org.apache.hadoop.fs.permission.AclEntryScope Java Examples

The following examples show how to use org.apache.hadoop.fs.permission.AclEntryScope. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SentryPermissions.java    From incubator-sentry with Apache License 2.0 6 votes vote down vote up
@Override
public List<AclEntry> getAcls(String authzObj) {
  Map<String, FsAction> groupPerms = getGroupPerms(authzObj);
  List<AclEntry> retList = new LinkedList<AclEntry>();
  for (Map.Entry<String, FsAction> groupPerm : groupPerms.entrySet()) {
    AclEntry.Builder builder = new AclEntry.Builder();
    builder.setName(groupPerm.getKey());
    builder.setType(AclEntryType.GROUP);
    builder.setScope(AclEntryScope.ACCESS);
    FsAction action = groupPerm.getValue();
    if (action == FsAction.READ || action == FsAction.WRITE
        || action == FsAction.READ_WRITE) {
      action = action.or(FsAction.EXECUTE);
    }
    builder.setPermission(action);
    retList.add(builder.build());
  }
  return retList;
}
 
Example #2
Source File: SentryAuthorizationProvider.java    From incubator-sentry with Apache License 2.0 6 votes vote down vote up
private List<AclEntry> createAclEntries(String user, String group,
    FsPermission permission) {
  List<AclEntry> list = new ArrayList<AclEntry>();
  AclEntry.Builder builder = new AclEntry.Builder();
  FsPermission fsPerm = new FsPermission(permission);
  builder.setName(user);
  builder.setType(AclEntryType.USER);
  builder.setScope(AclEntryScope.ACCESS);
  builder.setPermission(fsPerm.getUserAction());
  list.add(builder.build());
  builder.setName(group);
  builder.setType(AclEntryType.GROUP);
  builder.setScope(AclEntryScope.ACCESS);
  builder.setPermission(fsPerm.getGroupAction());
  list.add(builder.build());
  builder.setName(null);
  return list;
}
 
Example #3
Source File: FSEditLogOp.java    From hadoop with Apache License 2.0 6 votes vote down vote up
private static List<AclEntry> readAclEntriesFromXml(Stanza st) {
  List<AclEntry> aclEntries = Lists.newArrayList();
  if (!st.hasChildren("ENTRY"))
    return null;

  List<Stanza> stanzas = st.getChildren("ENTRY");
  for (Stanza s : stanzas) {
    AclEntry e = new AclEntry.Builder()
      .setScope(AclEntryScope.valueOf(s.getValue("SCOPE")))
      .setType(AclEntryType.valueOf(s.getValue("TYPE")))
      .setName(s.getValueOrNull("NAME"))
      .setPermission(fsActionFromXml(s)).build();
    aclEntries.add(e);
  }
  return aclEntries;
}
 
Example #4
Source File: TestAclCommands.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testMultipleAclSpecParsing() throws Exception {
  List<AclEntry> parsedList = AclEntry.parseAclSpec(
      "group::rwx,user:user1:rwx,user:user2:rw-,"
          + "group:group1:rw-,default:group:group1:rw-", true);

  AclEntry basicAcl = new AclEntry.Builder().setType(AclEntryType.GROUP)
      .setPermission(FsAction.ALL).build();
  AclEntry user1Acl = new AclEntry.Builder().setType(AclEntryType.USER)
      .setPermission(FsAction.ALL).setName("user1").build();
  AclEntry user2Acl = new AclEntry.Builder().setType(AclEntryType.USER)
      .setPermission(FsAction.READ_WRITE).setName("user2").build();
  AclEntry group1Acl = new AclEntry.Builder().setType(AclEntryType.GROUP)
      .setPermission(FsAction.READ_WRITE).setName("group1").build();
  AclEntry defaultAcl = new AclEntry.Builder().setType(AclEntryType.GROUP)
      .setPermission(FsAction.READ_WRITE).setName("group1")
      .setScope(AclEntryScope.DEFAULT).build();
  List<AclEntry> expectedList = new ArrayList<AclEntry>();
  expectedList.add(basicAcl);
  expectedList.add(user1Acl);
  expectedList.add(user2Acl);
  expectedList.add(group1Acl);
  expectedList.add(defaultAcl);
  assertEquals("Parsed Acl not correct", expectedList, parsedList);
}
 
