Search in sources :

Example 1 with ProtoUtils

use of alluxio.util.proto.ProtoUtils in project alluxio by Alluxio.

the class InodeTreePersistentState method applySetAcl.

private void applySetAcl(SetAclEntry entry) {
    MutableInode<?> inode = mInodeStore.getMutable(entry.getId()).get();
    List<AclEntry> entries = StreamUtils.map(ProtoUtils::fromProto, entry.getEntriesList());
    switch(entry.getAction()) {
        case REPLACE:
            // fully replace the acl for the path
            inode.replaceAcl(entries);
            break;
        case MODIFY:
            inode.setAcl(entries);
            break;
        case REMOVE:
            inode.removeAcl(entries);
            break;
        case REMOVE_ALL:
            inode.removeExtendedAcl();
            break;
        case REMOVE_DEFAULT:
            inode.setDefaultACL(new DefaultAccessControlList(inode.getACL()));
            break;
        default:
            LOG.warn("Unrecognized acl action: " + entry.getAction());
    }
    mInodeStore.writeInode(inode);
}
Also used : DefaultAccessControlList(alluxio.security.authorization.DefaultAccessControlList) SetAclEntry(alluxio.proto.journal.File.SetAclEntry) AclEntry(alluxio.security.authorization.AclEntry) ProtoUtils(alluxio.util.proto.ProtoUtils)

Example 2 with ProtoUtils

use of alluxio.util.proto.ProtoUtils in project alluxio by Alluxio.

the class DefaultFileSystemMaster method setAclSingleInode.

private void setAclSingleInode(RpcContext rpcContext, SetAclAction action, LockedInodePath inodePath, List<AclEntry> entries, boolean replay, long opTimeMs) throws IOException, FileDoesNotExistException {
    Preconditions.checkState(inodePath.getLockPattern().isWrite());
    Inode inode = inodePath.getInode();
    // Check that we are not removing an extended mask.
    if (action == SetAclAction.REMOVE) {
        for (AclEntry entry : entries) {
            if ((entry.isDefault() && inode.getDefaultACL().hasExtended()) || (!entry.isDefault() && inode.getACL().hasExtended())) {
                if (entry.getType() == AclEntryType.MASK) {
                    throw new InvalidArgumentException("Deleting the mask for an extended ACL is not allowed. entry: " + entry);
                }
            }
        }
    }
    // Check that we are not setting default ACL to a file
    if (inode.isFile()) {
        for (AclEntry entry : entries) {
            if (entry.isDefault()) {
                throw new UnsupportedOperationException("Can not set default ACL for a file");
            }
        }
    }
    mInodeTree.setAcl(rpcContext, SetAclEntry.newBuilder().setId(inode.getId()).setOpTimeMs(opTimeMs).setAction(ProtoUtils.toProto(action)).addAllEntries(entries.stream().map(ProtoUtils::toProto).collect(Collectors.toList())).build());
    try {
        if (!replay && inode.isPersisted()) {
            setUfsAcl(inodePath);
        }
    } catch (InvalidPathException | AccessControlException e) {
        LOG.warn("Setting ufs ACL failed for path: {}", inodePath.getUri(), e);
    // TODO(david): revert the acl and default acl to the initial state if writing to ufs failed.
    }
}
Also used : Inode(alluxio.master.file.meta.Inode) InvalidArgumentException(alluxio.exception.status.InvalidArgumentException) AclEntry(alluxio.security.authorization.AclEntry) SetAclEntry(alluxio.proto.journal.File.SetAclEntry) ProtoUtils(alluxio.util.proto.ProtoUtils) AccessControlException(alluxio.exception.AccessControlException) InvalidPathException(alluxio.exception.InvalidPathException)

Aggregations

SetAclEntry (alluxio.proto.journal.File.SetAclEntry)2 AclEntry (alluxio.security.authorization.AclEntry)2 ProtoUtils (alluxio.util.proto.ProtoUtils)2 AccessControlException (alluxio.exception.AccessControlException)1 InvalidPathException (alluxio.exception.InvalidPathException)1 InvalidArgumentException (alluxio.exception.status.InvalidArgumentException)1 Inode (alluxio.master.file.meta.Inode)1 DefaultAccessControlList (alluxio.security.authorization.DefaultAccessControlList)1