Java Code Examples for org.apache.hadoop.fs.permission.AclEntry

The following examples show how to use org.apache.hadoop.fs.permission.AclEntry. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop   Source File: FSOperations.java    License: Apache License 2.0 6 votes vote down vote up
/** Converts an <code>AclStatus</code> object into a JSON object.
 *
 * @param aclStatus AclStatus object
 *
 * @return The JSON representation of the ACLs for the file
 */
@SuppressWarnings({"unchecked"})
private static Map<String,Object> aclStatusToJSON(AclStatus aclStatus) {
  Map<String,Object> json = new LinkedHashMap<String,Object>();
  Map<String,Object> inner = new LinkedHashMap<String,Object>();
  JSONArray entriesArray = new JSONArray();
  inner.put(HttpFSFileSystem.OWNER_JSON, aclStatus.getOwner());
  inner.put(HttpFSFileSystem.GROUP_JSON, aclStatus.getGroup());
  inner.put(HttpFSFileSystem.ACL_STICKY_BIT_JSON, aclStatus.isStickyBit());
  for ( AclEntry e : aclStatus.getEntries() ) {
    entriesArray.add(e.toString());
  }
  inner.put(HttpFSFileSystem.ACL_ENTRIES_JSON, entriesArray);
  json.put(HttpFSFileSystem.ACL_STATUS_JSON, inner);
  return json;
}
 
Example 2
Source Project: big-c   Source File: FSAclBaseTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testModifyAclEntriesOnlyDefault() throws IOException {
  FileSystem.mkdirs(fs, path, FsPermission.createImmutable((short)0750));
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, "foo", ALL));
  fs.setAcl(path, aclSpec);
  aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, "foo", READ_EXECUTE));
  fs.modifyAclEntries(path, aclSpec);
  AclStatus s = fs.getAclStatus(path);
  AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
  assertArrayEquals(new AclEntry[] {
    aclEntry(DEFAULT, USER, ALL),
    aclEntry(DEFAULT, USER, "foo", READ_EXECUTE),
    aclEntry(DEFAULT, GROUP, READ_EXECUTE),
    aclEntry(DEFAULT, MASK, READ_EXECUTE),
    aclEntry(DEFAULT, OTHER, NONE) }, returned);
  assertPermission((short)010750);
  assertAclFeature(true);
}
 
Example 3
Source Project: hadoop   Source File: FSAclBaseTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testSetAclMustBeOwnerOrSuper() throws Exception {
  Path bruceDir = new Path(path, "bruce");
  Path bruceFile = new Path(bruceDir, "file");
  fs.mkdirs(bruceDir);
  fs.setOwner(bruceDir, "bruce", null);
  fsAsBruce.create(bruceFile).close();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, READ_WRITE),
    aclEntry(ACCESS, USER, "diana", READ_WRITE),
    aclEntry(ACCESS, GROUP, READ),
    aclEntry(ACCESS, OTHER, READ));
  fsAsBruce.setAcl(bruceFile, aclSpec);
  fs.setAcl(bruceFile, aclSpec);
  fsAsSupergroupMember.setAcl(bruceFile, aclSpec);
  exception.expect(AccessControlException.class);
  fsAsDiana.setAcl(bruceFile, aclSpec);
}
 
Example 4
Source Project: big-c   Source File: AclStorage.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Creates an AclFeature from the given ACL entries.
 *
 * @param accessEntries List<AclEntry> access ACL entries
 * @param defaultEntries List<AclEntry> default ACL entries
 * @return AclFeature containing the required ACL entries
 */
private static AclFeature createAclFeature(List<AclEntry> accessEntries,
    List<AclEntry> defaultEntries) {
  // Pre-allocate list size for the explicit entries stored in the feature,
  // which is all entries minus the 3 entries implicitly stored in the
  // permission bits.
  List<AclEntry> featureEntries = Lists.newArrayListWithCapacity(
    (accessEntries.size() - 3) + defaultEntries.size());

  // For the access ACL, the feature only needs to hold the named user and
  // group entries.  For a correctly sorted ACL, these will be in a
  // predictable range.
  if (!AclUtil.isMinimalAcl(accessEntries)) {
    featureEntries.addAll(
      accessEntries.subList(1, accessEntries.size() - 2));
  }

  // Add all default entries to the feature.
  featureEntries.addAll(defaultEntries);
  return new AclFeature(AclEntryStatusFormat.toInt(featureEntries));
}
 
