Example 56 with AclEntry
use of org.apache.hadoop.fs.permission.AclEntry in project hadoop by apache.
the class AclTransformation method filterAclEntriesByAclSpec.
/**
* Filters (discards) any existing ACL entries that have the same scope, type
* and name of any entry in the ACL spec. If necessary, recalculates the mask
* entries. If necessary, default entries may be inferred by copying the
* permissions of the corresponding access entries. It is invalid to request
* removal of the mask entry from an ACL that would otherwise require a mask
* entry, due to existing named entries or an unnamed group entry.
*
* @param existingAcl List<AclEntry> existing ACL
* @param inAclSpec List<AclEntry> ACL spec describing entries to filter
* @return List<AclEntry> new ACL
* @throws AclException if validation fails
*/
public static List<AclEntry> filterAclEntriesByAclSpec(List<AclEntry> existingAcl, List<AclEntry> inAclSpec) throws AclException {
ValidatedAclSpec aclSpec = new ValidatedAclSpec(inAclSpec);
ArrayList<AclEntry> aclBuilder = Lists.newArrayListWithCapacity(MAX_ENTRIES);
EnumMap<AclEntryScope, AclEntry> providedMask = Maps.newEnumMap(AclEntryScope.class);
EnumSet<AclEntryScope> maskDirty = EnumSet.noneOf(AclEntryScope.class);
EnumSet<AclEntryScope> scopeDirty = EnumSet.noneOf(AclEntryScope.class);
for (AclEntry existingEntry : existingAcl) {
if (aclSpec.containsKey(existingEntry)) {
scopeDirty.add(existingEntry.getScope());
if (existingEntry.getType() == MASK) {
maskDirty.add(existingEntry.getScope());
}
} else {
if (existingEntry.getType() == MASK) {
providedMask.put(existingEntry.getScope(), existingEntry);
} else {
aclBuilder.add(existingEntry);
}
}
}
copyDefaultsIfNeeded(aclBuilder);
calculateMasks(aclBuilder, providedMask, maskDirty, scopeDirty);
return buildAndValidateAcl(aclBuilder);
}
Also used :
AclEntryScope(org.apache.hadoop.fs.permission.AclEntryScope)
AclEntry(org.apache.hadoop.fs.permission.AclEntry)
Example 57 with AclEntry
use of org.apache.hadoop.fs.permission.AclEntry in project hadoop by apache.
the class TestAclCommands method testMultipleAclSpecParsingWithoutPermissions.
@Test
public void testMultipleAclSpecParsingWithoutPermissions() throws Exception {
List<AclEntry> parsedList = AclEntry.parseAclSpec("user::,user:user1:,group::,group:group1:,mask::,other::," + "default:user:user1::,default:mask::", false);
AclEntry owner = new AclEntry.Builder().setType(AclEntryType.USER).build();
AclEntry namedUser = new AclEntry.Builder().setType(AclEntryType.USER).setName("user1").build();
AclEntry group = new AclEntry.Builder().setType(AclEntryType.GROUP).build();
AclEntry namedGroup = new AclEntry.Builder().setType(AclEntryType.GROUP).setName("group1").build();
AclEntry mask = new AclEntry.Builder().setType(AclEntryType.MASK).build();
AclEntry other = new AclEntry.Builder().setType(AclEntryType.OTHER).build();
AclEntry defaultUser = new AclEntry.Builder().setScope(AclEntryScope.DEFAULT).setType(AclEntryType.USER).setName("user1").build();
AclEntry defaultMask = new AclEntry.Builder().setScope(AclEntryScope.DEFAULT).setType(AclEntryType.MASK).build();
List<AclEntry> expectedList = new ArrayList<AclEntry>();
expectedList.add(owner);
expectedList.add(namedUser);
expectedList.add(group);
expectedList.add(namedGroup);
expectedList.add(mask);
expectedList.add(other);
expectedList.add(defaultUser);
expectedList.add(defaultMask);
assertEquals("Parsed Acl not correct", expectedList, parsedList);
}Example 58 with AclEntry
use of org.apache.hadoop.fs.permission.AclEntry in project hadoop by apache.
the class TestAclCommands method testMultipleAclSpecParsing.
