Example 96 with OMException
use of org.apache.hadoop.ozone.om.exceptions.OMException in project ozone by apache.
the class OzoneManager method getBucketOwner.
private String getBucketOwner(String volume, String bucket) throws OMException {
Boolean lockAcquired = metadataManager.getLock().acquireReadLock(BUCKET_LOCK, volume, bucket);
String dbBucketKey = metadataManager.getBucketKey(volume, bucket);
OmBucketInfo bucketInfo = null;
try {
bucketInfo = metadataManager.getBucketTable().get(dbBucketKey);
} catch (IOException ioe) {
if (ioe instanceof OMException) {
throw (OMException) ioe;
} else {
throw new OMException("getBucketOwner for Bucket " + volume + "/" + bucket + " failed: " + ioe.getMessage(), ResultCodes.INTERNAL_ERROR);
}
} finally {
if (lockAcquired) {
metadataManager.getLock().releaseReadLock(BUCKET_LOCK, volume, bucket);
}
}
if (bucketInfo != null) {
return bucketInfo.getOwner();
} else {
throw new OMException("Bucket not found", ResultCodes.BUCKET_NOT_FOUND);
}
}
Also used :
OmBucketInfo(org.apache.hadoop.ozone.om.helpers.OmBucketInfo)
CertificateSignRequest.getEncodedString(org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
OMException(org.apache.hadoop.ozone.om.exceptions.OMException)
Example 97 with OMException
use of org.apache.hadoop.ozone.om.exceptions.OMException in project ozone by apache.
the class OzoneManager method resolveBucketLink.
/**
* Resolves bucket symlinks. Read permission is required for following links.
*
* @param volumeAndBucket the bucket to be resolved (if it is a link)
* @param visited collects link buckets visited during the resolution to
* avoid infinite loops
* @param {@link UserGroupInformation}
* @param remoteAddress
* @param hostName
* @return bucket location possibly updated with its actual volume and bucket
* after following bucket links
* @throws IOException (most likely OMException) if ACL check fails, bucket is
* not found, loop is detected in the links, etc.
*/
private Pair<String, String> resolveBucketLink(Pair<String, String> volumeAndBucket, Set<Pair<String, String>> visited, UserGroupInformation userGroupInformation, InetAddress remoteAddress, String hostName) throws IOException {
String volumeName = volumeAndBucket.getLeft();
String bucketName = volumeAndBucket.getRight();
OmBucketInfo info = bucketManager.getBucketInfo(volumeName, bucketName);
if (!info.isLink()) {
return volumeAndBucket;
}
if (!visited.add(volumeAndBucket)) {
throw new OMException("Detected loop in bucket links", DETECTED_LOOP_IN_BUCKET_LINKS);
}
if (isAclEnabled) {
final ACLType type = ACLType.READ;
checkAcls(ResourceType.BUCKET, StoreType.OZONE, type, volumeName, bucketName, null, userGroupInformation, remoteAddress, hostName, true, getVolumeOwner(volumeName, type, ResourceType.BUCKET));
}
return resolveBucketLink(Pair.of(info.getSourceVolume(), info.getSourceBucket()), visited, userGroupInformation, remoteAddress, hostName);
}
Also used :
OmBucketInfo(org.apache.hadoop.ozone.om.helpers.OmBucketInfo)
ACLType(org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType)
CertificateSignRequest.getEncodedString(org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString)
OMException(org.apache.hadoop.ozone.om.exceptions.OMException)
Example 98 with OMException
use of org.apache.hadoop.ozone.om.exceptions.OMException in project ozone by apache.
the class OzoneManager method checkAcls.
/**
* CheckAcls for the ozone object.
*
* @return true if permission granted, false if permission denied.
* @throws OMException ResultCodes.PERMISSION_DENIED if permission denied
* and throwOnPermissionDenied set to true.
*/
public boolean checkAcls(OzoneObj obj, RequestContext context, boolean throwIfPermissionDenied) throws OMException {
if (!accessAuthorizer.checkAccess(obj, context)) {
if (throwIfPermissionDenied) {
String volumeName = obj.getVolumeName() != null ? "Volume:" + obj.getVolumeName() + " " : "";
String bucketName = obj.getBucketName() != null ? "Bucket:" + obj.getBucketName() + " " : "";
String keyName = obj.getKeyName() != null ? "Key:" + obj.getKeyName() : "";
LOG.warn("User {} doesn't have {} permission to access {} {}{}{}", context.getClientUgi().getUserName(), context.getAclRights(), obj.getResourceType(), volumeName, bucketName, keyName);
throw new OMException("User " + context.getClientUgi().getUserName() + " doesn't have " + context.getAclRights() + " permission to access " + obj.getResourceType() + " " + volumeName + bucketName + keyName, ResultCodes.PERMISSION_DENIED);
}
return false;
} else {
return true;
}
}
Also used :
CertificateSignRequest.getEncodedString(org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString)
OMException(org.apache.hadoop.ozone.om.exceptions.OMException)
Example 99 with OMException
use of org.apache.hadoop.ozone.om.exceptions.OMException in project ozone by apache.
the class OzoneManager method renewDelegationToken.
