Java Code Examples for org.apache.hadoop.fs.permission.AclEntryScope

The following examples show how to use org.apache.hadoop.fs.permission.AclEntryScope. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop   Source File: FSEditLogOp.java    License: Apache License 2.0 6 votes vote down vote up
private static List<AclEntry> readAclEntriesFromXml(Stanza st) {
  List<AclEntry> aclEntries = Lists.newArrayList();
  if (!st.hasChildren("ENTRY"))
    return null;

  List<Stanza> stanzas = st.getChildren("ENTRY");
  for (Stanza s : stanzas) {
    AclEntry e = new AclEntry.Builder()
      .setScope(AclEntryScope.valueOf(s.getValue("SCOPE")))
      .setType(AclEntryType.valueOf(s.getValue("TYPE")))
      .setName(s.getValueOrNull("NAME"))
      .setPermission(fsActionFromXml(s)).build();
    aclEntries.add(e);
  }
  return aclEntries;
}
 
Example 2
Source Project: hadoop   Source File: TestPBHelper.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testAclEntryProto() {
  // All fields populated.
  AclEntry e1 = new AclEntry.Builder().setName("test")
      .setPermission(FsAction.READ_EXECUTE).setScope(AclEntryScope.DEFAULT)
      .setType(AclEntryType.OTHER).build();
  // No name.
  AclEntry e2 = new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
      .setType(AclEntryType.USER).setPermission(FsAction.ALL).build();
  // No permission, which will default to the 0'th enum element.
  AclEntry e3 = new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
      .setType(AclEntryType.USER).setName("test").build();
  AclEntry[] expected = new AclEntry[] { e1, e2,
      new AclEntry.Builder()
          .setScope(e3.getScope())
          .setType(e3.getType())
          .setName(e3.getName())
          .setPermission(FsAction.NONE)
          .build() };
  AclEntry[] actual = Lists.newArrayList(
      PBHelper.convertAclEntry(PBHelper.convertAclEntryProto(Lists
          .newArrayList(e1, e2, e3)))).toArray(new AclEntry[0]);
  Assert.assertArrayEquals(expected, actual);
}
 
Example 3
Source Project: hadoop   Source File: TestAclCommands.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testMultipleAclSpecParsing() throws Exception {
  List<AclEntry> parsedList = AclEntry.parseAclSpec(
      "group::rwx,user:user1:rwx,user:user2:rw-,"
          + "group:group1:rw-,default:group:group1:rw-", true);

  AclEntry basicAcl = new AclEntry.Builder().setType(AclEntryType.GROUP)
      .setPermission(FsAction.ALL).build();
  AclEntry user1Acl = new AclEntry.Builder().setType(AclEntryType.USER)
      .setPermission(FsAction.ALL).setName("user1").build();
  AclEntry user2Acl = new AclEntry.Builder().setType(AclEntryType.USER)
      .setPermission(FsAction.READ_WRITE).setName("user2").build();
  AclEntry group1Acl = new AclEntry.Builder().setType(AclEntryType.GROUP)
      .setPermission(FsAction.READ_WRITE).setName("group1").build();
  AclEntry defaultAcl = new AclEntry.Builder().setType(AclEntryType.GROUP)
      .setPermission(FsAction.READ_WRITE).setName("group1")
      .setScope(AclEntryScope.DEFAULT).build();
  List<AclEntry> expectedList = new ArrayList<AclEntry>();
  expectedList.add(basicAcl);
  expectedList.add(user1Acl);
  expectedList.add(user2Acl);
  expectedList.add(group1Acl);
  expectedList.add(defaultAcl);
  assertEquals("Parsed Acl not correct", expectedList, parsedList);
}
 
Example 4
Source Project: big-c   Source File: FSEditLogOp.java    License: Apache License 2.0 6 votes vote down vote up
private static List<AclEntry> readAclEntriesFromXml(Stanza st) {
  List<AclEntry> aclEntries = Lists.newArrayList();
  if (!st.hasChildren("ENTRY"))
    return null;

