use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class FileSystemMasterTest method setAclNestedWithoutOwner.
@Test
public void setAclNestedWithoutOwner() throws Exception {
createFileWithSingleBlock(NESTED_FILE_URI);
mFileSystemMaster.setAttribute(NESTED_URI, SetAttributeContext.mergeFrom(SetAttributePOptions.newBuilder().setMode(new Mode((short) 0777).toProto()).setOwner("userA")));
Set<String> entries = Sets.newHashSet(mFileSystemMaster.getFileInfo(NESTED_FILE_URI, GET_STATUS_CONTEXT).convertAclToStringEntries());
assertEquals(3, entries.size());
// recursive setAcl should fail if one of the child is not owned by the user
mThrown.expect(AccessControlException.class);
try (AuthenticatedClientUserResource userA = new AuthenticatedClientUserResource("userA", ServerConfiguration.global())) {
Set<String> newEntries = Sets.newHashSet("user::rwx", "group::rwx", "other::rwx");
mFileSystemMaster.setAcl(NESTED_URI, SetAclAction.REPLACE, newEntries.stream().map(AclEntry::fromCliString).collect(Collectors.toList()), SetAclContext.mergeFrom(SetAclPOptions.newBuilder().setRecursive(true)));
entries = Sets.newHashSet(mFileSystemMaster.getFileInfo(NESTED_FILE_URI, GET_STATUS_CONTEXT).convertAclToStringEntries());
assertEquals(newEntries, entries);
}
}
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class AbstractFileManager method addFile.
@Override
public boolean addFile(String fileName, String permission, byte[] content) {
try {
verifyFileName(fileName);
Path path = Paths.get(getNextFilePath(fileName));
short perm = Short.parseShort(permission, 8);
Mode mode = new Mode(perm);
Set<PosixFilePermission> permissions = PosixFilePermissions.fromString(mode.toString());
FileAttribute<?> fileAttribute = PosixFilePermissions.asFileAttribute(permissions);
Files.deleteIfExists(path);
path = Files.createFile(path, fileAttribute);
FileSystem fileSystem = path.getFileSystem();
UserPrincipalLookupService service = fileSystem.getUserPrincipalLookupService();
UserPrincipal userPrincipal = service.lookupPrincipalByName(mUser);
GroupPrincipal groupPrincipal = service.lookupPrincipalByGroupName(mGroup);
Files.write(path, content);
Files.setOwner(path, userPrincipal);
Files.getFileAttributeView(path, PosixFileAttributeView.class, LinkOption.NOFOLLOW_LINKS).setGroup(groupPrincipal);
// sometimes umask is applied, so forcefully set permissions
Files.setPosixFilePermissions(path, permissions);
return true;
} catch (InvalidPathException | IOException | AlluxioException e) {
LOG.warn("Failed to add file {} to version manager", fileName, e);
return false;
}
}
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class ChmodCommand method chmod.
/**
* Changes the permissions of directory or file with the path specified in args.
*
* @param path The {@link AlluxioURI} path as the input of the command
* @param modeStr The new permission to be updated to the file or directory
* @param recursive Whether change the permission recursively
*/
private void chmod(AlluxioURI path, String modeStr, boolean recursive) throws AlluxioException, IOException {
Mode mode = ModeParser.parse(modeStr);
SetAttributePOptions options = SetAttributePOptions.newBuilder().setMode(mode.toProto()).setRecursive(recursive).build();
mFileSystem.setAttribute(path, options);
System.out.println("Changed permission of " + path + " to " + Integer.toOctalString(mode.toShort()));
}
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class FileSystemAclIntegrationTest method loadFileMetadataMode.
/**
* Tests the loaded file metadata from UFS having the same mode as that in the UFS.
*/
@Test
public void loadFileMetadataMode() throws Exception {
// Skip non-local and non-HDFS-2 UFSs.
Assume.assumeTrue(UnderFileSystemUtils.isLocal(sUfs) || (UnderFileSystemUtils.isHdfs(sUfs) && HadoopClientTestUtils.isHadoop2x()));
List<Integer> permissionValues = Lists.newArrayList(0111, 0222, 0333, 0444, 0555, 0666, 0777, 0755, 0733, 0644, 0533, 0511);
for (int value : permissionValues) {
Path file = new Path("/loadFileMetadataMode" + value);
sTFS.delete(file, false);
// Create a file directly in UFS and set the corresponding mode.
String ufsPath = PathUtils.concatPath(sUfsRoot, file);
sUfs.create(ufsPath, CreateOptions.defaults(ServerConfiguration.global()).setOwner("testuser").setGroup("testgroup").setMode(new Mode((short) value))).close();
Assert.assertTrue(sUfs.isFile(PathUtils.concatPath(sUfsRoot, file)));
// Check the mode is consistent in Alluxio namespace once it's loaded from UFS to Alluxio.
