List of usage examples for org.apache.hadoop.fs.permission AclEntryType OTHER
AclEntryType OTHER
To view the source code for org.apache.hadoop.fs.permission AclEntryType OTHER.
Click Source Link
From source file:alluxio.underfs.hdfs.acl.SupportedHdfsAclProvider.java
License:Apache License
/** * @param aclEntry an alluxio acl entry//w ww .j a v a 2 s . com * @return hdfs acl entry type */ private AclEntryType getHdfsAclEntryType(alluxio.security.authorization.AclEntry aclEntry) throws IOException { switch (aclEntry.getType()) { case OWNING_USER: case NAMED_USER: return AclEntryType.USER; case OWNING_GROUP: case NAMED_GROUP: return AclEntryType.GROUP; case MASK: return AclEntryType.MASK; case OTHER: return AclEntryType.OTHER; default: throw new IOException("Unknown Alluxio ACL entry type: " + aclEntry.getType()); } }
From source file:alluxio.underfs.hdfs.acl.SupportedHdfsAclProvider.java
License:Apache License
/** * @param entry an hdfs acl entry//from ww w .ja v a 2 s.co m * @return alluxio acl entry type */ private alluxio.security.authorization.AclEntryType getAclEntryType(AclEntry entry) throws IOException { switch (entry.getType()) { case USER: return entry.getName() == null || entry.getName().isEmpty() ? alluxio.security.authorization.AclEntryType.OWNING_USER : alluxio.security.authorization.AclEntryType.NAMED_USER; case GROUP: return entry.getName() == null || entry.getName().isEmpty() ? alluxio.security.authorization.AclEntryType.OWNING_GROUP : alluxio.security.authorization.AclEntryType.NAMED_GROUP; case MASK: return alluxio.security.authorization.AclEntryType.MASK; case OTHER: return alluxio.security.authorization.AclEntryType.OTHER; default: throw new IOException("Unknown HDFS ACL entry type: " + entry.getType()); } }
From source file:com.thinkbiganalytics.datalake.authorization.hdfs.HDFSUtil.java
License:Apache License
/** * @param fileSystem : HDFS fileSystem object * @param path : Path on which ACL needs to be created * @param groups : List of group to which permission needs to be granted. *//*from w w w .java 2 s . c o m*/ public void listAllDirAndApplyPolicy(FileSystem fileSystem, Path path, String groups, String hdfsPermission) throws FileNotFoundException, IOException { FsAction fsActionObject = getFinalPermission(hdfsPermission); FileStatus[] fileStatus = fileSystem.listStatus(path); for (FileStatus status : fileStatus) { // Flush ACL before creating new one. flushAcl(fileSystem, status.getPath()); // Apply ACL recursively on each file/directory. if (status.isDirectory()) { String[] groupListForPermission = groups.split(","); for (int groupCounter = 0; groupCounter < groupListForPermission.length; groupCounter++) { // Create HDFS ACL for each for each Path on HDFS AclEntry aclEntryOwner = new AclEntry.Builder().setName(groupListForPermission[groupCounter]) .setPermission(fsActionObject).setScope(AclEntryScope.ACCESS) .setType(AclEntryType.GROUP).build(); AclEntry aclEntryOther = new AclEntry.Builder().setPermission(FsAction.NONE) .setScope(AclEntryScope.ACCESS).setType(AclEntryType.OTHER).build(); // Apply ACL on Path applyAcl(fileSystem, status.getPath(), aclEntryOwner); applyAcl(fileSystem, status.getPath(), aclEntryOther); } // Recursive call made to apply acl on each sub directory listAllDirAndApplyPolicy(fileSystem, status.getPath(), groups, hdfsPermission); } else { String[] groupListForPermission = groups.split(","); for (int groupCounter = 0; groupCounter < groupListForPermission.length; groupCounter++) { // Create HDFS ACL for each for each Path on HDFS AclEntry aclEntryOwner = new AclEntry.Builder().setName(groupListForPermission[groupCounter]) .setPermission(fsActionObject).setScope(AclEntryScope.ACCESS) .setType(AclEntryType.GROUP).build(); AclEntry aclEntryOther = new AclEntry.Builder().setPermission(FsAction.NONE) .setScope(AclEntryScope.ACCESS).setType(AclEntryType.OTHER).build(); // Apply ACL on Path applyAcl(fileSystem, status.getPath(), aclEntryOwner); applyAcl(fileSystem, status.getPath(), aclEntryOther); } } } }
