use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class PermissionChecker method getPermissionInternal.
/**
* Gets the permission to access an inode path given a user and its groups.
*
* @param user the user
* @param groups the groups this user belongs to
* @param path the inode path
* @param inodeList the list of inodes in the path
* @return the permission
*/
private Mode.Bits getPermissionInternal(String user, List<String> groups, String path, List<Inode<?>> inodeList) {
int size = inodeList.size();
Preconditions.checkArgument(size > 0, PreconditionMessage.EMPTY_FILE_INFO_LIST_FOR_PERMISSION_CHECK);
// bypass checking permission for super user or super group of Alluxio file system.
if (isPrivilegedUser(user, groups)) {
return Mode.Bits.ALL;
}
// traverses from root to the parent dir to all inodes included by this path are executable
for (int i = 0; i < size - 1; i++) {
try {
checkInode(user, groups, inodeList.get(i), Mode.Bits.EXECUTE, path);
} catch (AccessControlException e) {
return Mode.Bits.NONE;
}
}
Inode inode = inodeList.get(inodeList.size() - 1);
if (inode == null) {
return Mode.Bits.NONE;
}
Mode.Bits mode = Mode.Bits.NONE;
short permission = inode.getMode();
if (user.equals(inode.getOwner())) {
mode = mode.or(Mode.extractOwnerBits(permission));
}
if (groups.contains(inode.getGroup())) {
mode = mode.or(Mode.extractGroupBits(permission));
}
mode = mode.or(Mode.extractOtherBits(permission));
return mode;
}
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class InodeTree method createPath.
/**
* Creates a file or directory at path.
*
* @param inodePath the path
* @param options method options
* @return a {@link CreatePathResult} representing the modified inodes and created inodes during
* path creation
* @throws FileAlreadyExistsException when there is already a file at path if we want to create a
* directory there
* @throws BlockInfoException when blockSizeBytes is invalid
* @throws InvalidPathException when path is invalid, for example, (1) when there is nonexistent
* necessary parent directories and recursive is false, (2) when one of the necessary
* parent directories is actually a file
* @throws IOException if creating the path fails
* @throws FileDoesNotExistException if the parent of the path does not exist and the recursive
* option is false
*/
public CreatePathResult createPath(LockedInodePath inodePath, CreatePathOptions<?> options) throws FileAlreadyExistsException, BlockInfoException, InvalidPathException, IOException, FileDoesNotExistException {
AlluxioURI path = inodePath.getUri();
if (path.isRoot()) {
String errorMessage = ExceptionMessage.FILE_ALREADY_EXISTS.getMessage(path);
LOG.error(errorMessage);
throw new FileAlreadyExistsException(errorMessage);
}
if (options instanceof CreateFileOptions) {
CreateFileOptions fileOptions = (CreateFileOptions) options;
if (fileOptions.getBlockSizeBytes() < 1) {
throw new BlockInfoException("Invalid block size " + fileOptions.getBlockSizeBytes());
}
}
if (!(inodePath instanceof MutableLockedInodePath)) {
throw new InvalidPathException(ExceptionMessage.NOT_MUTABLE_INODE_PATH.getMessage(inodePath.getUri()));
}
LOG.debug("createPath {}", path);
TraversalResult traversalResult = traverseToInode(inodePath, LockMode.WRITE_PARENT);
InodeLockList lockList = traversalResult.getInodeLockList();
MutableLockedInodePath extensibleInodePath = (MutableLockedInodePath) inodePath;
String[] pathComponents = extensibleInodePath.getPathComponents();
String name = path.getName();
// pathIndex is the index into pathComponents where we start filling in the path from the inode.
int pathIndex = extensibleInodePath.getInodes().size();
if (pathIndex < pathComponents.length - 1) {
// Otherwise we add the remaining path components to the list of components to create.
if (!options.isRecursive()) {
final String msg = new StringBuilder().append("File ").append(path).append(" creation failed. Component ").append(pathIndex).append("(").append(pathComponents[pathIndex]).append(") does not exist").toString();
LOG.error("FileDoesNotExistException: {}", msg);
throw new FileDoesNotExistException(msg);
}
}
// The ancestor inode (parent or ancestor) of the target path.
Inode<?> ancestorInode = extensibleInodePath.getAncestorInode();
if (!ancestorInode.isDirectory()) {
throw new InvalidPathException("Could not traverse to parent directory of path " + path + ". Component " + pathComponents[pathIndex - 1] + " is not a directory.");
}
InodeDirectory currentInodeDirectory = (InodeDirectory) ancestorInode;
List<Inode<?>> createdInodes = new ArrayList<>();
List<Inode<?>> modifiedInodes = new ArrayList<>();
// These are inodes that already exist, that should be journaled as persisted.
