List of usage examples for org.apache.hadoop.fs.permission FsAction or
public FsAction or(FsAction that)
From source file:de.tiqsolutions.hdfs.HadoopFileSystem.java
License:Apache License
static FsPermission fromPosixPermissions(Set<PosixFilePermission> permissions) { FsAction u = FsAction.NONE, g = FsAction.NONE, o = FsAction.NONE; for (PosixFilePermission permission : permissions) { switch (permission) { case GROUP_EXECUTE: g = g.or(FsAction.EXECUTE);//from www . j av a 2 s. c o m break; case GROUP_READ: g = g.or(FsAction.READ); break; case GROUP_WRITE: g = g.or(FsAction.WRITE); break; case OWNER_EXECUTE: u = u.or(FsAction.EXECUTE); break; case OWNER_READ: u = u.or(FsAction.READ); break; case OWNER_WRITE: u = u.or(FsAction.WRITE); break; case OTHERS_EXECUTE: o = o.or(FsAction.EXECUTE); break; case OTHERS_READ: o = o.or(FsAction.READ); break; case OTHERS_WRITE: o = o.or(FsAction.WRITE); break; default: break; } } return new FsPermission(u, g, o); }
From source file:hsyndicate.fs.SyndicateFileSystem.java
License:Apache License
private FsAction parseMode(int mode) { FsAction action = FsAction.NONE; if ((mode & 0x04) == 0x04) { action = action.or(FsAction.READ); }/* w w w . j ava 2s .c o m*/ if ((mode & 0x02) == 0x02) { action = action.or(FsAction.WRITE); } if ((mode & 0x01) == 0x01) { action = action.or(FsAction.EXECUTE); } return action; }
From source file:org.apache.sentry.hdfs.SentryPermissions.java
License:Apache License
/** * Constructs HDFS ACL's based on the permissions granted to the object directly * and inherited from the parents./*from w ww . j a v a 2 s . c o m*/ * @param authzObj Object name for which ACL are needed * @return HDFS ACL's */ @Override public List<AclEntry> getAcls(String authzObj) { Map<HdfsAclEntity, FsAction> permissions = getPerms(authzObj); List<AclEntry> retList = new LinkedList<AclEntry>(); for (Map.Entry<HdfsAclEntity, FsAction> permission : permissions.entrySet()) { AclEntry.Builder builder = new AclEntry.Builder(); if (permission.getKey().getType() == AclEntryType.GROUP) { builder.setName(permission.getKey().getValue()); builder.setType(AclEntryType.GROUP); } else if (permission.getKey().getType() == AclEntryType.USER) { builder.setName(permission.getKey().getValue()); builder.setType(AclEntryType.USER); } else { LOG.warn("Permissions for Invalid AclEntryType: %s", permission.getKey().getType()); continue; } builder.setScope(AclEntryScope.ACCESS); FsAction action = permission.getValue(); if (action == FsAction.READ || action == FsAction.WRITE || action == FsAction.READ_WRITE) { action = action.or(FsAction.EXECUTE); } builder.setPermission(action); retList.add(builder.build()); } return retList; }
From source file:org.apache.sentry.hdfs.SentryPermissions.java
License:Apache License
/** * Constructs HDFS Permissions entry based on the privileges granted. * @param privilegePrincipal Privilege Entity * @param permission Permission granted//w w w.ja va 2 s. c o m * @param perms */ private void constructHdfsPermissions(TPrivilegePrincipal privilegePrincipal, FsAction permission, Map<HdfsAclEntity, FsAction> perms) { HdfsAclEntity aclEntry; FsAction fsAction; if (privilegePrincipal.getType() == TPrivilegePrincipalType.ROLE) { RoleInfo roleInfo = roles.get(privilegePrincipal.getValue()); if (roleInfo != null) { for (String group : roleInfo.groups) { aclEntry = HdfsAclEntity.constructAclEntityForGroup(group); // fsAction is an aggregate of permissions granted to // the group on the object and it's parents. fsAction = perms.get(aclEntry); if (fsAction == null) { fsAction = FsAction.NONE; } perms.put(aclEntry, fsAction.or(permission)); } } } else if (privilegePrincipal.getType() == TPrivilegePrincipalType.USER) { aclEntry = HdfsAclEntity.constructAclEntityForUser(privilegePrincipal.getValue()); // fsAction is an aggregate of permissions granted to // the user on the object and it's parents. fsAction = perms.get(aclEntry); if (fsAction == null) { fsAction = FsAction.NONE; } perms.put(aclEntry, fsAction.or(permission)); } }
From source file:org.apache.sentry.hdfs.UpdateableAuthzPermissions.java
License:Apache License