@Test
public void testMultipleAclSpecParsing() throws Exception {
List<AclEntry> parsedList = AclEntry.parseAclSpec("group::rwx,user:user1:rwx,user:user2:rw-," + "group:group1:rw-,default:group:group1:rw-", true);
AclEntry basicAcl = new AclEntry.Builder().setType(AclEntryType.GROUP).setPermission(FsAction.ALL).build();
AclEntry user1Acl = new AclEntry.Builder().setType(AclEntryType.USER).setPermission(FsAction.ALL).setName("user1").build();
AclEntry user2Acl = new AclEntry.Builder().setType(AclEntryType.USER).setPermission(FsAction.READ_WRITE).setName("user2").build();
AclEntry group1Acl = new AclEntry.Builder().setType(AclEntryType.GROUP).setPermission(FsAction.READ_WRITE).setName("group1").build();
AclEntry defaultAcl = new AclEntry.Builder().setType(AclEntryType.GROUP).setPermission(FsAction.READ_WRITE).setName("group1").setScope(AclEntryScope.DEFAULT).build();
List<AclEntry> expectedList = new ArrayList<AclEntry>();
expectedList.add(basicAcl);
expectedList.add(user1Acl);
expectedList.add(user2Acl);
expectedList.add(group1Acl);
expectedList.add(defaultAcl);
assertEquals("Parsed Acl not correct", expectedList, parsedList);
}Example 59 with AclEntry
use of org.apache.hadoop.fs.permission.AclEntry in project hadoop by apache.
the class FSOperations method aclStatusToJSON.
/** Converts an <code>AclStatus</code> object into a JSON object.
*
* @param aclStatus AclStatus object
*
* @return The JSON representation of the ACLs for the file
*/
@SuppressWarnings({ "unchecked" })
private static Map<String, Object> aclStatusToJSON(AclStatus aclStatus) {
Map<String, Object> json = new LinkedHashMap<String, Object>();
Map<String, Object> inner = new LinkedHashMap<String, Object>();
JSONArray entriesArray = new JSONArray();
inner.put(HttpFSFileSystem.OWNER_JSON, aclStatus.getOwner());
inner.put(HttpFSFileSystem.GROUP_JSON, aclStatus.getGroup());
inner.put(HttpFSFileSystem.ACL_STICKY_BIT_JSON, aclStatus.isStickyBit());
for (AclEntry e : aclStatus.getEntries()) {
entriesArray.add(e.toString());
}
inner.put(HttpFSFileSystem.ACL_ENTRIES_JSON, entriesArray);
json.put(HttpFSFileSystem.ACL_STATUS_JSON, inner);
return json;
}
Also used :
JSONArray(org.json.simple.JSONArray)
AclEntry(org.apache.hadoop.fs.permission.AclEntry)
JSONObject(org.json.simple.JSONObject)
LinkedHashMap(java.util.LinkedHashMap)
Example 60 with AclEntry
use of org.apache.hadoop.fs.permission.AclEntry in project hadoop by apache.
the class BaseTestHttpFSWith method assertSameAcls.
/**
* Runs assertions testing that two AclStatus objects contain the same info
* @param a First AclStatus
* @param b Second AclStatus
* @throws Exception
*/
private void assertSameAcls(AclStatus a, AclStatus b) throws Exception {
assertTrue(a.getOwner().equals(b.getOwner()));
assertTrue(a.getGroup().equals(b.getGroup()));
assertTrue(a.isStickyBit() == b.isStickyBit());
assertTrue(a.getEntries().size() == b.getEntries().size());
for (AclEntry e : a.getEntries()) {
assertTrue(b.getEntries().contains(e));
}
for (AclEntry e : b.getEntries()) {
assertTrue(a.getEntries().contains(e));
}
}
Also used :
AclEntry(org.apache.hadoop.fs.permission.AclEntry)
Aggregations
AclEntry (org.apache.hadoop.fs.permission.AclEntry)137
Test (org.junit.Test)90
AclStatus (org.apache.hadoop.fs.permission.AclStatus)81
Path (org.apache.hadoop.fs.Path)52
FsPermission (org.apache.hadoop.fs.permission.FsPermission)25
ArrayList (java.util.ArrayList)11
FSAclBaseTest (org.apache.hadoop.hdfs.server.namenode.FSAclBaseTest)11
FileSystem (org.apache.hadoop.fs.FileSystem)10
Configuration (org.apache.hadoop.conf.Configuration)7
FileStatus (org.apache.hadoop.fs.FileStatus)6
MockResponse (com.squareup.okhttp.mockwebserver.MockResponse)5
ScopedAclEntries (org.apache.hadoop.fs.permission.ScopedAclEntries)5
DistributedFileSystem (org.apache.hadoop.hdfs.DistributedFileSystem)5
DatanodeInfoBuilder (org.apache.hadoop.hdfs.protocol.DatanodeInfo.DatanodeInfoBuilder)5
IOException (java.io.IOException)4
List (java.util.List)4
AclEntryScope (org.apache.hadoop.fs.permission.AclEntryScope)4
AclEntryProto (org.apache.hadoop.hdfs.protocol.proto.AclProtos.AclEntryProto)4
URI (java.net.URI)3
AclEntryType (org.apache.hadoop.fs.permission.AclEntryType)3