  List<Stanza> stanzas = st.getChildren("ENTRY");
  for (Stanza s : stanzas) {
    AclEntry e = new AclEntry.Builder()
      .setScope(AclEntryScope.valueOf(s.getValue("SCOPE")))
      .setType(AclEntryType.valueOf(s.getValue("TYPE")))
      .setName(s.getValueOrNull("NAME"))
      .setPermission(fsActionFromXml(s)).build();
    aclEntries.add(e);
  }
  return aclEntries;
}
 
Example 5
Source Project: big-c   Source File: TestPBHelper.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testAclEntryProto() {
  // All fields populated.
  AclEntry e1 = new AclEntry.Builder().setName("test")
      .setPermission(FsAction.READ_EXECUTE).setScope(AclEntryScope.DEFAULT)
      .setType(AclEntryType.OTHER).build();
  // No name.
  AclEntry e2 = new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
      .setType(AclEntryType.USER).setPermission(FsAction.ALL).build();
  // No permission, which will default to the 0'th enum element.
  AclEntry e3 = new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
      .setType(AclEntryType.USER).setName("test").build();
  AclEntry[] expected = new AclEntry[] { e1, e2,
      new AclEntry.Builder()
          .setScope(e3.getScope())
          .setType(e3.getType())
          .setName(e3.getName())
          .setPermission(FsAction.NONE)
          .build() };
  AclEntry[] actual = Lists.newArrayList(
      PBHelper.convertAclEntry(PBHelper.convertAclEntryProto(Lists
          .newArrayList(e1, e2, e3)))).toArray(new AclEntry[0]);
  Assert.assertArrayEquals(expected, actual);
}
 
Example 6
Source Project: big-c   Source File: TestAclCommands.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testMultipleAclSpecParsing() throws Exception {
  List<AclEntry> parsedList = AclEntry.parseAclSpec(
      "group::rwx,user:user1:rwx,user:user2:rw-,"
          + "group:group1:rw-,default:group:group1:rw-", true);

  AclEntry basicAcl = new AclEntry.Builder().setType(AclEntryType.GROUP)
      .setPermission(FsAction.ALL).build();
  AclEntry user1Acl = new AclEntry.Builder().setType(AclEntryType.USER)
      .setPermission(FsAction.ALL).setName("user1").build();
  AclEntry user2Acl = new AclEntry.Builder().setType(AclEntryType.USER)
      .setPermission(FsAction.READ_WRITE).setName("user2").build();
  AclEntry group1Acl = new AclEntry.Builder().setType(AclEntryType.GROUP)
      .setPermission(FsAction.READ_WRITE).setName("group1").build();
  AclEntry defaultAcl = new AclEntry.Builder().setType(AclEntryType.GROUP)
      .setPermission(FsAction.READ_WRITE).setName("group1")
      .setScope(AclEntryScope.DEFAULT).build();
  List<AclEntry> expectedList = new ArrayList<AclEntry>();
  expectedList.add(basicAcl);
  expectedList.add(user1Acl);
  expectedList.add(user2Acl);
  expectedList.add(group1Acl);
  expectedList.add(defaultAcl);
  assertEquals("Parsed Acl not correct", expectedList, parsedList);
}
 
Example 7
static void checkUserAclEntry(FileSystem fs, Path path, String userName, boolean requireAccessAcl,
    boolean requireDefaultAcl) throws IOException {
  boolean accessAclEntry = false;
  boolean defaultAclEntry = false;
  if (fs.exists(path)) {
    for (AclEntry aclEntry : fs.getAclStatus(path).getEntries()) {
      String user = aclEntry.getName();
      if (user != null && user.equals(userName)) {
        if (aclEntry.getScope() == AclEntryScope.DEFAULT) {
          defaultAclEntry = true;
        } else if (aclEntry.getScope() == AclEntryScope.ACCESS) {
          accessAclEntry = true;
        }
      }
    }
  }
  String message = "require user: " + userName + ", path: " + path.toString() + " acl";
  assertEquals(message, requireAccessAcl, accessAclEntry);
  assertEquals(message, requireDefaultAcl, defaultAclEntry);
}
 
