Examples with Mode alluxio.security.authorization.Mode used on opensource projects

Example 51 with Mode

use of alluxio.security.authorization.Mode in project alluxio by Alluxio.

the class FileSystemMasterTest method setAclNestedWithoutOwner.

@Test
public void setAclNestedWithoutOwner() throws Exception {
    createFileWithSingleBlock(NESTED_FILE_URI);
    mFileSystemMaster.setAttribute(NESTED_URI, SetAttributeContext.mergeFrom(SetAttributePOptions.newBuilder().setMode(new Mode((short) 0777).toProto()).setOwner("userA")));
    Set<String> entries = Sets.newHashSet(mFileSystemMaster.getFileInfo(NESTED_FILE_URI, GET_STATUS_CONTEXT).convertAclToStringEntries());
    assertEquals(3, entries.size());
    // recursive setAcl should fail if one of the child is not owned by the user
    mThrown.expect(AccessControlException.class);
    try (AuthenticatedClientUserResource userA = new AuthenticatedClientUserResource("userA", ServerConfiguration.global())) {
        Set<String> newEntries = Sets.newHashSet("user::rwx", "group::rwx", "other::rwx");
        mFileSystemMaster.setAcl(NESTED_URI, SetAclAction.REPLACE, newEntries.stream().map(AclEntry::fromCliString).collect(Collectors.toList()), SetAclContext.mergeFrom(SetAclPOptions.newBuilder().setRecursive(true)));
        entries = Sets.newHashSet(mFileSystemMaster.getFileInfo(NESTED_FILE_URI, GET_STATUS_CONTEXT).convertAclToStringEntries());
        assertEquals(newEntries, entries);
    }
}

Example 52 with Mode

use of alluxio.security.authorization.Mode in project alluxio by Alluxio.

the class AbstractFileManager method addFile.

@Override
public boolean addFile(String fileName, String permission, byte[] content) {
    try {
        verifyFileName(fileName);
        Path path = Paths.get(getNextFilePath(fileName));
        short perm = Short.parseShort(permission, 8);
        Mode mode = new Mode(perm);
        Set<PosixFilePermission> permissions = PosixFilePermissions.fromString(mode.toString());
        FileAttribute<?> fileAttribute = PosixFilePermissions.asFileAttribute(permissions);
        Files.deleteIfExists(path);
        path = Files.createFile(path, fileAttribute);
        FileSystem fileSystem = path.getFileSystem();
        UserPrincipalLookupService service = fileSystem.getUserPrincipalLookupService();
        UserPrincipal userPrincipal = service.lookupPrincipalByName(mUser);
        GroupPrincipal groupPrincipal = service.lookupPrincipalByGroupName(mGroup);
        Files.write(path, content);
        Files.setOwner(path, userPrincipal);
        Files.getFileAttributeView(path, PosixFileAttributeView.class, LinkOption.NOFOLLOW_LINKS).setGroup(groupPrincipal);
        // sometimes umask is applied, so forcefully set permissions
        Files.setPosixFilePermissions(path, permissions);
        return true;
    } catch (InvalidPathException | IOException | AlluxioException e) {
        LOG.warn("Failed to add file {} to version manager", fileName, e);
        return false;
    }
}

Example 53 with Mode

use of alluxio.security.authorization.Mode in project alluxio by Alluxio.

the class ChmodCommand method chmod.

/**
 * Changes the permissions of directory or file with the path specified in args.
 *
 * @param path The {@link AlluxioURI} path as the input of the command
 * @param modeStr The new permission to be updated to the file or directory
 * @param recursive Whether change the permission recursively
 */
private void chmod(AlluxioURI path, String modeStr, boolean recursive) throws AlluxioException, IOException {
    Mode mode = ModeParser.parse(modeStr);
    SetAttributePOptions options = SetAttributePOptions.newBuilder().setMode(mode.toProto()).setRecursive(recursive).build();
    mFileSystem.setAttribute(path, options);
    System.out.println("Changed permission of " + path + " to " + Integer.toOctalString(mode.toShort()));
}

Example 54 with Mode

use of alluxio.security.authorization.Mode in project alluxio by Alluxio.

the class FileSystemAclIntegrationTest method loadFileMetadataMode.

/**
 * Tests the loaded file metadata from UFS having the same mode as that in the UFS.
 */
@Test
public void loadFileMetadataMode() throws Exception {
    // Skip non-local and non-HDFS-2 UFSs.
    Assume.assumeTrue(UnderFileSystemUtils.isLocal(sUfs) || (UnderFileSystemUtils.isHdfs(sUfs) && HadoopClientTestUtils.isHadoop2x()));
    List<Integer> permissionValues = Lists.newArrayList(0111, 0222, 0333, 0444, 0555, 0666, 0777, 0755, 0733, 0644, 0533, 0511);
    for (int value : permissionValues) {
        Path file = new Path("/loadFileMetadataMode" + value);
        sTFS.delete(file, false);
        // Create a file directly in UFS and set the corresponding mode.
        String ufsPath = PathUtils.concatPath(sUfsRoot, file);
        sUfs.create(ufsPath, CreateOptions.defaults(ServerConfiguration.global()).setOwner("testuser").setGroup("testgroup").setMode(new Mode((short) value))).close();
        Assert.assertTrue(sUfs.isFile(PathUtils.concatPath(sUfsRoot, file)));
        // Check the mode is consistent in Alluxio namespace once it's loaded from UFS to Alluxio.
        Assert.assertEquals(new Mode((short) value).toString(), new Mode(sTFS.getFileStatus(file).getPermission().toShort()).toString());
    }
}

Example 55 with Mode

use of alluxio.security.authorization.Mode in project alluxio by Alluxio.

the class PersistDefinition method runTask.

