Search in sources :

Example 96 with OzoneAcl

use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.

the class TestOzoneManagerHAWithACL method testAddBucketAcl.

public void testAddBucketAcl() throws Exception {
    OzoneBucket ozoneBucket = setupBucket();
    String remoteUserName = "remoteUser";
    OzoneAcl defaultUserAcl = new OzoneAcl(USER, remoteUserName, READ, DEFAULT);
    OzoneObj ozoneObj = OzoneObjInfo.Builder.newBuilder().setResType(OzoneObj.ResourceType.BUCKET).setStoreType(OzoneObj.StoreType.OZONE).setVolumeName(ozoneBucket.getVolumeName()).setBucketName(ozoneBucket.getName()).build();
    testAddAcl(remoteUserName, ozoneObj, defaultUserAcl);
}
Also used : OzoneBucket(org.apache.hadoop.ozone.client.OzoneBucket) OzoneObj(org.apache.hadoop.ozone.security.acl.OzoneObj) OzoneAcl(org.apache.hadoop.ozone.OzoneAcl)

Example 97 with OzoneAcl

use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.

the class TestBucketOwner method testNonBucketNonVolumeOwner.

@Test
public void testNonBucketNonVolumeOwner() throws Exception {
    // Test Key Operations Non-Bucket Owner, Non-Volume Owner
    // Key Create
    UserGroupInformation.setLoginUser(user3);
    OzoneBucket ozoneBucket;
    try {
        OzoneVolume volume = cluster.getClient().getObjectStore().getVolume("volume1");
        ozoneBucket = volume.getBucket("bucket1");
        createKey(ozoneBucket, "key3", 10, new byte[10]);
        fail("Create key as non-volume and non-bucket owner should fail");
    } catch (Exception ex) {
        LOG.info(ex.getMessage());
    }
    // Key Delete - should fail
    try {
        OzoneVolume volume = cluster.getClient().getObjectStore().getVolume("volume1");
        ozoneBucket = volume.getBucket("bucket1");
        ozoneBucket.deleteKey("key2");
        fail("Delete key as non-volume and non-bucket owner should fail");
    } catch (Exception ex) {
        LOG.info(ex.getMessage());
    }
    // Key Rename - should fail
    try {
        OzoneVolume volume = cluster.getClient().getObjectStore().getVolume("volume1");
        ozoneBucket = volume.getBucket("bucket1");
        ozoneBucket.renameKey("key2", "key4");
        fail("Rename key as non-volume and non-bucket owner should fail");
    } catch (Exception ex) {
        LOG.info(ex.getMessage());
    }
    // List Keys - should fail
    try {
        OzoneVolume volume = cluster.getClient().getObjectStore().getVolume("volume1");
        ozoneBucket = volume.getBucket("bucket1");
        ozoneBucket.listKeys("key");
        fail("List keys as non-volume and non-bucket owner should fail");
    } catch (Exception ex) {
        LOG.info(ex.getMessage());
    }
    // Get Acls - should fail
    try {
        OzoneVolume volume = cluster.getClient().getObjectStore().getVolume("volume1");
        ozoneBucket = volume.getBucket("bucket1");
        ozoneBucket.getAcls();
        fail("Get Acls as non-volume and non-bucket owner should fail");
    } catch (Exception ex) {
        LOG.info(ex.getMessage());
    }
    // Add Acls - should fail
    try {
        OzoneVolume volume = cluster.getClient().getObjectStore().getVolume("volume1");
        ozoneBucket = volume.getBucket("bucket1");
        OzoneAcl acl = new OzoneAcl(USER, "testuser1", IAccessAuthorizer.ACLType.ALL, DEFAULT);
        ozoneBucket.addAcl(acl);
        fail("Add Acls as non-volume and non-bucket owner should fail");
    } catch (Exception ex) {
        LOG.info(ex.getMessage());
    }
}
Also used : OzoneBucket(org.apache.hadoop.ozone.client.OzoneBucket) OzoneVolume(org.apache.hadoop.ozone.client.OzoneVolume) OzoneAcl(org.apache.hadoop.ozone.OzoneAcl) IOException(java.io.IOException) Test(org.junit.Test)

Example 98 with OzoneAcl

use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.

the class TestBucketOwner method testBucketOwner.