Example 8
private List<AclEntry> createAclEntries(String user, String group,
    FsPermission permission) {
  List<AclEntry> list = new ArrayList<AclEntry>();
  AclEntry.Builder builder = new AclEntry.Builder();
  FsPermission fsPerm = new FsPermission(permission);
  builder.setName(user);
  builder.setType(AclEntryType.USER);
  builder.setScope(AclEntryScope.ACCESS);
  builder.setPermission(fsPerm.getUserAction());
  list.add(builder.build());
  builder.setName(group);
  builder.setType(AclEntryType.GROUP);
  builder.setScope(AclEntryScope.ACCESS);
  builder.setPermission(fsPerm.getGroupAction());
  list.add(builder.build());
  builder.setName(null);
  return list;
}
 
Example 9
Source Project: incubator-sentry   Source File: SentryPermissions.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public List<AclEntry> getAcls(String authzObj) {
  Map<String, FsAction> groupPerms = getGroupPerms(authzObj);
  List<AclEntry> retList = new LinkedList<AclEntry>();
  for (Map.Entry<String, FsAction> groupPerm : groupPerms.entrySet()) {
    AclEntry.Builder builder = new AclEntry.Builder();
    builder.setName(groupPerm.getKey());
    builder.setType(AclEntryType.GROUP);
    builder.setScope(AclEntryScope.ACCESS);
    FsAction action = groupPerm.getValue();
    if (action == FsAction.READ || action == FsAction.WRITE
        || action == FsAction.READ_WRITE) {
      action = action.or(FsAction.EXECUTE);
    }
    builder.setPermission(action);
    retList.add(builder.build());
  }
  return retList;
}
 
Example 10
Source Project: localization_nifi   Source File: EventTestUtils.java    License: Apache License 2.0 5 votes vote down vote up
public static Event.MetadataUpdateEvent createMetadataUpdateEvent() {
    return new Event.MetadataUpdateEvent.Builder()
            .replication(0)
            .perms(new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.NONE))
            .path("/some/path/metadata")
            .ownerName("owner")
            .acls(Collections.singletonList(new AclEntry.Builder().setName("schema").setPermission(FsAction.ALL).setScope(AclEntryScope.ACCESS).setType(AclEntryType.GROUP).build()))
            .atime(new Date().getTime())
            .groupName("groupName")
            .metadataType(Event.MetadataUpdateEvent.MetadataType.ACLS)
            .mtime(1L)
            .xAttrs(Collections.singletonList(new XAttr.Builder().setName("name").setNameSpace(XAttr.NameSpace.USER).setValue(new byte[0]).build()))
            .xAttrsRemoved(false)
            .build();
}
 
Example 11
Source Project: hadoop   Source File: FSPermissionChecker.java    License: Apache License 2.0 5 votes vote down vote up
private void check(INodeAttributes inode, String path, FsAction access
    ) throws AccessControlException {
  if (inode == null) {
    return;
  }
  final FsPermission mode = inode.getFsPermission();
  final AclFeature aclFeature = inode.getAclFeature();
  if (aclFeature != null) {
    // It's possible that the inode has a default ACL but no access ACL.
    int firstEntry = aclFeature.getEntryAt(0);
    if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
      checkAccessAcl(inode, path, access, mode, aclFeature);
      return;
    }
  }
  if (getUser().equals(inode.getUserName())) { //user class
    if (mode.getUserAction().implies(access)) { return; }
  }
  else if (getGroups().contains(inode.getGroupName())) { //group class
    if (mode.getGroupAction().implies(access)) { return; }
  }
  else { //other class
    if (mode.getOtherAction().implies(access)) { return; }
  }
  throw new AccessControlException(
      toAccessControlString(inode, path, access, mode));
}
 
