUP).setSubject(acl.getOwningGroup()).setActions(actions).build();
        } else {
            hasExtended = true;
            entry = new AclEntry.Builder().setType(AclEntryType.NAMED_GROUP).setSubject(name).setActions(actions).build();
        }
        ret.setEntry(entry);
    }
    if (hasExtended) {
        // Only set the mask if there are any extended acl entries.
        AclActions actions = fromProto(acl.getMaskActions());
        AclEntry entry = new AclEntry.Builder().setType(AclEntryType.MASK).setActions(actions).build();
        ret.setEntry(entry);
    }
    AclActions actions = fromProto(acl.getOtherActions());
    AclEntry entry = new AclEntry.Builder().setType(AclEntryType.OTHER).setActions(actions).build();
    ret.setEntry(entry);
    return ret;
}

Example 2 with AclEntry

use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.

the class ProtoUtils method toProto.

/**
 * @param aclEntry the acl entry
 * @return the proto representation of instance
 */
public static Acl.AclEntry toProto(AclEntry aclEntry) {
    Acl.AclEntry.Builder builder = Acl.AclEntry.newBuilder();
    builder.setType(toProto(aclEntry.getType()));
    builder.setSubject(aclEntry.getSubject());
    builder.setIsDefault(aclEntry.isDefault());
    for (AclAction action : aclEntry.getActions().getActions()) {
        builder.addActions(toProto(action));
    }
    return builder.build();
}

Example 3 with AclEntry

use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.

the class DefaultFileSystemMaster method setUfsAcl.

private void setUfsAcl(LockedInodePath inodePath) throws InvalidPathException, AccessControlException {
    Inode inode = inodePath.getInodeOrNull();
    checkUfsMode(inodePath.getUri(), OperationType.WRITE);
    MountTable.Resolution resolution = mMountTable.resolve(inodePath.getUri());
    String ufsUri = resolution.getUri().toString();
    try (CloseableResource<UnderFileSystem> ufsResource = resolution.acquireUfsResource()) {
        UnderFileSystem ufs = ufsResource.get();
        if (ufs.isObjectStorage()) {
            LOG.warn("SetACL is not supported to object storage UFS via Alluxio. " + "UFS: " + ufsUri + ". This has no effect on the underlying object.");
        } else {
            try {
                List<AclEntry> entries = new ArrayList<>(inode.getACL().getEntries());
                if (inode.isDirectory()) {
                    entries.addAll(inode.asDirectory().getDefaultACL().getEntries());
                }
                ufs.setAclEntries(ufsUri, entries);
            } catch (IOException e) {
                throw new AccessControlException("Could not setAcl for UFS file: " + ufsUri);
            }
        }
    }
}

Example 4 with AclEntry

use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.

the class GrpcUtils method toProto.

/**
 * @param acl the access control list to convert
 * @return the proto representation of this object
 */
public static PAcl toProto(AccessControlList acl) {
    PAcl.Builder pAcl = PAcl.newBuilder();
    pAcl.setOwner(acl.getOwningUser());
    pAcl.setOwningGroup(acl.getOwningGroup());
    pAcl.setMode(acl.getMode());
    if (acl.hasExtended()) {
        for (AclEntry entry : acl.getExtendedEntries().getEntries()) {
            pAcl.addEntries(toProto(entry));
        }
    }
    pAcl.setIsDefault(false);
    return pAcl.build();
}

Example 5 with AclEntry

use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.

the class MutableInode method removeAcl.

/**
 * Removes ACL entries.
 *
 * @param entries the ACL entries to remove
 * @return the updated object
 */
public T removeAcl(List<AclEntry> entries) {
    for (AclEntry entry : entries) {
        if (entry.isDefault()) {
            AccessControlList defaultAcl = getDefaultACL();
            defaultAcl.removeEntry(entry);
        } else {
            mAcl.removeEntry(entry);
        }
    }
    updateMask(entries);
    return getThis();
}