/** * Prints a single extended ACL entry. If the mask restricts the * permissions of the entry, then also prints the restricted version as the * effective permissions. The mask applies to all named entries and also * the unnamed group entry. * @param aclStatus AclStatus for the path * @param fsPerm FsPermission for the path * @param entry AclEntry extended ACL entry to print */ private void printExtendedAclEntry(AclStatus aclStatus, FsPermission fsPerm, AclEntry entry) { if (entry.getName() != null || entry.getType() == AclEntryType.GROUP) { FsAction entryPerm = entry.getPermission(); FsAction effectivePerm = aclStatus .getEffectivePermission(entry, fsPerm); if (entryPerm != effectivePerm) { out.println(String.format("%s\t#effective:%s", entry, effectivePerm.SYMBOL)); } else { out.println(entry); } } else { out.println(entry); } }
@Test public void testMultipleAclSpecParsing() throws Exception { List<AclEntry> parsedList = AclEntry.parseAclSpec( "group::rwx,user:user1:rwx,user:user2:rw-," + "group:group1:rw-,default:group:group1:rw-", true); AclEntry basicAcl = new AclEntry.Builder().setType(AclEntryType.GROUP) .setPermission(FsAction.ALL).build(); AclEntry user1Acl = new AclEntry.Builder().setType(AclEntryType.USER) .setPermission(FsAction.ALL).setName("user1").build(); AclEntry user2Acl = new AclEntry.Builder().setType(AclEntryType.USER) .setPermission(FsAction.READ_WRITE).setName("user2").build(); AclEntry group1Acl = new AclEntry.Builder().setType(AclEntryType.GROUP) .setPermission(FsAction.READ_WRITE).setName("group1").build(); AclEntry defaultAcl = new AclEntry.Builder().setType(AclEntryType.GROUP) .setPermission(FsAction.READ_WRITE).setName("group1") .setScope(AclEntryScope.DEFAULT).build(); List<AclEntry> expectedList = new ArrayList<AclEntry>(); expectedList.add(basicAcl); expectedList.add(user1Acl); expectedList.add(user2Acl); expectedList.add(group1Acl); expectedList.add(defaultAcl); assertEquals("Parsed Acl not correct", expectedList, parsedList); }
private static List<AclEntry> readAclEntriesFromXml(Stanza st) { List<AclEntry> aclEntries = Lists.newArrayList(); if (!st.hasChildren("ENTRY")) return null; List<Stanza> stanzas = st.getChildren("ENTRY"); for (Stanza s : stanzas) { AclEntry e = new AclEntry.Builder() .setScope(AclEntryScope.valueOf(s.getValue("SCOPE"))) .setType(AclEntryType.valueOf(s.getValue("TYPE"))) .setName(s.getValueOrNull("NAME")) .setPermission(fsActionFromXml(s)).build(); aclEntries.add(e); } return aclEntries; }
@Test public void testAclEntryProto() { // All fields populated. AclEntry e1 = new AclEntry.Builder().setName("test") .setPermission(FsAction.READ_EXECUTE).setScope(AclEntryScope.DEFAULT) .setType(AclEntryType.OTHER).build(); // No name. AclEntry e2 = new AclEntry.Builder().setScope(AclEntryScope.ACCESS) .setType(AclEntryType.USER).setPermission(FsAction.ALL).build(); // No permission, which will default to the 0'th enum element. AclEntry e3 = new AclEntry.Builder().setScope(AclEntryScope.ACCESS) .setType(AclEntryType.USER).setName("test").build(); AclEntry[] expected = new AclEntry[] { e1, e2, new AclEntry.Builder() .setScope(e3.getScope()) .setType(e3.getType()) .setName(e3.getName()) .setPermission(FsAction.NONE) .build() }; AclEntry[] actual = Lists.newArrayList( PBHelper.convertAclEntry(PBHelper.convertAclEntryProto(Lists .newArrayList(e1, e2, e3)))).toArray(new AclEntry[0]); Assert.assertArrayEquals(expected, actual); }
