org.apache.hadoop.fs.permission.AclEntry Java Examples

The following examples show how to use org.apache.hadoop.fs.permission.AclEntry. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TestAclTransformation.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test(expected=AclException.class)
public void testMergeAclEntriesResultTooLarge() throws AclException {
  ImmutableList.Builder<AclEntry> aclBuilder =
    new ImmutableList.Builder<AclEntry>()
      .add(aclEntry(ACCESS, USER, ALL));
  for (int i = 1; i <= 28; ++i) {
    aclBuilder.add(aclEntry(ACCESS, USER, "user" + i, READ));
  }
  aclBuilder
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, MASK, READ))
    .add(aclEntry(ACCESS, OTHER, NONE));
  List<AclEntry> existing = aclBuilder.build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, "bruce", READ));
  mergeAclEntries(existing, aclSpec);
}
 
Example #2
Source File: FSOperations.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/** Converts an <code>AclStatus</code> object into a JSON object.
 *
 * @param aclStatus AclStatus object
 *
 * @return The JSON representation of the ACLs for the file
 */
@SuppressWarnings({"unchecked"})
private static Map<String,Object> aclStatusToJSON(AclStatus aclStatus) {
  Map<String,Object> json = new LinkedHashMap<String,Object>();
  Map<String,Object> inner = new LinkedHashMap<String,Object>();
  JSONArray entriesArray = new JSONArray();
  inner.put(HttpFSFileSystem.OWNER_JSON, aclStatus.getOwner());
  inner.put(HttpFSFileSystem.GROUP_JSON, aclStatus.getGroup());
  inner.put(HttpFSFileSystem.ACL_STICKY_BIT_JSON, aclStatus.isStickyBit());
  for ( AclEntry e : aclStatus.getEntries() ) {
    entriesArray.add(e.toString());
  }
  inner.put(HttpFSFileSystem.ACL_ENTRIES_JSON, entriesArray);
  json.put(HttpFSFileSystem.ACL_STATUS_JSON, inner);
  return json;
}
 
Example #3
Source File: FSAclBaseTest.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Asserts whether or not the inode for a specific path has an AclFeature.
 *
 * @param pathToCheck Path inode to check
 * @param expectAclFeature boolean true if an AclFeature must be present,
 *   false if an AclFeature must not be present
 * @throws IOException thrown if there is an I/O error
 */
private static void assertAclFeature(Path pathToCheck,
    boolean expectAclFeature) throws IOException {
  AclFeature aclFeature = getAclFeature(pathToCheck, cluster);
  if (expectAclFeature) {
    assertNotNull(aclFeature);
    // Intentionally capturing a reference to the entries, not using nested
    // calls.  This way, we get compile-time enforcement that the entries are
    // stored in an ImmutableList.
    ImmutableList<AclEntry> entries = AclStorage
        .getEntriesFromAclFeature(aclFeature);
    assertFalse(entries.isEmpty());
  } else {
    assertNull(aclFeature);
  }
}
 
Example #4
Source File: FSAclBaseTest.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Test
public void testModifyAclEntriesOnlyDefault() throws IOException {
  FileSystem.mkdirs(fs, path, FsPermission.createImmutable((short)0750));
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, "foo", ALL));
  fs.setAcl(path, aclSpec);
  aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, "foo", READ_EXECUTE));
  fs.modifyAclEntries(path, aclSpec);
  AclStatus s = fs.getAclStatus(path);
  AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
  assertArrayEquals(new AclEntry[] {
    aclEntry(DEFAULT, USER, ALL),
    aclEntry(DEFAULT, USER, "foo", READ_EXECUTE),
    aclEntry(DEFAULT, GROUP, READ_EXECUTE),
    aclEntry(DEFAULT, MASK, READ_EXECUTE),
    aclEntry(DEFAULT, OTHER, NONE) }, returned);
  assertPermission((short)010750);
  assertAclFeature(true);
}
 
Example #5
Source File: FSAclBaseTest.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testSetAclMustBeOwnerOrSuper() throws Exception {
  Path bruceDir = new Path(path, "bruce");
  Path bruceFile = new Path(bruceDir, "file");
  fs.mkdirs(bruceDir);
  fs.setOwner(bruceDir, "bruce", null);
  fsAsBruce.create(bruceFile).close();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, READ_WRITE),
    aclEntry(ACCESS, USER, "diana", READ_WRITE),
    aclEntry(ACCESS, GROUP, READ),
    aclEntry(ACCESS, OTHER, READ));
  fsAsBruce.setAcl(bruceFile, aclSpec);
  fs.setAcl(bruceFile, aclSpec);
  fsAsSupergroupMember.setAcl(bruceFile, aclSpec);
  exception.expect(AccessControlException.class);
  fsAsDiana.setAcl(bruceFile, aclSpec);
}
 