@Test
public void testBucketOwner() throws Exception {
    // Test Key Operations as Bucket Owner,  Non-Volume Owner
    UserGroupInformation.setLoginUser(user1);
    OzoneVolume volume = cluster.getClient().getObjectStore().getVolume("volume1");
    OzoneBucket ozoneBucket = volume.getBucket("bucket1");
    // Key Create
    createKey(ozoneBucket, "key1", 10, new byte[10]);
    createKey(ozoneBucket, "key2", 10, new byte[10]);
    // Key Delete
    ozoneBucket.deleteKey("key1");
    // Bucket Delete
    volume.deleteBucket("bucket3");
    // List Keys
    ozoneBucket.listKeys("key");
    // Get Acls
    ozoneBucket.getAcls();
    // Add Acls
    OzoneAcl acl = new OzoneAcl(USER, "testuser", IAccessAuthorizer.ACLType.ALL, DEFAULT);
    ozoneBucket.addAcl(acl);
}
Also used : OzoneVolume(org.apache.hadoop.ozone.client.OzoneVolume) OzoneBucket(org.apache.hadoop.ozone.client.OzoneBucket) OzoneAcl(org.apache.hadoop.ozone.OzoneAcl) Test(org.junit.Test)

Example 99 with OzoneAcl

use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.

the class RpcClient method createBucket.

@Override
public void createBucket(String volumeName, String bucketName, BucketArgs bucketArgs) throws IOException {
    verifyVolumeName(volumeName);
    verifyBucketName(bucketName);
    Preconditions.checkNotNull(bucketArgs);
    verifyCountsQuota(bucketArgs.getQuotaInNamespace());
    verifySpaceQuota(bucketArgs.getQuotaInBytes());
    if (omVersion.compareTo(OzoneManagerVersion.ERASURE_CODED_STORAGE_SUPPORT) < 0) {
        if (bucketArgs.getDefaultReplicationConfig() != null && bucketArgs.getDefaultReplicationConfig().getType() == ReplicationType.EC) {
            throw new IOException("Can not set the default replication of the" + " bucket to Erasure Coded replication, as OzoneManager does" + " not support Erasure Coded replication.");
        }
    }
    final String owner;
    // accessId. Similar to RpcClient#getDEK
    if (getThreadLocalS3Auth() != null) {
        final UserGroupInformation s3gUGI = UserGroupInformation.createRemoteUser(getThreadLocalS3Auth().getUserPrincipal());
        owner = s3gUGI.getShortUserName();
    } else {
        owner = bucketArgs.getOwner() == null ? ugi.getShortUserName() : bucketArgs.getOwner();
    }
    Boolean isVersionEnabled = bucketArgs.getVersioning() == null ? Boolean.FALSE : bucketArgs.getVersioning();
    StorageType storageType = bucketArgs.getStorageType() == null ? StorageType.DEFAULT : bucketArgs.getStorageType();
    BucketLayout bucketLayout = bucketArgs.getBucketLayout();
    BucketEncryptionKeyInfo bek = null;
    if (bucketArgs.getEncryptionKey() != null) {
        bek = new BucketEncryptionKeyInfo.Builder().setKeyName(bucketArgs.getEncryptionKey()).build();
    }
    List<OzoneAcl> listOfAcls = getAclList();
    // ACLs from BucketArgs
    if (bucketArgs.getAcls() != null) {
        listOfAcls.addAll(bucketArgs.getAcls());
    }
    OmBucketInfo.Builder builder = OmBucketInfo.newBuilder();
    builder.setVolumeName(volumeName).setBucketName(bucketName).setIsVersionEnabled(isVersionEnabled).addAllMetadata(bucketArgs.getMetadata()).setStorageType(storageType).setSourceVolume(bucketArgs.getSourceVolume()).setSourceBucket(bucketArgs.getSourceBucket()).setQuotaInBytes(bucketArgs.getQuotaInBytes()).setQuotaInNamespace(bucketArgs.getQuotaInNamespace()).setAcls(listOfAcls.stream().distinct().collect(Collectors.toList())).setBucketLayout(bucketLayout).setOwner(owner);
    if (bek != null) {
        builder.setBucketEncryptionKey(bek);
    }
    DefaultReplicationConfig defaultReplicationConfig = bucketArgs.getDefaultReplicationConfig();
    if (defaultReplicationConfig != null) {
        builder.setDefaultReplicationConfig(defaultReplicationConfig);
    }
    LOG.info("Creating Bucket: {}/{}, with the Bucket Layout {}, {} as " + "owner, Versioning {}, Storage Type set to {} and Encryption set " + "to {} ", volumeName, bucketName, bucketLayout, owner, isVersionEnabled, storageType, bek != null);
    ozoneManagerClient.createBucket(builder.build());
}
Also used : OmBucketInfo(org.apache.hadoop.ozone.om.helpers.OmBucketInfo) StorageType(org.apache.hadoop.hdds.protocol.StorageType) BucketEncryptionKeyInfo(org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo) BucketLayout(org.apache.hadoop.ozone.om.helpers.BucketLayout) IOException(java.io.IOException) OzoneAcl(org.apache.hadoop.ozone.OzoneAcl) DefaultReplicationConfig(org.apache.hadoop.hdds.client.DefaultReplicationConfig) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 100 with OzoneAcl

