Search in sources :

Example 1 with AclEntry

use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.

the class ProtoUtils method fromProto.

/**
 * @param acl the protobuf representation
 * @return {@link AccessControlList}
 */
public static AccessControlList fromProto(Acl.AccessControlList acl) {
    AccessControlList ret;
    if (acl.hasIsDefault() && acl.getIsDefault()) {
        ret = new DefaultAccessControlList();
    } else {
        ret = new AccessControlList();
    }
    ret.setOwningUser(acl.getOwningUser().intern());
    ret.setOwningGroup(acl.getOwningGroup().intern());
    if (acl.getIsEmpty()) {
        return ret;
    }
    // true if there are any extended entries (named user or named group)
    boolean hasExtended = false;
    for (Acl.NamedAclActions namedActions : acl.getUserActionsList()) {
        String name = namedActions.getName();
        AclActions actions = fromProto(namedActions.getActions());
        AclEntry entry;
        if (name.equals(AccessControlList.OWNING_USER_KEY)) {
            entry = new AclEntry.Builder().setType(AclEntryType.OWNING_USER).setSubject(acl.getOwningUser()).setActions(actions).build();
        } else {
            hasExtended = true;
            entry = new AclEntry.Builder().setType(AclEntryType.NAMED_USER).setSubject(name).setActions(actions).build();
        }
        ret.setEntry(entry);
    }
    for (Acl.NamedAclActions namedActions : acl.getGroupActionsList()) {
        String name = namedActions.getName();
        AclActions actions = fromProto(namedActions.getActions());
        AclEntry entry;
        if (name.equals(AccessControlList.OWNING_GROUP_KEY)) {
            entry = new AclEntry.Builder().setType(AclEntryType.OWNING_GROUP).setSubject(acl.getOwningGroup()).setActions(actions).build();
        } else {
            hasExtended = true;
            entry = new AclEntry.Builder().setType(AclEntryType.NAMED_GROUP).setSubject(name).setActions(actions).build();
        }
        ret.setEntry(entry);
    }
    if (hasExtended) {
        // Only set the mask if there are any extended acl entries.
        AclActions actions = fromProto(acl.getMaskActions());
        AclEntry entry = new AclEntry.Builder().setType(AclEntryType.MASK).setActions(actions).build();
        ret.setEntry(entry);
    }
    AclActions actions = fromProto(acl.getOtherActions());
    AclEntry entry = new AclEntry.Builder().setType(AclEntryType.OTHER).setActions(actions).build();
    ret.setEntry(entry);
    return ret;
}
Also used : DefaultAccessControlList(alluxio.security.authorization.DefaultAccessControlList) AccessControlList(alluxio.security.authorization.AccessControlList) DefaultAccessControlList(alluxio.security.authorization.DefaultAccessControlList) AclActions(alluxio.security.authorization.AclActions) AclEntry(alluxio.security.authorization.AclEntry) Acl(alluxio.proto.shared.Acl)

Example 2 with AclEntry

use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.

the class ProtoUtils method toProto.

/**
 * @param aclEntry the acl entry
 * @return the proto representation of instance
 */
public static Acl.AclEntry toProto(AclEntry aclEntry) {
    Acl.AclEntry.Builder builder = Acl.AclEntry.newBuilder();
    builder.setType(toProto(aclEntry.getType()));
    builder.setSubject(aclEntry.getSubject());
    builder.setIsDefault(aclEntry.isDefault());
    for (AclAction action : aclEntry.getActions().getActions()) {
        builder.addActions(toProto(action));
    }
    return builder.build();
}
Also used : AclEntry(alluxio.security.authorization.AclEntry) SetAclAction(alluxio.grpc.SetAclAction) AclAction(alluxio.security.authorization.AclAction)

Example 3 with AclEntry

use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.

the class DefaultFileSystemMaster method setUfsAcl.