@Override
public SerializableVoid runTask(PersistConfig config, SerializableVoid args, RunTaskContext context) throws Exception {
    AlluxioURI uri = new AlluxioURI(config.getFilePath());
    String ufsPath = config.getUfsPath();
    // check if the file is persisted in UFS and delete it, if we are overwriting it
    UfsManager.UfsClient ufsClient = context.getUfsManager().get(config.getMountId());
    try (CloseableResource<UnderFileSystem> ufsResource = ufsClient.acquireUfsResource()) {
        UnderFileSystem ufs = ufsResource.get();
        if (ufs == null) {
            throw new IOException("Failed to create UFS instance for " + ufsPath);
        }
        if (ufs.exists(ufsPath)) {
            if (config.isOverwrite()) {
                LOG.info("File {} is already persisted in UFS. Removing it.", config.getFilePath());
                ufs.deleteExistingFile(ufsPath);
            } else {
                throw new IOException("File " + config.getFilePath() + " is already persisted in UFS, to overwrite the file, please set the overwrite flag" + " in the config.");
            }
        }
        URIStatus uriStatus = context.getFileSystem().getStatus(uri);
        if (!uriStatus.isCompleted()) {
            throw new IOException("Cannot persist an incomplete Alluxio file: " + uri);
        }
        long bytesWritten;
        try (Closer closer = Closer.create()) {
            OpenFilePOptions options = OpenFilePOptions.newBuilder().setReadType(ReadPType.NO_CACHE).setUpdateLastAccessTime(false).build();
            FileInStream in = closer.register(context.getFileSystem().openFile(uri, options));
            AlluxioURI dstPath = new AlluxioURI(ufsPath);
            // Create ancestor directories from top to the bottom. We cannot use recursive create
            // parents here because the permission for the ancestors can be different.
            Stack<Pair<String, String>> ancestorUfsAndAlluxioPaths = new Stack<>();
            AlluxioURI curAlluxioPath = uri.getParent();
            AlluxioURI curUfsPath = dstPath.getParent();
            // exist.
            while (!ufs.isDirectory(curUfsPath.toString()) && curAlluxioPath != null) {
                ancestorUfsAndAlluxioPaths.push(new Pair<>(curUfsPath.toString(), curAlluxioPath.toString()));
                curAlluxioPath = curAlluxioPath.getParent();
                curUfsPath = curUfsPath.getParent();
            }
            while (!ancestorUfsAndAlluxioPaths.empty()) {
                Pair<String, String> ancestorUfsAndAlluxioPath = ancestorUfsAndAlluxioPaths.pop();
                String ancestorUfsPath = ancestorUfsAndAlluxioPath.getFirst();
                String ancestorAlluxioPath = ancestorUfsAndAlluxioPath.getSecond();
                URIStatus status = context.getFileSystem().getStatus(new AlluxioURI(ancestorAlluxioPath));
                MkdirsOptions mkdirOptions = MkdirsOptions.defaults(ServerConfiguration.global()).setCreateParent(false).setOwner(status.getOwner()).setGroup(status.getGroup()).setMode(new Mode((short) status.getMode()));
                // and assume the directory is already prepared, regardless of permission matching.
                if (ufs.mkdirs(ancestorUfsPath, mkdirOptions)) {
                    List<AclEntry> allAcls = Stream.concat(status.getDefaultAcl().getEntries().stream(), status.getAcl().getEntries().stream()).collect(Collectors.toList());
                    ufs.setAclEntries(ancestorUfsPath, allAcls);
                } else if (!ufs.isDirectory(ancestorUfsPath)) {
                    throw new IOException("Failed to create " + ufsPath + " with permission " + options.toString() + " because its ancestor " + ancestorUfsPath + " is not a directory");
                }
            }
            OutputStream out = closer.register(ufs.createNonexistingFile(dstPath.toString(), CreateOptions.defaults(ServerConfiguration.global()).setOwner(uriStatus.getOwner()).setGroup(uriStatus.getGroup()).setMode(new Mode((short) uriStatus.getMode()))));
            URIStatus status = context.getFileSystem().getStatus(uri);
            List<AclEntry> allAcls = Stream.concat(status.getDefaultAcl().getEntries().stream(), status.getAcl().getEntries().stream()).collect(Collectors.toList());
            ufs.setAclEntries(dstPath.toString(), allAcls);
            bytesWritten = IOUtils.copyLarge(in, out, new byte[8 * Constants.MB]);
            incrementPersistedMetric(ufsClient.getUfsMountPointUri(), bytesWritten);
        }
        LOG.info("Persisted file {} with size {}", ufsPath, bytesWritten);
    }
    return null;
}