From source file:org.apache.sentry.hdfs.TestSentryAuthorizationProvider.java
License:Apache License
@Test public void testProvider() throws Exception { admin.doAs(new PrivilegedExceptionAction<Void>() { @Override//w w w .ja va 2 s .c om public Void run() throws Exception { String sysUser = UserGroupInformation.getCurrentUser().getShortUserName(); FileSystem fs = FileSystem.get(miniDFS.getConfiguration(0)); List<AclEntry> baseAclList = new ArrayList<AclEntry>(); AclEntry.Builder builder = new AclEntry.Builder(); baseAclList.add(builder.setType(AclEntryType.USER).setScope(AclEntryScope.ACCESS).build()); baseAclList.add(builder.setType(AclEntryType.GROUP).setScope(AclEntryScope.ACCESS).build()); baseAclList.add(builder.setType(AclEntryType.OTHER).setScope(AclEntryScope.ACCESS).build()); Path path1 = new Path("/user/authz/obj/xxx"); fs.mkdirs(path1); fs.setAcl(path1, baseAclList); fs.mkdirs(new Path("/user/authz/xxx")); fs.mkdirs(new Path("/user/xxx")); // root Path path = new Path("/"); Assert.assertEquals(sysUser, fs.getFileStatus(path).getOwner()); Assert.assertEquals("supergroup", fs.getFileStatus(path).getGroup()); Assert.assertEquals(new FsPermission((short) 0755), fs.getFileStatus(path).getPermission()); Assert.assertTrue(fs.getAclStatus(path).getEntries().isEmpty()); // dir before prefixes path = new Path("/user"); Assert.assertEquals(sysUser, fs.getFileStatus(path).getOwner()); Assert.assertEquals("supergroup", fs.getFileStatus(path).getGroup()); Assert.assertEquals(new FsPermission((short) 0755), fs.getFileStatus(path).getPermission()); Assert.assertTrue(fs.getAclStatus(path).getEntries().isEmpty()); // prefix dir path = new Path("/user/authz"); Assert.assertEquals(sysUser, fs.getFileStatus(path).getOwner()); Assert.assertEquals("supergroup", fs.getFileStatus(path).getGroup()); Assert.assertEquals(new FsPermission((short) 0755), fs.getFileStatus(path).getPermission()); Assert.assertTrue(fs.getAclStatus(path).getEntries().isEmpty()); // dir inside of prefix, no obj path = new Path("/user/authz/xxx"); FileStatus status = fs.getFileStatus(path); Assert.assertEquals(sysUser, status.getOwner()); Assert.assertEquals("supergroup", status.getGroup()); Assert.assertEquals(new FsPermission((short) 0755), status.getPermission()); Assert.assertTrue(fs.getAclStatus(path).getEntries().isEmpty()); // dir inside of prefix, obj path = new Path("/user/authz/obj"); Assert.assertEquals("hive", fs.getFileStatus(path).getOwner()); Assert.assertEquals("hive", fs.getFileStatus(path).getGroup()); Assert.assertEquals(new FsPermission((short) 0770), fs.getFileStatus(path).getPermission()); Assert.assertFalse(fs.getAclStatus(path).getEntries().isEmpty()); List<AclEntry> acls = new ArrayList<AclEntry>(); acls.add(new AclEntry.Builder().setName(sysUser).setType(AclEntryType.USER) .setScope(AclEntryScope.ACCESS).setPermission(FsAction.ALL).build()); acls.add(new AclEntry.Builder().setName("supergroup").setType(AclEntryType.GROUP) .setScope(AclEntryScope.ACCESS).setPermission(FsAction.READ_EXECUTE).build()); acls.add(new AclEntry.Builder().setName("user-authz").setType(AclEntryType.USER) .setScope(AclEntryScope.ACCESS).setPermission(FsAction.ALL).build()); Assert.assertEquals(new LinkedHashSet<AclEntry>(acls), new LinkedHashSet<AclEntry>(fs.getAclStatus(path).getEntries())); // dir inside of prefix, inside of obj path = new Path("/user/authz/obj/xxx"); Assert.assertEquals("hive", fs.getFileStatus(path).getOwner()); Assert.assertEquals("hive", fs.getFileStatus(path).getGroup()); Assert.assertEquals(new