Example #5
Source File: TestSnapshotScannerHDFSAclController.java    From hbase with Apache License 2.0 6 votes vote down vote up
static void checkUserAclEntry(FileSystem fs, Path path, String userName, boolean requireAccessAcl,
    boolean requireDefaultAcl) throws IOException {
  boolean accessAclEntry = false;
  boolean defaultAclEntry = false;
  if (fs.exists(path)) {
    for (AclEntry aclEntry : fs.getAclStatus(path).getEntries()) {
      String user = aclEntry.getName();
      if (user != null && user.equals(userName)) {
        if (aclEntry.getScope() == AclEntryScope.DEFAULT) {
          defaultAclEntry = true;
        } else if (aclEntry.getScope() == AclEntryScope.ACCESS) {
          accessAclEntry = true;
        }
      }
    }
  }
  String message = "require user: " + userName + ", path: " + path.toString() + " acl";
  assertEquals(message, requireAccessAcl, accessAclEntry);
  assertEquals(message, requireDefaultAcl, defaultAclEntry);
}
 
Example #6
Source File: FSEditLogOp.java    From big-c with Apache License 2.0 6 votes vote down vote up
private static List<AclEntry> readAclEntriesFromXml(Stanza st) {
  List<AclEntry> aclEntries = Lists.newArrayList();
  if (!st.hasChildren("ENTRY"))
    return null;

  List<Stanza> stanzas = st.getChildren("ENTRY");
  for (Stanza s : stanzas) {
    AclEntry e = new AclEntry.Builder()
      .setScope(AclEntryScope.valueOf(s.getValue("SCOPE")))
      .setType(AclEntryType.valueOf(s.getValue("TYPE")))
      .setName(s.getValueOrNull("NAME"))
      .setPermission(fsActionFromXml(s)).build();
    aclEntries.add(e);
  }
  return aclEntries;
}
 
Example #7
Source File: TestAclCommands.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Test
public void testMultipleAclSpecParsing() throws Exception {
  List<AclEntry> parsedList = AclEntry.parseAclSpec(
      "group::rwx,user:user1:rwx,user:user2:rw-,"
          + "group:group1:rw-,default:group:group1:rw-", true);

  AclEntry basicAcl = new AclEntry.Builder().setType(AclEntryType.GROUP)
      .setPermission(FsAction.ALL).build();
  AclEntry user1Acl = new AclEntry.Builder().setType(AclEntryType.USER)
      .setPermission(FsAction.ALL).setName("user1").build();
  AclEntry user2Acl = new AclEntry.Builder().setType(AclEntryType.USER)
      .setPermission(FsAction.READ_WRITE).setName("user2").build();
  AclEntry group1Acl = new AclEntry.Builder().setType(AclEntryType.GROUP)
      .setPermission(FsAction.READ_WRITE).setName("group1").build();
  AclEntry defaultAcl = new AclEntry.Builder().setType(AclEntryType.GROUP)
      .setPermission(FsAction.READ_WRITE).setName("group1")
      .setScope(AclEntryScope.DEFAULT).build();
  List<AclEntry> expectedList = new ArrayList<AclEntry>();
  expectedList.add(basicAcl);
  expectedList.add(user1Acl);
  expectedList.add(user2Acl);
  expectedList.add(group1Acl);
  expectedList.add(defaultAcl);
  assertEquals("Parsed Acl not correct", expectedList, parsedList);
}
 
