@Override public void apply(FileSystem fs) throws Exception { fs.createDirectory(DIR_SET); fs.setAcl(DIR_SET, SetAclAction.MODIFY, Arrays.asList(AclEntry.fromCliString(ACL_STRING))); fs.createDirectory(DIR_ADD_REMOVE); fs.setAcl(DIR_ADD_REMOVE, SetAclAction.MODIFY, Arrays.asList(AclEntry.fromCliString(ACL_STRING))); fs.setAcl(DIR_ADD_REMOVE, SetAclAction.REMOVE, Arrays.asList(AclEntry.fromCliString(ACL_STRING))); }
/** * @param aclEntry the acl entry to convert * @return the proto representation of AclEntry instance */ public static PAclEntry toProto(AclEntry aclEntry) { PAclEntry.Builder pAclEntry = PAclEntry.newBuilder(); pAclEntry.setType(toProto(aclEntry.getType())); pAclEntry.setSubject(aclEntry.getSubject()); pAclEntry.setIsDefault(aclEntry.isDefault()); for (AclAction action : aclEntry.getActions().getActions()) { pAclEntry.addActions(toProto(action)); } return pAclEntry.build(); }
private void checkCliString(String stringEntry) { AclEntry entry = AclEntry.fromCliString(stringEntry); String toString = entry.toCliString(); Assert.assertEquals(stringEntry, toString); }
/** * Sets an entry into the access control list. * If an entry with the same type and subject already exists, overwrites the existing entry; * Otherwise, adds this new entry. * * @param entry the entry to be added or updated */ public void setEntry(AclEntry entry) { // TODO(cc): when setting non-mask entries, the mask should be dynamically updated too. switch (entry.getType()) { case NAMED_USER: mNamedUserActions.put(entry.getSubject(), entry.getActions()); return; case NAMED_GROUP: mNamedGroupActions.put(entry.getSubject(), entry.getActions()); return; case MASK: mMaskActions = entry.getActions(); return; case OWNING_USER: // fall through case OWNING_GROUP: // fall through case OTHER: throw new IllegalStateException( "Deleting base entry is not allowed. entry: " + entry); default: throw new IllegalStateException("Unknown ACL entry type: " + entry.getType()); } }
/** * Removes the specified entry. A base entry is not allowed to be removed. * * @param entry the entry to be removed */ public void removeEntry(AclEntry entry) { switch (entry.getType()) { case NAMED_USER: mNamedUserActions.remove(entry.getSubject()); return; case NAMED_GROUP: mNamedGroupActions.remove(entry.getSubject()); return; case MASK: if (hasExtended()) { throw new IllegalStateException( "Deleting the mask for extended ACLs is not allowed. entry: " + entry); } else { mMaskActions = new AclActions(); } return; case OWNING_USER: // fall through case OWNING_GROUP: // fall through case OTHER: throw new IllegalStateException( "Deleting base entry is not allowed. entry: " + entry); default: throw new IllegalStateException("Unknown ACL entry type: " + entry.getType()); } }
AccessControlList acl; if (stringEntries.size() > 0) { AclEntry aclEntry = AclEntry.fromCliString(stringEntries.get(0)); if (aclEntry.isDefault()) { acl = new DefaultAccessControlList(); } else { AclEntry aclEntry = AclEntry.fromCliString(stringEntry); acl.setEntry(aclEntry);
switch (entry.getType()) { case NAMED_USER: // fall through case NAMED_GROUP: // fall through case OWNING_USER: Mode modeOwner = new Mode(mMode); modeOwner.setOwnerBits(entry.getActions().toModeBits()); mMode = modeOwner.toShort(); return; case OWNING_GROUP: Mode modeGroup = new Mode(mMode); modeGroup.setGroupBits(entry.getActions().toModeBits()); mMode = modeGroup.toShort(); return; case OTHER: Mode modeOther = new Mode(mMode); modeOther.setOtherBits(entry.getActions().toModeBits()); mMode = modeOther.toShort(); return; default: throw new IllegalStateException("Unknown ACL entry type: " + entry.getType());
/** * Replaces all existing ACL entries with a new list of entries. * * @param entries the new list of ACL entries * @return the updated object */ public T replaceAcl(List<AclEntry> entries) { boolean clearACL = false; for (AclEntry entry : entries) { /** * if we are only setting default ACLs, we do not need to clear access ACL entries * observed same behavior on linux */ if (!entry.isDefault()) { clearACL = true; } } if (clearACL) { mAcl.clearEntries(); } return setAcl(entries); }
/** * Removes the specified entry. A base entry is not allowed to be removed. * * @param entry the entry to be removed */ public void removeEntry(AclEntry entry) { switch (entry.getType()) { case NAMED_USER: // fall through case NAMED_GROUP: // fall through case MASK: if (mExtendedEntries != null) { mExtendedEntries.removeEntry(entry); } return; case OWNING_USER: // fall through case OWNING_GROUP: // fall through case OTHER: throw new IllegalStateException( "Deleting base entry is not allowed. entry: " + entry); default: throw new IllegalStateException("Unknown ACL entry type: " + entry.getType()); } }
/** * @return the list of string entries */ public List<String> toStringEntries() { List<String> entries = new ArrayList<>(); for (AclEntry entry : getEntries()) { entries.add(entry.toCliString()); } return entries; }
