Search in sources :

Example 6 with OzoneAcl

use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.

the class S3Acl method s3AclToOzoneNativeAclOnBucket.

public static List<OzoneAcl> s3AclToOzoneNativeAclOnBucket(S3BucketAcl bucketAcl) throws OS3Exception {
    List<OzoneAcl> ozoneAclList = new ArrayList<>();
    List<Grant> grantList = bucketAcl.getAclList().getGrantList();
    for (Grant grant : grantList) {
        // Only "CanonicalUser" is supported, which maps to Ozone "USER"
        ACLIdentityType identityType = ACLIdentityType.getTypeFromGranteeType(grant.getGrantee().getXsiType());
        if (identityType != null && identityType.isSupported()) {
            String permission = grant.getPermission();
            BitSet acls = getOzoneAclOnBucketFromS3Permission(permission);
            OzoneAcl defaultOzoneAcl = new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, grant.getGrantee().getId(), acls, OzoneAcl.AclScope.DEFAULT);
            OzoneAcl accessOzoneAcl = new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, grant.getGrantee().getId(), acls, OzoneAcl.AclScope.ACCESS);
            ozoneAclList.add(defaultOzoneAcl);
            ozoneAclList.add(accessOzoneAcl);
        } else {
            LOG.error("Grantee type {} is not supported", grant.getGrantee().getXsiType());
            throw S3ErrorTable.newError(NOT_IMPLEMENTED, grant.getGrantee().getXsiType());
        }
    }
    return ozoneAclList;
}
Also used : Grant(org.apache.hadoop.ozone.s3.endpoint.S3BucketAcl.Grant) OzoneAcl(org.apache.hadoop.ozone.OzoneAcl) ArrayList(java.util.ArrayList) BitSet(java.util.BitSet)

Example 7 with OzoneAcl

use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.

the class BucketEndpoint method getAndConvertAclOnVolume.

private List<OzoneAcl> getAndConvertAclOnVolume(String value, String permission) throws OS3Exception {
    List<OzoneAcl> ozoneAclList = new ArrayList<>();
    if (StringUtils.isEmpty(value)) {
        return ozoneAclList;
    }
    String[] subValues = value.split(",");
    for (String acl : subValues) {
        String[] part = acl.split("=");
        if (part.length != 2) {
            throw newError(S3ErrorTable.INVALID_ARGUMENT, acl);
        }
        S3Acl.ACLIdentityType type = S3Acl.ACLIdentityType.getTypeFromHeaderType(part[0]);
        if (type == null || !type.isSupported()) {
            LOG.warn("S3 grantee {} is null or not supported", part[0]);
            throw newError(NOT_IMPLEMENTED, part[0]);
        }
        // Build ACL on Volume
        BitSet aclsOnVolume = S3Acl.getOzoneAclOnVolumeFromS3Permission(permission);
        OzoneAcl accessOzoneAcl = new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, part[1], aclsOnVolume, ACCESS);
        ozoneAclList.add(accessOzoneAcl);
    }
    return ozoneAclList;
}
Also used : OzoneAcl(org.apache.hadoop.ozone.OzoneAcl) ArrayList(java.util.ArrayList) BitSet(java.util.BitSet)

Example 8 with OzoneAcl

use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.

the class RpcClient method createVolume.

@Override
public void createVolume(String volumeName, VolumeArgs volArgs) throws IOException {
    verifyVolumeName(volumeName);
    Preconditions.checkNotNull(volArgs);
    verifyCountsQuota(volArgs.getQuotaInNamespace());
    verifySpaceQuota(volArgs.getQuotaInBytes());
    String admin = volArgs.getAdmin() == null ? ugi.getShortUserName() : volArgs.getAdmin();
    String owner = volArgs.getOwner() == null ? ugi.getShortUserName() : volArgs.getOwner();
    long quotaInNamespace = volArgs.getQuotaInNamespace();
    long quotaInBytes = volArgs.getQuotaInBytes();
    List<OzoneAcl> listOfAcls = new ArrayList<>();
    // User ACL
    listOfAcls.add(new OzoneAcl(ACLIdentityType.USER, owner, userRights, ACCESS));
    // Group ACLs of the User
    List<String> userGroups = Arrays.asList(UserGroupInformation.createRemoteUser(owner).getGroupNames());
    userGroups.stream().forEach((group) -> listOfAcls.add(new OzoneAcl(ACLIdentityType.GROUP, group, groupRights, ACCESS)));
    // ACLs from VolumeArgs
    if (volArgs.getAcls() != null) {
        listOfAcls.addAll(volArgs.getAcls());
    }
    OmVolumeArgs.Builder builder = OmVolumeArgs.newBuilder();
    builder.setVolume(volumeName);
    builder.setAdminName(admin);
    builder.setOwnerName(owner);
    builder.setQuotaInBytes(quotaInBytes);
    builder.setQuotaInNamespace(quotaInNamespace);
    builder.setUsedNamespace(0L);
    builder.addAllMetadata(volArgs.getMetadata());
    // Remove duplicates and add ACLs
    for (OzoneAcl ozoneAcl : listOfAcls.stream().distinct().collect(Collectors.toList())) {
        builder.addOzoneAcls(ozoneAcl);
    }
    if (volArgs.getQuotaInBytes() == 0) {
        LOG.info("Creating Volume: {}, with {} as owner.", volumeName, owner);
    } else {
        LOG.info("Creating Volume: {}, with {} as owner " + "and space quota set to {} bytes, counts quota set" + " to {}", volumeName, owner, quotaInBytes, quotaInNamespace);
    }
    ozoneManagerClient.createVolume(builder.build());
}
Also used : OzoneAcl(org.apache.hadoop.ozone.OzoneAcl) OmVolumeArgs(org.apache.hadoop.ozone.om.helpers.OmVolumeArgs) ArrayList(java.util.ArrayList)