Example #8
Source File: TestPBHelper.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Test
public void testAclEntryProto() {
  // All fields populated.
  AclEntry e1 = new AclEntry.Builder().setName("test")
      .setPermission(FsAction.READ_EXECUTE).setScope(AclEntryScope.DEFAULT)
      .setType(AclEntryType.OTHER).build();
  // No name.
  AclEntry e2 = new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
      .setType(AclEntryType.USER).setPermission(FsAction.ALL).build();
  // No permission, which will default to the 0'th enum element.
  AclEntry e3 = new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
      .setType(AclEntryType.USER).setName("test").build();
  AclEntry[] expected = new AclEntry[] { e1, e2,
      new AclEntry.Builder()
          .setScope(e3.getScope())
          .setType(e3.getType())
          .setName(e3.getName())
          .setPermission(FsAction.NONE)
          .build() };
  AclEntry[] actual = Lists.newArrayList(
      PBHelper.convertAclEntry(PBHelper.convertAclEntryProto(Lists
          .newArrayList(e1, e2, e3)))).toArray(new AclEntry[0]);
  Assert.assertArrayEquals(expected, actual);
}
 
Example #9
Source File: TestPBHelper.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testAclEntryProto() {
  // All fields populated.
  AclEntry e1 = new AclEntry.Builder().setName("test")
      .setPermission(FsAction.READ_EXECUTE).setScope(AclEntryScope.DEFAULT)
      .setType(AclEntryType.OTHER).build();
  // No name.
  AclEntry e2 = new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
      .setType(AclEntryType.USER).setPermission(FsAction.ALL).build();
  // No permission, which will default to the 0'th enum element.
  AclEntry e3 = new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
      .setType(AclEntryType.USER).setName("test").build();
  AclEntry[] expected = new AclEntry[] { e1, e2,
      new AclEntry.Builder()
          .setScope(e3.getScope())
          .setType(e3.getType())
          .setName(e3.getName())
          .setPermission(FsAction.NONE)
          .build() };
  AclEntry[] actual = Lists.newArrayList(
      PBHelper.convertAclEntry(PBHelper.convertAclEntryProto(Lists
          .newArrayList(e1, e2, e3)))).toArray(new AclEntry[0]);
  Assert.assertArrayEquals(expected, actual);
}
 
Example #10
Source File: TestDistCpWithAcls.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type and permission (no name).
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
private static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setPermission(permission)
    .build();
}
 
Example #11
Source File: EventTestUtils.java    From localization_nifi with Apache License 2.0 5 votes vote down vote up
public static Event.MetadataUpdateEvent createMetadataUpdateEvent() {
    return new Event.MetadataUpdateEvent.Builder()
            .replication(0)
            .perms(new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.NONE))
            .path("/some/path/metadata")
            .ownerName("owner")
            .acls(Collections.singletonList(new AclEntry.Builder().setName("schema").setPermission(FsAction.ALL).setScope(AclEntryScope.ACCESS).setType(AclEntryType.GROUP).build()))
            .atime(new Date().getTime())
            .groupName("groupName")
            .metadataType(Event.MetadataUpdateEvent.MetadataType.ACLS)
            .mtime(1L)
            .xAttrs(Collections.singletonList(new XAttr.Builder().setName("name").setNameSpace(XAttr.NameSpace.USER).setValue(new byte[0]).build()))
            .xAttrsRemoved(false)
            .build();
}
 
