public AccessControl deepCopy() { return new AccessControl(this); }
/** * Performs a deep copy on <i>other</i>. */ public SettableBlobMeta(SettableBlobMeta other) { __isset_bitfield = other.__isset_bitfield; if (other.is_set_acl()) { java.util.List<AccessControl> __this__acl = new java.util.ArrayList<AccessControl>(other.acl.size()); for (AccessControl other_element : other.acl) { __this__acl.add(new AccessControl(other_element)); } this.acl = __this__acl; } this.replication_factor = other.replication_factor; }
private void fixEmptyNameACLForUsers(List<AccessControl> acls, Set<String> users, int mask) { List<AccessControl> aclsToAdd = new ArrayList<>(); List<AccessControl> aclsToRemove = new ArrayList<>(); for (AccessControl control : acls) { if (control.get_type() == AccessControlType.USER && !control.is_set_name()) { aclsToRemove.add(control); int currentAccess = control.get_access(); if ((currentAccess & mask) != mask) { control.set_access(currentAccess | mask); } for (String user : users) { AccessControl copiedControl = new AccessControl(control); copiedControl.set_name(user); aclsToAdd.add(copiedControl); } } } acls.removeAll(aclsToRemove); acls.addAll(aclsToAdd); }
acls.add(new AccessControl(AccessControlType.USER, BlobStoreAclHandler.READ | BlobStoreAclHandler.WRITE | BlobStoreAclHandler.ADMIN)); acls.add(new AccessControl(AccessControlType.OTHER, BlobStoreAclHandler.READ));
private void fixACLsForUser(List<AccessControl> acls, String user, int mask) { boolean foundUserACL = false; List<AccessControl> emptyUserACLs = new ArrayList<>(); for (AccessControl control : acls) { if (control.get_type() == AccessControlType.USER) { if (!control.is_set_name()) { emptyUserACLs.add(control); } else if (control.get_name().equals(user)) { int currentAccess = control.get_access(); if ((currentAccess & mask) != mask) { control.set_access(currentAccess | mask); } foundUserACL = true; } } } // if ACLs have two user ACLs for empty user and principal, discard empty user ACL if (!emptyUserACLs.isEmpty() && foundUserACL) { acls.removeAll(emptyUserACLs); } // add default user ACL when only empty user ACL is not present if (emptyUserACLs.isEmpty() && !foundUserACL) { AccessControl userACL = new AccessControl(); userACL.set_type(AccessControlType.USER); userACL.set_name(user); userACL.set_access(mask); acls.add(userACL); } }
@Override public void read(org.apache.storm.thrift.protocol.TProtocol prot, SettableBlobMeta struct) throws org.apache.storm.thrift.TException { org.apache.storm.thrift.protocol.TTupleProtocol iprot = (org.apache.storm.thrift.protocol.TTupleProtocol) prot; { org.apache.storm.thrift.protocol.TList _list611 = new org.apache.storm.thrift.protocol.TList(org.apache.storm.thrift.protocol.TType.STRUCT, iprot.readI32()); struct.acl = new java.util.ArrayList<AccessControl>(_list611.size); AccessControl _elem612; for (int _i613 = 0; _i613 < _list611.size; ++_i613) { _elem612 = new AccessControl(); _elem612.read(iprot); struct.acl.add(_elem612); } } struct.set_acl_isSet(true); java.util.BitSet incoming = iprot.readBitSet(1); if (incoming.get(0)) { struct.replication_factor = iprot.readI32(); struct.set_replication_factor_isSet(true); } } }
public static AccessControl parseAccessControl(String str) { String[] parts = str.split(":"); String type = "other"; String name = ""; String access = "-"; if (parts.length > 3) { throw new IllegalArgumentException("Don't know how to parse " + str + " into an ACL value"); } else if (parts.length == 1) { type = "other"; name = ""; access = parts[0]; } else if (parts.length == 2) { type = "user"; name = parts[0]; access = parts[1]; } else if (parts.length == 3) { type = parts[0]; name = parts[1]; access = parts[2]; } AccessControl ret = new AccessControl(); ret.set_type(parseACLType(type)); ret.set_name(name); ret.set_access(parseAccess(access)); return ret; }
assertTrue(actualAcls.contains(new AccessControl(AccessControlType.USER, BlobStoreAclHandler.READ | BlobStoreAclHandler.WRITE | BlobStoreAclHandler.ADMIN))); assertTrue(actualAcls.contains(new AccessControl(AccessControlType.OTHER, BlobStoreAclHandler.READ)));
@Test(expected = AuthorizationException.class) public void testFailAcls() throws Exception { Map<String, Object> conf = new HashMap(); // set clean time really high so doesn't kick in conf.put(DaemonConfig.SUPERVISOR_LOCALIZER_CACHE_CLEANUP_INTERVAL_MS, 60 * 60 * 1000); // enable blobstore acl validation conf.put(Config.STORM_BLOBSTORE_ACL_VALIDATION_ENABLED, true); String topo1 = "topo1"; String key1 = "key1"; TestLocalizer localizer = new TestLocalizer(conf, baseDir.toString()); ReadableBlobMeta rbm = new ReadableBlobMeta(); // set acl so user doesn't have read access AccessControl acl = new AccessControl(AccessControlType.USER, BlobStoreAclHandler.ADMIN); acl.set_name(user1); rbm.set_settable(new SettableBlobMeta(Arrays.asList(acl))); when(mockblobstore.getBlobMeta(anyString())).thenReturn(rbm); when(mockblobstore.getBlob(key1)).thenReturn(new TestInputStreamWithMeta(1)); File user1Dir = localizer.getLocalUserFileCacheDir(user1); assertTrue("failed to create user dir", user1Dir.mkdirs()); LocalAssignment topo1Assignment = new LocalAssignment(topo1, Collections.emptyList()); topo1Assignment.set_owner(user1); PortAndAssignment topo1Pna = new PortAndAssignmentImpl(1, topo1Assignment); // This should throw AuthorizationException because auth failed localizer.getBlob(new LocalResource(key1, false, false), topo1Pna, null); }
