Search in sources :

Example 21 with OzoneAcl

use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.

the class TestKeyManagerImpl method testInvalidPrefixAcl.

@Test
public void testInvalidPrefixAcl() throws IOException {
    String volumeName = "vol1";
    String bucketName = "bucket1";
    String prefix1 = "pf1/";
    // Invalid prefix not ending with "/"
    String invalidPrefix = "invalid/pf";
    OzoneAcl ozAcl1 = new OzoneAcl(ACLIdentityType.USER, "user1", ACLType.READ, ACCESS);
    OzoneObj ozInvalidPrefix = new OzoneObjInfo.Builder().setVolumeName(volumeName).setBucketName(bucketName).setPrefixName(invalidPrefix).setResType(OzoneObj.ResourceType.PREFIX).setStoreType(OzoneObj.StoreType.OZONE).build();
    // add acl with invalid prefix name
    exception.expect(OMException.class);
    exception.expectMessage("Invalid prefix name");
    prefixManager.addAcl(ozInvalidPrefix, ozAcl1);
    OzoneObj ozPrefix1 = new OzoneObjInfo.Builder().setVolumeName(volumeName).setBucketName(bucketName).setPrefixName(prefix1).setResType(OzoneObj.ResourceType.PREFIX).setStoreType(OzoneObj.StoreType.OZONE).build();
    prefixManager.addAcl(ozPrefix1, ozAcl1);
    List<OzoneAcl> ozAclGet = prefixManager.getAcl(ozPrefix1);
    Assert.assertEquals(1, ozAclGet.size());
    Assert.assertEquals(ozAcl1, ozAclGet.get(0));
    // get acl with invalid prefix name
    exception.expect(OMException.class);
    exception.expectMessage("Invalid prefix name");
    prefixManager.getAcl(ozInvalidPrefix);
    // set acl with invalid prefix name
    List<OzoneAcl> ozoneAcls = new ArrayList<OzoneAcl>();
    ozoneAcls.add(ozAcl1);
    exception.expect(OMException.class);
    exception.expectMessage("Invalid prefix name");
    prefixManager.setAcl(ozInvalidPrefix, ozoneAcls);
    // remove acl with invalid prefix name
    exception.expect(OMException.class);
    exception.expectMessage("Invalid prefix name");
    prefixManager.removeAcl(ozInvalidPrefix, ozAcl1);
}
Also used : OzoneObj(org.apache.hadoop.ozone.security.acl.OzoneObj) OzoneAcl(org.apache.hadoop.ozone.OzoneAcl) ArrayList(java.util.ArrayList) Test(org.junit.Test)

Example 22 with OzoneAcl

use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.

the class TestKeyManagerImpl method testPrefixAclOps.