Example #12
Source File: AclTransformation.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Filters (discards) any existing ACL entries that have the same scope, type
 * and name of any entry in the ACL spec.  If necessary, recalculates the mask
 * entries.  If necessary, default entries may be inferred by copying the
 * permissions of the corresponding access entries.  It is invalid to request
 * removal of the mask entry from an ACL that would otherwise require a mask
 * entry, due to existing named entries or an unnamed group entry.
 *
 * @param existingAcl List<AclEntry> existing ACL
 * @param inAclSpec List<AclEntry> ACL spec describing entries to filter
 * @return List<AclEntry> new ACL
 * @throws AclException if validation fails
 */
public static List<AclEntry> filterAclEntriesByAclSpec(
    List<AclEntry> existingAcl, List<AclEntry> inAclSpec) throws AclException {
  ValidatedAclSpec aclSpec = new ValidatedAclSpec(inAclSpec);
  ArrayList<AclEntry> aclBuilder = Lists.newArrayListWithCapacity(MAX_ENTRIES);
  EnumMap<AclEntryScope, AclEntry> providedMask =
    Maps.newEnumMap(AclEntryScope.class);
  EnumSet<AclEntryScope> maskDirty = EnumSet.noneOf(AclEntryScope.class);
  EnumSet<AclEntryScope> scopeDirty = EnumSet.noneOf(AclEntryScope.class);
  for (AclEntry existingEntry: existingAcl) {
    if (aclSpec.containsKey(existingEntry)) {
      scopeDirty.add(existingEntry.getScope());
      if (existingEntry.getType() == MASK) {
        maskDirty.add(existingEntry.getScope());
      }
    } else {
      if (existingEntry.getType() == MASK) {
        providedMask.put(existingEntry.getScope(), existingEntry);
      } else {
        aclBuilder.add(existingEntry);
      }
    }
  }
  copyDefaultsIfNeeded(aclBuilder);
  calculateMasks(aclBuilder, providedMask, maskDirty, scopeDirty);
  return buildAndValidateAcl(aclBuilder);
}
 
Example #13
Source File: AclTransformation.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Completely replaces the ACL with the entries of the ACL spec.  If
 * necessary, recalculates the mask entries.  If necessary, default entries
 * are inferred by copying the permissions of the corresponding access
 * entries.  Replacement occurs separately for each of the access ACL and the
 * default ACL.  If the ACL spec contains only access entries, then the
 * existing default entries are retained.  If the ACL spec contains only
 * default entries, then the existing access entries are retained.  If the ACL
 * spec contains both access and default entries, then both are replaced.
 *
 * @param existingAcl List<AclEntry> existing ACL
 * @param inAclSpec List<AclEntry> ACL spec containing replacement entries
 * @return List<AclEntry> new ACL
 * @throws AclException if validation fails
 */
public static List<AclEntry> replaceAclEntries(List<AclEntry> existingAcl,
    List<AclEntry> inAclSpec) throws AclException {
  ValidatedAclSpec aclSpec = new ValidatedAclSpec(inAclSpec);
  ArrayList<AclEntry> aclBuilder = Lists.newArrayListWithCapacity(MAX_ENTRIES);
  // Replacement is done separately for each scope: access and default.
  EnumMap<AclEntryScope, AclEntry> providedMask =
    Maps.newEnumMap(AclEntryScope.class);
  EnumSet<AclEntryScope> maskDirty = EnumSet.noneOf(AclEntryScope.class);
  EnumSet<AclEntryScope> scopeDirty = EnumSet.noneOf(AclEntryScope.class);
  for (AclEntry aclSpecEntry: aclSpec) {
    scopeDirty.add(aclSpecEntry.getScope());
    if (aclSpecEntry.getType() == MASK) {
      providedMask.put(aclSpecEntry.getScope(), aclSpecEntry);
      maskDirty.add(aclSpecEntry.getScope());
    } else {
      aclBuilder.add(aclSpecEntry);
    }
  }
  // Copy existing entries if the scope was not replaced.
  for (AclEntry existingEntry: existingAcl) {
    if (!scopeDirty.contains(existingEntry.getScope())) {
      if (existingEntry.getType() == MASK) {
        providedMask.put(existingEntry.getScope(), existingEntry);
      } else {
        aclBuilder.add(existingEntry);
      }
    }
  }
  copyDefaultsIfNeeded(aclBuilder);
  calculateMasks(aclBuilder, providedMask, maskDirty, scopeDirty);
  return buildAndValidateAcl(aclBuilder);
}
 
Example #14
Source File: AclTestHelpers.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type and permission (no name).
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setPermission(permission)
    .build();
}
 
