Example 1 with Mode
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class PermissionChecker method getPermissionInternal.
/**
* Gets the permission to access an inode path given a user and its groups.
*
* @param user the user
* @param groups the groups this user belongs to
* @param path the inode path
* @param inodeList the list of inodes in the path
* @return the permission
*/
private Mode.Bits getPermissionInternal(String user, List<String> groups, String path, List<Inode<?>> inodeList) {
int size = inodeList.size();
Preconditions.checkArgument(size > 0, PreconditionMessage.EMPTY_FILE_INFO_LIST_FOR_PERMISSION_CHECK);
// bypass checking permission for super user or super group of Alluxio file system.
if (isPrivilegedUser(user, groups)) {
return Mode.Bits.ALL;
}
// traverses from root to the parent dir to all inodes included by this path are executable
for (int i = 0; i < size - 1; i++) {
try {
checkInode(user, groups, inodeList.get(i), Mode.Bits.EXECUTE, path);
} catch (AccessControlException e) {
return Mode.Bits.NONE;
}
}
Inode inode = inodeList.get(inodeList.size() - 1);
if (inode == null) {
return Mode.Bits.NONE;
}
Mode.Bits mode = Mode.Bits.NONE;
short permission = inode.getMode();
if (user.equals(inode.getOwner())) {
mode = mode.or(Mode.extractOwnerBits(permission));
}
if (groups.contains(inode.getGroup())) {
mode = mode.or(Mode.extractGroupBits(permission));
}
mode = mode.or(Mode.extractOtherBits(permission));
return mode;
}
Also used :
Inode(alluxio.master.file.meta.Inode)
Mode(alluxio.security.authorization.Mode)
AccessControlException(alluxio.exception.AccessControlException)
Example 2 with Mode
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class InodeTree method createPath.
/**
* Creates a file or directory at path.
*
* @param inodePath the path
* @param options method options
* @return a {@link CreatePathResult} representing the modified inodes and created inodes during
* path creation
* @throws FileAlreadyExistsException when there is already a file at path if we want to create a
* directory there
* @throws BlockInfoException when blockSizeBytes is invalid
* @throws InvalidPathException when path is invalid, for example, (1) when there is nonexistent
* necessary parent directories and recursive is false, (2) when one of the necessary
* parent directories is actually a file
* @throws IOException if creating the path fails
* @throws FileDoesNotExistException if the parent of the path does not exist and the recursive
* option is false
*/
public CreatePathResult createPath(LockedInodePath inodePath, CreatePathOptions<?> options) throws FileAlreadyExistsException, BlockInfoException, InvalidPathException, IOException, FileDoesNotExistException {
AlluxioURI path = inodePath.getUri();
if (path.isRoot()) {
String errorMessage = ExceptionMessage.FILE_ALREADY_EXISTS.getMessage(path);
LOG.error(errorMessage);
throw new FileAlreadyExistsException(errorMessage);
}
if (options instanceof CreateFileOptions) {
CreateFileOptions fileOptions = (CreateFileOptions) options;
if (fileOptions.getBlockSizeBytes() < 1) {
throw new BlockInfoException("Invalid block size " + fileOptions.getBlockSizeBytes());
}
}
if (!(inodePath instanceof MutableLockedInodePath)) {
throw new InvalidPathException(ExceptionMessage.NOT_MUTABLE_INODE_PATH.getMessage(inodePath.getUri()));
}
LOG.debug("createPath {}", path);
TraversalResult traversalResult = traverseToInode(inodePath, LockMode.WRITE_PARENT);
InodeLockList lockList = traversalResult.getInodeLockList();
MutableLockedInodePath extensibleInodePath = (MutableLockedInodePath) inodePath;
String[] pathComponents = extensibleInodePath.getPathComponents();
String name = path.getName();
// pathIndex is the index into pathComponents where we start filling in the path from the inode.
int pathIndex = extensibleInodePath.getInodes().size();
if (pathIndex < pathComponents.length - 1) {
// Otherwise we add the remaining path components to the list of components to create.
if (!options.isRecursive()) {
final String msg = new StringBuilder().append("File ").append(path).append(" creation failed. Component ").append(pathIndex).append("(").append(pathComponents[pathIndex]).append(") does not exist").toString();
LOG.error("FileDoesNotExistException: {}", msg);
throw new FileDoesNotExistException(msg);
}
}
// The ancestor inode (parent or ancestor) of the target path.