FsPermission((short) 0770), fs.getFileStatus(path).getPermission()); Assert.assertFalse(fs.getAclStatus(path).getEntries().isEmpty()); Path path2 = new Path("/user/authz/obj/path2"); fs.mkdirs(path2); fs.setAcl(path2, baseAclList); // dir outside of prefix path = new Path("/user/xxx"); Assert.assertEquals(sysUser, fs.getFileStatus(path).getOwner()); Assert.assertEquals("supergroup", fs.getFileStatus(path).getGroup()); Assert.assertEquals(new FsPermission((short) 0755), fs.getFileStatus(path).getPermission()); Assert.assertTrue(fs.getAclStatus(path).getEntries().isEmpty()); return null; } }); }
From source file:org.apache.sentry.hdfs.TestSentryINodeAttributesProvider.java
License:Apache License
@Test public void testProvider() throws Exception { admin.doAs(new PrivilegedExceptionAction<Void>() { @Override/*from w w w. ja v a 2s.c o m*/ public Void run() throws Exception { String sysUser = UserGroupInformation.getCurrentUser().getShortUserName(); FileSystem fs = FileSystem.get(miniDFS.getConfiguration(0)); List<AclEntry> baseAclList = new ArrayList<AclEntry>(); AclEntry.Builder builder = new AclEntry.Builder(); baseAclList.add(builder.setType(AclEntryType.USER).setScope(AclEntryScope.ACCESS).build()); baseAclList.add(builder.setType(AclEntryType.GROUP).setScope(AclEntryScope.ACCESS).build()); baseAclList.add(builder.setType(AclEntryType.OTHER).setScope(AclEntryScope.ACCESS).build()); Path path1 = new Path("/user/authz/obj/xxx"); fs.mkdirs(path1); fs.setAcl(path1, baseAclList); fs.mkdirs(new Path("/user/authz/xxx")); fs.mkdirs(new Path("/user/xxx")); // root Path path = new Path("/"); Assert.assertEquals(sysUser, fs.getFileStatus(path).getOwner()); Assert.assertEquals("supergroup", fs.getFileStatus(path).getGroup()); Assert.assertEquals(new FsPermission((short) 0755), fs.getFileStatus(path).getPermission()); Assert.assertTrue(fs.getAclStatus(path).getEntries().isEmpty()); // dir before prefixes path = new Path("/user"); Assert.assertEquals(sysUser, fs.getFileStatus(path).getOwner()); Assert.assertEquals("supergroup", fs.getFileStatus(path).getGroup()); Assert.assertEquals(new FsPermission((short) 0755), fs.getFileStatus(path).getPermission()); Assert.assertTrue(fs.getAclStatus(path).getEntries().isEmpty()); // prefix dir path = new Path("/user/authz"); Assert.assertEquals(sysUser, fs.getFileStatus(path).getOwner()); Assert.assertEquals("supergroup", fs.getFileStatus(path).getGroup()); Assert.assertEquals(new FsPermission((short) 0755), fs.getFileStatus(path).getPermission()); Assert.assertTrue(fs.getAclStatus(path).getEntries().isEmpty()); // dir inside of prefix, no obj path = new Path("/user/authz/xxx"); FileStatus status = fs.getFileStatus(path); Assert.assertEquals(sysUser, status.getOwner()); Assert.assertEquals("supergroup", status.getGroup()); Assert.assertEquals(new FsPermission((short) 0755), status.getPermission()); Assert.assertTrue(fs.getAclStatus(path).getEntries().isEmpty()); // dir inside of prefix, obj path = new Path("/user/authz/obj"); Assert.assertEquals("hive", fs.getFileStatus(path).getOwner()); Assert.assertEquals("hive", fs.getFileStatus(path).getGroup()); Assert.assertEquals(new FsPermission((short) 0771), fs.getFileStatus(path).getPermission()); Assert.assertFalse(fs.getAclStatus(path).getEntries().isEmpty()); List<AclEntry> acls = new ArrayList<AclEntry>(); acls.add(new AclEntry.Builder().setName(sysUser).setType(AclEntryType.USER) .setScope(AclEntryScope.ACCESS).setPermission(FsAction.ALL).build()); acls.add(new AclEntry.Builder().setName("supergroup").setType(AclEntryType.GROUP) .setScope(AclEntryScope.ACCESS).setPermission(FsAction.READ_EXECUTE).build()); acls.add(new AclEntry.Builder().setName("user-authz").setType(AclEntryType.USER) .setScope(AclEntryScope.ACCESS).setPermission(FsAction.ALL).build()); Assert.assertEquals(new