Root(INodeDirectory other) { // Always preserve ACL, XAttr. super(other, false, Lists.newArrayList( Iterables.filter(Arrays.asList(other.getFeatures()), new Predicate<Feature>() { @Override public boolean apply(Feature input) { if (AclFeature.class.isInstance(input) || XAttrFeature.class.isInstance(input)) { return true; } return false; } })) .toArray(new Feature[0])); }
private void deleteSnapshotWithAclAndVerify(AclFeature aclFeature, Path pathToCheckAcl, int totalAclFeatures) throws IOException { hdfs.deleteSnapshot(path, snapshotName); AclFeature afterDeleteAclFeature = FSAclBaseTest.getAclFeature( pathToCheckAcl, cluster); assertSame(aclFeature, afterDeleteAclFeature); assertEquals("Reference count should remain same" + " even after deletion of snapshot", 1, afterDeleteAclFeature.getRefCount()); hdfs.removeAcl(pathToCheckAcl); assertEquals("Reference count should be 0", 0, aclFeature.getRefCount()); assertEquals("Unique ACL features should remain same", totalAclFeatures, AclStorage.getUniqueAclFeatures().getUniqueElementsSize()); }
private void checkAndRemoveHdfsAcl(INodeAuthorizationInfo node, boolean warn) { AclFeature f = defaultAuthzProvider.getAclFeature(node, Snapshot.CURRENT_STATE_ID); if (f != null) { defaultAuthzProvider.removeAclFeature(node); } else { if (warn) { LOG.warn("### removeAclFeature is requested on {}, but it does not " + "have any acl.", node); } } }
@Override public void addAclFeature(INodeAuthorizationInfo node, AclFeature f) { // always fall through to defaultAuthZProvider, // issue warning when the path is sentry managed if (isSentryManaged(node)) { LOG.warn("### addAclFeature {} (sentry managed path) {}, update HDFS." + WARN_VISIBILITY, node.getFullPathName(), f.toString()); // For Sentry-managed path, remove ACL silently before adding new ACL checkAndRemoveHdfsAcl(node, false); } defaultAuthzProvider.addAclFeature(node, f); }
@Override public void addAclFeature(AclFeature f) { throw new UnsupportedOperationException("ACLs are not supported on symlinks"); }
Root(INodeDirectory other) { // Always preserve ACL. super(other, false, Lists.newArrayList( Iterables.filter(Arrays.asList(other.getFeatures()), AclFeature.class)) .toArray(new Feature[0])); }
@Override public AclFeature getAclFeature(INodeAuthorizationInfo node, int snapshotId) { AclFeature f = null; String[] pathElements = getPathElements(node); String p = Arrays.toString(pathElements); boolean isPrefixed = false; boolean isStale = false; boolean hasAuthzObj = false; Map<String, AclEntry> aclMap = null; if (!authzInfo.isUnderPrefix(pathElements)) { isPrefixed = false; f = defaultAuthzProvider.getAclFeature(node, snapshotId); } else if (!authzInfo.doesBelongToAuthzObject(pathElements)) { isPrefixed = true; f = defaultAuthzProvider.getAclFeature(node, snapshotId); } else { isPrefixed = true; hasAuthzObj = true; aclMap = new HashMap<String, AclEntry>(); if (originalAuthzAsAcl) { String user = defaultAuthzProvider.getUser(node, snapshotId); String group = getDefaultProviderGroup(node, snapshotId); FsPermission perm = defaultAuthzProvider.getFsPermission(node, snapshotId); addToACLMap(aclMap, createAclEntries(user, group, perm)); } else { addToACLMap(aclMap, createAclEntries(this.user, this.group, this.permission)); } if (!authzInfo.isStale()) { isStale = false; addToACLMap(aclMap, authzInfo.getAclEntries(pathElements)); f = new SentryAclFeature(ImmutableList.copyOf(aclMap.values())); } else { isStale = true; f = new SentryAclFeature(ImmutableList.copyOf(aclMap.values())); } } if (LOG.isDebugEnabled()) { LOG.debug("### getAclEntry \n[" + p + "] : [" + "isPreifxed=" + isPrefixed + ", isStale=" + isStale + ", hasAuthzObj=" + hasAuthzObj + ", origAuthzAsAcl=" + originalAuthzAsAcl + "]\n" + "[" + (aclMap == null ? "null" : aclMap) + "]\n" + "[" + (f == null ? "null" : f.getEntries()) + "]\n"); } return f; }
