use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.
the class TestOzoneManagerHAWithACL method testAddBucketAcl.
public void testAddBucketAcl() throws Exception {
OzoneBucket ozoneBucket = setupBucket();
String remoteUserName = "remoteUser";
OzoneAcl defaultUserAcl = new OzoneAcl(USER, remoteUserName, READ, DEFAULT);
OzoneObj ozoneObj = OzoneObjInfo.Builder.newBuilder().setResType(OzoneObj.ResourceType.BUCKET).setStoreType(OzoneObj.StoreType.OZONE).setVolumeName(ozoneBucket.getVolumeName()).setBucketName(ozoneBucket.getName()).build();
testAddAcl(remoteUserName, ozoneObj, defaultUserAcl);
}
use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.
the class TestBucketOwner method testNonBucketNonVolumeOwner.
@Test
public void testNonBucketNonVolumeOwner() throws Exception {
// Test Key Operations Non-Bucket Owner, Non-Volume Owner
// Key Create
UserGroupInformation.setLoginUser(user3);
OzoneBucket ozoneBucket;
try {
OzoneVolume volume = cluster.getClient().getObjectStore().getVolume("volume1");
ozoneBucket = volume.getBucket("bucket1");
createKey(ozoneBucket, "key3", 10, new byte[10]);
fail("Create key as non-volume and non-bucket owner should fail");
} catch (Exception ex) {
LOG.info(ex.getMessage());
}
// Key Delete - should fail
try {
OzoneVolume volume = cluster.getClient().getObjectStore().getVolume("volume1");
ozoneBucket = volume.getBucket("bucket1");
ozoneBucket.deleteKey("key2");
fail("Delete key as non-volume and non-bucket owner should fail");
} catch (Exception ex) {
LOG.info(ex.getMessage());
}
// Key Rename - should fail
try {
OzoneVolume volume = cluster.getClient().getObjectStore().getVolume("volume1");
ozoneBucket = volume.getBucket("bucket1");
ozoneBucket.renameKey("key2", "key4");
fail("Rename key as non-volume and non-bucket owner should fail");
} catch (Exception ex) {
LOG.info(ex.getMessage());
}
// List Keys - should fail
try {
OzoneVolume volume = cluster.getClient().getObjectStore().getVolume("volume1");
ozoneBucket = volume.getBucket("bucket1");
ozoneBucket.listKeys("key");
fail("List keys as non-volume and non-bucket owner should fail");
} catch (Exception ex) {
LOG.info(ex.getMessage());
}
// Get Acls - should fail
try {
OzoneVolume volume = cluster.getClient().getObjectStore().getVolume("volume1");
ozoneBucket = volume.getBucket("bucket1");
ozoneBucket.getAcls();
fail("Get Acls as non-volume and non-bucket owner should fail");
} catch (Exception ex) {
LOG.info(ex.getMessage());
}
// Add Acls - should fail
try {
OzoneVolume volume = cluster.getClient().getObjectStore().getVolume("volume1");
ozoneBucket = volume.getBucket("bucket1");
OzoneAcl acl = new OzoneAcl(USER, "testuser1", IAccessAuthorizer.ACLType.ALL, DEFAULT);
ozoneBucket.addAcl(acl);
fail("Add Acls as non-volume and non-bucket owner should fail");
} catch (Exception ex) {
LOG.info(ex.getMessage());
}
}
use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.
the class TestBucketOwner method testBucketOwner.
@Test
public void testBucketOwner() throws Exception {
// Test Key Operations as Bucket Owner, Non-Volume Owner
UserGroupInformation.setLoginUser(user1);
OzoneVolume volume = cluster.getClient().getObjectStore().getVolume("volume1");
OzoneBucket ozoneBucket = volume.getBucket("bucket1");
// Key Create
createKey(ozoneBucket, "key1", 10, new byte[10]);
createKey(ozoneBucket, "key2", 10, new byte[10]);
// Key Delete
ozoneBucket.deleteKey("key1");
// Bucket Delete
volume.deleteBucket("bucket3");
// List Keys
ozoneBucket.listKeys("key");
// Get Acls
ozoneBucket.getAcls();
// Add Acls
OzoneAcl acl = new OzoneAcl(USER, "testuser", IAccessAuthorizer.ACLType.ALL, DEFAULT);
ozoneBucket.addAcl(acl);
}
use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.
the class RpcClient method createBucket.