Example 12
Source Project: hadoop   Source File: AclTransformation.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Filters (discards) any existing ACL entries that have the same scope, type
 * and name of any entry in the ACL spec.  If necessary, recalculates the mask
 * entries.  If necessary, default entries may be inferred by copying the
 * permissions of the corresponding access entries.  It is invalid to request
 * removal of the mask entry from an ACL that would otherwise require a mask
 * entry, due to existing named entries or an unnamed group entry.
 *
 * @param existingAcl List<AclEntry> existing ACL
 * @param inAclSpec List<AclEntry> ACL spec describing entries to filter
 * @return List<AclEntry> new ACL
 * @throws AclException if validation fails
 */
public static List<AclEntry> filterAclEntriesByAclSpec(
    List<AclEntry> existingAcl, List<AclEntry> inAclSpec) throws AclException {
  ValidatedAclSpec aclSpec = new ValidatedAclSpec(inAclSpec);
  ArrayList<AclEntry> aclBuilder = Lists.newArrayListWithCapacity(MAX_ENTRIES);
  EnumMap<AclEntryScope, AclEntry> providedMask =
    Maps.newEnumMap(AclEntryScope.class);
  EnumSet<AclEntryScope> maskDirty = EnumSet.noneOf(AclEntryScope.class);
  EnumSet<AclEntryScope> scopeDirty = EnumSet.noneOf(AclEntryScope.class);
  for (AclEntry existingEntry: existingAcl) {
    if (aclSpec.containsKey(existingEntry)) {
      scopeDirty.add(existingEntry.getScope());
      if (existingEntry.getType() == MASK) {
        maskDirty.add(existingEntry.getScope());
      }
    } else {
      if (existingEntry.getType() == MASK) {
        providedMask.put(existingEntry.getScope(), existingEntry);
      } else {
        aclBuilder.add(existingEntry);
      }
    }
  }
  copyDefaultsIfNeeded(aclBuilder);
  calculateMasks(aclBuilder, providedMask, maskDirty, scopeDirty);
  return buildAndValidateAcl(aclBuilder);
}
 
Example 13
Source Project: hadoop   Source File: AclTransformation.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Completely replaces the ACL with the entries of the ACL spec.  If
 * necessary, recalculates the mask entries.  If necessary, default entries
 * are inferred by copying the permissions of the corresponding access
 * entries.  Replacement occurs separately for each of the access ACL and the
 * default ACL.  If the ACL spec contains only access entries, then the
 * existing default entries are retained.  If the ACL spec contains only
 * default entries, then the existing access entries are retained.  If the ACL
 * spec contains both access and default entries, then both are replaced.
 *
 * @param existingAcl List<AclEntry> existing ACL
 * @param inAclSpec List<AclEntry> ACL spec containing replacement entries
 * @return List<AclEntry> new ACL
 * @throws AclException if validation fails
 */
public static List<AclEntry> replaceAclEntries(List<AclEntry> existingAcl,
    List<AclEntry> inAclSpec) throws AclException {
  ValidatedAclSpec aclSpec = new ValidatedAclSpec(inAclSpec);
  ArrayList<AclEntry> aclBuilder = Lists.newArrayListWithCapacity(MAX_ENTRIES);
  // Replacement is done separately for each scope: access and default.
  EnumMap<AclEntryScope, AclEntry> providedMask =
    Maps.newEnumMap(AclEntryScope.class);
  EnumSet<AclEntryScope> maskDirty = EnumSet.noneOf(AclEntryScope.class);
  EnumSet<AclEntryScope> scopeDirty = EnumSet.noneOf(AclEntryScope.class);
  for (AclEntry aclSpecEntry: aclSpec) {
    scopeDirty.add(aclSpecEntry.getScope());
    if (aclSpecEntry.getType() == MASK) {
      providedMask.put(aclSpecEntry.getScope(), aclSpecEntry);
      maskDirty.add(aclSpecEntry.getScope());
    } else {
      aclBuilder.add(aclSpecEntry);
    }
  }
  // Copy existing entries if the scope was not replaced.
  for (AclEntry existingEntry: existingAcl) {
    if (!scopeDirty.contains(existingEntry.getScope())) {
      if (existingEntry.getType() == MASK) {
        providedMask.put(existingEntry.getScope(), existingEntry);
      } else {
        aclBuilder.add(existingEntry);
      }
    }
  }
  copyDefaultsIfNeeded(aclBuilder);
  calculateMasks(aclBuilder, providedMask, maskDirty, scopeDirty);
  return buildAndValidateAcl(aclBuilder);
}
 