@Test public void testAclEntryProto() { // All fields populated. AclEntry e1 = new AclEntry.Builder().setName("test") .setPermission(FsAction.READ_EXECUTE).setScope(AclEntryScope.DEFAULT) .setType(AclEntryType.OTHER).build(); // No name. AclEntry e2 = new AclEntry.Builder().setScope(AclEntryScope.ACCESS) .setType(AclEntryType.USER).setPermission(FsAction.ALL).build(); // No permission, which will default to the 0'th enum element. AclEntry e3 = new AclEntry.Builder().setScope(AclEntryScope.ACCESS) .setType(AclEntryType.USER).setName("test").build(); AclEntry[] expected = new AclEntry[] { e1, e2, new AclEntry.Builder() .setScope(e3.getScope()) .setType(e3.getType()) .setName(e3.getName()) .setPermission(FsAction.NONE) .build() }; AclEntry[] actual = Lists.newArrayList( PBHelperClient.convertAclEntry(PBHelperClient.convertAclEntryProto(Lists .newArrayList(e1, e2, e3)))).toArray(new AclEntry[0]); Assert.assertArrayEquals(expected, actual); }
/** * Prints a single extended ACL entry. If the mask restricts the * permissions of the entry, then also prints the restricted version as the * effective permissions. The mask applies to all named entries and also * the unnamed group entry. * @param aclStatus AclStatus for the path * @param fsPerm FsPermission for the path * @param entry AclEntry extended ACL entry to print */ private void printExtendedAclEntry(AclStatus aclStatus, FsPermission fsPerm, AclEntry entry) { if (entry.getName() != null || entry.getType() == AclEntryType.GROUP) { FsAction entryPerm = entry.getPermission(); FsAction effectivePerm = aclStatus .getEffectivePermission(entry, fsPerm); if (entryPerm != effectivePerm) { out.println(String.format("%s\t#effective:%s", entry, effectivePerm.SYMBOL)); } else { out.println(entry.toStringStable()); } } else { out.println(entry.toStringStable()); } }
/** * Translates the given permission bits to the equivalent minimal ACL. * * @param perm FsPermission to translate * @return List<AclEntry> containing exactly 3 entries representing the owner, * group and other permissions */ private static List<AclEntry> getMinimalAcl(FsPermission perm) { return Lists.newArrayList( new AclEntry.Builder() .setScope(AclEntryScope.ACCESS) .setType(AclEntryType.USER) .setPermission(perm.getUserAction()) .build(), new AclEntry.Builder() .setScope(AclEntryScope.ACCESS) .setType(AclEntryType.GROUP) .setPermission(perm.getGroupAction()) .build(), new AclEntry.Builder() .setScope(AclEntryScope.ACCESS) .setType(AclEntryType.OTHER) .setPermission(perm.getOtherAction()) .build()); }
private static List<AclEntry> readAclEntriesFromXml(Stanza st) { List<AclEntry> aclEntries = Lists.newArrayList(); if (!st.hasChildren("ENTRY")) return null; List<Stanza> stanzas = st.getChildren("ENTRY"); for (Stanza s : stanzas) { AclEntry e = new AclEntry.Builder() .setScope(AclEntryScope.valueOf(s.getValue("SCOPE"))) .setType(AclEntryType.valueOf(s.getValue("TYPE"))) .setName(s.getValue("NAME")) .setPermission(fsActionFromXml(s)).build(); aclEntries.add(e); } return aclEntries; }
/** * Prints a minimal ACL, consisting of exactly 3 ACL entries implied by the * permission bits. * * @param perm FsPermission of file */ private void printMinimalAcl(FsPermission perm) { out.println(new AclEntry.Builder() .setScope(AclEntryScope.ACCESS) .setType(AclEntryType.USER) .setPermission(perm.getUserAction()) .build()); out.println(new AclEntry.Builder() .setScope(AclEntryScope.ACCESS) .setType(AclEntryType.GROUP) .setPermission(perm.getGroupAction()) .build()); out.println(new AclEntry.Builder() .setScope(AclEntryScope.ACCESS) .setType(AclEntryType.OTHER) .setPermission(perm.getOtherAction()) .build()); }