Example #6
Source File: AclStorage.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Creates an AclFeature from the given ACL entries.
 *
 * @param accessEntries List<AclEntry> access ACL entries
 * @param defaultEntries List<AclEntry> default ACL entries
 * @return AclFeature containing the required ACL entries
 */
private static AclFeature createAclFeature(List<AclEntry> accessEntries,
    List<AclEntry> defaultEntries) {
  // Pre-allocate list size for the explicit entries stored in the feature,
  // which is all entries minus the 3 entries implicitly stored in the
  // permission bits.
  List<AclEntry> featureEntries = Lists.newArrayListWithCapacity(
    (accessEntries.size() - 3) + defaultEntries.size());

  // For the access ACL, the feature only needs to hold the named user and
  // group entries.  For a correctly sorted ACL, these will be in a
  // predictable range.
  if (!AclUtil.isMinimalAcl(accessEntries)) {
    featureEntries.addAll(
      accessEntries.subList(1, accessEntries.size() - 2));
  }

  // Add all default entries to the feature.
  featureEntries.addAll(defaultEntries);
  return new AclFeature(AclEntryStatusFormat.toInt(featureEntries));
}
 
Example #7
Source File: FSAclBaseTest.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testRemoveAclEntriesOnlyAccess() throws IOException {
  fs.create(path).close();
  fs.setPermission(path, FsPermission.createImmutable((short)0640));
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, ALL),
    aclEntry(ACCESS, USER, "foo", ALL),
    aclEntry(ACCESS, USER, "bar", READ_WRITE),
    aclEntry(ACCESS, GROUP, READ_WRITE),
    aclEntry(ACCESS, OTHER, NONE));
  fs.setAcl(path, aclSpec);
  aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, "foo"));
  fs.removeAclEntries(path, aclSpec);
  AclStatus s = fs.getAclStatus(path);
  AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
  assertArrayEquals(new AclEntry[] {
    aclEntry(ACCESS, USER, "bar", READ_WRITE),
    aclEntry(ACCESS, GROUP, READ_WRITE) }, returned);
  assertPermission((short)010760);
  assertAclFeature(true);
}
 
Example #8
Source File: TestAclTransformation.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testMergeAclEntriesProvidedDefaultMask() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, ALL),
    aclEntry(DEFAULT, GROUP, READ),
    aclEntry(DEFAULT, MASK, ALL),
    aclEntry(DEFAULT, OTHER, NONE));
  List<AclEntry> expected = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, ALL))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  assertEquals(expected, mergeAclEntries(existing, aclSpec));
}
 
Example #9
Source File: FSAclBaseTest.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Asserts whether or not the inode for a specific path has an AclFeature.
 *
 * @param pathToCheck Path inode to check
 * @param expectAclFeature boolean true if an AclFeature must be present,
 *   false if an AclFeature must not be present
 * @throws IOException thrown if there is an I/O error
 */
private static void assertAclFeature(Path pathToCheck,
    boolean expectAclFeature) throws IOException {
  AclFeature aclFeature = getAclFeature(pathToCheck, cluster);
  if (expectAclFeature) {
    assertNotNull(aclFeature);
    // Intentionally capturing a reference to the entries, not using nested
    // calls.  This way, we get compile-time enforcement that the entries are
    // stored in an ImmutableList.
    ImmutableList<AclEntry> entries = AclStorage
        .getEntriesFromAclFeature(aclFeature);
    assertFalse(entries.isEmpty());
  } else {
    assertNull(aclFeature);
  }
}
 
Example #10
Source File: TestAclTransformation.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Test
public void testMergeAclEntriesEmptyAclSpec() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, USER, "bruce", READ_WRITE))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, MASK, ALL))
    .add(aclEntry(ACCESS, OTHER, READ))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, USER, "bruce", READ_WRITE))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, ALL))
    .add(aclEntry(DEFAULT, OTHER, READ))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList();
  assertEquals(existing, mergeAclEntries(existing, aclSpec));
}
 