Example 14
Source Project: hadoop   Source File: AclTestHelpers.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type and permission (no name).
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setPermission(permission)
    .build();
}
 
Example 15
Source Project: hadoop   Source File: AclTestHelpers.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type, name and permission.
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param name String optional ACL entry name
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    String name, FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setName(name)
    .setPermission(permission)
    .build();
}
 
Example 16
Source Project: hadoop   Source File: AclTestHelpers.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type and name (no permission).
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param name String optional ACL entry name
 * @return AclEntry new AclEntry
 */
public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    String name) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setName(name)
    .build();
}
 
Example 17
Source Project: hadoop   Source File: TestPBHelper.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testAclStatusProto() {
  AclEntry e = new AclEntry.Builder().setName("test")
      .setPermission(FsAction.READ_EXECUTE).setScope(AclEntryScope.DEFAULT)
      .setType(AclEntryType.OTHER).build();
  AclStatus s = new AclStatus.Builder().owner("foo").group("bar").addEntry(e)
      .build();
  Assert.assertEquals(s, PBHelper.convert(PBHelper.convert(s)));
}
 
Example 18
Source Project: hadoop   Source File: TestDistCpWithAcls.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type and permission (no name).
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
private static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setPermission(permission)
    .build();
}
 
Example 19
Source Project: hadoop   Source File: TestDistCpWithAcls.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type, name and permission.
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param name String optional ACL entry name
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
private static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    String name, FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setName(name)
    .setPermission(permission)
    .build();
}
 
Example 20
Source Project: hadoop   Source File: ScopedAclEntries.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Returns the pivot point in the list between the access entries and the
 * default entries.  This is the index of the first element in the list that is
 * a default entry.
 *
 * @param aclBuilder ArrayList<AclEntry> containing entries to build
 * @return int pivot point, or -1 if list contains no default entries
 */
private static int calculatePivotOnDefaultEntries(List<AclEntry> aclBuilder) {
  for (int i = 0; i < aclBuilder.size(); ++i) {
    if (aclBuilder.get(i).getScope() == AclEntryScope.DEFAULT) {
      return i;
    }
  }
  return PIVOT_NOT_FOUND;
}
 
Example 21
Source Project: hadoop   Source File: TestAclCommands.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testMultipleAclSpecParsingWithoutPermissions() throws Exception {
  List<AclEntry> parsedList = AclEntry.parseAclSpec(
      "user::,user:user1:,group::,group:group1:,mask::,other::,"
          + "default:user:user1::,default:mask::", false);

  AclEntry owner = new AclEntry.Builder().setType(AclEntryType.USER).build();
  AclEntry namedUser = new AclEntry.Builder().setType(AclEntryType.USER)
      .setName("user1").build();
  AclEntry group = new AclEntry.Builder().setType(AclEntryType.GROUP).build();
  AclEntry namedGroup = new AclEntry.Builder().setType(AclEntryType.GROUP)
      .setName("group1").build();
  AclEntry mask = new AclEntry.Builder().setType(AclEntryType.MASK).build();
  AclEntry other = new AclEntry.Builder().setType(AclEntryType.OTHER).build();
  AclEntry defaultUser = new AclEntry.Builder()
      .setScope(AclEntryScope.DEFAULT).setType(AclEntryType.USER)
      .setName("user1").build();
  AclEntry defaultMask = new AclEntry.Builder()
      .setScope(AclEntryScope.DEFAULT).setType(AclEntryType.MASK).build();
  List<AclEntry> expectedList = new ArrayList<AclEntry>();
  expectedList.add(owner);
  expectedList.add(namedUser);
  expectedList.add(group);
  expectedList.add(namedGroup);
  expectedList.add(mask);
  expectedList.add(other);
  expectedList.add(defaultUser);
  expectedList.add(defaultMask);
  assertEquals("Parsed Acl not correct", expectedList, parsedList);
}
 