private List<AclEntry> createAclEntries(String user, String group, FsPermission permission) { List<AclEntry> list = new ArrayList<AclEntry>(); AclEntry.Builder builder = new AclEntry.Builder(); FsPermission fsPerm = new FsPermission(permission); builder.setName(user); builder.setType(AclEntryType.USER); builder.setScope(AclEntryScope.ACCESS); builder.setPermission(fsPerm.getUserAction()); list.add(builder.build()); builder.setName(group); builder.setType(AclEntryType.GROUP); builder.setScope(AclEntryScope.ACCESS); builder.setPermission(fsPerm.getGroupAction()); list.add(builder.build()); builder.setName(null); return list; }
@Override public List<AclEntry> getAcls(String authzObj) { Map<String, FsAction> groupPerms = getGroupPerms(authzObj); List<AclEntry> retList = new LinkedList<AclEntry>(); for (Map.Entry<String, FsAction> groupPerm : groupPerms.entrySet()) { AclEntry.Builder builder = new AclEntry.Builder(); builder.setName(groupPerm.getKey()); builder.setType(AclEntryType.GROUP); builder.setScope(AclEntryScope.ACCESS); FsAction action = groupPerm.getValue(); if (action == FsAction.READ || action == FsAction.WRITE || action == FsAction.READ_WRITE) { action = action.or(FsAction.EXECUTE); } builder.setPermission(action); retList.add(builder.build()); } return retList; }
private Map<String, FsAction> getAcls(Path path) throws Exception { AclStatus aclStatus = miniDFS.getFileSystem().getAclStatus(path); Map<String, FsAction> acls = new HashMap<String, FsAction>(); for (AclEntry ent : aclStatus.getEntries()) { if (ent.getType().equals(AclEntryType.GROUP)) { // In case of duplicate acl exist, exception should be thrown. if (acls.containsKey(ent.getName())) { throw new SentryAlreadyExistsException("The acl " + ent.getName() + " already exists.\n"); } else { acls.put(ent.getName(), ent.getPermission()); } } } return acls; }
@Test public void testMultipleAclSpecParsingWithoutPermissions() throws Exception { List<AclEntry> parsedList = AclEntry.parseAclSpec( "user::,user:user1:,group::,group:group1:,mask::,other::," + "default:user:user1::,default:mask::", false); AclEntry owner = new AclEntry.Builder().setType(AclEntryType.USER).build(); AclEntry namedUser = new AclEntry.Builder().setType(AclEntryType.USER) .setName("user1").build(); AclEntry group = new AclEntry.Builder().setType(AclEntryType.GROUP).build(); AclEntry namedGroup = new AclEntry.Builder().setType(AclEntryType.GROUP) .setName("group1").build(); AclEntry mask = new AclEntry.Builder().setType(AclEntryType.MASK).build(); AclEntry other = new AclEntry.Builder().setType(AclEntryType.OTHER).build(); AclEntry defaultUser = new AclEntry.Builder() .setScope(AclEntryScope.DEFAULT).setType(AclEntryType.USER) .setName("user1").build(); AclEntry defaultMask = new AclEntry.Builder() .setScope(AclEntryScope.DEFAULT).setType(AclEntryType.MASK).build(); List<AclEntry> expectedList = new ArrayList<AclEntry>(); expectedList.add(owner); expectedList.add(namedUser); expectedList.add(group); expectedList.add(namedGroup); expectedList.add(mask); expectedList.add(other); expectedList.add(defaultUser); expectedList.add(defaultMask); assertEquals("Parsed Acl not correct", expectedList, parsedList); }
/** * Adds unspecified default entries by copying permissions from the * corresponding access entries. * * @param aclBuilder ArrayList<AclEntry> containing entries to build */ private static void copyDefaultsIfNeeded(List<AclEntry> aclBuilder) { Collections.sort(aclBuilder, ACL_ENTRY_COMPARATOR); ScopedAclEntries scopedEntries = new ScopedAclEntries(aclBuilder); if (!scopedEntries.getDefaultEntries().isEmpty()) { List<AclEntry> accessEntries = scopedEntries.getAccessEntries(); List<AclEntry> defaultEntries = scopedEntries.getDefaultEntries(); List<AclEntry> copiedEntries = Lists.newArrayListWithCapacity(3); for (AclEntryType type: EnumSet.of(USER, GROUP, OTHER)) { AclEntry defaultEntryKey = new AclEntry.Builder().setScope(DEFAULT) .setType(type).build(); int defaultEntryIndex = Collections.binarySearch(defaultEntries, defaultEntryKey, ACL_ENTRY_COMPARATOR); if (defaultEntryIndex < 0) { AclEntry accessEntryKey = new AclEntry.Builder().setScope(ACCESS) .setType(type).build(); int accessEntryIndex = Collections.binarySearch(accessEntries, accessEntryKey, ACL_ENTRY_COMPARATOR); if (accessEntryIndex >= 0) { copiedEntries.add(new AclEntry.Builder() .setScope(DEFAULT) .setType(type) .setPermission(accessEntries.get(accessEntryIndex).getPermission()) .build()); } } } // Add all copied entries when done to prevent potential issues with binary // search on a modified aclBulider during the main loop. aclBuilder.addAll(copiedEntries); } }
/** * Create a new AclEntry with scope, type and permission (no name). * * @param scope AclEntryScope scope of the ACL entry * @param type AclEntryType ACL entry type * @param permission FsAction set of permissions in the ACL entry * @return AclEntry new AclEntry */ public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type, FsAction permission) { return new AclEntry.Builder() .setScope(scope) .setType(type) .setPermission(permission) .build(); }
/** * Create a new AclEntry with scope, type, name and permission. * * @param scope AclEntryScope scope of the ACL entry * @param type AclEntryType ACL entry type * @param name String optional ACL entry name * @param permission FsAction set of permissions in the ACL entry * @return AclEntry new AclEntry */ public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type, String name, FsAction permission) { return new AclEntry.Builder() .setScope(scope) .setType(type) .setName(name) .setPermission(permission) .build(); }
/** * Create a new AclEntry with scope, type and name (no permission). * * @param scope AclEntryScope scope of the ACL entry * @param type AclEntryType ACL entry type * @param name String optional ACL entry name * @return AclEntry new AclEntry */ public static AclEntry aclEntry(AclEntryScope scope, AclEntryType type, String name) { return new AclEntry.Builder() .setScope(scope) .setType(type) .setName(name) .build(); }
@Test public void testAclStatusProto() { AclEntry e = new AclEntry.Builder().setName("test") .setPermission(FsAction.READ_EXECUTE).setScope(AclEntryScope.DEFAULT) .setType(AclEntryType.OTHER).build(); AclStatus s = new AclStatus.Builder().owner("foo").group("bar").addEntry(e) .build(); Assert.assertEquals(s, PBHelper.convert(PBHelper.convert(s))); }
/** * Create a new AclEntry with scope, type and permission (no name). * * @param scope AclEntryScope scope of the ACL entry * @param type AclEntryType ACL entry type * @param permission FsAction set of permissions in the ACL entry * @return AclEntry new AclEntry */ private static AclEntry aclEntry(AclEntryScope scope, AclEntryType type, FsAction permission) { return new AclEntry.Builder() .setScope(scope) .setType(type) .setPermission(permission) .build(); }
/** * Create a new AclEntry with scope, type, name and permission. * * @param scope AclEntryScope scope of the ACL entry * @param type AclEntryType ACL entry type * @param name String optional ACL entry name * @param permission FsAction set of permissions in the ACL entry * @return AclEntry new AclEntry */ private static AclEntry aclEntry(AclEntryScope scope, AclEntryType type, String name, FsAction permission) { return new AclEntry.Builder() .setScope(scope) .setType(type) .setName(name) .setPermission(permission) .build(); }
