use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class FileSystemMasterTest method setAclWithoutOwner.
@Test
public void setAclWithoutOwner() throws Exception {
createFileWithSingleBlock(NESTED_FILE_URI);
mFileSystemMaster.setAttribute(NESTED_URI, SetAttributeContext.mergeFrom(SetAttributePOptions.newBuilder().setMode(new Mode((short) 0777).toProto())));
Set<String> entries = Sets.newHashSet(mFileSystemMaster.getFileInfo(NESTED_FILE_URI, GET_STATUS_CONTEXT).convertAclToStringEntries());
assertEquals(3, entries.size());
try (AuthenticatedClientUserResource userA = new AuthenticatedClientUserResource("userA", ServerConfiguration.global())) {
Set<String> newEntries = Sets.newHashSet("user::rwx", "group::rwx", "other::rwx");
mThrown.expect(AccessControlException.class);
mFileSystemMaster.setAcl(NESTED_FILE_URI, SetAclAction.REPLACE, newEntries.stream().map(AclEntry::fromCliString).collect(Collectors.toList()), SetAclContext.defaults());
}
}
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class CpCommand method preserveAttributes.
/**
* Preserves attributes from the source file to the target file.
*
* @param srcPath the source path
* @param dstPath the destination path in the Alluxio filesystem
*/
private void preserveAttributes(AlluxioURI srcPath, AlluxioURI dstPath) throws IOException, AlluxioException {
if (mPreservePermissions) {
URIStatus srcStatus = mFileSystem.getStatus(srcPath);
mFileSystem.setAttribute(dstPath, SetAttributePOptions.newBuilder().setOwner(srcStatus.getOwner()).setGroup(srcStatus.getGroup()).setMode(new Mode((short) srcStatus.getMode()).toProto()).build());
mFileSystem.setAcl(dstPath, SetAclAction.REPLACE, srcStatus.getAcl().getEntries());
}
}
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class PersistCommandTest method persistWithAncestorPermission.
@Test
public void persistWithAncestorPermission() throws Exception {
String ufsRoot = sFileSystem.getStatus(new AlluxioURI("/")).getUfsPath();
UnderFileSystem ufs = UnderFileSystem.Factory.createForRoot(ServerConfiguration.global());
// Skip non-local and non-HDFS UFSs.
Assume.assumeTrue(UnderFileSystemUtils.isLocal(ufs) || UnderFileSystemUtils.isHdfs(ufs));
AlluxioURI testFile = new AlluxioURI("/grand/parent/file");
AlluxioURI grandParent = new AlluxioURI("/grand");
Mode grandParentMode = new Mode((short) 0777);
FileSystemTestUtils.createByteFile(sFileSystem, testFile, WritePType.MUST_CACHE, 10);
URIStatus status = sFileSystem.getStatus(testFile);
assertFalse(status.isPersisted());
sFileSystem.setAttribute(grandParent, SetAttributePOptions.newBuilder().setMode(grandParentMode.toProto()).build());
int ret = sFsShell.run("persist", testFile.toString());
Assert.assertEquals(0, ret);
checkFilePersisted(testFile, 10);
// Check the permission of the created file and ancestor dir are in-sync between Alluxio and UFS
short fileMode = (short) status.getMode();
short parentMode = (short) sFileSystem.getStatus(testFile.getParent()).getMode();
Assert.assertEquals(fileMode, ufs.getFileStatus(PathUtils.concatPath(ufsRoot, testFile)).getMode());
Assert.assertEquals(parentMode, ufs.getDirectoryStatus(PathUtils.concatPath(ufsRoot, testFile.getParent())).getMode());
Assert.assertEquals(grandParentMode, new Mode(ufs.getDirectoryStatus(PathUtils.concatPath(ufsRoot, grandParent)).getMode()));
}
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class FileSystemMasterIntegrationTest method ufsModeSetAttribute.
@Test
public void ufsModeSetAttribute() throws Exception {
AlluxioURI alluxioFile = new AlluxioURI("/in_alluxio");
mFsMaster.createFile(alluxioFile, CreateFileContext.defaults().setWriteType(WriteType.CACHE_THROUGH));
mFsMaster.updateUfsMode(new AlluxioURI(mFsMaster.getUfsAddress()), UfsMode.READ_ONLY);
long opTimeMs = TEST_TIME_MS;
mFsMaster.completeFile(alluxioFile, CompleteFileContext.mergeFrom(CompleteFilePOptions.newBuilder().setUfsLength(0)).setOperationTimeMs(opTimeMs));
mThrown.expect(AccessControlException.class);
mFsMaster.setAttribute(alluxioFile, SetAttributeContext.mergeFrom(SetAttributePOptions.newBuilder().setMode(new Mode((short) 0777).toProto())));
}
use of alluxio.security.authorization.Mode in project alluxio by Alluxio.
the class S3ClientRestApiTest method listAllMyBuckets.
@Test
public void listAllMyBuckets() throws Exception {
Mode mode = ModeParser.parse("777");
SetAttributePOptions options = SetAttributePOptions.newBuilder().setMode(mode.toProto()).setRecursive(true).build();
mFileSystem.setAttribute(new AlluxioURI("/"), options);
Subject subject = new Subject();
subject.getPrincipals().add(new User("user0"));
AlluxioURI bucketPath = new AlluxioURI("/bucket0");
FileSystem fs1 = sResource.get().getClient(FileSystemContext.create(subject, ServerConfiguration.global()));
fs1.createDirectory(bucketPath);
SetAttributePOptions setAttributeOptions = SetAttributePOptions.newBuilder().setOwner("user0").build();
mFileSystem.setAttribute(new AlluxioURI("/bucket0"), setAttributeOptions);
URIStatus bucket0Status = fs1.getStatus(bucketPath);
subject = new Subject();
subject.getPrincipals().add(new User("user1"));
AlluxioURI bucket1Path = new AlluxioURI("/bucket1");
FileSystem fs2 = sResource.get().getClient(FileSystemContext.create(subject, ServerConfiguration.global()));
fs2.createDirectory(bucket1Path);
setAttributeOptions = SetAttributePOptions.newBuilder().setOwner("user1").build();
mFileSystem.setAttribute(new AlluxioURI("/bucket1"), setAttributeOptions);
URIStatus bucket1Status = fs2.getStatus(bucket1Path);
ListAllMyBucketsResult expected = new ListAllMyBucketsResult(Collections.emptyList());
final TestCaseOptions requestOptions = TestCaseOptions.defaults().setContentType(TestCaseOptions.XML_CONTENT_TYPE);
new TestCase(mHostname, mPort, S3_SERVICE_PREFIX + "/", NO_PARAMS, HttpMethod.GET, expected, requestOptions).run();
expected = new ListAllMyBucketsResult(Lists.newArrayList(bucket0Status));
requestOptions.setAuthorization("AWS4-HMAC-SHA256 Credential=user0/20210631");
new TestCase(mHostname, mPort, S3_SERVICE_PREFIX + "/", NO_PARAMS, HttpMethod.GET, expected, requestOptions).run();
expected = new ListAllMyBucketsResult(Lists.newArrayList(bucket1Status));
requestOptions.setAuthorization("AWS4-HMAC-SHA256 Credential=user1/20210631");
new TestCase(mHostname, mPort, S3_SERVICE_PREFIX + "/", NO_PARAMS, HttpMethod.GET, expected, requestOptions).run();
}
Aggregations