@Test
public void testPrefixAclOps() throws IOException {
    String volumeName = "vol1";
    String bucketName = "bucket1";
    String prefix1 = "pf1/";
    OzoneObj ozPrefix1 = new OzoneObjInfo.Builder().setVolumeName(volumeName).setBucketName(bucketName).setPrefixName(prefix1).setResType(OzoneObj.ResourceType.PREFIX).setStoreType(OzoneObj.StoreType.OZONE).build();
    OzoneAcl ozAcl1 = new OzoneAcl(ACLIdentityType.USER, "user1", ACLType.READ, ACCESS);
    writeClient.addAcl(ozPrefix1, ozAcl1);
    List<OzoneAcl> ozAclGet = writeClient.getAcl(ozPrefix1);
    Assert.assertEquals(1, ozAclGet.size());
    Assert.assertEquals(ozAcl1, ozAclGet.get(0));
    List<OzoneAcl> acls = new ArrayList<>();
    OzoneAcl ozAcl2 = new OzoneAcl(ACLIdentityType.USER, "admin", ACLType.ALL, ACCESS);
    BitSet rwRights = new BitSet();
    rwRights.set(IAccessAuthorizer.ACLType.WRITE.ordinal());
    rwRights.set(IAccessAuthorizer.ACLType.READ.ordinal());
    OzoneAcl ozAcl3 = new OzoneAcl(ACLIdentityType.GROUP, "dev", rwRights, ACCESS);
    BitSet wRights = new BitSet();
    wRights.set(IAccessAuthorizer.ACLType.WRITE.ordinal());
    OzoneAcl ozAcl4 = new OzoneAcl(ACLIdentityType.GROUP, "dev", wRights, ACCESS);
    BitSet rRights = new BitSet();
    rRights.set(IAccessAuthorizer.ACLType.READ.ordinal());
    OzoneAcl ozAcl5 = new OzoneAcl(ACLIdentityType.GROUP, "dev", rRights, ACCESS);
    acls.add(ozAcl2);
    acls.add(ozAcl3);
    writeClient.setAcl(ozPrefix1, acls);
    ozAclGet = writeClient.getAcl(ozPrefix1);
    Assert.assertEquals(2, ozAclGet.size());
    int matchEntries = 0;
    for (OzoneAcl acl : ozAclGet) {
        if (acl.getType() == ACLIdentityType.GROUP) {
            Assert.assertEquals(ozAcl3, acl);
            matchEntries++;
        }
        if (acl.getType() == ACLIdentityType.USER) {
            Assert.assertEquals(ozAcl2, acl);
            matchEntries++;
        }
    }
    Assert.assertEquals(2, matchEntries);
    boolean result = writeClient.removeAcl(ozPrefix1, ozAcl4);
    Assert.assertEquals(true, result);
    ozAclGet = writeClient.getAcl(ozPrefix1);
    Assert.assertEquals(2, ozAclGet.size());
    result = writeClient.removeAcl(ozPrefix1, ozAcl3);
    Assert.assertEquals(true, result);
    ozAclGet = writeClient.getAcl(ozPrefix1);
    Assert.assertEquals(1, ozAclGet.size());
    Assert.assertEquals(ozAcl2, ozAclGet.get(0));
    // add dev:w
    writeClient.addAcl(ozPrefix1, ozAcl4);
    ozAclGet = writeClient.getAcl(ozPrefix1);
    Assert.assertEquals(2, ozAclGet.size());
    // add dev:r and validate the acl bitset combined
    writeClient.addAcl(ozPrefix1, ozAcl5);
    ozAclGet = writeClient.getAcl(ozPrefix1);
    Assert.assertEquals(2, ozAclGet.size());
    matchEntries = 0;
    for (OzoneAcl acl : ozAclGet) {
        if (acl.getType() == ACLIdentityType.GROUP) {
            Assert.assertEquals(ozAcl3, acl);
            matchEntries++;
        }
        if (acl.getType() == ACLIdentityType.USER) {
            Assert.assertEquals(ozAcl2, acl);
            matchEntries++;
        }
    }
    Assert.assertEquals(2, matchEntries);
}
Also used : OzoneObj(org.apache.hadoop.ozone.security.acl.OzoneObj) OzoneAcl(org.apache.hadoop.ozone.OzoneAcl) ArrayList(java.util.ArrayList) BitSet(java.util.BitSet) Test(org.junit.Test)

Example 23 with OzoneAcl

use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.

the class TestBucketOwner method testVolumeOwner.

@Test
public void testVolumeOwner() throws Exception {
    // Test Key Operations for Volume Owner
    UserGroupInformation.setLoginUser(user2);
    OzoneVolume volume = cluster.getClient().getObjectStore().getVolume("volume1");
    OzoneBucket ozoneBucket = volume.getBucket("bucket1");
    // Key Create
    createKey(ozoneBucket, "key2", 10, new byte[10]);
    // Key Delete
    ozoneBucket.deleteKey("key2");
    // List Keys
    ozoneBucket.listKeys("key");
    // Get Acls
    ozoneBucket.getAcls();
    // Add Acls
    OzoneAcl acl = new OzoneAcl(USER, "testuser2", IAccessAuthorizer.ACLType.ALL, DEFAULT);
    ozoneBucket.addAcl(acl);
    // Bucket Delete
    volume.deleteBucket("bucket2");
}
Also used : OzoneVolume(org.apache.hadoop.ozone.client.OzoneVolume) OzoneBucket(org.apache.hadoop.ozone.client.OzoneBucket) OzoneAcl(org.apache.hadoop.ozone.OzoneAcl) Test(org.junit.Test)

Example 24 with OzoneAcl

use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.

the class TestOMKeyAclRequest method testKeySetAclRequest.