Example 22
Source Project: big-c   Source File: FSPermissionChecker.java    License: Apache License 2.0 5 votes vote down vote up
private void check(INodeAttributes inode, String path, FsAction access
    ) throws AccessControlException {
  if (inode == null) {
    return;
  }
  final FsPermission mode = inode.getFsPermission();
  final AclFeature aclFeature = inode.getAclFeature();
  if (aclFeature != null) {
    // It's possible that the inode has a default ACL but no access ACL.
    int firstEntry = aclFeature.getEntryAt(0);
    if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
      checkAccessAcl(inode, path, access, mode, aclFeature);
      return;
    }
  }
  if (getUser().equals(inode.getUserName())) { //user class
    if (mode.getUserAction().implies(access)) { return; }
  }
  else if (getGroups().contains(inode.getGroupName())) { //group class
    if (mode.getGroupAction().implies(access)) { return; }
  }
  else { //other class
    if (mode.getOtherAction().implies(access)) { return; }
  }
  throw new AccessControlException(
      toAccessControlString(inode, path, access, mode));
}
 
Example 23
Source Project: big-c   Source File: AclTransformation.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Filters (discards) any existing ACL entries that have the same scope, type
 * and name of any entry in the ACL spec.  If necessary, recalculates the mask
 * entries.  If necessary, default entries may be inferred by copying the
 * permissions of the corresponding access entries.  It is invalid to request
 * removal of the mask entry from an ACL that would otherwise require a mask
 * entry, due to existing named entries or an unnamed group entry.
 *
 * @param existingAcl List<AclEntry> existing ACL
 * @param inAclSpec List<AclEntry> ACL spec describing entries to filter
 * @return List<AclEntry> new ACL
 * @throws AclException if validation fails
 */
public static List<AclEntry> filterAclEntriesByAclSpec(
    List<AclEntry> existingAcl, List<AclEntry> inAclSpec) throws AclException {
  ValidatedAclSpec aclSpec = new ValidatedAclSpec(inAclSpec);
  ArrayList<AclEntry> aclBuilder = Lists.newArrayListWithCapacity(MAX_ENTRIES);
  EnumMap<AclEntryScope, AclEntry> providedMask =
    Maps.newEnumMap(AclEntryScope.class);
  EnumSet<AclEntryScope> maskDirty = EnumSet.noneOf(AclEntryScope.class);
  EnumSet<AclEntryScope> scopeDirty = EnumSet.noneOf(AclEntryScope.class);
  for (AclEntry existingEntry: existingAcl) {
    if (aclSpec.containsKey(existingEntry)) {
      scopeDirty.add(existingEntry.getScope());
      if (existingEntry.getType() == MASK) {
        maskDirty.add(existingEntry.getScope());
      }
    } else {
      if (existingEntry.getType() == MASK) {
        providedMask.put(existingEntry.getScope(), existingEntry);
      } else {
        aclBuilder.add(existingEntry);
      }
    }
  }
  copyDefaultsIfNeeded(aclBuilder);
  calculateMasks(aclBuilder, providedMask, maskDirty, scopeDirty);
  return buildAndValidateAcl(aclBuilder);
}
 