List<Inode<?>> existingNonPersisted = new ArrayList<>();
// These are inodes to mark as persisted at the end of this method.
List<Inode<?>> toPersistDirectories = new ArrayList<>();
if (options.isPersisted()) {
// Directory persistence will not happen until the end of this method.
toPersistDirectories.addAll(traversalResult.getNonPersisted());
existingNonPersisted.addAll(traversalResult.getNonPersisted());
}
if (pathIndex < (pathComponents.length - 1) || currentInodeDirectory.getChild(name) == null) {
// (1) There are components in parent paths that need to be created. Or
// (2) The last component of the path needs to be created.
// In these two cases, the last traversed Inode will be modified.
modifiedInodes.add(currentInodeDirectory);
}
// TODO(gpang): We may not have to lock the newly created inodes if the last inode is write
// locked. This could improve performance. Further investigation is needed.
// Fill in the ancestor directories that were missing.
// NOTE, we set the mode of missing ancestor directories to be the default value, rather
// than inheriting the option of the final file to create, because it may not have
// "execute" permission.
CreateDirectoryOptions missingDirOptions = CreateDirectoryOptions.defaults().setMountPoint(false).setPersisted(options.isPersisted()).setOwner(options.getOwner()).setGroup(options.getGroup());
for (int k = pathIndex; k < (pathComponents.length - 1); k++) {
InodeDirectory dir = InodeDirectory.create(mDirectoryIdGenerator.getNewDirectoryId(), currentInodeDirectory.getId(), pathComponents[k], missingDirOptions);
// Lock the newly created inode before subsequent operations, and add it to the lock group.
lockList.lockWriteAndCheckNameAndParent(dir, currentInodeDirectory, pathComponents[k]);
dir.setPinned(currentInodeDirectory.isPinned());
currentInodeDirectory.addChild(dir);
currentInodeDirectory.setLastModificationTimeMs(options.getOperationTimeMs());
if (options.isPersisted()) {
toPersistDirectories.add(dir);
}
createdInodes.add(dir);
mInodes.add(dir);
currentInodeDirectory = dir;
}
// Create the final path component. First we need to make sure that there isn't already a file
// here with that name. If there is an existing file that is a directory and we're creating a
// directory, update persistence property of the directories if needed, otherwise, throw
// FileAlreadyExistsException unless options.allowExists is true.
Inode<?> lastInode = currentInodeDirectory.getChild(name);
if (lastInode != null) {
// Lock the last inode before subsequent operations, and add it to the lock group.
lockList.lockWriteAndCheckNameAndParent(lastInode, currentInodeDirectory, name);
if (lastInode.isDirectory() && options instanceof CreateDirectoryOptions && !lastInode.isPersisted() && options.isPersisted()) {
// The final path component already exists and is not persisted, so it should be added
// to the non-persisted Inodes of traversalResult.
existingNonPersisted.add(lastInode);
toPersistDirectories.add(lastInode);
} else if (!lastInode.isDirectory() || !(options instanceof CreateDirectoryOptions && ((CreateDirectoryOptions) options).isAllowExists())) {
String errorMessage = ExceptionMessage.FILE_ALREADY_EXISTS.getMessage(path);
LOG.error(errorMessage);
throw new FileAlreadyExistsException(errorMessage);
}
} else {
if (options instanceof CreateDirectoryOptions) {
CreateDirectoryOptions directoryOptions = (CreateDirectoryOptions) options;
lastInode = InodeDirectory.create(mDirectoryIdGenerator.getNewDirectoryId(), currentInodeDirectory.getId(), name, directoryOptions);
// Lock the created inode before subsequent operations, and add it to the lock group.
lockList.lockWriteAndCheckNameAndParent(lastInode, currentInodeDirectory, name);
if (directoryOptions.isPersisted()) {
toPersistDirectories.add(lastInode);
}
lastInode.setPinned(currentInodeDirectory.isPinned());
} else if (options instanceof CreateFileOptions) {
CreateFileOptions fileOptions = (CreateFileOptions) options;
lastInode = InodeFile.create(mContainerIdGenerator.getNewContainerId(), currentInodeDirectory.getId(), name, System.currentTimeMillis(), fileOptions);
// Lock the created inode before subsequent operations, and add it to the lock group.
lockList.lockWriteAndCheckNameAndParent(lastInode, currentInodeDirectory, name);
if (currentInodeDirectory.isPinned()) {
// Update set of pinned file ids.