private void setUfsAcl(LockedInodePath inodePath) throws InvalidPathException, AccessControlException {
    Inode inode = inodePath.getInodeOrNull();
    checkUfsMode(inodePath.getUri(), OperationType.WRITE);
    MountTable.Resolution resolution = mMountTable.resolve(inodePath.getUri());
    String ufsUri = resolution.getUri().toString();
    try (CloseableResource<UnderFileSystem> ufsResource = resolution.acquireUfsResource()) {
        UnderFileSystem ufs = ufsResource.get();
        if (ufs.isObjectStorage()) {
            LOG.warn("SetACL is not supported to object storage UFS via Alluxio. " + "UFS: " + ufsUri + ". This has no effect on the underlying object.");
        } else {
            try {
                List<AclEntry> entries = new ArrayList<>(inode.getACL().getEntries());
                if (inode.isDirectory()) {
                    entries.addAll(inode.asDirectory().getDefaultACL().getEntries());
                }
                ufs.setAclEntries(ufsUri, entries);
            } catch (IOException e) {
                throw new AccessControlException("Could not setAcl for UFS file: " + ufsUri);
            }
        }
    }
}
Also used : Inode(alluxio.master.file.meta.Inode) AclEntry(alluxio.security.authorization.AclEntry) SetAclEntry(alluxio.proto.journal.File.SetAclEntry) ArrayList(java.util.ArrayList) AccessControlException(alluxio.exception.AccessControlException) IOException(java.io.IOException) MountTable(alluxio.master.file.meta.MountTable) UnderFileSystem(alluxio.underfs.UnderFileSystem)

Example 4 with AclEntry

use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.

the class GrpcUtils method toProto.

/**
 * @param acl the access control list to convert
 * @return the proto representation of this object
 */
public static PAcl toProto(AccessControlList acl) {
    PAcl.Builder pAcl = PAcl.newBuilder();
    pAcl.setOwner(acl.getOwningUser());
    pAcl.setOwningGroup(acl.getOwningGroup());
    pAcl.setMode(acl.getMode());
    if (acl.hasExtended()) {
        for (AclEntry entry : acl.getExtendedEntries().getEntries()) {
            pAcl.addEntries(toProto(entry));
        }
    }
    pAcl.setIsDefault(false);
    return pAcl.build();
}
Also used : AclEntry(alluxio.security.authorization.AclEntry)

Example 5 with AclEntry

use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.

the class MutableInode method removeAcl.

/**
 * Removes ACL entries.
 *
 * @param entries the ACL entries to remove
 * @return the updated object
 */
public T removeAcl(List<AclEntry> entries) {
    for (AclEntry entry : entries) {
        if (entry.isDefault()) {
            AccessControlList defaultAcl = getDefaultACL();
            defaultAcl.removeEntry(entry);
        } else {
            mAcl.removeEntry(entry);
        }
    }
    updateMask(entries);
    return getThis();
}
Also used : DefaultAccessControlList(alluxio.security.authorization.DefaultAccessControlList) AccessControlList(alluxio.security.authorization.AccessControlList) AclEntry(alluxio.security.authorization.AclEntry)

Aggregations

AclEntry (alluxio.security.authorization.AclEntry)21 Test (org.junit.Test)11 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)8 Mode (alluxio.security.authorization.Mode)5 AlluxioURI (alluxio.AlluxioURI)4 SetAclContext (alluxio.master.file.contexts.SetAclContext)4 IOException (java.io.IOException)4 ArrayList (java.util.ArrayList)4 SetAclEntry (alluxio.proto.journal.File.SetAclEntry)3 DefaultAccessControlList (alluxio.security.authorization.DefaultAccessControlList)3 AuthenticatedClientUserResource (alluxio.AuthenticatedClientUserResource)2 FileSystemShell (alluxio.cli.fs.FileSystemShell)2 AbstractFileSystemShellTest (alluxio.client.cli.fs.AbstractFileSystemShellTest)2 FileSystemShellUtilsTest (alluxio.client.cli.fs.FileSystemShellUtilsTest)2 InstancedConfiguration (alluxio.conf.InstancedConfiguration)2 AccessControlException (alluxio.exception.AccessControlException)2 SetAclAction (alluxio.grpc.SetAclAction)2 SetAclPOptions (alluxio.grpc.SetAclPOptions)2 Inode (alluxio.master.file.meta.Inode)2 AccessControlList (alluxio.security.authorization.AccessControlList)2