Example 5
Source Project: hadoop   Source File: FSAclBaseTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testRemoveAclEntriesOnlyAccess() throws IOException {
  fs.create(path).close();
  fs.setPermission(path, FsPermission.createImmutable((short)0640));
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, ALL),
    aclEntry(ACCESS, USER, "foo", ALL),
    aclEntry(ACCESS, USER, "bar", READ_WRITE),
    aclEntry(ACCESS, GROUP, READ_WRITE),
    aclEntry(ACCESS, OTHER, NONE));
  fs.setAcl(path, aclSpec);
  aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, "foo"));
  fs.removeAclEntries(path, aclSpec);
  AclStatus s = fs.getAclStatus(path);
  AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
  assertArrayEquals(new AclEntry[] {
    aclEntry(ACCESS, USER, "bar", READ_WRITE),
    aclEntry(ACCESS, GROUP, READ_WRITE) }, returned);
  assertPermission((short)010760);
  assertAclFeature(true);
}
 
Example 6
Source Project: hadoop   Source File: TestAclTransformation.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testMergeAclEntriesProvidedDefaultMask() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, ALL),
    aclEntry(DEFAULT, GROUP, READ),
    aclEntry(DEFAULT, MASK, ALL),
    aclEntry(DEFAULT, OTHER, NONE));
  List<AclEntry> expected = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, ALL))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  assertEquals(expected, mergeAclEntries(existing, aclSpec));
}
 
Example 7
Source Project: big-c   Source File: FSAclBaseTest.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Asserts whether or not the inode for a specific path has an AclFeature.
 *
 * @param pathToCheck Path inode to check
 * @param expectAclFeature boolean true if an AclFeature must be present,
 *   false if an AclFeature must not be present
 * @throws IOException thrown if there is an I/O error
 */
private static void assertAclFeature(Path pathToCheck,
    boolean expectAclFeature) throws IOException {
  AclFeature aclFeature = getAclFeature(pathToCheck, cluster);
  if (expectAclFeature) {
    assertNotNull(aclFeature);
    // Intentionally capturing a reference to the entries, not using nested
    // calls.  This way, we get compile-time enforcement that the entries are
    // stored in an ImmutableList.
    ImmutableList<AclEntry> entries = AclStorage
        .getEntriesFromAclFeature(aclFeature);
    assertFalse(entries.isEmpty());
  } else {
    assertNull(aclFeature);
  }
}
 
Example 8
Source Project: hadoop   Source File: FSAclBaseTest.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Asserts whether or not the inode for a specific path has an AclFeature.
 *
 * @param pathToCheck Path inode to check
 * @param expectAclFeature boolean true if an AclFeature must be present,
 *   false if an AclFeature must not be present
 * @throws IOException thrown if there is an I/O error
 */
private static void assertAclFeature(Path pathToCheck,
    boolean expectAclFeature) throws IOException {
  AclFeature aclFeature = getAclFeature(pathToCheck, cluster);
  if (expectAclFeature) {
    assertNotNull(aclFeature);
    // Intentionally capturing a reference to the entries, not using nested
    // calls.  This way, we get compile-time enforcement that the entries are
    // stored in an ImmutableList.
    ImmutableList<AclEntry> entries = AclStorage
        .getEntriesFromAclFeature(aclFeature);
    assertFalse(entries.isEmpty());
  } else {
    assertNull(aclFeature);
  }
}
 
Example 9
Source Project: big-c   Source File: TestAclTransformation.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testMergeAclEntriesEmptyAclSpec() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, USER, "bruce", READ_WRITE))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, MASK, ALL))
    .add(aclEntry(ACCESS, OTHER, READ))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, USER, "bruce", READ_WRITE))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, ALL))
    .add(aclEntry(DEFAULT, OTHER, READ))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList();
  assertEquals(existing, mergeAclEntries(existing, aclSpec));
}
 
Example 10
Source Project: hadoop   Source File: FSAclBaseTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testRemoveAclEntriesStickyBit() throws IOException {
  FileSystem.mkdirs(fs, path, FsPermission.createImmutable((short)01750));
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, ALL),
    aclEntry(ACCESS, USER, "foo", ALL),
    aclEntry(ACCESS, GROUP, READ_EXECUTE),
    aclEntry(ACCESS, OTHER, NONE),
    aclEntry(DEFAULT, USER, "foo", ALL));
  fs.setAcl(path, aclSpec);
  aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, "foo"),
    aclEntry(DEFAULT, USER, "foo"));
  fs.removeAclEntries(path, aclSpec);
  AclStatus s = fs.getAclStatus(path);
  AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
  assertArrayEquals(new AclEntry[] {
    aclEntry(ACCESS, GROUP, READ_EXECUTE),
    aclEntry(DEFAULT, USER, ALL),
    aclEntry(DEFAULT, GROUP, READ_EXECUTE),
    aclEntry(DEFAULT, MASK, READ_EXECUTE),
    aclEntry(DEFAULT, OTHER, NONE) }, returned);
  assertPermission((short)011750);
  assertAclFeature(true);
}
 