Example #15
Source File: AclTestHelpers.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type, name and permission.
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param name String optional ACL entry name
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    String name, FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setName(name)
    .setPermission(permission)
    .build();
}
 
Example #16
Source File: AclTestHelpers.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type and name (no permission).
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param name String optional ACL entry name
 * @return AclEntry new AclEntry
 */
public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    String name) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setName(name)
    .build();
}
 
Example #17
Source File: TestPBHelper.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testAclStatusProto() {
  AclEntry e = new AclEntry.Builder().setName("test")
      .setPermission(FsAction.READ_EXECUTE).setScope(AclEntryScope.DEFAULT)
      .setType(AclEntryType.OTHER).build();
  AclStatus s = new AclStatus.Builder().owner("foo").group("bar").addEntry(e)
      .build();
  Assert.assertEquals(s, PBHelper.convert(PBHelper.convert(s)));
}
 
Example #18
Source File: FSPermissionChecker.java    From big-c with Apache License 2.0 5 votes vote down vote up
private void check(INodeAttributes inode, String path, FsAction access
    ) throws AccessControlException {
  if (inode == null) {
    return;
  }
  final FsPermission mode = inode.getFsPermission();
  final AclFeature aclFeature = inode.getAclFeature();
  if (aclFeature != null) {
    // It's possible that the inode has a default ACL but no access ACL.
    int firstEntry = aclFeature.getEntryAt(0);
    if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
      checkAccessAcl(inode, path, access, mode, aclFeature);
      return;
    }
  }
  if (getUser().equals(inode.getUserName())) { //user class
    if (mode.getUserAction().implies(access)) { return; }
  }
  else if (getGroups().contains(inode.getGroupName())) { //group class
    if (mode.getGroupAction().implies(access)) { return; }
  }
  else { //other class
    if (mode.getOtherAction().implies(access)) { return; }
  }
  throw new AccessControlException(
      toAccessControlString(inode, path, access, mode));
}
 
Example #19
Source File: TestDistCpWithAcls.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type, name and permission.
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param name String optional ACL entry name
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
private static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    String name, FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setName(name)
    .setPermission(permission)
    .build();
}
 
Example #20
Source File: ScopedAclEntries.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Returns the pivot point in the list between the access entries and the
 * default entries.  This is the index of the first element in the list that is
 * a default entry.
 *
 * @param aclBuilder ArrayList<AclEntry> containing entries to build
 * @return int pivot point, or -1 if list contains no default entries
 */
private static int calculatePivotOnDefaultEntries(List<AclEntry> aclBuilder) {
  for (int i = 0; i < aclBuilder.size(); ++i) {
    if (aclBuilder.get(i).getScope() == AclEntryScope.DEFAULT) {
      return i;
    }
  }
  return PIVOT_NOT_FOUND;
}
 
Example #21
Source File: TestAclCommands.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testMultipleAclSpecParsingWithoutPermissions() throws Exception {
  List<AclEntry> parsedList = AclEntry.parseAclSpec(
      "user::,user:user1:,group::,group:group1:,mask::,other::,"
          + "default:user:user1::,default:mask::", false);

  AclEntry owner = new AclEntry.Builder().setType(AclEntryType.USER).build();
  AclEntry namedUser = new AclEntry.Builder().setType(AclEntryType.USER)
      .setName("user1").build();
  AclEntry group = new AclEntry.Builder().setType(AclEntryType.GROUP).build();
  AclEntry namedGroup = new AclEntry.Builder().setType(AclEntryType.GROUP)
      .setName("group1").build();
  AclEntry mask = new AclEntry.Builder().setType(AclEntryType.MASK).build();
  AclEntry other = new AclEntry.Builder().setType(AclEntryType.OTHER).build();
  AclEntry defaultUser = new AclEntry.Builder()
      .setScope(AclEntryScope.DEFAULT).setType(AclEntryType.USER)
      .setName("user1").build();
  AclEntry defaultMask = new AclEntry.Builder()
      .setScope(AclEntryScope.DEFAULT).setType(AclEntryType.MASK).build();
  List<AclEntry> expectedList = new ArrayList<AclEntry>();
  expectedList.add(owner);
  expectedList.add(namedUser);
  expectedList.add(group);
  expectedList.add(namedGroup);
  expectedList.add(mask);
  expectedList.add(other);
  expectedList.add(defaultUser);
  expectedList.add(defaultMask);
  assertEquals("Parsed Acl not correct", expectedList, parsedList);
}
 
