Examples with AccessControl org.apache.storm.generated.AccessControl used on opensource projects

Example 6 with AccessControl

use of org.apache.storm.generated.AccessControl in project storm by apache.

the class BlobStoreAclHandler method parseAccessControl.

public static AccessControl parseAccessControl(String str) {
    String[] parts = str.split(":");
    String type = "other";
    String name = "";
    String access = "-";
    if (parts.length > 3) {
        throw new IllegalArgumentException("Don't know how to parse " + str + " into an ACL value");
    } else if (parts.length == 1) {
        type = "other";
        name = "";
        access = parts[0];
    } else if (parts.length == 2) {
        type = "user";
        name = parts[0];
        access = parts[1];
    } else if (parts.length == 3) {
        type = parts[0];
        name = parts[1];
        access = parts[2];
    }
    AccessControl ret = new AccessControl();
    ret.set_type(parseACLType(type));
    ret.set_name(name);
    ret.set_access(parseAccess(access));
    return ret;
}

Example 7 with AccessControl

use of org.apache.storm.generated.AccessControl in project storm by apache.

the class Blobstore method setAclCli.

private static void setAclCli(String[] args) throws Exception {
    Map<String, Object> cl = CLI.opt("s", "set", Collections.emptyList(), new AsAclParser()).arg("key", CLI.FIRST_WINS).parse(args);
    final String key = (String) cl.get("key");
    final List<AccessControl> setAcl = (List<AccessControl>) cl.get("s");
    ClientBlobStore.withConfiguredClient(new ClientBlobStore.WithBlobstore() {

        @Override
        public void run(ClientBlobStore blobStore) throws Exception {
            ReadableBlobMeta meta = blobStore.getBlobMeta(key);
            List<AccessControl> acl = meta.get_settable().get_acl();
            List<AccessControl> newAcl;
            if (setAcl != null && !setAcl.isEmpty()) {
                newAcl = setAcl;
            } else {
                newAcl = acl;
            }
            SettableBlobMeta newMeta = new SettableBlobMeta(newAcl);
            LOG.info("Setting ACL for {} to {}", key, generateAccessControlsInfo(newAcl));
            blobStore.setBlobMeta(key, newMeta);
        }
    });
}

Example 8 with AccessControl

use of org.apache.storm.generated.AccessControl in project storm by apache.

the class LocalizerTest method testFailAcls.

@Test(expected = AuthorizationException.class)
public void testFailAcls() throws Exception {
    Map conf = new HashMap();
    // set clean time really high so doesn't kick in
    conf.put(Config.SUPERVISOR_LOCALIZER_CACHE_CLEANUP_INTERVAL_MS, 60 * 60 * 1000);
    String topo1 = "topo1";
    String key1 = "key1";
    Localizer localizer = new TestLocalizer(conf, baseDir.toString());
    ReadableBlobMeta rbm = new ReadableBlobMeta();
    // set acl so user doesn't have read access
    AccessControl acl = new AccessControl(AccessControlType.USER, BlobStoreAclHandler.ADMIN);
    acl.set_name(user1);
    rbm.set_settable(new SettableBlobMeta(Arrays.asList(acl)));
    when(mockblobstore.getBlobMeta(anyString())).thenReturn(rbm);
    when(mockblobstore.getBlob(key1)).thenReturn(new TestInputStreamWithMeta());
    File user1Dir = localizer.getLocalUserFileCacheDir(user1);
    assertTrue("failed to create user dir", user1Dir.mkdirs());
    // This should throw AuthorizationException because auth failed
    localizer.getBlob(new LocalResource(key1, false), user1, topo1, user1Dir);
}

Example 9 with AccessControl

use of org.apache.storm.generated.AccessControl in project storm by apache.

the class BlobStoreAclHandler method fixACLsForUser.

private void fixACLsForUser(List<AccessControl> acls, String user, int mask) {
    boolean foundUserACL = false;
    for (AccessControl control : acls) {
        if (control.get_type() == AccessControlType.USER && control.get_name().equals(user)) {
            int currentAccess = control.get_access();
            if ((currentAccess & mask) != mask) {
                control.set_access(currentAccess | mask);
            }
            foundUserACL = true;
            break;
        }
    }
    if (!foundUserACL) {
        AccessControl userACL = new AccessControl();
        userACL.set_type(AccessControlType.USER);
        userACL.set_name(user);
        userACL.set_access(mask);
        acls.add(userACL);
    }
}

Example 10 with AccessControl

use of org.apache.storm.generated.AccessControl in project storm by apache.

the class BlobStoreAclHandler method validateSettableACLs.

public static void validateSettableACLs(String key, List<AccessControl> acls) throws AuthorizationException {
    Set<String> aclUsers = new HashSet<>();
    List<String> duplicateUsers = new ArrayList<>();
    for (AccessControl acl : acls) {
        String aclUser = acl.get_name();
        if (!StringUtils.isEmpty(aclUser) && !aclUsers.add(aclUser)) {
            LOG.error("'{}' user can't appear more than once in the ACLs", aclUser);
            duplicateUsers.add(aclUser);
        }
    }
    if (duplicateUsers.size() > 0) {
        String errorMessage = "user " + Arrays.toString(duplicateUsers.toArray()) + " can't appear more than once in the ACLs for key [" + key + "].";
        throw new AuthorizationException(errorMessage);
    }
}