Example #11
Source File: FSAclBaseTest.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testRemoveAclEntriesStickyBit() throws IOException {
  FileSystem.mkdirs(fs, path, FsPermission.createImmutable((short)01750));
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, ALL),
    aclEntry(ACCESS, USER, "foo", ALL),
    aclEntry(ACCESS, GROUP, READ_EXECUTE),
    aclEntry(ACCESS, OTHER, NONE),
    aclEntry(DEFAULT, USER, "foo", ALL));
  fs.setAcl(path, aclSpec);
  aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, "foo"),
    aclEntry(DEFAULT, USER, "foo"));
  fs.removeAclEntries(path, aclSpec);
  AclStatus s = fs.getAclStatus(path);
  AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
  assertArrayEquals(new AclEntry[] {
    aclEntry(ACCESS, GROUP, READ_EXECUTE),
    aclEntry(DEFAULT, USER, ALL),
    aclEntry(DEFAULT, GROUP, READ_EXECUTE),
    aclEntry(DEFAULT, MASK, READ_EXECUTE),
    aclEntry(DEFAULT, OTHER, NONE) }, returned);
  assertPermission((short)011750);
  assertAclFeature(true);
}
 
Example #12
Source File: FSAclBaseTest.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Test
public void testRemoveDefaultAclOnlyDefault() throws Exception {
  FileSystem.mkdirs(fs, path, FsPermission.createImmutable((short)0750));
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, "foo", ALL));
  fs.setAcl(path, aclSpec);
  fs.removeDefaultAcl(path);
  AclStatus s = fs.getAclStatus(path);
  AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
  assertArrayEquals(new AclEntry[] { }, returned);
  assertPermission((short)0750);
  assertAclFeature(false);
  // restart of the cluster
  restartCluster();
  s = fs.getAclStatus(path);
  AclEntry[] afterRestart = s.getEntries().toArray(new AclEntry[0]);
  assertArrayEquals(returned, afterRestart);
}
 
Example #13
Source File: TestAclTransformation.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testMergeAclEntriesAutomaticDefaultUser() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, READ))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, GROUP, READ_EXECUTE),
    aclEntry(DEFAULT, OTHER, READ));
  List<AclEntry> expected = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, READ))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, GROUP, READ_EXECUTE))
    .add(aclEntry(DEFAULT, OTHER, READ))
    .build();
  assertEquals(expected, mergeAclEntries(existing, aclSpec));
}
 
Example #14
Source File: TestAclTransformation.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testReplaceAclEntriesOnlyDefaults() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, "bruce", READ));
  List<AclEntry> expected = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, USER, "bruce", READ))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, READ))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  assertEquals(expected, replaceAclEntries(existing, aclSpec));
}
 
Example #15
Source File: ViewFs.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public void modifyAclEntries(Path path, List<AclEntry> aclSpec)
    throws IOException {
  InodeTree.ResolveResult<AbstractFileSystem> res =
      fsState.resolve(getUriPath(path), true);
  res.targetFileSystem.modifyAclEntries(res.remainingPath, aclSpec);
}
 
Example #16
Source File: TestAclTransformation.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test
public void testMergeAclEntriesDefaultMaskCalculated() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, READ))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, USER, "bruce", READ))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, READ))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, "bruce", READ_WRITE),
    aclEntry(DEFAULT, USER, "diana", READ_EXECUTE));
  List<AclEntry> expected = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, READ))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, USER, "bruce", READ_WRITE))
    .add(aclEntry(DEFAULT, USER, "diana", READ_EXECUTE))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, ALL))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  assertEquals(expected, mergeAclEntries(existing, aclSpec));
}
 
Example #17
Source File: HttpFSFileSystem.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Convert the given JSON object into an AclStatus
 * @param json Input JSON representing the ACLs
 * @return Resulting AclStatus
 */
private AclStatus createAclStatus(JSONObject json) {
  AclStatus.Builder aclStatusBuilder = new AclStatus.Builder()
          .owner((String) json.get(OWNER_JSON))
          .group((String) json.get(GROUP_JSON))
          .stickyBit((Boolean) json.get(ACL_STICKY_BIT_JSON));
  JSONArray entries = (JSONArray) json.get(ACL_ENTRIES_JSON);
  for ( Object e : entries ) {
    aclStatusBuilder.addEntry(AclEntry.parseAclEntry(e.toString(), true));
  }
  return aclStatusBuilder.build();
}
 
Example #18
Source File: JsonUtil.java    From big-c with Apache License 2.0 5 votes vote down vote up
/** Convert a Json map to a AclStatus object. */
public static AclStatus toAclStatus(final Map<?, ?> json) {
  if (json == null) {
    return null;
  }

  final Map<?, ?> m = (Map<?, ?>) json.get(AclStatus.class.getSimpleName());

  AclStatus.Builder aclStatusBuilder = new AclStatus.Builder();
  aclStatusBuilder.owner((String) m.get("owner"));
  aclStatusBuilder.group((String) m.get("group"));
  aclStatusBuilder.stickyBit((Boolean) m.get("stickyBit"));
  String permString = (String) m.get("permission");
  if (permString != null) {
    final FsPermission permission = toFsPermission(permString,
        (Boolean) m.get("aclBit"), (Boolean) m.get("encBit"));
    aclStatusBuilder.setPermission(permission);
  }
  final List<?> entries = (List<?>) m.get("entries");