Example #22
Source File: EventTestUtils.java    From nifi with Apache License 2.0 5 votes vote down vote up
public static Event.MetadataUpdateEvent createMetadataUpdateEvent() {
    return new Event.MetadataUpdateEvent.Builder()
            .replication(0)
            .perms(new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.NONE))
            .path("/some/path/metadata")
            .ownerName("owner")
            .acls(Collections.singletonList(new AclEntry.Builder().setName("schema").setPermission(FsAction.ALL).setScope(AclEntryScope.ACCESS).setType(AclEntryType.GROUP).build()))
            .atime(new Date().getTime())
            .groupName("groupName")
            .metadataType(Event.MetadataUpdateEvent.MetadataType.ACLS)
            .mtime(1L)
            .xAttrs(Collections.singletonList(new XAttr.Builder().setName("name").setNameSpace(XAttr.NameSpace.USER).setValue(new byte[0]).build()))
            .xAttrsRemoved(false)
            .build();
}
 
Example #23
Source File: SentryAuthorizationInfoX.java    From incubator-sentry with Apache License 2.0 5 votes vote down vote up
@Override
public List<AclEntry> getAclEntries(String[] pathElements) {
  AclEntry acl = new AclEntry.Builder().setType(AclEntryType.USER).
      setPermission(FsAction.ALL).setName("user-authz").
      setScope(AclEntryScope.ACCESS).build();
  return Arrays.asList(acl);
}
 
Example #24
Source File: TestAclCommands.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test
public void testMultipleAclSpecParsingWithoutPermissions() throws Exception {
  List<AclEntry> parsedList = AclEntry.parseAclSpec(
      "user::,user:user1:,group::,group:group1:,mask::,other::,"
          + "default:user:user1::,default:mask::", false);

  AclEntry owner = new AclEntry.Builder().setType(AclEntryType.USER).build();
  AclEntry namedUser = new AclEntry.Builder().setType(AclEntryType.USER)
      .setName("user1").build();
  AclEntry group = new AclEntry.Builder().setType(AclEntryType.GROUP).build();
  AclEntry namedGroup = new AclEntry.Builder().setType(AclEntryType.GROUP)
      .setName("group1").build();
  AclEntry mask = new AclEntry.Builder().setType(AclEntryType.MASK).build();
  AclEntry other = new AclEntry.Builder().setType(AclEntryType.OTHER).build();
  AclEntry defaultUser = new AclEntry.Builder()
      .setScope(AclEntryScope.DEFAULT).setType(AclEntryType.USER)
      .setName("user1").build();
  AclEntry defaultMask = new AclEntry.Builder()
      .setScope(AclEntryScope.DEFAULT).setType(AclEntryType.MASK).build();
  List<AclEntry> expectedList = new ArrayList<AclEntry>();
  expectedList.add(owner);
  expectedList.add(namedUser);
  expectedList.add(group);
  expectedList.add(namedGroup);
  expectedList.add(mask);
  expectedList.add(other);
  expectedList.add(defaultUser);
  expectedList.add(defaultMask);
  assertEquals("Parsed Acl not correct", expectedList, parsedList);
}
 
Example #25
Source File: AclTestHelpers.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type and permission (no name).
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setPermission(permission)
    .build();
}
 