Example 9 with OzoneAcl

use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.

the class GeneratorOm method writeOmBucketVolume.

private void writeOmBucketVolume() throws IOException {
    Table<String, OmVolumeArgs> volTable = omDb.getTable(OmMetadataManagerImpl.VOLUME_TABLE, String.class, OmVolumeArgs.class);
    String admin = getUserId();
    String owner = getUserId();
    OmVolumeArgs omVolumeArgs = new OmVolumeArgs.Builder().setVolume(volumeName).setAdminName(admin).setCreationTime(Time.now()).setOwnerName(owner).setObjectID(1L).setUpdateID(1L).setQuotaInBytes(100L).addOzoneAcls(new OzoneAcl(IAccessAuthorizer.ACLIdentityType.WORLD, "", IAccessAuthorizer.ACLType.ALL, ACCESS)).addOzoneAcls(new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, getUserId(), IAccessAuthorizer.ACLType.ALL, ACCESS)).build();
    volTable.put("/" + volumeName, omVolumeArgs);
    final Table<String, PersistedUserVolumeInfo> userTable = omDb.getTable(OmMetadataManagerImpl.USER_TABLE, String.class, PersistedUserVolumeInfo.class);
    PersistedUserVolumeInfo currentUserVolumeInfo = userTable.get(getUserId());
    if (currentUserVolumeInfo == null) {
        currentUserVolumeInfo = PersistedUserVolumeInfo.newBuilder().addVolumeNames(volumeName).build();
    } else if (!currentUserVolumeInfo.getVolumeNamesList().contains(volumeName)) {
        currentUserVolumeInfo = PersistedUserVolumeInfo.newBuilder().addAllVolumeNames(currentUserVolumeInfo.getVolumeNamesList()).addVolumeNames(volumeName).build();
    }
    userTable.put(getUserId(), currentUserVolumeInfo);
    Table<String, OmBucketInfo> bucketTable = omDb.getTable(OmMetadataManagerImpl.BUCKET_TABLE, String.class, OmBucketInfo.class);
    OmBucketInfo omBucketInfo = new OmBucketInfo.Builder().setBucketName(bucketName).setVolumeName(volumeName).build();
    bucketTable.put("/" + volumeName + "/" + bucketName, omBucketInfo);
}
Also used : OmBucketInfo(org.apache.hadoop.ozone.om.helpers.OmBucketInfo) OzoneAcl(org.apache.hadoop.ozone.OzoneAcl) OmVolumeArgs(org.apache.hadoop.ozone.om.helpers.OmVolumeArgs) Builder(org.apache.hadoop.ozone.om.helpers.OmKeyInfo.Builder) DBStoreBuilder(org.apache.hadoop.hdds.utils.db.DBStoreBuilder) PersistedUserVolumeInfo(org.apache.hadoop.ozone.storage.proto.OzoneManagerStorageProtos.PersistedUserVolumeInfo)

Example 10 with OzoneAcl

use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.

the class AclOption method removeFrom.

public void removeFrom(OzoneObj obj, ObjectStore objectStore, PrintStream out) throws IOException {
    for (OzoneAcl acl : getAclList()) {
        boolean result = objectStore.removeAcl(obj, acl);
        String message = result ? ("ACL %s removed successfully.%n") : ("ACL %s doesn't exist.%n");
        out.printf(message, acl);
    }
}
Also used : OzoneAcl(org.apache.hadoop.ozone.OzoneAcl)

Aggregations

OzoneAcl (org.apache.hadoop.ozone.OzoneAcl)103 Test (org.junit.Test)45 ArrayList (java.util.ArrayList)29 OzoneObj (org.apache.hadoop.ozone.security.acl.OzoneObj)26 OzoneBucket (org.apache.hadoop.ozone.client.OzoneBucket)25 OMRequest (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMRequest)23 OMClientResponse (org.apache.hadoop.ozone.om.response.OMClientResponse)20 OzoneVolume (org.apache.hadoop.ozone.client.OzoneVolume)18 OMResponse (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMResponse)18 IOException (java.io.IOException)12 BitSet (java.util.BitSet)12 OMException (org.apache.hadoop.ozone.om.exceptions.OMException)12 OmVolumeArgs (org.apache.hadoop.ozone.om.helpers.OmVolumeArgs)11 Test (org.junit.jupiter.api.Test)11 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)11 ObjectStore (org.apache.hadoop.ozone.client.ObjectStore)8 OmBucketInfo (org.apache.hadoop.ozone.om.helpers.OmBucketInfo)8 ACLType (org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType)8 BucketArgs (org.apache.hadoop.ozone.client.BucketArgs)7 OMMetadataManager (org.apache.hadoop.ozone.om.OMMetadataManager)7