Inode<?> ancestorInode = extensibleInodePath.getAncestorInode();
if (!ancestorInode.isDirectory()) {
throw new InvalidPathException("Could not traverse to parent directory of path " + path + ". Component " + pathComponents[pathIndex - 1] + " is not a directory.");
}
InodeDirectory currentInodeDirectory = (InodeDirectory) ancestorInode;
List<Inode<?>> createdInodes = new ArrayList<>();
List<Inode<?>> modifiedInodes = new ArrayList<>();
// These are inodes that already exist, that should be journaled as persisted.
List<Inode<?>> existingNonPersisted = new ArrayList<>();
// These are inodes to mark as persisted at the end of this method.
List<Inode<?>> toPersistDirectories = new ArrayList<>();
if (options.isPersisted()) {
// Directory persistence will not happen until the end of this method.
toPersistDirectories.addAll(traversalResult.getNonPersisted());
existingNonPersisted.addAll(traversalResult.getNonPersisted());
}
if (pathIndex < (pathComponents.length - 1) || currentInodeDirectory.getChild(name) == null) {
// (1) There are components in parent paths that need to be created. Or
// (2) The last component of the path needs to be created.
// In these two cases, the last traversed Inode will be modified.
modifiedInodes.add(currentInodeDirectory);
}
// TODO(gpang): We may not have to lock the newly created inodes if the last inode is write
// locked. This could improve performance. Further investigation is needed.
// Fill in the ancestor directories that were missing.
// NOTE, we set the mode of missing ancestor directories to be the default value, rather
// than inheriting the option of the final file to create, because it may not have
// "execute" permission.
CreateDirectoryOptions missingDirOptions = CreateDirectoryOptions.defaults().setMountPoint(false).setPersisted(options.isPersisted()).setOwner(options.getOwner()).setGroup(options.getGroup());
for (int k = pathIndex; k < (pathComponents.length - 1); k++) {
InodeDirectory dir = InodeDirectory.create(mDirectoryIdGenerator.getNewDirectoryId(), currentInodeDirectory.getId(), pathComponents[k], missingDirOptions);
// Lock the newly created inode before subsequent operations, and add it to the lock group.
lockList.lockWriteAndCheckNameAndParent(dir, currentInodeDirectory, pathComponents[k]);
dir.setPinned(currentInodeDirectory.isPinned());
currentInodeDirectory.addChild(dir);
currentInodeDirectory.setLastModificationTimeMs(options.getOperationTimeMs());
if (options.isPersisted()) {
toPersistDirectories.add(dir);
}
createdInodes.add(dir);
mInodes.add(dir);
currentInodeDirectory = dir;
}
// Create the final path component. First we need to make sure that there isn't already a file
// here with that name. If there is an existing file that is a directory and we're creating a
// directory, update persistence property of the directories if needed, otherwise, throw
// FileAlreadyExistsException unless options.allowExists is true.
Inode<?> lastInode = currentInodeDirectory.getChild(name);
if (lastInode != null) {
// Lock the last inode before subsequent operations, and add it to the lock group.
lockList.lockWriteAndCheckNameAndParent(lastInode, currentInodeDirectory, name);
if (lastInode.isDirectory() && options instanceof CreateDirectoryOptions && !lastInode.isPersisted() && options.isPersisted()) {
// The final path component already exists and is not persisted, so it should be added
// to the non-persisted Inodes of traversalResult.
existingNonPersisted.add(lastInode);
toPersistDirectories.add(lastInode);
} else if (!lastInode.isDirectory() || !(options instanceof CreateDirectoryOptions && ((CreateDirectoryOptions) options).isAllowExists())) {
String errorMessage = ExceptionMessage.FILE_ALREADY_EXISTS.getMessage(path);
LOG.error(errorMessage);
throw new FileAlreadyExistsException(errorMessage);
}
} else {
if (options instanceof CreateDirectoryOptions) {
CreateDirectoryOptions directoryOptions = (CreateDirectoryOptions) options;
lastInode = InodeDirectory.create(mDirectoryIdGenerator.getNewDirectoryId(), currentInodeDirectory.getId(), name, directoryOptions);
// Lock the created inode before subsequent operations, and add it to the lock group.