/**
* Method to renew a delegationToken issued by OzoneManager.
*
* @param token token to renew
* @return new expiryTime of the token
* @throws InvalidToken if {@code token} is invalid
* @throws IOException on other errors
*/
@Override
public long renewDelegationToken(Token<OzoneTokenIdentifier> token) throws OMException {
long expiryTime;
try {
if (!isAllowedDelegationTokenOp()) {
throw new OMException("Delegation Token can be renewed only with " + "kerberos or web authentication", INVALID_AUTH_METHOD);
}
String renewer = getRemoteUser().getShortUserName();
expiryTime = delegationTokenMgr.renewToken(token, renewer);
} catch (OMException oex) {
throw oex;
} catch (IOException ex) {
OzoneTokenIdentifier id = null;
try {
id = OzoneTokenIdentifier.readProtoBuf(token.getIdentifier());
} catch (IOException exe) {
}
LOG.error("Delegation token renewal failed for dt id: {}, cause: {}", id, ex.getMessage());
throw new OMException("Delegation token renewal failed for dt: " + token, ex, TOKEN_ERROR_OTHER);
}
return expiryTime;
}
Also used :
OzoneTokenIdentifier(org.apache.hadoop.ozone.security.OzoneTokenIdentifier)
CertificateSignRequest.getEncodedString(org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
OMException(org.apache.hadoop.ozone.om.exceptions.OMException)
Example 100 with OMException
use of org.apache.hadoop.ozone.om.exceptions.OMException in project ozone by apache.
the class OzoneManager method getDelegationToken.
/**
* Get delegation token from OzoneManager.
*
* @param renewer Renewer information
* @return delegationToken DelegationToken signed by OzoneManager
* @throws IOException on error
*/
@Override
public Token<OzoneTokenIdentifier> getDelegationToken(Text renewer) throws OMException {
Token<OzoneTokenIdentifier> token;
try {
if (!isAllowedDelegationTokenOp()) {
throw new OMException("Delegation Token can be issued only with " + "kerberos or web authentication", INVALID_AUTH_METHOD);
}
if (delegationTokenMgr == null || !delegationTokenMgr.isRunning()) {
LOG.warn("trying to get DT with no secret manager running in OM.");
return null;
}
UserGroupInformation ugi = getRemoteUser();
String user = ugi.getUserName();
Text owner = new Text(user);
Text realUser = null;
if (ugi.getRealUser() != null) {
realUser = new Text(ugi.getRealUser().getUserName());
}
return delegationTokenMgr.createToken(owner, renewer, realUser);
} catch (OMException oex) {
throw oex;
} catch (IOException ex) {
LOG.error("Get Delegation token failed, cause: {}", ex.getMessage());
throw new OMException("Get Delegation token failed.", ex, TOKEN_ERROR_OTHER);
}
}
Also used :
OzoneTokenIdentifier(org.apache.hadoop.ozone.security.OzoneTokenIdentifier)
Text(org.apache.hadoop.io.Text)
CertificateSignRequest.getEncodedString(org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
OMException(org.apache.hadoop.ozone.om.exceptions.OMException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Aggregations
OMException (org.apache.hadoop.ozone.om.exceptions.OMException)179
IOException (java.io.IOException)83
OmBucketInfo (org.apache.hadoop.ozone.om.helpers.OmBucketInfo)44
OzoneBucket (org.apache.hadoop.ozone.client.OzoneBucket)43
OmKeyInfo (org.apache.hadoop.ozone.om.helpers.OmKeyInfo)39
Test (org.junit.Test)37
ArrayList (java.util.ArrayList)30
OMMetadataManager (org.apache.hadoop.ozone.om.OMMetadataManager)30
OMClientResponse (org.apache.hadoop.ozone.om.response.OMClientResponse)30
OzoneVolume (org.apache.hadoop.ozone.client.OzoneVolume)28
OMResponse (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMResponse)28
OMMetrics (org.apache.hadoop.ozone.om.OMMetrics)22
OmVolumeArgs (org.apache.hadoop.ozone.om.helpers.OmVolumeArgs)20
OzoneFileStatus (org.apache.hadoop.ozone.om.helpers.OzoneFileStatus)18
OzoneOutputStream (org.apache.hadoop.ozone.client.io.OzoneOutputStream)17
RepeatedOmKeyInfo (org.apache.hadoop.ozone.om.helpers.RepeatedOmKeyInfo)17
OzoneManagerProtocolProtos (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos)17
OmKeyLocationInfo (org.apache.hadoop.ozone.om.helpers.OmKeyLocationInfo)16
KeyArgs (org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.KeyArgs)15
AuditLogger (org.apache.hadoop.ozone.audit.AuditLogger)14