Example 11
Source Project: big-c   Source File: FSAclBaseTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testRemoveDefaultAclOnlyDefault() throws Exception {
  FileSystem.mkdirs(fs, path, FsPermission.createImmutable((short)0750));
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, "foo", ALL));
  fs.setAcl(path, aclSpec);
  fs.removeDefaultAcl(path);
  AclStatus s = fs.getAclStatus(path);
  AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
  assertArrayEquals(new AclEntry[] { }, returned);
  assertPermission((short)0750);
  assertAclFeature(false);
  // restart of the cluster
  restartCluster();
  s = fs.getAclStatus(path);
  AclEntry[] afterRestart = s.getEntries().toArray(new AclEntry[0]);
  assertArrayEquals(returned, afterRestart);
}
 
Example 12
Source Project: hadoop   Source File: TestAclTransformation.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testMergeAclEntriesAutomaticDefaultUser() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, READ))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, GROUP, READ_EXECUTE),
    aclEntry(DEFAULT, OTHER, READ));
  List<AclEntry> expected = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, READ))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, GROUP, READ_EXECUTE))
    .add(aclEntry(DEFAULT, OTHER, READ))
    .build();
  assertEquals(expected, mergeAclEntries(existing, aclSpec));
}
 
Example 13
Source Project: hadoop   Source File: TestAclTransformation.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testReplaceAclEntriesOnlyDefaults() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, "bruce", READ));
  List<AclEntry> expected = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, USER, "bruce", READ))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, READ))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  assertEquals(expected, replaceAclEntries(existing, aclSpec));
}
 
Example 14
Source Project: hadoop   Source File: TestAclTransformation.java    License: Apache License 2.0 6 votes vote down vote up
@Test(expected=AclException.class)
public void testMergeAclEntriesResultTooLarge() throws AclException {
  ImmutableList.Builder<AclEntry> aclBuilder =
    new ImmutableList.Builder<AclEntry>()
      .add(aclEntry(ACCESS, USER, ALL));
  for (int i = 1; i <= 28; ++i) {
    aclBuilder.add(aclEntry(ACCESS, USER, "user" + i, READ));
  }
  aclBuilder
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, MASK, READ))
    .add(aclEntry(ACCESS, OTHER, NONE));
  List<AclEntry> existing = aclBuilder.build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, "bruce", READ));
  mergeAclEntries(existing, aclSpec);
}
 
Example 15
Source Project: big-c   Source File: FileContext.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Removes ACL entries from files and directories.  Other ACL entries are
 * retained.
 *
 * @param path Path to modify
 * @param aclSpec List<AclEntry> describing entries to remove
 * @throws IOException if an ACL could not be modified
 */
public void removeAclEntries(final Path path, final List<AclEntry> aclSpec)
    throws IOException {
  Path absF = fixRelativePart(path);
  new FSLinkResolver<Void>() {
    @Override
    public Void next(final AbstractFileSystem fs, final Path p)
        throws IOException {
      fs.removeAclEntries(p, aclSpec);
      return null;
    }
  }.resolve(this, absF);
}
 
Example 16
Source Project: hadoop   Source File: TestDistCpWithAcls.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type and permission (no name).
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
private static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setPermission(permission)
    .build();
}
 
Example 17
Source Project: big-c   Source File: TestAclTransformation.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testReplaceAclEntriesAutomaticDefaultOther() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, ALL),
    aclEntry(ACCESS, GROUP, READ),
    aclEntry(ACCESS, OTHER, NONE),
    aclEntry(DEFAULT, USER, READ_WRITE),
    aclEntry(DEFAULT, USER, "bruce", READ),
    aclEntry(DEFAULT, GROUP, READ_WRITE),
    aclEntry(DEFAULT, MASK, READ_WRITE));
  List<AclEntry> expected = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .add(aclEntry(DEFAULT, USER, READ_WRITE))
    .add(aclEntry(DEFAULT, USER, "bruce", READ))
    .add(aclEntry(DEFAULT, GROUP, READ_WRITE))
    .add(aclEntry(DEFAULT, MASK, READ_WRITE))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  assertEquals(expected, replaceAclEntries(existing, aclSpec));
}
 
