BatchedListEntries<EncryptionZone> listEncryptionZones(long prevId) throws IOException { boolean success = false; checkSuperuserPrivilege(); checkOperation(OperationCategory.READ); readLock(); try { checkSuperuserPrivilege(); checkOperation(OperationCategory.READ); final BatchedListEntries<EncryptionZone> ret = dir.listEncryptionZones(prevId); success = true; return ret; } finally { readUnlock(); logAuditEvent(success, "listEncryptionZones", null); } }
@Override public GetEZForPathResponseProto getEZForPath( RpcController controller, GetEZForPathRequestProto req) throws ServiceException { try { GetEZForPathResponseProto.Builder builder = GetEZForPathResponseProto.newBuilder(); final EncryptionZone ret = server.getEZForPath(req.getSrc()); if (ret != null) { builder.setZone(PBHelper.convert(ret)); } return builder.build(); } catch (IOException e) { throw new ServiceException(e); } }
@Override public ListEncryptionZonesResponseProto listEncryptionZones( RpcController controller, ListEncryptionZonesRequestProto req) throws ServiceException { try { BatchedEntries<EncryptionZone> entries = server .listEncryptionZones(req.getId()); ListEncryptionZonesResponseProto.Builder builder = ListEncryptionZonesResponseProto.newBuilder(); builder.setHasMore(entries.hasMore()); for (int i=0; i<entries.size(); i++) { builder.addZones(PBHelper.convert(entries.get(i))); } return builder.build(); } catch (IOException e) { throw new ServiceException(e); } }
@Override public EncryptionZone getEZForPath(String src) throws IOException { final GetEZForPathRequestProto.Builder builder = GetEZForPathRequestProto.newBuilder(); builder.setSrc(src); final GetEZForPathRequestProto req = builder.build(); try { final EncryptionZonesProtos.GetEZForPathResponseProto response = rpcProxy.getEZForPath(null, req); if (response.hasZone()) { return PBHelper.convert(response.getZone()); } else { return null; } } catch (ServiceException e) { throw ProtobufHelper.getRemoteException(e); } }
@Override public BatchedEntries<EncryptionZone> listEncryptionZones(long id) throws IOException { final ListEncryptionZonesRequestProto req = ListEncryptionZonesRequestProto.newBuilder() .setId(id) .build(); try { EncryptionZonesProtos.ListEncryptionZonesResponseProto response = rpcProxy.listEncryptionZones(null, req); List<EncryptionZone> elements = Lists.newArrayListWithCapacity(response.getZonesCount()); for (EncryptionZoneProto p : response.getZonesList()) { elements.add(PBHelper.convert(p)); } return new BatchedListEntries<EncryptionZone>(elements, response.getHasMore()); } catch (ServiceException e) { throw ProtobufHelper.getRemoteException(e); } }
@Override public int run(Configuration conf, List<String> args) throws IOException { if (!args.isEmpty()) { System.err.println("Can't understand argument: " + args.get(0)); return 1; } final DistributedFileSystem dfs = AdminHelper.getDFS(conf); try { final TableListing listing = new TableListing.Builder() .addField("").addField("", true) .wrapWidth(AdminHelper.MAX_LINE_WIDTH).hideHeaders().build(); final RemoteIterator<EncryptionZone> it = dfs.listEncryptionZones(); while (it.hasNext()) { EncryptionZone ez = it.next(); listing.addRow(ez.getPath(), ez.getKeyName()); } System.out.println(listing.toString()); } catch (IOException e) { System.err.println(prettifyException(e)); return 2; } return 0; }
/** * Checks that an encryption zone with the specified keyName and path (if not * null) is present. * * @throws IOException if a matching zone could not be found */ public void assertZonePresent(String keyName, String path) throws IOException { final RemoteIterator<EncryptionZone> it = dfsAdmin.listEncryptionZones(); boolean match = false; while (it.hasNext()) { EncryptionZone zone = it.next(); boolean matchKey = (keyName == null); boolean matchPath = (path == null); if (keyName != null && zone.getKeyName().equals(keyName)) { matchKey = true; } if (path != null && zone.getPath().equals(path)) { matchPath = true; } if (matchKey && matchPath) { match = true; break; } } assertTrue("Did not find expected encryption zone with keyName " + keyName + " path " + path, match ); }