Example #26
Source File: ScopedAclEntries.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Returns the pivot point in the list between the access entries and the
 * default entries.  This is the index of the first element in the list that is
 * a default entry.
 *
 * @param aclBuilder ArrayList<AclEntry> containing entries to build
 * @return int pivot point, or -1 if list contains no default entries
 */
private static int calculatePivotOnDefaultEntries(List<AclEntry> aclBuilder) {
  for (int i = 0; i < aclBuilder.size(); ++i) {
    if (aclBuilder.get(i).getScope() == AclEntryScope.DEFAULT) {
      return i;
    }
  }
  return PIVOT_NOT_FOUND;
}
 
Example #27
Source File: FSPermissionChecker.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private void check(INodeAttributes inode, String path, FsAction access
    ) throws AccessControlException {
  if (inode == null) {
    return;
  }
  final FsPermission mode = inode.getFsPermission();
  final AclFeature aclFeature = inode.getAclFeature();
  if (aclFeature != null) {
    // It's possible that the inode has a default ACL but no access ACL.
    int firstEntry = aclFeature.getEntryAt(0);
    if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
      checkAccessAcl(inode, path, access, mode, aclFeature);
      return;
    }
  }
  if (getUser().equals(inode.getUserName())) { //user class
    if (mode.getUserAction().implies(access)) { return; }
  }
  else if (getGroups().contains(inode.getGroupName())) { //group class
    if (mode.getGroupAction().implies(access)) { return; }
  }
  else { //other class
    if (mode.getOtherAction().implies(access)) { return; }
  }
  throw new AccessControlException(
      toAccessControlString(inode, path, access, mode));
}
 
Example #28
Source File: TestDistCpWithAcls.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type, name and permission.
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param name String optional ACL entry name
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
private static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    String name, FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setName(name)
    .setPermission(permission)
    .build();
}
 
Example #29
Source File: AclTransformation.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Filters (discards) any existing ACL entries that have the same scope, type
 * and name of any entry in the ACL spec.  If necessary, recalculates the mask
 * entries.  If necessary, default entries may be inferred by copying the
 * permissions of the corresponding access entries.  It is invalid to request
 * removal of the mask entry from an ACL that would otherwise require a mask
 * entry, due to existing named entries or an unnamed group entry.
 *
 * @param existingAcl List<AclEntry> existing ACL
 * @param inAclSpec List<AclEntry> ACL spec describing entries to filter
 * @return List<AclEntry> new ACL
 * @throws AclException if validation fails
 */
public static List<AclEntry> filterAclEntriesByAclSpec(
    List<AclEntry> existingAcl, List<AclEntry> inAclSpec) throws AclException {
  ValidatedAclSpec aclSpec = new ValidatedAclSpec(inAclSpec);
  ArrayList<AclEntry> aclBuilder = Lists.newArrayListWithCapacity(MAX_ENTRIES);
  EnumMap<AclEntryScope, AclEntry> providedMask =
    Maps.newEnumMap(AclEntryScope.class);
  EnumSet<AclEntryScope> maskDirty = EnumSet.noneOf(AclEntryScope.class);
  EnumSet<AclEntryScope> scopeDirty = EnumSet.noneOf(AclEntryScope.class);
  for (AclEntry existingEntry: existingAcl) {
    if (aclSpec.containsKey(existingEntry)) {
      scopeDirty.add(existingEntry.getScope());
      if (existingEntry.getType() == MASK) {
        maskDirty.add(existingEntry.getScope());
      }
    } else {
      if (existingEntry.getType() == MASK) {
        providedMask.put(existingEntry.getScope(), existingEntry);
      } else {
        aclBuilder.add(existingEntry);
      }
    }
  }
  copyDefaultsIfNeeded(aclBuilder);
  calculateMasks(aclBuilder, providedMask, maskDirty, scopeDirty);
  return buildAndValidateAcl(aclBuilder);
}
 
Example #30
Source File: AclTestHelpers.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type, name and permission.
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param name String optional ACL entry name
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    String name, FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setName(name)
    .setPermission(permission)
    .build();
}