@Test
public void testKeySetAclRequest() throws Exception {
    OMRequestTestUtils.addVolumeAndBucketToDB(volumeName, bucketName, omMetadataManager, getBucketLayout());
    String ozoneKey = addKeyToTable();
    OmKeyInfo omKeyInfo = omMetadataManager.getKeyTable(getBucketLayout()).get(ozoneKey);
    // As we added manually to key table.
    Assert.assertNotNull(omKeyInfo);
    OzoneAcl acl = OzoneAcl.parseAcl("user:bilbo:rwdlncxy[ACCESS]");
    OMRequest setAclRequest = createSetAclKeyRequest(acl);
    OMKeyAclRequest omKeySetAclRequest = getOmKeySetAclRequest(setAclRequest);
    OMRequest preExecuteRequest = omKeySetAclRequest.preExecute(ozoneManager);
    // When preExecute() of setting acl,
    // the new modification time is greater than origin one.
    long originModTime = setAclRequest.getSetAclRequest().getModificationTime();
    long newModTime = preExecuteRequest.getSetAclRequest().getModificationTime();
    Assert.assertTrue(newModTime > originModTime);
    OMClientResponse omClientResponse = omKeySetAclRequest.validateAndUpdateCache(ozoneManager, 100L, ozoneManagerDoubleBufferHelper);
    OMResponse omSetAclResponse = omClientResponse.getOMResponse();
    Assert.assertNotNull(omSetAclResponse.getSetAclResponse());
    Assert.assertEquals(OzoneManagerProtocolProtos.Status.OK, omSetAclResponse.getStatus());
    // Verify result of setting acl.
    List<OzoneAcl> newAcls = omMetadataManager.getKeyTable(getBucketLayout()).get(ozoneKey).getAcls();
    Assert.assertEquals(newAcls.get(0), acl);
}
Also used : OMRequest(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMRequest) OzoneAcl(org.apache.hadoop.ozone.OzoneAcl) OMClientResponse(org.apache.hadoop.ozone.om.response.OMClientResponse) OMKeyAclRequest(org.apache.hadoop.ozone.om.request.key.acl.OMKeyAclRequest) OmKeyInfo(org.apache.hadoop.ozone.om.helpers.OmKeyInfo) OMResponse(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMResponse) Test(org.junit.Test)

Example 25 with OzoneAcl

use of org.apache.hadoop.ozone.OzoneAcl in project ozone by apache.

the class TestOMKeyAclRequest method testKeyAddAclRequest.

@Test
public void testKeyAddAclRequest() throws Exception {
    // Manually add volume, bucket and key to DB
    OMRequestTestUtils.addVolumeAndBucketToDB(volumeName, bucketName, omMetadataManager, getBucketLayout());
    String ozoneKey = addKeyToTable();
    OmKeyInfo omKeyInfo = omMetadataManager.getKeyTable(getBucketLayout()).get(ozoneKey);
    // As we added manually to key table.
    Assert.assertNotNull(omKeyInfo);
    OzoneAcl acl = OzoneAcl.parseAcl("user:bilbo:rwdlncxy[ACCESS]");
    // Create KeyAddAcl request
    OMRequest originalRequest = createAddAclkeyRequest(acl);
    OMKeyAclRequest omKeyAddAclRequest = getOmKeyAddAclRequest(originalRequest);
    OMRequest preExecuteRequest = omKeyAddAclRequest.preExecute(ozoneManager);
    // When preExecute() of adding acl,
    // the new modification time is greater than origin one.
    long originModTime = originalRequest.getAddAclRequest().getModificationTime();
    long newModTime = preExecuteRequest.getAddAclRequest().getModificationTime();
    Assert.assertTrue(newModTime > originModTime);
    // Execute original request
    OMClientResponse omClientResponse = omKeyAddAclRequest.validateAndUpdateCache(ozoneManager, 100L, ozoneManagerDoubleBufferHelper);
    Assert.assertEquals(OzoneManagerProtocolProtos.Status.OK, omClientResponse.getOMResponse().getStatus());
}
Also used : OMRequest(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMRequest) OzoneAcl(org.apache.hadoop.ozone.OzoneAcl) OMClientResponse(org.apache.hadoop.ozone.om.response.OMClientResponse) OMKeyAclRequest(org.apache.hadoop.ozone.om.request.key.acl.OMKeyAclRequest) OmKeyInfo(org.apache.hadoop.ozone.om.helpers.OmKeyInfo) Test(org.junit.Test)

Aggregations

OzoneAcl (org.apache.hadoop.ozone.OzoneAcl)103 Test (org.junit.Test)45 ArrayList (java.util.ArrayList)29 OzoneObj (org.apache.hadoop.ozone.security.acl.OzoneObj)26 OzoneBucket (org.apache.hadoop.ozone.client.OzoneBucket)25 OMRequest (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMRequest)23 OMClientResponse (org.apache.hadoop.ozone.om.response.OMClientResponse)20 OzoneVolume (org.apache.hadoop.ozone.client.OzoneVolume)18 OMResponse (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMResponse)18 IOException (java.io.IOException)12 BitSet (java.util.BitSet)12 OMException (org.apache.hadoop.ozone.om.exceptions.OMException)12 OmVolumeArgs (org.apache.hadoop.ozone.om.helpers.OmVolumeArgs)11 Test (org.junit.jupiter.api.Test)11 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)11 ObjectStore (org.apache.hadoop.ozone.client.ObjectStore)8 OmBucketInfo (org.apache.hadoop.ozone.om.helpers.OmBucketInfo)8 ACLType (org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType)8 BucketArgs (org.apache.hadoop.ozone.client.BucketArgs)7 OMMetadataManager (org.apache.hadoop.ozone.om.OMMetadataManager)7