use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.
the class S3Acl method s3AclToOzoneNativeAclOnBucket.
public static List<OzoneAcl> s3AclToOzoneNativeAclOnBucket(S3BucketAcl bucketAcl) throws OS3Exception {
List<OzoneAcl> ozoneAclList = new ArrayList<>();
List<Grant> grantList = bucketAcl.getAclList().getGrantList();
for (Grant grant : grantList) {
// Only "CanonicalUser" is supported, which maps to Ozone "USER"
ACLIdentityType identityType = ACLIdentityType.getTypeFromGranteeType(grant.getGrantee().getXsiType());
if (identityType != null && identityType.isSupported()) {
String permission = grant.getPermission();
BitSet acls = getOzoneAclOnBucketFromS3Permission(permission);
OzoneAcl defaultOzoneAcl = new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, grant.getGrantee().getId(), acls, OzoneAcl.AclScope.DEFAULT);
OzoneAcl accessOzoneAcl = new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, grant.getGrantee().getId(), acls, OzoneAcl.AclScope.ACCESS);
ozoneAclList.add(defaultOzoneAcl);
ozoneAclList.add(accessOzoneAcl);
} else {
LOG.error("Grantee type {} is not supported", grant.getGrantee().getXsiType());
throw S3ErrorTable.newError(NOT_IMPLEMENTED, grant.getGrantee().getXsiType());
}
}
return ozoneAclList;
}
use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.
the class BucketEndpoint method getAndConvertAclOnVolume.
private List<OzoneAcl> getAndConvertAclOnVolume(String value, String permission) throws OS3Exception {
List<OzoneAcl> ozoneAclList = new ArrayList<>();
if (StringUtils.isEmpty(value)) {
return ozoneAclList;
}
String[] subValues = value.split(",");
for (String acl : subValues) {
String[] part = acl.split("=");
if (part.length != 2) {
throw newError(S3ErrorTable.INVALID_ARGUMENT, acl);
}
S3Acl.ACLIdentityType type = S3Acl.ACLIdentityType.getTypeFromHeaderType(part[0]);
if (type == null || !type.isSupported()) {
LOG.warn("S3 grantee {} is null or not supported", part[0]);
throw newError(NOT_IMPLEMENTED, part[0]);
}
// Build ACL on Volume
BitSet aclsOnVolume = S3Acl.getOzoneAclOnVolumeFromS3Permission(permission);
OzoneAcl accessOzoneAcl = new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, part[1], aclsOnVolume, ACCESS);
ozoneAclList.add(accessOzoneAcl);
}
return ozoneAclList;
}
use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.
the class RpcClient method createVolume.
@Override
public void createVolume(String volumeName, VolumeArgs volArgs) throws IOException {
verifyVolumeName(volumeName);
Preconditions.checkNotNull(volArgs);
verifyCountsQuota(volArgs.getQuotaInNamespace());
verifySpaceQuota(volArgs.getQuotaInBytes());
String admin = volArgs.getAdmin() == null ? ugi.getShortUserName() : volArgs.getAdmin();
String owner = volArgs.getOwner() == null ? ugi.getShortUserName() : volArgs.getOwner();
long quotaInNamespace = volArgs.getQuotaInNamespace();
long quotaInBytes = volArgs.getQuotaInBytes();
List<OzoneAcl> listOfAcls = new ArrayList<>();
// User ACL
listOfAcls.add(new OzoneAcl(ACLIdentityType.USER, owner, userRights, ACCESS));
// Group ACLs of the User
List<String> userGroups = Arrays.asList(UserGroupInformation.createRemoteUser(owner).getGroupNames());
userGroups.stream().forEach((group) -> listOfAcls.add(new OzoneAcl(ACLIdentityType.GROUP, group, groupRights, ACCESS)));
// ACLs from VolumeArgs
if (volArgs.getAcls() != null) {
listOfAcls.addAll(volArgs.getAcls());
}
OmVolumeArgs.Builder builder = OmVolumeArgs.newBuilder();
builder.setVolume(volumeName);
builder.setAdminName(admin);
builder.setOwnerName(owner);
builder.setQuotaInBytes(quotaInBytes);
builder.setQuotaInNamespace(quotaInNamespace);
builder.setUsedNamespace(0L);
builder.addAllMetadata(volArgs.getMetadata());
// Remove duplicates and add ACLs
for (OzoneAcl ozoneAcl : listOfAcls.stream().distinct().collect(Collectors.toList())) {
builder.addOzoneAcls(ozoneAcl);
}
if (volArgs.getQuotaInBytes() == 0) {
LOG.info("Creating Volume: {}, with {} as owner.", volumeName, owner);
} else {
LOG.info("Creating Volume: {}, with {} as owner " + "and space quota set to {} bytes, counts quota set" + " to {}", volumeName, owner, quotaInBytes, quotaInNamespace);
}
ozoneManagerClient.createVolume(builder.build());
}
use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.
the class GeneratorOm method writeOmBucketVolume.
private void writeOmBucketVolume() throws IOException {
Table<String, OmVolumeArgs> volTable = omDb.getTable(OmMetadataManagerImpl.VOLUME_TABLE, String.class, OmVolumeArgs.class);
String admin = getUserId();
String owner = getUserId();
OmVolumeArgs omVolumeArgs = new OmVolumeArgs.Builder().setVolume(volumeName).setAdminName(admin).setCreationTime(Time.now()).setOwnerName(owner).setObjectID(1L).setUpdateID(1L).setQuotaInBytes(100L).addOzoneAcls(new OzoneAcl(IAccessAuthorizer.ACLIdentityType.WORLD, "", IAccessAuthorizer.ACLType.ALL, ACCESS)).addOzoneAcls(new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, getUserId(), IAccessAuthorizer.ACLType.ALL, ACCESS)).build();
volTable.put("/" + volumeName, omVolumeArgs);
final Table<String, PersistedUserVolumeInfo> userTable = omDb.getTable(OmMetadataManagerImpl.USER_TABLE, String.class, PersistedUserVolumeInfo.class);
PersistedUserVolumeInfo currentUserVolumeInfo = userTable.get(getUserId());
if (currentUserVolumeInfo == null) {
currentUserVolumeInfo = PersistedUserVolumeInfo.newBuilder().addVolumeNames(volumeName).build();
} else if (!currentUserVolumeInfo.getVolumeNamesList().contains(volumeName)) {
currentUserVolumeInfo = PersistedUserVolumeInfo.newBuilder().addAllVolumeNames(currentUserVolumeInfo.getVolumeNamesList()).addVolumeNames(volumeName).build();
}
userTable.put(getUserId(), currentUserVolumeInfo);
Table<String, OmBucketInfo> bucketTable = omDb.getTable(OmMetadataManagerImpl.BUCKET_TABLE, String.class, OmBucketInfo.class);
OmBucketInfo omBucketInfo = new OmBucketInfo.Builder().setBucketName(bucketName).setVolumeName(volumeName).build();
bucketTable.put("/" + volumeName + "/" + bucketName, omBucketInfo);
}
use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.
the class AclOption method removeFrom.
public void removeFrom(OzoneObj obj, ObjectStore objectStore, PrintStream out) throws IOException {
for (OzoneAcl acl : getAclList()) {
boolean result = objectStore.removeAcl(obj, acl);
String message = result ? ("ACL %s removed successfully.%n") : ("ACL %s doesn't exist.%n");
out.printf(message, acl);
}
}
Aggregations