  List<AclEntry> aclEntryList = new ArrayList<AclEntry>();
  for (Object entry : entries) {
    AclEntry aclEntry = AclEntry.parseAclEntry((String) entry, true);
    aclEntryList.add(aclEntry);
  }
  aclStatusBuilder.addEntries(aclEntryList);
  return aclStatusBuilder.build();
}
 
Example #19
Source File: TestAclTransformation.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test(expected=AclException.class)
public void testFilterAclEntriesByAclSpecInputTooLarge() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .build();
  filterAclEntriesByAclSpec(existing, ACL_SPEC_TOO_LARGE);
}
 
Example #20
Source File: TestAclTransformation.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test(expected=AclException.class)
public void testFilterAclEntriesByAclSpecRemoveAccessMaskRequired()
    throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, USER, "bruce", READ))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, MASK, ALL))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, MASK));
  filterAclEntriesByAclSpec(existing, aclSpec);
}
 
Example #21
Source File: TestAclTransformation.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testFilterAclEntriesByAclSpecAccessMaskPreserved()
    throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, USER, "bruce", READ))
    .add(aclEntry(ACCESS, USER, "diana", READ_WRITE))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, MASK, READ))
    .add(aclEntry(ACCESS, OTHER, READ))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, USER, "bruce", READ))
    .add(aclEntry(DEFAULT, USER, "diana", READ_WRITE))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, READ_WRITE))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, "diana"));
  List<AclEntry> expected = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, USER, "bruce", READ))
    .add(aclEntry(ACCESS, USER, "diana", READ_WRITE))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, MASK, READ))
    .add(aclEntry(ACCESS, OTHER, READ))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, USER, "bruce", READ))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, READ))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  assertEquals(expected, filterAclEntriesByAclSpec(existing, aclSpec));
}
 
Example #22
Source File: FSEditLogOp.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private static List<AclEntry> read(DataInputStream in, int logVersion)
    throws IOException {
  if (!NameNodeLayoutVersion.supports(Feature.EXTENDED_ACL, logVersion)) {
    return null;
  }

  int size = in.readInt();
  if (size == 0) {
    return null;
  }

  List<AclEntry> aclEntries = Lists.newArrayListWithCapacity(size);
  for (int i = 0; i < size; ++i) {
    int v = in.read();
    int p = v & ACL_EDITLOG_PERM_MASK;
    int t = (v >> ACL_EDITLOG_ENTRY_TYPE_OFFSET)
        & ACL_EDITLOG_ENTRY_TYPE_MASK;
    int s = (v >> ACL_EDITLOG_ENTRY_SCOPE_OFFSET)
        & ACL_EDITLOG_ENTRY_SCOPE_MASK;
    boolean hasName = ((v >> ACL_EDITLOG_ENTRY_HAS_NAME_OFFSET) & 1) == 1;
    String name = hasName ? FSImageSerialization.readString(in) : null;
    aclEntries.add(new AclEntry.Builder().setName(name)
        .setPermission(FSACTION_VALUES[p])
        .setScope(ACL_ENTRY_SCOPE_VALUES[s])
        .setType(ACL_ENTRY_TYPE_VALUES[t]).build());
  }

  return aclEntries;
}
 
Example #23
Source File: TestAclTransformation.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test
public void testReplaceAclEntriesAutomaticDefaultOther() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, ALL),
    aclEntry(ACCESS, GROUP, READ),
    aclEntry(ACCESS, OTHER, NONE),
    aclEntry(DEFAULT, USER, READ_WRITE),
    aclEntry(DEFAULT, USER, "bruce", READ),
    aclEntry(DEFAULT, GROUP, READ_WRITE),
    aclEntry(DEFAULT, MASK, READ_WRITE));
  List<AclEntry> expected = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .add(aclEntry(DEFAULT, USER, READ_WRITE))
    .add(aclEntry(DEFAULT, USER, "bruce", READ))
    .add(aclEntry(DEFAULT, GROUP, READ_WRITE))
    .add(aclEntry(DEFAULT, MASK, READ_WRITE))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  assertEquals(expected, replaceAclEntries(existing, aclSpec));
}
 
