Example 21 with AclEntry
use of alluxio.security.authorization.AclEntry in project alluxio by Alluxio.
the class DefaultFileSystemMaster method setAclSingleInode.
private void setAclSingleInode(RpcContext rpcContext, SetAclAction action, LockedInodePath inodePath, List<AclEntry> entries, boolean replay, long opTimeMs) throws IOException, FileDoesNotExistException {
Preconditions.checkState(inodePath.getLockPattern().isWrite());
Inode inode = inodePath.getInode();
// Check that we are not removing an extended mask.
if (action == SetAclAction.REMOVE) {
for (AclEntry entry : entries) {
if ((entry.isDefault() && inode.getDefaultACL().hasExtended()) || (!entry.isDefault() && inode.getACL().hasExtended())) {
if (entry.getType() == AclEntryType.MASK) {
throw new InvalidArgumentException("Deleting the mask for an extended ACL is not allowed. entry: " + entry);
}
}
}
}
// Check that we are not setting default ACL to a file
if (inode.isFile()) {
for (AclEntry entry : entries) {
if (entry.isDefault()) {
throw new UnsupportedOperationException("Can not set default ACL for a file");
}
}
}
mInodeTree.setAcl(rpcContext, SetAclEntry.newBuilder().setId(inode.getId()).setOpTimeMs(opTimeMs).setAction(ProtoUtils.toProto(action)).addAllEntries(entries.stream().map(ProtoUtils::toProto).collect(Collectors.toList())).build());
try {
if (!replay && inode.isPersisted()) {
setUfsAcl(inodePath);
}
} catch (InvalidPathException | AccessControlException e) {
LOG.warn("Setting ufs ACL failed for path: {}", inodePath.getUri(), e);
// TODO(david): revert the acl and default acl to the initial state if writing to ufs failed.
}
}
Also used :
Inode(alluxio.master.file.meta.Inode)
InvalidArgumentException(alluxio.exception.status.InvalidArgumentException)
AclEntry(alluxio.security.authorization.AclEntry)
SetAclEntry(alluxio.proto.journal.File.SetAclEntry)
ProtoUtils(alluxio.util.proto.ProtoUtils)
AccessControlException(alluxio.exception.AccessControlException)
InvalidPathException(alluxio.exception.InvalidPathException)
Aggregations
AclEntry (alluxio.security.authorization.AclEntry)21
Test (org.junit.Test)11
CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)8
Mode (alluxio.security.authorization.Mode)5
AlluxioURI (alluxio.AlluxioURI)4
SetAclContext (alluxio.master.file.contexts.SetAclContext)4
IOException (java.io.IOException)4
ArrayList (java.util.ArrayList)4
SetAclEntry (alluxio.proto.journal.File.SetAclEntry)3
DefaultAccessControlList (alluxio.security.authorization.DefaultAccessControlList)3
AuthenticatedClientUserResource (alluxio.AuthenticatedClientUserResource)2
FileSystemShell (alluxio.cli.fs.FileSystemShell)2
AbstractFileSystemShellTest (alluxio.client.cli.fs.AbstractFileSystemShellTest)2
FileSystemShellUtilsTest (alluxio.client.cli.fs.FileSystemShellUtilsTest)2
InstancedConfiguration (alluxio.conf.InstancedConfiguration)2
AccessControlException (alluxio.exception.AccessControlException)2
SetAclAction (alluxio.grpc.SetAclAction)2
SetAclPOptions (alluxio.grpc.SetAclPOptions)2
Inode (alluxio.master.file.meta.Inode)2
AccessControlList (alluxio.security.authorization.AccessControlList)2