Assert.assertEquals(new Mode((short) value).toString(), new Mode(sTFS.getFileStatus(file).getPermission().toShort()).toString());
}
}
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class PersistDefinition method runTask.
@Override
public SerializableVoid runTask(PersistConfig config, SerializableVoid args, RunTaskContext context) throws Exception {
AlluxioURI uri = new AlluxioURI(config.getFilePath());
String ufsPath = config.getUfsPath();
// check if the file is persisted in UFS and delete it, if we are overwriting it
UfsManager.UfsClient ufsClient = context.getUfsManager().get(config.getMountId());
try (CloseableResource<UnderFileSystem> ufsResource = ufsClient.acquireUfsResource()) {
UnderFileSystem ufs = ufsResource.get();
if (ufs == null) {
throw new IOException("Failed to create UFS instance for " + ufsPath);
}
if (ufs.exists(ufsPath)) {
if (config.isOverwrite()) {
LOG.info("File {} is already persisted in UFS. Removing it.", config.getFilePath());
ufs.deleteExistingFile(ufsPath);
} else {
throw new IOException("File " + config.getFilePath() + " is already persisted in UFS, to overwrite the file, please set the overwrite flag" + " in the config.");
}
}
URIStatus uriStatus = context.getFileSystem().getStatus(uri);
if (!uriStatus.isCompleted()) {
throw new IOException("Cannot persist an incomplete Alluxio file: " + uri);
}
long bytesWritten;
try (Closer closer = Closer.create()) {
OpenFilePOptions options = OpenFilePOptions.newBuilder().setReadType(ReadPType.NO_CACHE).setUpdateLastAccessTime(false).build();
FileInStream in = closer.register(context.getFileSystem().openFile(uri, options));
AlluxioURI dstPath = new AlluxioURI(ufsPath);
// Create ancestor directories from top to the bottom. We cannot use recursive create
// parents here because the permission for the ancestors can be different.
Stack<Pair<String, String>> ancestorUfsAndAlluxioPaths = new Stack<>();
AlluxioURI curAlluxioPath = uri.getParent();
AlluxioURI curUfsPath = dstPath.getParent();
// exist.
while (!ufs.isDirectory(curUfsPath.toString()) && curAlluxioPath != null) {
ancestorUfsAndAlluxioPaths.push(new Pair<>(curUfsPath.toString(), curAlluxioPath.toString()));
curAlluxioPath = curAlluxioPath.getParent();
curUfsPath = curUfsPath.getParent();
}
while (!ancestorUfsAndAlluxioPaths.empty()) {
Pair<String, String> ancestorUfsAndAlluxioPath = ancestorUfsAndAlluxioPaths.pop();
String ancestorUfsPath = ancestorUfsAndAlluxioPath.getFirst();
String ancestorAlluxioPath = ancestorUfsAndAlluxioPath.getSecond();
URIStatus status = context.getFileSystem().getStatus(new AlluxioURI(ancestorAlluxioPath));
MkdirsOptions mkdirOptions = MkdirsOptions.defaults(ServerConfiguration.global()).setCreateParent(false).setOwner(status.getOwner()).setGroup(status.getGroup()).setMode(new Mode((short) status.getMode()));
// and assume the directory is already prepared, regardless of permission matching.
if (ufs.mkdirs(ancestorUfsPath, mkdirOptions)) {
List<AclEntry> allAcls = Stream.concat(status.getDefaultAcl().getEntries().stream(), status.getAcl().getEntries().stream()).collect(Collectors.toList());
ufs.setAclEntries(ancestorUfsPath, allAcls);
} else if (!ufs.isDirectory(ancestorUfsPath)) {
throw new IOException("Failed to create " + ufsPath + " with permission " + options.toString() + " because its ancestor " + ancestorUfsPath + " is not a directory");
}
}
OutputStream out = closer.register(ufs.createNonexistingFile(dstPath.toString(), CreateOptions.defaults(ServerConfiguration.global()).setOwner(uriStatus.getOwner()).setGroup(uriStatus.getGroup()).setMode(new Mode((short) uriStatus.getMode()))));
URIStatus status = context.getFileSystem().getStatus(uri);
List<AclEntry> allAcls = Stream.concat(status.getDefaultAcl().getEntries().stream(), status.getAcl().getEntries().stream()).collect(Collectors.toList());
ufs.setAclEntries(dstPath.toString(), allAcls);
bytesWritten = IOUtils.copyLarge(in, out, new byte[8 * Constants.MB]);
incrementPersistedMetric(ufsClient.getUfsMountPointUri(), bytesWritten);
}
LOG.info("Persisted file {} with size {}", ufsPath, bytesWritten);
}
return null;
}
Aggregations