Example #24
Source File: TestAclTransformation.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testFilterAclEntriesByAclSpecDefaultMaskCalculated()
    throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, READ))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, USER, "bruce", READ))
    .add(aclEntry(DEFAULT, USER, "diana", READ_WRITE))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, READ_WRITE))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, "diana"));
  List<AclEntry> expected = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, READ))
    .add(aclEntry(DEFAULT, USER, ALL))
    .add(aclEntry(DEFAULT, USER, "bruce", READ))
    .add(aclEntry(DEFAULT, GROUP, READ))
    .add(aclEntry(DEFAULT, MASK, READ))
    .add(aclEntry(DEFAULT, OTHER, NONE))
    .build();
  assertEquals(expected, filterAclEntriesByAclSpec(existing, aclSpec));
}
 
Example #25
Source File: TestAclWithSnapshot.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testSetAclSnapshotPath() throws Exception {
  FileSystem.mkdirs(hdfs, path, FsPermission.createImmutable((short)0700));
  SnapshotTestHelper.createSnapshot(hdfs, path, snapshotName);
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(DEFAULT, USER, "bruce"));
  exception.expect(SnapshotAccessControlException.class);
  hdfs.setAcl(snapshotPath, aclSpec);
}
 
Example #26
Source File: FSAclBaseTest.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test(expected=FileNotFoundException.class)
public void testModifyAclEntriesPathNotFound() throws IOException {
  // Path has not been created.
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, ALL),
    aclEntry(ACCESS, USER, "foo", ALL),
    aclEntry(ACCESS, GROUP, READ_EXECUTE),
    aclEntry(ACCESS, OTHER, NONE));
  fs.modifyAclEntries(path, aclSpec);
}
 
Example #27
Source File: FSAclBaseTest.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test(expected=FileNotFoundException.class)
public void testModifyAclEntriesPathNotFound() throws IOException {
  // Path has not been created.
  List<AclEntry> aclSpec = Lists.newArrayList(
    aclEntry(ACCESS, USER, ALL),
    aclEntry(ACCESS, USER, "foo", ALL),
    aclEntry(ACCESS, GROUP, READ_EXECUTE),
    aclEntry(ACCESS, OTHER, NONE));
  fs.modifyAclEntries(path, aclSpec);
}
 
Example #28
Source File: AclStorage.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Updates an inode with a new ACL.  This method takes a full logical ACL and
 * stores the entries to the inode's {@link FsPermission} and
 * {@link AclFeature}.
 *
 * @param inode INode to update
 * @param newAcl List<AclEntry> containing new ACL entries
 * @param snapshotId int latest snapshot ID of inode
 * @throws AclException if the ACL is invalid for the given inode
 * @throws QuotaExceededException if quota limit is exceeded
 */
public static void updateINodeAcl(INode inode, List<AclEntry> newAcl,
    int snapshotId) throws AclException, QuotaExceededException {
  assert newAcl.size() >= 3;
  FsPermission perm = inode.getFsPermission();
  final FsPermission newPerm;
  if (!AclUtil.isMinimalAcl(newAcl)) {
    // This is an extended ACL.  Split entries into access vs. default.
    ScopedAclEntries scoped = new ScopedAclEntries(newAcl);
    List<AclEntry> accessEntries = scoped.getAccessEntries();
    List<AclEntry> defaultEntries = scoped.getDefaultEntries();

    // Only directories may have a default ACL.
    if (!defaultEntries.isEmpty() && !inode.isDirectory()) {
      throw new AclException(
        "Invalid ACL: only directories may have a default ACL.");
    }

    // Attach entries to the feature.
    if (inode.getAclFeature() != null) {
      inode.removeAclFeature(snapshotId);
    }
    inode.addAclFeature(createAclFeature(accessEntries, defaultEntries),
      snapshotId);
    newPerm = createFsPermissionForExtendedAcl(accessEntries, perm);
  } else {
    // This is a minimal ACL.  Remove the ACL feature if it previously had one.
    if (inode.getAclFeature() != null) {
      inode.removeAclFeature(snapshotId);
    }
    newPerm = createFsPermissionForMinimalAcl(newAcl, perm);
  }

  inode.setPermission(newPerm, snapshotId);
}
 
Example #29
Source File: TestAclTransformation.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test(expected=AclException.class)
public void testReplaceAclEntriesInputTooLarge() throws AclException {
  List<AclEntry> existing = new ImmutableList.Builder<AclEntry>()
    .add(aclEntry(ACCESS, USER, ALL))
    .add(aclEntry(ACCESS, GROUP, READ))
    .add(aclEntry(ACCESS, OTHER, NONE))
    .build();
  replaceAclEntries(existing, ACL_SPEC_TOO_LARGE);
}
 
Example #30
Source File: TestDistCpWithAcls.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type and permission (no name).
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
private static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setPermission(permission)
    .build();
}