@Override
public void createBucket(String volumeName, String bucketName, BucketArgs bucketArgs) throws IOException {
verifyVolumeName(volumeName);
verifyBucketName(bucketName);
Preconditions.checkNotNull(bucketArgs);
verifyCountsQuota(bucketArgs.getQuotaInNamespace());
verifySpaceQuota(bucketArgs.getQuotaInBytes());
if (omVersion.compareTo(OzoneManagerVersion.ERASURE_CODED_STORAGE_SUPPORT) < 0) {
if (bucketArgs.getDefaultReplicationConfig() != null && bucketArgs.getDefaultReplicationConfig().getType() == ReplicationType.EC) {
throw new IOException("Can not set the default replication of the" + " bucket to Erasure Coded replication, as OzoneManager does" + " not support Erasure Coded replication.");
}
}
final String owner;
// accessId. Similar to RpcClient#getDEK
if (getThreadLocalS3Auth() != null) {
final UserGroupInformation s3gUGI = UserGroupInformation.createRemoteUser(getThreadLocalS3Auth().getUserPrincipal());
owner = s3gUGI.getShortUserName();
} else {
owner = bucketArgs.getOwner() == null ? ugi.getShortUserName() : bucketArgs.getOwner();
}
Boolean isVersionEnabled = bucketArgs.getVersioning() == null ? Boolean.FALSE : bucketArgs.getVersioning();
StorageType storageType = bucketArgs.getStorageType() == null ? StorageType.DEFAULT : bucketArgs.getStorageType();
BucketLayout bucketLayout = bucketArgs.getBucketLayout();
BucketEncryptionKeyInfo bek = null;
if (bucketArgs.getEncryptionKey() != null) {
bek = new BucketEncryptionKeyInfo.Builder().setKeyName(bucketArgs.getEncryptionKey()).build();
}
List<OzoneAcl> listOfAcls = getAclList();
// ACLs from BucketArgs
if (bucketArgs.getAcls() != null) {
listOfAcls.addAll(bucketArgs.getAcls());
}
OmBucketInfo.Builder builder = OmBucketInfo.newBuilder();
builder.setVolumeName(volumeName).setBucketName(bucketName).setIsVersionEnabled(isVersionEnabled).addAllMetadata(bucketArgs.getMetadata()).setStorageType(storageType).setSourceVolume(bucketArgs.getSourceVolume()).setSourceBucket(bucketArgs.getSourceBucket()).setQuotaInBytes(bucketArgs.getQuotaInBytes()).setQuotaInNamespace(bucketArgs.getQuotaInNamespace()).setAcls(listOfAcls.stream().distinct().collect(Collectors.toList())).setBucketLayout(bucketLayout).setOwner(owner);
if (bek != null) {
builder.setBucketEncryptionKey(bek);
}
DefaultReplicationConfig defaultReplicationConfig = bucketArgs.getDefaultReplicationConfig();
if (defaultReplicationConfig != null) {
builder.setDefaultReplicationConfig(defaultReplicationConfig);
}
LOG.info("Creating Bucket: {}/{}, with the Bucket Layout {}, {} as " + "owner, Versioning {}, Storage Type set to {} and Encryption set " + "to {} ", volumeName, bucketName, bucketLayout, owner, isVersionEnabled, storageType, bek != null);
ozoneManagerClient.createBucket(builder.build());
}
use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.
the class OzoneAclUtil method getAclList.
/**
* Helper function to get access acl list for current user.
*
* @param userName
* @param userGroups
* @return list of OzoneAcls
*/
public static List<OzoneAcl> getAclList(String userName, String[] userGroups, ACLType userRights, ACLType groupRights) {
List<OzoneAcl> listOfAcls = new ArrayList<>();
// User ACL.
listOfAcls.add(new OzoneAcl(USER, userName, userRights, ACCESS));
if (userGroups != null) {
// Group ACLs of the User.
Arrays.asList(userGroups).forEach((group) -> listOfAcls.add(new OzoneAcl(GROUP, group, groupRights, ACCESS)));
}
return listOfAcls;
}
Aggregations