Examples with AclEntry alluxio.security.authorization.AclEntry used on opensource projects

Example 16 with AclEntry

use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.

the class FileSystemMasterTest method setAclNestedWithoutOwner.

@Test
public void setAclNestedWithoutOwner() throws Exception {
    createFileWithSingleBlock(NESTED_FILE_URI);
    mFileSystemMaster.setAttribute(NESTED_URI, SetAttributeContext.mergeFrom(SetAttributePOptions.newBuilder().setMode(new Mode((short) 0777).toProto()).setOwner("userA")));
    Set<String> entries = Sets.newHashSet(mFileSystemMaster.getFileInfo(NESTED_FILE_URI, GET_STATUS_CONTEXT).convertAclToStringEntries());
    assertEquals(3, entries.size());
    // recursive setAcl should fail if one of the child is not owned by the user
    mThrown.expect(AccessControlException.class);
    try (AuthenticatedClientUserResource userA = new AuthenticatedClientUserResource("userA", ServerConfiguration.global())) {
        Set<String> newEntries = Sets.newHashSet("user::rwx", "group::rwx", "other::rwx");
        mFileSystemMaster.setAcl(NESTED_URI, SetAclAction.REPLACE, newEntries.stream().map(AclEntry::fromCliString).collect(Collectors.toList()), SetAclContext.mergeFrom(SetAclPOptions.newBuilder().setRecursive(true)));
        entries = Sets.newHashSet(mFileSystemMaster.getFileInfo(NESTED_FILE_URI, GET_STATUS_CONTEXT).convertAclToStringEntries());
        assertEquals(newEntries, entries);
    }
}

Example 17 with AclEntry

use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.

the class PersistDefinition method runTask.

@Override
public SerializableVoid runTask(PersistConfig config, SerializableVoid args, RunTaskContext context) throws Exception {
    AlluxioURI uri = new AlluxioURI(config.getFilePath());
    String ufsPath = config.getUfsPath();
    // check if the file is persisted in UFS and delete it, if we are overwriting it
    UfsManager.UfsClient ufsClient = context.getUfsManager().get(config.getMountId());
    try (CloseableResource<UnderFileSystem> ufsResource = ufsClient.acquireUfsResource()) {
        UnderFileSystem ufs = ufsResource.get();
        if (ufs == null) {
            throw new IOException("Failed to create UFS instance for " + ufsPath);
        }
        if (ufs.exists(ufsPath)) {
            if (config.isOverwrite()) {
                LOG.info("File {} is already persisted in UFS. Removing it.", config.getFilePath());
                ufs.deleteExistingFile(ufsPath);
            } else {
                throw new IOException("File " + config.getFilePath() + " is already persisted in UFS, to overwrite the file, please set the overwrite flag" + " in the config.");
            }
        }
        URIStatus uriStatus = context.getFileSystem().getStatus(uri);
        if (!uriStatus.isCompleted()) {
            throw new IOException("Cannot persist an incomplete Alluxio file: " + uri);
        }
        long bytesWritten;
        try (Closer closer = Closer.create()) {
            OpenFilePOptions options = OpenFilePOptions.newBuilder().setReadType(ReadPType.NO_CACHE).setUpdateLastAccessTime(false).build();
            FileInStream in = closer.register(context.getFileSystem().openFile(uri, options));
            AlluxioURI dstPath = new AlluxioURI(ufsPath);
            // Create ancestor directories from top to the bottom. We cannot use recursive create
            // parents here because the permission for the ancestors can be different.
            Stack<Pair<String, String>> ancestorUfsAndAlluxioPaths = new Stack<>();
            AlluxioURI curAlluxioPath = uri.getParent();
            AlluxioURI curUfsPath = dstPath.getParent();
            // exist.
            while (!ufs.isDirectory(curUfsPath.toString()) && curAlluxioPath != null) {
                ancestorUfsAndAlluxioPaths.push(new Pair<>(curUfsPath.toString(), curAlluxioPath.toString()));
                curAlluxioPath = curAlluxioPath.getParent();
                curUfsPath = curUfsPath.getParent();
            }
            while (!ancestorUfsAndAlluxioPaths.empty()) {
                Pair<String, String> ancestorUfsAndAlluxioPath = ancestorUfsAndAlluxioPaths.pop();
                String ancestorUfsPath = ancestorUfsAndAlluxioPath.getFirst();
                String ancestorAlluxioPath = ancestorUfsAndAlluxioPath.getSecond();
                URIStatus status = context.getFileSystem().getStatus(new AlluxioURI(ancestorAlluxioPath));
                MkdirsOptions mkdirOptions = MkdirsOptions.defaults(ServerConfiguration.global()).setCreateParent(false).setOwner(status.getOwner()).setGroup(status.getGroup()).setMode(new Mode((short) status.getMode()));
                // and assume the directory is already prepared, regardless of permission matching.
                if (ufs.mkdirs(ancestorUfsPath, mkdirOptions)) {
                    List<AclEntry> allAcls = Stream.concat(status.getDefaultAcl().getEntries().stream(), status.getAcl().getEntries().stream()).collect(Collectors.toList());
                    ufs.setAclEntries(ancestorUfsPath, allAcls);
                } else if (!ufs.isDirectory(ancestorUfsPath)) {
                    throw new IOException("Failed to create " + ufsPath + " with permission " + options.toString() + " because its ancestor " + ancestorUfsPath + " is not a directory");
                }
            }
            OutputStream out = closer.register(ufs.createNonexistingFile(dstPath.toString(), CreateOptions.defaults(ServerConfiguration.global()).setOwner(uriStatus.getOwner()).setGroup(uriStatus.getGroup()).setMode(new Mode((short) uriStatus.getMode()))));
            URIStatus status = context.getFileSystem().getStatus(uri);
            List<AclEntry> allAcls = Stream.concat(status.getDefaultAcl().getEntries().stream(), status.getAcl().getEntries().stream()).collect(Collectors.toList());
            ufs.setAclEntries(dstPath.toString(), allAcls);
            bytesWritten = IOUtils.copyLarge(in, out, new byte[8 * Constants.MB]);
            incrementPersistedMetric(ufsClient.getUfsMountPointUri(), bytesWritten);
        }
        LOG.info("Persisted file {} with size {}", ufsPath, bytesWritten);
    }
    return null;
}