Example 18
Source Project: hadoop   Source File: TestAclTransformation.java    License: Apache License 2.0 5 votes vote down vote up
@Test(expected=AclException.class)
public void testReplaceAclEntriesInputTooLarge() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .build();
  replaceAclEntries(existing, ACL_SPEC_TOO_LARGE);
}
 
Example 19
Source Project: big-c   Source File: FileContext.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Modifies ACL entries of files and directories.  This method can add new ACL
 * entries or modify the permissions on existing ACL entries.  All existing
 * ACL entries that are not specified in this call are retained without
 * changes.  (Modifications are merged into the current ACL.)
 *
 * @param path Path to modify
 * @param aclSpec List<AclEntry> describing modifications
 * @throws IOException if an ACL could not be modified
 */
public void modifyAclEntries(final Path path, final List<AclEntry> aclSpec)
    throws IOException {
  Path absF = fixRelativePart(path);
  new FSLinkResolver<Void>() {
    @Override
    public Void next(final AbstractFileSystem fs, final Path p)
        throws IOException {
      fs.modifyAclEntries(p, aclSpec);
      return null;
    }
  }.resolve(this, absF);
}
 
Example 20
Source Project: big-c   Source File: FSAclBaseTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testRemoveAclMinimalAcl() throws IOException {
  fs.create(path).close();
  fs.setPermission(path, FsPermission.createImmutable((short)0640));
  fs.removeAcl(path);
  AclStatus s = fs.getAclStatus(path);
  AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
  assertArrayEquals(new AclEntry[] { }, returned);
  assertPermission((short)0640);
  assertAclFeature(false);
}
 
Example 21
Source Project: hadoop   Source File: TestAclCommands.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testSetfaclValidationsWithoutPermissions() throws Exception {
  List<AclEntry> parsedList = new ArrayList<AclEntry>();
  try {
    parsedList = AclEntry.parseAclSpec("user:user1:", true);
  } catch (IllegalArgumentException e) {
  }
  assertTrue(parsedList.size() == 0);
  assertFalse("setfacl should fail with less arguments",
      0 == runCommand(new String[] { "-setfacl", "-m", "user:user1:",
          "/path" }));
}
 
Example 22
Source Project: hadoop   Source File: TestAclTransformation.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testMergeAclEntriesAccessMaskPreserved() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, USER, "bruce", READ))
    .add(aclEntry(ACCESS, USER, "diana", READ_WRITE))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, MASK, READ))
    .add(aclEntry(ACCESS, OTHER, READ))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, USER, "bruce", READ))
    .add(aclEntry(DEFAULT, USER, "diana", READ_WRITE))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, READ_WRITE))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, "diana", READ_EXECUTE));
  List<AclEntry> expected = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, USER, "bruce", READ))
    .add(aclEntry(ACCESS, USER, "diana", READ_WRITE))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, MASK, READ))
    .add(aclEntry(ACCESS, OTHER, READ))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, USER, "bruce", READ))
    .add(aclEntry(DEFAULT, USER, "diana", READ_EXECUTE))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, READ_EXECUTE))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  assertEquals(expected, mergeAclEntries(existing, aclSpec));
}
 
Example 23
Source Project: hadoop   Source File: FSAclBaseTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testDefaultAclNewSymlinkIntermediate() throws Exception {
  FileSystem.mkdirs(fs, path, FsPermission.createImmutable((short)0750));
  Path filePath = new Path(path, "file1");
  fs.create(filePath).close();
  fs.setPermission(filePath, FsPermission.createImmutable((short)0640));
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, "foo", ALL));
  fs.setAcl(path, aclSpec);
  Path dirPath = new Path(path, "dir1");
  Path linkPath = new Path(dirPath, "link1");
  fs.createSymlink(filePath, linkPath, true);
  AclEntry[] expected = new AclEntry[] {
    aclEntry(ACCESS, USER, "foo", ALL),
    aclEntry(ACCESS, GROUP, READ_EXECUTE),
    aclEntry(DEFAULT, USER, ALL),
    aclEntry(DEFAULT, USER, "foo", ALL),
    aclEntry(DEFAULT, GROUP, READ_EXECUTE),
    aclEntry(DEFAULT, MASK, ALL),
    aclEntry(DEFAULT, OTHER, NONE) };
  AclStatus s = fs.getAclStatus(dirPath);
  AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
  assertArrayEquals(expected, returned);
  assertPermission(dirPath, (short)010750);
  assertAclFeature(dirPath, true);
  expected = new AclEntry[] { };
  s = fs.getAclStatus(linkPath);
  returned = s.getEntries().toArray(new AclEntry[0]);
  assertArrayEquals(expected, returned);
  assertPermission(linkPath, (short)0640);
  assertAclFeature(linkPath, false);
  s = fs.getAclStatus(filePath);
  returned = s.getEntries().toArray(new AclEntry[0]);
  assertArrayEquals(expected, returned);
  assertPermission(filePath, (short)0640);
  assertAclFeature(filePath, false);
}
 