mPinnedInodeFileIds.add(lastInode.getId());
}
lastInode.setPinned(currentInodeDirectory.isPinned());
}
createdInodes.add(lastInode);
mInodes.add(lastInode);
currentInodeDirectory.addChild(lastInode);
currentInodeDirectory.setLastModificationTimeMs(options.getOperationTimeMs());
}
// we mark it as persisted.
for (Inode<?> inode : toPersistDirectories) {
MountTable.Resolution resolution = mMountTable.resolve(getPath(inode));
String ufsUri = resolution.getUri().toString();
UnderFileSystem ufs = resolution.getUfs();
MkdirsOptions mkdirsOptions = MkdirsOptions.defaults().setCreateParent(false).setOwner(inode.getOwner()).setGroup(inode.getGroup()).setMode(new Mode(inode.getMode()));
if (ufs.isDirectory(ufsUri) || ufs.mkdirs(ufsUri, mkdirsOptions)) {
inode.setPersistenceState(PersistenceState.PERSISTED);
}
}
// Extend the inodePath with the created inodes.
extensibleInodePath.getInodes().addAll(createdInodes);
LOG.debug("createFile: File Created: {} parent: {}", lastInode, currentInodeDirectory);
return new CreatePathResult(modifiedInodes, createdInodes, existingNonPersisted);
}
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class PermissionCheckTest method getLockedInodePath.
private LockedInodePath getLockedInodePath(ArrayList<Triple<String, String, Mode>> permissions) throws Exception {
List<Inode<?>> inodes = new ArrayList<>();
inodes.add(getRootInode());
if (permissions.size() == 0) {
return new MutableLockedInodePath(new AlluxioURI("/"), inodes, null);
}
String uri = "";
for (int i = 0; i < permissions.size(); i++) {
Triple<String, String, Mode> permission = permissions.get(i);
String owner = permission.getLeft();
String group = permission.getMiddle();
Mode mode = permission.getRight();
uri += "/" + (i + 1);
if (i == permissions.size() - 1) {
Inode<?> inode = InodeFile.create(i + 1, i, (i + 1) + "", CommonUtils.getCurrentMs(), CreateFileOptions.defaults().setBlockSizeBytes(Constants.KB).setOwner(owner).setGroup(group).setMode(mode));
inodes.add(inode);
} else {
Inode<?> inode = InodeDirectory.create(i + 1, i, (i + 1) + "", CreateDirectoryOptions.defaults().setOwner(owner).setGroup(group).setMode(mode));
inodes.add(inode);
}
}
return new MutableLockedInodePath(new AlluxioURI(uri), inodes, null);
}
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class PermissionCheckTest method getPermissionOwner.
@Test
public void getPermissionOwner() throws Exception {
ArrayList<Triple<String, String, Mode>> permissions = new ArrayList<>();
permissions.add(new ImmutableTriple<>(TEST_USER_1.getUser(), TEST_USER_1.getGroup(), new Mode((short) 0754)));
LockedInodePath lockedInodePath = getLockedInodePath(permissions);
try (SetAndRestoreAuthenticatedUser u = new SetAndRestoreAuthenticatedUser(TEST_USER_1.getUser())) {
PermissionChecker checker = new PermissionChecker(mInodeTree);
Mode.Bits actual = checker.getPermission(lockedInodePath);
Assert.assertEquals(Mode.Bits.ALL, actual);
}
}
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class SetAttributeOptionsTest method fields.
/**
* Tests getting and setting fields.
*/
@Test
public void fields() {
Random random = new Random();
boolean persisted = random.nextBoolean();
boolean pinned = random.nextBoolean();
long ttl = random.nextLong();
byte[] bytes = new byte[5];
random.nextBytes(bytes);
String owner = new String(bytes);
random.nextBytes(bytes);
String group = new String(bytes);
Mode mode = new Mode((short) random.nextInt());
boolean recursive = random.nextBoolean();
SetAttributeOptions options = SetAttributeOptions.defaults();
options.setPersisted(persisted);
options.setPinned(pinned);
options.setTtl(ttl);
options.setTtlAction(TtlAction.FREE);
options.setOwner(owner);
options.setGroup(group);
options.setMode(mode);
options.setRecursive(recursive);
Assert.assertEquals(persisted, options.getPersisted());
Assert.assertEquals(pinned, options.getPinned());
Assert.assertEquals(ttl, options.getTtl().longValue());
Assert.assertEquals(TtlAction.FREE, options.getTtlAction());
Assert.assertEquals(owner, options.getOwner());
Assert.assertEquals(group, options.getGroup());
Assert.assertEquals(mode, options.getMode());
Assert.assertEquals(recursive, options.isRecursive());
}
Aggregations