lockList.lockWriteAndCheckNameAndParent(lastInode, currentInodeDirectory, name);
if (directoryOptions.isPersisted()) {
toPersistDirectories.add(lastInode);
}
lastInode.setPinned(currentInodeDirectory.isPinned());
} else if (options instanceof CreateFileOptions) {
CreateFileOptions fileOptions = (CreateFileOptions) options;
lastInode = InodeFile.create(mContainerIdGenerator.getNewContainerId(), currentInodeDirectory.getId(), name, System.currentTimeMillis(), fileOptions);
// Lock the created inode before subsequent operations, and add it to the lock group.
lockList.lockWriteAndCheckNameAndParent(lastInode, currentInodeDirectory, name);
if (currentInodeDirectory.isPinned()) {
// Update set of pinned file ids.
mPinnedInodeFileIds.add(lastInode.getId());
}
lastInode.setPinned(currentInodeDirectory.isPinned());
}
createdInodes.add(lastInode);
mInodes.add(lastInode);
currentInodeDirectory.addChild(lastInode);
currentInodeDirectory.setLastModificationTimeMs(options.getOperationTimeMs());
}
// we mark it as persisted.
for (Inode<?> inode : toPersistDirectories) {
MountTable.Resolution resolution = mMountTable.resolve(getPath(inode));
String ufsUri = resolution.getUri().toString();
UnderFileSystem ufs = resolution.getUfs();
MkdirsOptions mkdirsOptions = MkdirsOptions.defaults().setCreateParent(false).setOwner(inode.getOwner()).setGroup(inode.getGroup()).setMode(new Mode(inode.getMode()));
if (ufs.isDirectory(ufsUri) || ufs.mkdirs(ufsUri, mkdirsOptions)) {
inode.setPersistenceState(PersistenceState.PERSISTED);
}
}
// Extend the inodePath with the created inodes.
extensibleInodePath.getInodes().addAll(createdInodes);
LOG.debug("createFile: File Created: {} parent: {}", lastInode, currentInodeDirectory);
return new CreatePathResult(modifiedInodes, createdInodes, existingNonPersisted);
}
Also used :
FileDoesNotExistException(alluxio.exception.FileDoesNotExistException)
FileAlreadyExistsException(alluxio.exception.FileAlreadyExistsException)
MkdirsOptions(alluxio.underfs.options.MkdirsOptions)
CreateDirectoryOptions(alluxio.master.file.options.CreateDirectoryOptions)
ArrayList(java.util.ArrayList)
InvalidPathException(alluxio.exception.InvalidPathException)
CreateFileOptions(alluxio.master.file.options.CreateFileOptions)
UnderFileSystem(alluxio.underfs.UnderFileSystem)
Mode(alluxio.security.authorization.Mode)
BlockInfoException(alluxio.exception.BlockInfoException)
AlluxioURI(alluxio.AlluxioURI)
Example 3 with Mode
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class PermissionCheckTest method getLockedInodePath.
private LockedInodePath getLockedInodePath(ArrayList<Triple<String, String, Mode>> permissions) throws Exception {
List<Inode<?>> inodes = new ArrayList<>();
inodes.add(getRootInode());
if (permissions.size() == 0) {
return new MutableLockedInodePath(new AlluxioURI("/"), inodes, null);
}
String uri = "";
for (int i = 0; i < permissions.size(); i++) {
Triple<String, String, Mode> permission = permissions.get(i);
String owner = permission.getLeft();
String group = permission.getMiddle();
Mode mode = permission.getRight();
uri += "/" + (i + 1);
if (i == permissions.size() - 1) {
Inode<?> inode = InodeFile.create(i + 1, i, (i + 1) + "", CommonUtils.getCurrentMs(), CreateFileOptions.defaults().setBlockSizeBytes(Constants.KB).setOwner(owner).setGroup(group).setMode(mode));
inodes.add(inode);
} else {
Inode<?> inode = InodeDirectory.create(i + 1, i, (i + 1) + "", CreateDirectoryOptions.defaults().setOwner(owner).setGroup(group).setMode(mode));
inodes.add(inode);
}
}
return new MutableLockedInodePath(new AlluxioURI(uri), inodes, null);
}
Also used :
Inode(alluxio.master.file.meta.Inode)
Mode(alluxio.security.authorization.Mode)
ArrayList(java.util.ArrayList)
MutableLockedInodePath(alluxio.master.file.meta.MutableLockedInodePath)
AlluxioURI(alluxio.AlluxioURI)
Example 4 with Mode
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class PermissionCheckTest method getPermissionOwner.
