org.apache.hadoop.hdfs.server.namenode.AclFeature Java Examples

The following examples show how to use org.apache.hadoop.hdfs.server.namenode.AclFeature. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: Snapshot.java    From hadoop with Apache License 2.0 6 votes vote down vote up
Root(INodeDirectory other) {
  // Always preserve ACL, XAttr.
  super(other, false, Lists.newArrayList(
    Iterables.filter(Arrays.asList(other.getFeatures()), new Predicate<Feature>() {

      @Override
      public boolean apply(Feature input) {
        if (AclFeature.class.isInstance(input) 
            || XAttrFeature.class.isInstance(input)) {
          return true;
        }
        return false;
      }
      
    }))
    .toArray(new Feature[0]));
}
 
Example #2
Source File: Snapshot.java    From big-c with Apache License 2.0 6 votes vote down vote up
Root(INodeDirectory other) {
  // Always preserve ACL, XAttr.
  super(other, false, Lists.newArrayList(
    Iterables.filter(Arrays.asList(other.getFeatures()), new Predicate<Feature>() {

      @Override
      public boolean apply(Feature input) {
        if (AclFeature.class.isInstance(input) 
            || XAttrFeature.class.isInstance(input)) {
          return true;
        }
        return false;
      }
      
    }))
    .toArray(new Feature[0]));
}
 
Example #3
Source File: TestAclWithSnapshot.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private void deleteSnapshotWithAclAndVerify(AclFeature aclFeature,
    Path pathToCheckAcl, int totalAclFeatures) throws IOException {
  hdfs.deleteSnapshot(path, snapshotName);
  AclFeature afterDeleteAclFeature = FSAclBaseTest.getAclFeature(
      pathToCheckAcl, cluster);
  assertSame(aclFeature, afterDeleteAclFeature);
  assertEquals("Reference count should remain same"
      + " even after deletion of snapshot", 1,
      afterDeleteAclFeature.getRefCount());

  hdfs.removeAcl(pathToCheckAcl);
  assertEquals("Reference count should be 0", 0, aclFeature.getRefCount());
  assertEquals("Unique ACL features should remain same", totalAclFeatures,
      AclStorage.getUniqueAclFeatures().getUniqueElementsSize());
}
 
Example #4
Source File: TestAclWithSnapshot.java    From big-c with Apache License 2.0 5 votes vote down vote up
private void deleteSnapshotWithAclAndVerify(AclFeature aclFeature,
    Path pathToCheckAcl, int totalAclFeatures) throws IOException {
  hdfs.deleteSnapshot(path, snapshotName);
  AclFeature afterDeleteAclFeature = FSAclBaseTest.getAclFeature(
      pathToCheckAcl, cluster);
  assertSame(aclFeature, afterDeleteAclFeature);
  assertEquals("Reference count should remain same"
      + " even after deletion of snapshot", 1,
      afterDeleteAclFeature.getRefCount());

  hdfs.removeAcl(pathToCheckAcl);
  assertEquals("Reference count should be 0", 0, aclFeature.getRefCount());
  assertEquals("Unique ACL features should remain same", totalAclFeatures,
      AclStorage.getUniqueAclFeatures().getUniqueElementsSize());
}
 
Example #5
Source File: SentryAuthorizationProvider.java    From incubator-sentry with Apache License 2.0 5 votes vote down vote up
private void checkAndRemoveHdfsAcl(INodeAuthorizationInfo node,
    boolean warn) {
  AclFeature f = defaultAuthzProvider.getAclFeature(node,
      Snapshot.CURRENT_STATE_ID);
  if (f != null) {
    defaultAuthzProvider.removeAclFeature(node);
  } else {
    if (warn) {
      LOG.warn("### removeAclFeature is requested on {}, but it does not " +
          "have any acl.", node);
    }
  }
}
 
Example #6
Source File: SentryAuthorizationProvider.java    From incubator-sentry with Apache License 2.0 5 votes vote down vote up
@Override
public void addAclFeature(INodeAuthorizationInfo node, AclFeature f) {
  // always fall through to defaultAuthZProvider, 
  // issue warning when the path is sentry managed
  if (isSentryManaged(node)) {
    LOG.warn("### addAclFeature {} (sentry managed path) {}, update HDFS." +
        WARN_VISIBILITY,
        node.getFullPathName(), f.toString());
    // For Sentry-managed path, remove ACL silently before adding new ACL
    checkAndRemoveHdfsAcl(node, false);
  }
  defaultAuthzProvider.addAclFeature(node, f);
}
 
Example #7
Source File: SentryAuthorizationProvider.java    From incubator-sentry with Apache License 2.0 4 votes vote down vote up
@Override
public AclFeature getAclFeature(INodeAuthorizationInfo node, int snapshotId) {
  AclFeature f = null;
  String[] pathElements = getPathElements(node);
  String p = Arrays.toString(pathElements);
  boolean isPrefixed = false;
  boolean isStale = false;
  boolean hasAuthzObj = false;
  Map<String, AclEntry> aclMap = null;
  if (!authzInfo.isUnderPrefix(pathElements)) {
    isPrefixed = false;
    f = defaultAuthzProvider.getAclFeature(node, snapshotId);
  } else if (!authzInfo.doesBelongToAuthzObject(pathElements)) {
    isPrefixed = true;
    f = defaultAuthzProvider.getAclFeature(node, snapshotId);
  } else {
    isPrefixed = true;
    hasAuthzObj = true;
    aclMap = new HashMap<String, AclEntry>();
    if (originalAuthzAsAcl) {
      String user = defaultAuthzProvider.getUser(node, snapshotId);
      String group = getDefaultProviderGroup(node, snapshotId);
      FsPermission perm = defaultAuthzProvider.getFsPermission(node, snapshotId);
      addToACLMap(aclMap, createAclEntries(user, group, perm));
    } else {
      addToACLMap(aclMap,
          createAclEntries(this.user, this.group, this.permission));
    }
    if (!authzInfo.isStale()) {
      isStale = false;
      addToACLMap(aclMap, authzInfo.getAclEntries(pathElements));
      f = new SentryAclFeature(ImmutableList.copyOf(aclMap.values()));
    } else {
      isStale = true;
      f = new SentryAclFeature(ImmutableList.copyOf(aclMap.values()));
    }
  }
  if (LOG.isDebugEnabled()) {
    LOG.debug("### getAclEntry \n[" + p + "] : ["
        + "isPreifxed=" + isPrefixed
        + ", isStale=" + isStale
        + ", hasAuthzObj=" + hasAuthzObj
        + ", origAuthzAsAcl=" + originalAuthzAsAcl + "]\n"
        + "[" + (aclMap == null ? "null" : aclMap) + "]\n"
        + "[" + (f == null ? "null" : f.getEntries()) + "]\n");
  }
  return f;
}