Example 24
Source Project: big-c   Source File: AclTransformation.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Completely replaces the ACL with the entries of the ACL spec.  If
 * necessary, recalculates the mask entries.  If necessary, default entries
 * are inferred by copying the permissions of the corresponding access
 * entries.  Replacement occurs separately for each of the access ACL and the
 * default ACL.  If the ACL spec contains only access entries, then the
 * existing default entries are retained.  If the ACL spec contains only
 * default entries, then the existing access entries are retained.  If the ACL
 * spec contains both access and default entries, then both are replaced.
 *
 * @param existingAcl List<AclEntry> existing ACL
 * @param inAclSpec List<AclEntry> ACL spec containing replacement entries
 * @return List<AclEntry> new ACL
 * @throws AclException if validation fails
 */
public static List<AclEntry> replaceAclEntries(List<AclEntry> existingAcl,
    List<AclEntry> inAclSpec) throws AclException {
  ValidatedAclSpec aclSpec = new ValidatedAclSpec(inAclSpec);
  ArrayList<AclEntry> aclBuilder = Lists.newArrayListWithCapacity(MAX_ENTRIES);
  // Replacement is done separately for each scope: access and default.
  EnumMap<AclEntryScope, AclEntry> providedMask =
    Maps.newEnumMap(AclEntryScope.class);
  EnumSet<AclEntryScope> maskDirty = EnumSet.noneOf(AclEntryScope.class);
  EnumSet<AclEntryScope> scopeDirty = EnumSet.noneOf(AclEntryScope.class);
  for (AclEntry aclSpecEntry: aclSpec) {
    scopeDirty.add(aclSpecEntry.getScope());
    if (aclSpecEntry.getType() == MASK) {
      providedMask.put(aclSpecEntry.getScope(), aclSpecEntry);
      maskDirty.add(aclSpecEntry.getScope());
    } else {
      aclBuilder.add(aclSpecEntry);
    }
  }
  // Copy existing entries if the scope was not replaced.
  for (AclEntry existingEntry: existingAcl) {
    if (!scopeDirty.contains(existingEntry.getScope())) {
      if (existingEntry.getType() == MASK) {
        providedMask.put(existingEntry.getScope(), existingEntry);
      } else {
        aclBuilder.add(existingEntry);
      }
    }
  }
  copyDefaultsIfNeeded(aclBuilder);
  calculateMasks(aclBuilder, providedMask, maskDirty, scopeDirty);
  return buildAndValidateAcl(aclBuilder);
}
 
Example 25
Source Project: big-c   Source File: AclTestHelpers.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type and permission (no name).
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setPermission(permission)
    .build();
}
 
Example 26
Source Project: big-c   Source File: AclTestHelpers.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type, name and permission.
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param name String optional ACL entry name
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    String name, FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setName(name)
    .setPermission(permission)
    .build();
}
 
Example 27
Source Project: big-c   Source File: AclTestHelpers.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type and name (no permission).
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param name String optional ACL entry name
 * @return AclEntry new AclEntry
 */
public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    String name) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setName(name)
    .build();
}
 
Example 28
Source Project: big-c   Source File: TestPBHelper.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testAclStatusProto() {
  AclEntry e = new AclEntry.Builder().setName("test")
      .setPermission(FsAction.READ_EXECUTE).setScope(AclEntryScope.DEFAULT)
      .setType(AclEntryType.OTHER).build();
  AclStatus s = new AclStatus.Builder().owner("foo").group("bar").addEntry(e)
      .build();
  Assert.assertEquals(s, PBHelper.convert(PBHelper.convert(s)));
}
 
Example 29
Source Project: big-c   Source File: TestDistCpWithAcls.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type and permission (no name).
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
private static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setPermission(permission)
    .build();
}
 
Example 30
Source Project: big-c   Source File: TestDistCpWithAcls.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a new AclEntry with scope, type, name and permission.
 *
 * @param scope AclEntryScope scope of the ACL entry
 * @param type AclEntryType ACL entry type
 * @param name String optional ACL entry name
 * @param permission FsAction set of permissions in the ACL entry
 * @return AclEntry new AclEntry
 */
private static AclEntry aclEntry(AclEntryScope scope, AclEntryType type,
    String name, FsAction permission) {
  return new AclEntry.Builder()
    .setScope(scope)
    .setType(type)
    .setName(name)
    .setPermission(permission)
    .build();
}