@Test
public void getPermissionOwner() throws Exception {
ArrayList<Triple<String, String, Mode>> permissions = new ArrayList<>();
permissions.add(new ImmutableTriple<>(TEST_USER_1.getUser(), TEST_USER_1.getGroup(), new Mode((short) 0754)));
LockedInodePath lockedInodePath = getLockedInodePath(permissions);
try (SetAndRestoreAuthenticatedUser u = new SetAndRestoreAuthenticatedUser(TEST_USER_1.getUser())) {
PermissionChecker checker = new PermissionChecker(mInodeTree);
Mode.Bits actual = checker.getPermission(lockedInodePath);
Assert.assertEquals(Mode.Bits.ALL, actual);
}
}
Also used :
Triple(org.apache.commons.lang3.tuple.Triple)
ImmutableTriple(org.apache.commons.lang3.tuple.ImmutableTriple)
MutableLockedInodePath(alluxio.master.file.meta.MutableLockedInodePath)
LockedInodePath(alluxio.master.file.meta.LockedInodePath)
SetAndRestoreAuthenticatedUser(alluxio.SetAndRestoreAuthenticatedUser)
Mode(alluxio.security.authorization.Mode)
ArrayList(java.util.ArrayList)
Test(org.junit.Test)
Example 5 with Mode
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class SetAttributeOptionsTest method fields.
/**
* Tests getting and setting fields.
*/
@Test
public void fields() {
Random random = new Random();
boolean persisted = random.nextBoolean();
boolean pinned = random.nextBoolean();
long ttl = random.nextLong();
byte[] bytes = new byte[5];
random.nextBytes(bytes);
String owner = new String(bytes);
random.nextBytes(bytes);
String group = new String(bytes);
Mode mode = new Mode((short) random.nextInt());
boolean recursive = random.nextBoolean();
SetAttributeOptions options = SetAttributeOptions.defaults();
options.setPersisted(persisted);
options.setPinned(pinned);
options.setTtl(ttl);
options.setTtlAction(TtlAction.FREE);
options.setOwner(owner);
options.setGroup(group);
options.setMode(mode);
options.setRecursive(recursive);
Assert.assertEquals(persisted, options.getPersisted());
Assert.assertEquals(pinned, options.getPinned());
Assert.assertEquals(ttl, options.getTtl().longValue());
Assert.assertEquals(TtlAction.FREE, options.getTtlAction());
Assert.assertEquals(owner, options.getOwner());
Assert.assertEquals(group, options.getGroup());
Assert.assertEquals(mode, options.getMode());
Assert.assertEquals(recursive, options.isRecursive());
}
Also used :
Random(java.util.Random)
Mode(alluxio.security.authorization.Mode)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Aggregations
Mode (alluxio.security.authorization.Mode)78
Test (org.junit.Test)47
AlluxioURI (alluxio.AlluxioURI)43
BaseIntegrationTest (alluxio.testutils.BaseIntegrationTest)15
UnderFileSystem (alluxio.underfs.UnderFileSystem)14
Random (java.util.Random)14
IOException (java.io.IOException)11
UfsMode (alluxio.underfs.UfsMode)9
URIStatus (alluxio.client.file.URIStatus)8
FileInfo (alluxio.wire.FileInfo)8
ArrayList (java.util.ArrayList)8
FileAlreadyExistsException (alluxio.exception.FileAlreadyExistsException)7
SetAttributePOptions (alluxio.grpc.SetAttributePOptions)7
CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)6
WriteType (alluxio.client.WriteType)5
AlluxioException (alluxio.exception.AlluxioException)5
LockedInodePath (alluxio.master.file.meta.LockedInodePath)5
AclEntry (alluxio.security.authorization.AclEntry)5
AuthenticatedClientUserResource (alluxio.AuthenticatedClientUserResource)4
AuthenticatedUserRule (alluxio.AuthenticatedUserRule)4