LinkedHashSet<AclEntry>(acls), new LinkedHashSet<AclEntry>(fs.getAclStatus(path).getEntries())); // dir inside of prefix, inside of obj path = new Path("/user/authz/obj/xxx"); Assert.assertEquals("hive", fs.getFileStatus(path).getOwner()); Assert.assertEquals("hive", fs.getFileStatus(path).getGroup()); Assert.assertEquals(new FsPermission((short) 0771), fs.getFileStatus(path).getPermission()); Assert.assertFalse(fs.getAclStatus(path).getEntries().isEmpty()); Path path2 = new Path("/user/authz/obj/path2"); fs.mkdirs(path2); fs.setAcl(path2, baseAclList); // dir outside of prefix path = new Path("/user/xxx"); Assert.assertEquals(sysUser, fs.getFileStatus(path).getOwner()); Assert.assertEquals("supergroup", fs.getFileStatus(path).getGroup()); Assert.assertEquals(new FsPermission((short) 0755), fs.getFileStatus(path).getPermission()); Assert.assertTrue(fs.getAclStatus(path).getEntries().isEmpty()); //stale and dir inside of prefix, obj System.setProperty("test.stale", "true"); path = new Path("/user/authz/xxx"); status = fs.getFileStatus(path); Assert.assertEquals(sysUser, status.getOwner()); Assert.assertEquals("supergroup", status.getGroup()); Assert.assertEquals(new FsPermission((short) 0755), status.getPermission()); Assert.assertTrue(fs.getAclStatus(path).getEntries().isEmpty()); // setPermission sets the permission for dir outside of prefix. // setUser/setGroup sets the user/group for dir outside of prefix. Path pathOutside = new Path("/user/xxx"); fs.setPermission(pathOutside, new FsPermission((short) 0000)); Assert.assertEquals(new FsPermission((short) 0000), fs.getFileStatus(pathOutside).getPermission()); fs.setOwner(pathOutside, sysUser, "supergroup"); Assert.assertEquals(sysUser, fs.getFileStatus(pathOutside).getOwner()); Assert.assertEquals("supergroup", fs.getFileStatus(pathOutside).getGroup()); // removeAcl removes the ACL entries for dir outside of prefix. List<AclEntry> aclsOutside = new ArrayList<AclEntry>(baseAclList); List<AclEntry> acl = new ArrayList<AclEntry>(); acl.add(new AclEntry.Builder().setName("supergroup").setType(AclEntryType.GROUP) .setScope(AclEntryScope.ACCESS).setPermission(FsAction.READ_EXECUTE).build()); aclsOutside.addAll(acl); fs.setAcl(pathOutside, aclsOutside); fs.removeAclEntries(pathOutside, acl); Assert.assertFalse(fs.getAclStatus(pathOutside).getEntries().containsAll(acl)); // setPermission sets the permission for dir inside of prefix but not a hive obj. // setUser/setGroup sets the user/group for dir inside of prefix but not a hive obj. Path pathInside = new Path("/user/authz/xxx"); fs.setPermission(pathInside, new FsPermission((short) 0000)); Assert.assertEquals(new FsPermission((short) 0000), fs.getFileStatus(pathInside).getPermission()); fs.setOwner(pathInside, sysUser, "supergroup"); Assert.assertEquals(sysUser, fs.getFileStatus(pathInside).getOwner()); Assert.assertEquals("supergroup", fs.getFileStatus(pathInside).getGroup()); // removeAcl is a no op for dir inside of prefix. Assert.assertTrue(fs.getAclStatus(pathInside).getEntries().isEmpty()); fs.removeAclEntries(pathInside, acl); Assert.assertTrue(fs.getAclStatus(pathInside).getEntries().isEmpty()); // setPermission/setUser/setGroup is a no op for dir inside of prefix, and is a hive obj. Path pathInsideAndHive = new Path("/user/authz/obj"); fs.setPermission(pathInsideAndHive, new FsPermission((short) 0000)); Assert.assertEquals(new FsPermission((short) 0771), fs.getFileStatus(pathInsideAndHive).getPermission()); fs.setOwner(pathInsideAndHive, sysUser, "supergroup"); Assert.assertEquals("hive", fs.getFileStatus(pathInsideAndHive).getOwner()); Assert.assertEquals("hive", fs.getFileStatus(pathInsideAndHive).getGroup()); return null; } }); }