Example 24
Source Project: big-c   Source File: AclTestHelpers.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type, name and permission.
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param name String optional ACL entry name
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    String name, FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setName(name)
    .setPermission(permission)
    .build();
}
 
Example 25
Source Project: big-c   Source File: TestAclTransformation.java    License: Apache License 2.0 5 votes vote down vote up
@Test(expected=AclException.class)
public void testMergeAclEntriesNamedMask() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, MASK, "bruce", READ_EXECUTE));
  mergeAclEntries(existing, aclSpec);
}
 
Example 26
Source Project: big-c   Source File: TestAclTransformation.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testFilterAclEntriesByAclSpecAutomaticDefaultUser()
    throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, READ))
    .add(aclEntry(DEFAULT, USER, READ_WRITE))
    .add(aclEntry(DEFAULT, USER, "bruce", READ))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, READ))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER));
  List<AclEntry> expected = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, READ))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, USER, "bruce", READ))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, READ))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  assertEquals(expected, filterAclEntriesByAclSpec(existing, aclSpec));
}
 
Example 27
Source Project: hadoop   Source File: ViewFileSystemBaseTest.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Verify the behavior of ACL operations on paths above the root of
 * any mount table entry.
 */

@Test(expected=AccessControlException.class)
public void testInternalModifyAclEntries() throws IOException {
  fsView.modifyAclEntries(new Path("/internalDir"),
      new ArrayList<AclEntry>());
}
 
Example 28
Source Project: big-c   Source File: AclTestHelpers.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type and name (no permission).
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param name String optional ACL entry name
 * @return AclEntry new AclEntry
 */
public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    String name) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setName(name)
    .build();
}
 
Example 29
Source Project: big-c   Source File: AclStorage.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Updates an inode with a new ACL.  This method takes a full logical ACL and
 * stores the entries to the inode's {@link FsPermission} and
 * {@link AclFeature}.
 *
 * @param inode INode to update
 * @param newAcl List<AclEntry> containing new ACL entries
 * @param snapshotId int latest snapshot ID of inode
 * @throws AclException if the ACL is invalid for the given inode
 * @throws QuotaExceededException if quota limit is exceeded
 */
public static void updateINodeAcl(INode inode, List<AclEntry> newAcl,
    int snapshotId) throws AclException, QuotaExceededException {
  assert newAcl.size() >= 3;
  FsPermission perm = inode.getFsPermission();
  final FsPermission newPerm;
  if (!AclUtil.isMinimalAcl(newAcl)) {
    // This is an extended ACL.  Split entries into access vs. default.
    ScopedAclEntries scoped = new ScopedAclEntries(newAcl);
    List<AclEntry> accessEntries = scoped.getAccessEntries();
    List<AclEntry> defaultEntries = scoped.getDefaultEntries();

    // Only directories may have a default ACL.
    if (!defaultEntries.isEmpty() && !inode.isDirectory()) {
      throw new AclException(
        "Invalid ACL: only directories may have a default ACL.");
    }

    // Attach entries to the feature.
    if (inode.getAclFeature() != null) {
      inode.removeAclFeature(snapshotId);
    }
    inode.addAclFeature(createAclFeature(accessEntries, defaultEntries),
      snapshotId);
    newPerm = createFsPermissionForExtendedAcl(accessEntries, perm);
  } else {
    // This is a minimal ACL.  Remove the ACL feature if it previously had one.
    if (inode.getAclFeature() != null) {
      inode.removeAclFeature(snapshotId);
    }
    newPerm = createFsPermissionForMinimalAcl(newAcl, perm);
  }

  inode.setPermission(newPerm, snapshotId);
}
 
Example 30
Source Project: big-c   Source File: FSAclBaseTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test(expected=FileNotFoundException.class)
public void testModifyAclEntriesPathNotFound() throws IOException {
  // Path has not been created.
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, ALL),
    aclEntry(ACCESS, USER, "foo", ALL),
    aclEntry(ACCESS, GROUP, READ_EXECUTE),
    aclEntry(ACCESS, OTHER, NONE));
  fs.modifyAclEntries(path, aclSpec);
}