/** * @return a new {@link AclEntry} * @throws IllegalStateException if type if null, or if type is either NAMED_USER or NAMED_GROUP * while subject is empty */ public AclEntry build() { if (mType == null) { throw new IllegalStateException("Type cannot be null"); } boolean subjectRequired = mType.equals(AclEntryType.NAMED_USER) || mType.equals(AclEntryType.NAMED_GROUP); if (subjectRequired && mSubject.isEmpty()) { throw new IllegalStateException("Subject for type " + mType + " cannot be empty"); } return new AclEntry(mType, mSubject, mActions, mIsDefault); } }
/** * Sets ACL entries into the internal ACL. * The entries will overwrite any existing correspondent entries in the internal ACL. * * @param entries the ACL entries * @return the updated object */ public T setAcl(List<AclEntry> entries) { if (entries == null || entries.isEmpty()) { return getThis(); } for (AclEntry entry : entries) { if (entry.isDefault()) { getDefaultACL().setEntry(entry); } else { mAcl.setEntry(entry); } } updateMask(entries); return getThis(); }
/** * @param aclEntry the acl entry * @return the proto representation of instance */ public static Acl.AclEntry toProto(AclEntry aclEntry) { Acl.AclEntry.Builder builder = Acl.AclEntry.newBuilder(); builder.setType(toProto(aclEntry.getType())); builder.setSubject(aclEntry.getSubject()); builder.setIsDefault(aclEntry.isDefault()); for (AclAction action : aclEntry.getActions().getActions()) { builder.addActions(toProto(action)); } return builder.build(); }
@Test public void inheritNonExtendedDefaultAcl() throws Exception { AlluxioURI dir = new AlluxioURI("/dir"); mFileSystemMaster.createDirectory(dir, CreateDirectoryContext.defaults()); String aclString = "default:user::-w-"; mFileSystemMaster.setAcl(dir, SetAclAction.MODIFY, Arrays.asList(AclEntry.fromCliString(aclString)), SetAclContext.defaults()); AlluxioURI inner = new AlluxioURI("/dir/inner"); mFileSystemMaster.createDirectory(inner, CreateDirectoryContext.defaults()); FileInfo fileInfo = mFileSystemMaster.getFileInfo(inner, GetStatusContext.defaults()); List<String> accessEntries = fileInfo.getAcl().toStringEntries(); assertTrue(accessEntries.toString(), accessEntries.contains("user::-w-")); List<String> defaultEntries = fileInfo.getDefaultAcl().toStringEntries(); assertTrue(defaultEntries.toString(), defaultEntries.contains(aclString)); }
/** * Removes ACL entries. * * @param entries the ACL entries to remove * @return the updated object */ public T removeAcl(List<AclEntry> entries) { for (AclEntry entry : entries) { if (entry.isDefault()) { AccessControlList defaultAcl = getDefaultACL(); defaultAcl.removeEntry(entry); } else { mAcl.removeEntry(entry); } } updateMask(entries); return getThis(); }
@Test public void inheritExtendedDefaultAcl() throws Exception { AlluxioURI dir = new AlluxioURI("/dir"); mFileSystemMaster.createDirectory(dir, CreateDirectoryContext.defaults()); String aclString = "default:user:foo:-w-"; mFileSystemMaster.setAcl(dir, SetAclAction.MODIFY, Arrays.asList(AclEntry.fromCliString(aclString)), SetAclContext.defaults()); AlluxioURI inner = new AlluxioURI("/dir/inner"); mFileSystemMaster.createDirectory(inner, CreateDirectoryContext.defaults()); FileInfo fileInfo = mFileSystemMaster.getFileInfo(inner, GetStatusContext.defaults()); List<String> accessEntries = fileInfo.getAcl().toStringEntries(); assertTrue(accessEntries.toString(), accessEntries.contains("user:foo:-w-")); List<String> defaultEntries = fileInfo.getDefaultAcl().toStringEntries(); assertTrue(defaultEntries.toString(), defaultEntries.contains(aclString)); }
/** * Tests ufs load with ACL. * Currently, it respects the ufs permissions instead of the default ACL for loadMetadata. * We may change that in the future, and change this test. * TODO(david): update this test when we respect default ACL for loadmetadata */ @Test public void loadMetadataWithACL() throws Exception { FileUtils.createDir(Paths.get(mUnderFS).resolve("a").toString()); AlluxioURI uri = new AlluxioURI("/a"); mFileSystemMaster.loadMetadata(uri, LoadMetadataContext.defaults(LoadMetadataPOptions.newBuilder().setCreateAncestors(true))); List<AclEntry> aclEntryList = new ArrayList<>(); aclEntryList.add(AclEntry.fromCliString("default:user::r-x")); mFileSystemMaster.setAcl(uri, SetAclAction.MODIFY, aclEntryList, SetAclContext.defaults()); FileInfo infoparent = mFileSystemMaster.getFileInfo(uri, GetStatusContext.defaults()); FileUtils.createFile(Paths.get(mUnderFS).resolve("a/b/file1").toString()); uri = new AlluxioURI("/a/b/file1"); mFileSystemMaster.loadMetadata(uri, LoadMetadataContext.defaults(LoadMetadataPOptions.newBuilder().setCreateAncestors(true))); FileInfo info = mFileSystemMaster.getFileInfo(uri, GetStatusContext.defaults()); Assert.assertTrue(info.convertAclToStringEntries().contains("user::r-x")); }