for (int _i608 = 0; _i608 < _list606.size; ++_i608) _elem607 = new AccessControl(); _elem607.read(iprot); struct.acl.add(_elem607);
String adminSubject = "adminSubject"; Subject who = getSubject(createSubject); AccessControl writeAccess = new AccessControl(AccessControlType.USER, READ); AccessControl adminAccess = new AccessControl(AccessControlType.USER, ADMIN); writeAccess.set_name(writeSubject); adminAccess.set_name(adminSubject);
public AccessControl deepCopy() { return new AccessControl(this); }
/** * Performs a deep copy on <i>other</i>. */ public SettableBlobMeta(SettableBlobMeta other) { __isset_bitfield = other.__isset_bitfield; if (other.is_set_acl()) { List<AccessControl> __this__acl = new ArrayList<AccessControl>(other.acl.size()); for (AccessControl other_element : other.acl) { __this__acl.add(new AccessControl(other_element)); } this.acl = __this__acl; } this.replication_factor = other.replication_factor; }
private boolean uploadDependencyToBlobStore(String key, File dependency) throws KeyAlreadyExistsException, AuthorizationException, IOException { boolean uploadNew = false; try { // FIXME: we can filter by listKeys() with local blobstore when STORM-1986 is going to be resolved // as a workaround, we call getBlobMeta() for all keys getBlobStore().getBlobMeta(key); } catch (KeyNotFoundException e) { // set acl to below so that it can be shared by other users as well, but allows only read List<AccessControl> acls = new ArrayList<>(); acls.add(new AccessControl(AccessControlType.USER, BlobStoreAclHandler.READ | BlobStoreAclHandler.WRITE | BlobStoreAclHandler.ADMIN)); acls.add(new AccessControl(AccessControlType.OTHER, BlobStoreAclHandler.READ)); AtomicOutputStream blob = getBlobStore().createBlob(key, new SettableBlobMeta(acls)); Files.copy(dependency.toPath(), blob); blob.close(); uploadNew = true; } return uploadNew; }
private void fixEmptyNameACLForUsers(List<AccessControl> acls, Set<String> users, int mask) { List<AccessControl> aclsToAdd = new ArrayList<>(); List<AccessControl> aclsToRemove = new ArrayList<>(); for (AccessControl control : acls) { if (control.get_type() == AccessControlType.USER && !control.is_set_name()) { aclsToRemove.add(control); int currentAccess = control.get_access(); if ((currentAccess & mask) != mask) { control.set_access(currentAccess | mask); } for (String user : users) { AccessControl copiedControl = new AccessControl(control); copiedControl.set_name(user); aclsToAdd.add(copiedControl); } } } acls.removeAll(aclsToRemove); acls.addAll(aclsToAdd); }
private void fixACLsForUser(List<AccessControl> acls, String user, int mask) { boolean foundUserACL = false; List<AccessControl> emptyUserACLs = new ArrayList<>(); for (AccessControl control : acls) { if (control.get_type() == AccessControlType.USER) { if (!control.is_set_name()) { emptyUserACLs.add(control); } else if (control.get_name().equals(user)) { int currentAccess = control.get_access(); if ((currentAccess & mask) != mask) { control.set_access(currentAccess | mask); } foundUserACL = true; } } } // if ACLs have two user ACLs for empty user and principal, discard empty user ACL if (!emptyUserACLs.isEmpty() && foundUserACL) { acls.removeAll(emptyUserACLs); } // add default user ACL when only empty user ACL is not present if (emptyUserACLs.isEmpty() && !foundUserACL) { AccessControl userACL = new AccessControl(); userACL.set_type(AccessControlType.USER); userACL.set_name(user); userACL.set_access(mask); acls.add(userACL); } }
public static AccessControl parseAccessControl(String str) { String[] parts = str.split(":"); String type = "other"; String name = ""; String access = "-"; if (parts.length > 3) { throw new IllegalArgumentException("Don't know how to parse "+str+" into an ACL value"); } else if (parts.length == 1) { type = "other"; name = ""; access = parts[0]; } else if (parts.length == 2) { type = "user"; name = parts[0]; access = parts[1]; } else if (parts.length == 3) { type = parts[0]; name = parts[1]; access = parts[2]; } AccessControl ret = new AccessControl(); ret.set_type(parseACLType(type)); ret.set_name(name); ret.set_access(parseAccess(access)); return ret; }
@Override public void read(org.apache.thrift.protocol.TProtocol prot, SettableBlobMeta struct) throws org.apache.thrift.TException { TTupleProtocol iprot = (TTupleProtocol) prot; { org.apache.thrift.protocol.TList _list563 = new org.apache.thrift.protocol.TList(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32()); struct.acl = new ArrayList<AccessControl>(_list563.size); AccessControl _elem564; for (int _i565 = 0; _i565 < _list563.size; ++_i565) { _elem564 = new AccessControl(); _elem564.read(iprot); struct.acl.add(_elem564); } } struct.set_acl_isSet(true); BitSet incoming = iprot.readBitSet(1); if (incoming.get(0)) { struct.replication_factor = iprot.readI32(); struct.set_replication_factor_isSet(true); } } }
for (int _i560 = 0; _i560 < _list558.size; ++_i560) _elem559 = new AccessControl(); _elem559.read(iprot); struct.acl.add(_elem559);