/** * Get the root directory of Trash for a path in HDFS. * 1. File in encryption zone returns /ez1/.Trash/username * 2. File not in encryption zone returns /users/username/.Trash * Caller appends either Current or checkpoint timestamp for trash destination * @param path the trash root of the path to be determined. * @return trash root * @throws IOException */ @Override public Path getTrashRoot(Path path) throws IOException { if ((path == null) || !dfs.isHDFSEncryptionEnabled()) { return super.getTrashRoot(path); } String absSrc = path.toUri().getPath(); EncryptionZone ez = dfs.getEZForPath(absSrc); if ((ez != null) && !ez.getPath().equals(absSrc)) { return this.makeQualified( new Path(ez.getPath() + "/" + FileSystem.TRASH_PREFIX + dfs.ugi.getShortUserName())); } else { return super.getTrashRoot(path); } }
/** * Get all the trash roots of HDFS for current user or for all the users. * 1. File deleted from non-encryption zone /user/username/.Trash * 2. File deleted from encryption zones * e.g., ez1 rooted at /ez1 has its trash root at /ez1/.Trash/$USER * @allUsers return trashRoots of all users if true, used by emptier * @return trash roots of HDFS * @throws IOException */ @Override public Collection<FileStatus> getTrashRoots(boolean allUsers) throws IOException { List<FileStatus> ret = new ArrayList<FileStatus>(); // Get normal trash roots ret.addAll(super.getTrashRoots(allUsers)); // Get EZ Trash roots final RemoteIterator<EncryptionZone> it = dfs.listEncryptionZones(); while (it.hasNext()) { Path ezTrashRoot = new Path(it.next().getPath(), FileSystem.TRASH_PREFIX); if (allUsers) { for (FileStatus candidate : listStatus(ezTrashRoot)) { if (exists(candidate.getPath())) { ret.add(candidate); } } } else { Path userTrash = new Path(ezTrashRoot, System.getProperty("user.name")); if (exists(userTrash)) { ret.add(getFileStatus(userTrash)); } } } return ret; }
@Override public EncryptionZone getEZForPath(String src) throws IOException { final GetEZForPathRequestProto.Builder builder = GetEZForPathRequestProto.newBuilder(); builder.setSrc(src); final GetEZForPathRequestProto req = builder.build(); try { final EncryptionZonesProtos.GetEZForPathResponseProto response = rpcProxy.getEZForPath(null, req); if (response.hasZone()) { return PBHelperClient.convert(response.getZone()); } else { return null; } } catch (ServiceException e) { throw ProtobufHelper.getRemoteException(e); } }
@Override public BatchedEntries<EncryptionZone> listEncryptionZones(long id) throws IOException { final ListEncryptionZonesRequestProto req = ListEncryptionZonesRequestProto.newBuilder() .setId(id) .build(); try { EncryptionZonesProtos.ListEncryptionZonesResponseProto response = rpcProxy.listEncryptionZones(null, req); List<EncryptionZone> elements = Lists.newArrayListWithCapacity(response.getZonesCount()); for (EncryptionZoneProto p : response.getZonesList()) { elements.add(PBHelperClient.convert(p)); } return new BatchedListEntries<>(elements, response.getHasMore()); } catch (ServiceException e) { throw ProtobufHelper.getRemoteException(e); } }
/** * Get the encryption zone for the specified path. * * @param srcArg the path of a file or directory to get the EZ for. * @return the EZ of the of the path or null if none. * @throws AccessControlException if the caller is not the superuser. * @throws UnresolvedLinkException if the path can't be resolved. */ EncryptionZone getEZForPath(final String srcArg) throws AccessControlException, UnresolvedLinkException, IOException { HdfsFileStatus resultingStat = null; boolean success = false; final FSPermissionChecker pc = getPermissionChecker(); checkOperation(OperationCategory.READ); readLock(); try { checkOperation(OperationCategory.READ); Entry<EncryptionZone, HdfsFileStatus> ezForPath = FSDirEncryptionZoneOp .getEZForPath(dir, srcArg, pc); success = true; resultingStat = ezForPath.getValue(); return ezForPath.getKey(); } finally { readUnlock(); logAuditEvent(success, "getEZForPath", srcArg, null, resultingStat); } }