private void applyPrivilegeUpdates(PermissionsUpdate update) { TPrivilegePrincipal addPrivEntity, delPrivEntity; for (TPrivilegeChanges pUpdate : update.getPrivilegeUpdates()) { LOG.debug("Applying privilege update on object:{} add privileges {}, delete privileges {}", pUpdate.getAuthzObj(), pUpdate.getAddPrivileges(), pUpdate.getDelPrivileges()); if (pUpdate.getAuthzObj().equals(PermissionsUpdate.RENAME_PRIVS)) { addPrivEntity = pUpdate.getAddPrivileges().keySet().iterator().next(); delPrivEntity = pUpdate.getDelPrivileges().keySet().iterator().next(); if (addPrivEntity.getType() != TPrivilegePrincipalType.AUTHZ_OBJ || delPrivEntity.getType() != TPrivilegePrincipalType.AUTHZ_OBJ) { LOG.warn(/*w ww . j av a 2 s .c o m*/ "Invalid Permission Update, Received Rename update with wrong data, (Add) Type: {}, Value:{} " + "(Del) Type: {}, Value:{}", addPrivEntity.getType(), addPrivEntity.getValue(), delPrivEntity.getType(), delPrivEntity.getValue()); continue; } String newAuthzObj = addPrivEntity.getValue(); String oldAuthzObj = delPrivEntity.getValue(); LOG.debug("Performing Rename from {} to {}", oldAuthzObj, newAuthzObj); PrivilegeInfo privilegeInfo = perms.getPrivilegeInfo(oldAuthzObj); // The privilegeInfo object can be null if no explicit Privileges // have been granted on the object. For eg. If grants have been applied on // Db, but no explicit grants on Table.. then the authzObject associated // with the table will never exist. if (privilegeInfo != null) { LOG.debug("Permission info before rename " + privilegeInfo.toString()); Map<TPrivilegePrincipal, FsAction> allPermissions = privilegeInfo.getAllPermissions(); perms.delPrivilegeInfo(oldAuthzObj); perms.removeParentChildMappings(oldAuthzObj); PrivilegeInfo newPrivilegeInfo = new PrivilegeInfo(newAuthzObj); for (Map.Entry<TPrivilegePrincipal, FsAction> e : allPermissions.entrySet()) { newPrivilegeInfo.setPermission(e.getKey(), e.getValue()); } perms.addPrivilegeInfo(newPrivilegeInfo); perms.addParentChildMappings(newAuthzObj); LOG.debug("Permission info before rename " + newPrivilegeInfo.toString()); } return; } if (pUpdate.getAuthzObj().equals(PermissionsUpdate.ALL_AUTHZ_OBJ)) { // Request to remove role from all Privileges delPrivEntity = pUpdate.getDelPrivileges().keySet().iterator().next(); for (PrivilegeInfo pInfo : perms.getAllPrivileges()) { LOG.debug("Role {} is revoked permission on {}", delPrivEntity.getValue(), pInfo.getAuthzObj()); pInfo.removePermission(delPrivEntity); } } logPermissionInfo("BEFORE-UPDATE", pUpdate.getAuthzObj()); PrivilegeInfo pInfo = perms.getPrivilegeInfo(pUpdate.getAuthzObj()); for (Map.Entry<TPrivilegePrincipal, String> aMap : pUpdate.getAddPrivileges().entrySet()) { if (pInfo == null) { pInfo = new PrivilegeInfo(pUpdate.getAuthzObj()); } FsAction fsAction = pInfo.getPermission(aMap.getKey()); if (fsAction == null) { fsAction = getFAction(aMap.getValue()); } else { fsAction = fsAction.or(getFAction(aMap.getValue())); } pInfo.setPermission(aMap.getKey(), fsAction); } if (pInfo != null) { perms.addPrivilegeInfo(pInfo); perms.addParentChildMappings(pUpdate.getAuthzObj()); for (Map.Entry<TPrivilegePrincipal, String> dMap : pUpdate.getDelPrivileges().entrySet()) { if (dMap.getKey().getValue().equals(PermissionsUpdate.ALL_PRIVS)) { // Remove all privileges perms.delPrivilegeInfo(pUpdate.getAuthzObj()); perms.removeParentChildMappings(pUpdate.getAuthzObj()); break; } List<PrivilegeInfo> parentAndChild = new ArrayList<>(); parentAndChild.add(pInfo); Set<String> children = perms.getChildren(pInfo.getAuthzObj()); if (children != null) { for (String child : children) { parentAndChild.add(perms.getPrivilegeInfo(child)); } } // recursive revoke for (PrivilegeInfo pInfo2 : parentAndChild) { FsAction fsAction = pInfo2.getPermission(dMap.getKey()); if (fsAction != null) { fsAction = fsAction.and(getFAction(dMap.getValue()).not()); if (FsAction.NONE == fsAction) { pInfo2.removePermission(dMap.getKey()); } else { pInfo2.setPermission(dMap.getKey(), fsAction); } } } } } logPermissionInfo("AFTER-UPDATE", pUpdate.getAuthzObj()); } }
From source file:org.apache.sentry.hdfs.UpdateableAuthzPermissions.java
License:Apache License
private static FsAction getFAction(String sentryPriv) { String[] strPrivs = sentryPriv.trim().split(","); FsAction retVal = FsAction.NONE; for (String strPriv : strPrivs) { FsAction action = ACTION_MAPPING.get(strPriv.toUpperCase()); if (action == null) { // Encountered a privilege that is not supported. Since we do not know what // to do with it we just drop all access. LOG.warn("Unsupported privilege {}, disabling all access", strPriv); action = FsAction.NONE;//from ww w .ja v a 2 s.com } retVal = retVal.or(action); } return retVal; }