Example 18 with AclEntry

use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.

the class DelegatingFileSystemTest method setAcl.

@Test
public void setAcl() throws Exception {
    FileSystem fileSystem = new DelegatingFileSystem(mMockFileSystem);
    AlluxioURI alluxioPath = new AlluxioURI("/t");
    List<AclEntry> entries = Arrays.asList(AclEntry.fromCliString("user:nameduser:rwx"));
    SetAclPOptions setAclPOptions = SetAclPOptions.newBuilder().setCommonOptions(FileSystemMasterCommonPOptions.newBuilder().setTtl(5L).build()).setRecursive(true).build();
    fileSystem.setAcl(alluxioPath, SetAclAction.MODIFY, entries, setAclPOptions);
    Mockito.verify(mMockFileSystem, atLeastOnce()).setAcl(eq(alluxioPath), eq(SetAclAction.MODIFY), eq(entries), eq(setAclPOptions));
}

Example 19 with AclEntry

use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.

the class MutableInode method updateMask.

/**
 * Update Mask for the Inode.
 * This method should be called after updates to ACL and defaultACL.
 *
 * @param entries the list of ACL entries
 * @return the updated object
 */
public T updateMask(List<AclEntry> entries) {
    boolean needToUpdateACL = false;
    boolean needToUpdateDefaultACL = false;
    for (AclEntry entry : entries) {
        if (entry.getType().equals(AclEntryType.NAMED_USER) || entry.getType().equals(AclEntryType.NAMED_GROUP) || entry.getType().equals(AclEntryType.OWNING_GROUP)) {
            if (entry.isDefault()) {
                needToUpdateDefaultACL = true;
            } else {
                needToUpdateACL = true;
            }
        }
        if (entry.getType().equals(AclEntryType.MASK)) {
            // If mask is explicitly set or removed then we don't need to update the mask
            return getThis();
        }
    }
    if (needToUpdateACL) {
        mAcl.updateMask();
    }
    if (needToUpdateDefaultACL) {
        getDefaultACL().updateMask();
    }
    return getThis();
}

Example 20 with AclEntry

use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.

the class InodeTreePersistentState method applySetAcl.

private void applySetAcl(SetAclEntry entry) {
    MutableInode<?> inode = mInodeStore.getMutable(entry.getId()).get();
    List<AclEntry> entries = StreamUtils.map(ProtoUtils::fromProto, entry.getEntriesList());
    switch(entry.getAction()) {
        case REPLACE:
            // fully replace the acl for the path
            inode.replaceAcl(entries);
            break;
        case MODIFY:
            inode.setAcl(entries);
            break;
        case REMOVE:
            inode.removeAcl(entries);
            break;
        case REMOVE_ALL:
            inode.removeExtendedAcl();
            break;
        case REMOVE_DEFAULT:
            inode.setDefaultACL(new DefaultAccessControlList(inode.getACL()));
            break;
        default:
            LOG.warn("Unrecognized acl action: " + entry.getAction());
    }
    mInodeStore.writeInode(inode);
}