BatchedListEntries<EncryptionZone> listEncryptionZones(long prevId) throws IOException { boolean success = false; checkSuperuserPrivilege(); checkOperation(OperationCategory.READ); readLock(); try { checkSuperuserPrivilege(); checkOperation(OperationCategory.READ); final BatchedListEntries<EncryptionZone> ret = FSDirEncryptionZoneOp.listEncryptionZones(dir, prevId); success = true; return ret; } finally { readUnlock(); logAuditEvent(success, "listEncryptionZones", null); } }
/** * Get the encryption zone for the specified path. * * @param fsd fsdirectory * @param srcArg the path of a file or directory to get the EZ for * @param pc permission checker to check fs permission * @return the EZ with file status. */ static Map.Entry<EncryptionZone, HdfsFileStatus> getEZForPath( final FSDirectory fsd, final String srcArg, final FSPermissionChecker pc) throws IOException { final byte[][] pathComponents = FSDirectory .getPathComponentsForReservedPath(srcArg); final String src; final INodesInPath iip; final EncryptionZone ret; fsd.readLock(); try { src = fsd.resolvePath(pc, srcArg, pathComponents); iip = fsd.getINodesInPath(src, true); if (iip.getLastINode() == null) { throw new FileNotFoundException("Path not found: " + iip.getPath()); } if (fsd.isPermissionEnabled()) { fsd.checkPathAccess(pc, iip, FsAction.READ); } ret = fsd.ezManager.getEZINodeForPath(iip); } finally { fsd.readUnlock(); } HdfsFileStatus auditStat = fsd.getAuditFileInfo(iip); return new AbstractMap.SimpleImmutableEntry<>(ret, auditStat); }
static EncryptionKeyInfo getEncryptionKeyInfo(FSNamesystem fsn, FSPermissionChecker pc, String src, CryptoProtocolVersion[] supportedVersions) throws IOException { byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src); FSDirectory fsd = fsn.getFSDirectory(); src = fsd.resolvePath(pc, src, pathComponents); INodesInPath iip = fsd.getINodesInPath4Write(src); // Nothing to do if the path is not within an EZ final EncryptionZone zone = FSDirEncryptionZoneOp.getEZForPath(fsd, iip); if (zone == null) { return null; } CryptoProtocolVersion protocolVersion = fsn.chooseProtocolVersion( zone, supportedVersions); CipherSuite suite = zone.getSuite(); String ezKeyName = zone.getKeyName(); Preconditions.checkNotNull(protocolVersion); Preconditions.checkNotNull(suite); Preconditions.checkArgument(!suite.equals(CipherSuite.UNKNOWN), "Chose an UNKNOWN CipherSuite!"); Preconditions.checkNotNull(ezKeyName); return new EncryptionKeyInfo(protocolVersion, suite, ezKeyName); }
@Override public GetEZForPathResponseProto getEZForPath( RpcController controller, GetEZForPathRequestProto req) throws ServiceException { try { GetEZForPathResponseProto.Builder builder = GetEZForPathResponseProto.newBuilder(); final EncryptionZone ret = server.getEZForPath(req.getSrc()); if (ret != null) { builder.setZone(PBHelperClient.convert(ret)); } return builder.build(); } catch (IOException e) { throw new ServiceException(e); } }
@Override public ListEncryptionZonesResponseProto listEncryptionZones( RpcController controller, ListEncryptionZonesRequestProto req) throws ServiceException { try { BatchedEntries<EncryptionZone> entries = server .listEncryptionZones(req.getId()); ListEncryptionZonesResponseProto.Builder builder = ListEncryptionZonesResponseProto.newBuilder(); builder.setHasMore(entries.hasMore()); for (int i=0; i<entries.size(); i++) { builder.addZones(PBHelperClient.convert(entries.get(i))); } return builder.build(); } catch (IOException e) { throw new ServiceException(e); } }
@Override public int run(Configuration conf, List<String> args) throws IOException { if (!args.isEmpty()) { System.err.println("Can't understand argument: " + args.get(0)); return 1; } final DistributedFileSystem dfs = getDFS(conf); try { final TableListing listing = new TableListing.Builder() .addField("").addField("", true) .wrapWidth(MAX_LINE_WIDTH).hideHeaders().build(); final RemoteIterator<EncryptionZone> it = dfs.listEncryptionZones(); while (it.hasNext()) { EncryptionZone ez = it.next(); listing.addRow(ez.getPath(), ez.getKeyName()); } System.out.println(listing.toString()); } catch (IOException e) { System.err.println(prettifyException(e)); return 2; } return 0; }