use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.

the class OzoneAclUtil method getAclList.

/**
 * Helper function to get access acl list for current user.
 *
 * @param userName
 * @param userGroups
 * @return list of OzoneAcls
 */
public static List<OzoneAcl> getAclList(String userName, String[] userGroups, ACLType userRights, ACLType groupRights) {
    List<OzoneAcl> listOfAcls = new ArrayList<>();
    // User ACL.
    listOfAcls.add(new OzoneAcl(USER, userName, userRights, ACCESS));
    if (userGroups != null) {
        // Group ACLs of the User.
        Arrays.asList(userGroups).forEach((group) -> listOfAcls.add(new OzoneAcl(GROUP, group, groupRights, ACCESS)));
    }
    return listOfAcls;
}
Also used : OzoneAcl(org.apache.hadoop.ozone.OzoneAcl) ArrayList(java.util.ArrayList)

Aggregations

OzoneAcl (org.apache.hadoop.ozone.OzoneAcl)103 Test (org.junit.Test)45 ArrayList (java.util.ArrayList)29 OzoneObj (org.apache.hadoop.ozone.security.acl.OzoneObj)26 OzoneBucket (org.apache.hadoop.ozone.client.OzoneBucket)25 OMRequest (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMRequest)23 OMClientResponse (org.apache.hadoop.ozone.om.response.OMClientResponse)20 OzoneVolume (org.apache.hadoop.ozone.client.OzoneVolume)18 OMResponse (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMResponse)18 IOException (java.io.IOException)12 BitSet (java.util.BitSet)12 OMException (org.apache.hadoop.ozone.om.exceptions.OMException)12 OmVolumeArgs (org.apache.hadoop.ozone.om.helpers.OmVolumeArgs)11 Test (org.junit.jupiter.api.Test)11 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)11 ObjectStore (org.apache.hadoop.ozone.client.ObjectStore)8 OmBucketInfo (org.apache.hadoop.ozone.om.helpers.OmBucketInfo)8 ACLType (org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType)8 BucketArgs (org.apache.hadoop.ozone.client.BucketArgs)7 OMMetadataManager (org.apache.hadoop.ozone.om.OMMetadataManager)7