Skip to content

HDDS-2181. Ozone Manager should send correct ACL type in ACL requests… #1528

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
vivekratnavel wants to merge 18 commits into from
Closed

HDDS-2181. Ozone Manager should send correct ACL type in ACL requests… #1528

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
dc9b448
HDDS-2181. Ozone Manager should send correct ACL type in ACL requests…
vivekratnavel Sep 26, 2019
3d84d0c
Fix review comments
vivekratnavel Sep 26, 2019
58eec26
Add delete acl to key rename request
vivekratnavel Sep 26, 2019
10d74f9
Merge remote-tracking branch 'upstream/trunk' into HDDS-2181
vivekratnavel Sep 27, 2019
5dc6674
Merge remote-tracking branch 'upstream/trunk' into HDDS-2181
vivekratnavel Oct 3, 2019
bd7f713
Fix acceptance tests and native authorizer
vivekratnavel Oct 3, 2019
6b0b9ef
Fix review comments
vivekratnavel Oct 4, 2019
952708e
Fix checkstyle issues
vivekratnavel Oct 4, 2019
9073b31
Fix integration test failures
vivekratnavel Oct 4, 2019
7649171
Fix unit test failures
vivekratnavel Oct 4, 2019
0f407f0
Merge remote-tracking branch 'upstream/trunk' into HDDS-2181
vivekratnavel Oct 4, 2019
720a711
Merge remote-tracking branch 'upstream/trunk' into HDDS-2181
vivekratnavel Oct 9, 2019
a69137d
Handle acl checks correctly in allocate block request
vivekratnavel Oct 9, 2019
92b7d3e
Fix unit test failures
vivekratnavel Oct 9, 2019
0873e26
Fix review comments
vivekratnavel Oct 10, 2019
50777ec
Fix acceptance test failures
vivekratnavel Oct 11, 2019
cf1ba2b
Merge remote-tracking branch 'upstream/trunk' into HDDS-2181
vivekratnavel Oct 11, 2019
6e6f952
Fix review comments
vivekratnavel Oct 11, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ...anager/src/main/java/org/apache/hadoop/ozone/om/request/bucket/OMBucketCreateRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager,
try {
// check Acl
if (ozoneManager.getAclsEnabled()) {
checkAcls(ozoneManager, OzoneObj.ResourceType.VOLUME,
checkAcls(ozoneManager, OzoneObj.ResourceType.BUCKET,
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.CREATE,
volumeName, bucketName, null);
}
Expand Down
2 changes: 1 addition & 1 deletion ...anager/src/main/java/org/apache/hadoop/ozone/om/request/bucket/OMBucketDeleteRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager,
// check Acl
if (ozoneManager.getAclsEnabled()) {
checkAcls(ozoneManager, OzoneObj.ResourceType.BUCKET,
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE,
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.DELETE,
volumeName, bucketName, null);
}

Expand Down
4 changes: 3 additions & 1 deletion ...nager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMDirectoryCreateRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
import org.apache.hadoop.ozone.om.helpers.OzoneAclUtil;
import org.apache.hadoop.ozone.om.helpers.OzoneFSUtils;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand Down Expand Up @@ -127,7 +128,8 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager,
OMClientResponse omClientResponse = null;
try {
// check Acl
checkBucketAcls(ozoneManager, volumeName, bucketName, keyName);
checkKeyAcls(ozoneManager, volumeName, bucketName, keyName,
IAccessAuthorizer.ACLType.CREATE);

// Check if this is the root of the filesystem.
if (keyName.length() == 0) {
Expand Down
4 changes: 3 additions & 1 deletion ...ne-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMFileCreateRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand Down Expand Up @@ -177,7 +178,8 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager,
OMClientResponse omClientResponse = null;
try {
// check Acl
checkBucketAcls(ozoneManager, volumeName, bucketName, keyName);
checkKeyAcls(ozoneManager, volumeName, bucketName, keyName,
IAccessAuthorizer.ACLType.CREATE);

// acquire lock
acquiredLock = omMetadataManager.getLock().acquireLock(BUCKET_LOCK,
Expand Down
4 changes: 3 additions & 1 deletion ...-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMAllocateBlockRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.apache.hadoop.util.Time;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
Expand Down Expand Up @@ -169,7 +170,8 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager,
OmKeyInfo omKeyInfo = null;
try {
// check Acl
checkBucketAcls(ozoneManager, volumeName, bucketName, keyName);
checkKeyAcls(ozoneManager, volumeName, bucketName, keyName,
IAccessAuthorizer.ACLType.WRITE);

OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
validateBucketAndVolume(omMetadataManager, volumeName,
Expand Down
4 changes: 3 additions & 1 deletion ...zone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCommitRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand Down Expand Up @@ -115,7 +116,8 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager,
OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
try {
// check Acl
checkBucketAcls(ozoneManager, volumeName, bucketName, keyName);
checkKeyAcls(ozoneManager, volumeName, bucketName, keyName,
IAccessAuthorizer.ACLType.WRITE);

List<OmKeyLocationInfo> locationInfoList = commitKeyArgs
.getKeyLocationsList().stream()
Expand Down
4 changes: 3 additions & 1 deletion ...zone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCreateRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand Down Expand Up @@ -162,7 +163,8 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager,
OMClientResponse omClientResponse = null;
try {
// check Acl
checkBucketAcls(ozoneManager, volumeName, bucketName, keyName);
checkKeyAcls(ozoneManager, volumeName, bucketName, keyName,
IAccessAuthorizer.ACLType.CREATE);

acquireLock = omMetadataManager.getLock().acquireLock(BUCKET_LOCK,
volumeName, bucketName);
Expand Down
4 changes: 3 additions & 1 deletion ...zone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyDeleteRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@

import com.google.common.base.Optional;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand Down Expand Up @@ -109,7 +110,8 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager,
OMClientResponse omClientResponse = null;
try {
// check Acl
checkKeyAcls(ozoneManager, volumeName, bucketName, keyName);
checkKeyAcls(ozoneManager, volumeName, bucketName, keyName,
IAccessAuthorizer.ACLType.DELETE);

String objectKey = omMetadataManager.getOzoneKey(
volumeName, bucketName, keyName);
Expand Down
4 changes: 3 additions & 1 deletion ...zone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyRenameRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand Down Expand Up @@ -118,7 +119,8 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager,
OMException.ResultCodes.INVALID_KEY_NAME);
}
// check Acl
checkKeyAcls(ozoneManager, volumeName, bucketName, fromKeyName);
checkKeyAcls(ozoneManager, volumeName, bucketName, toKeyName,
IAccessAuthorizer.ACLType.CREATE);

acquiredLock = omMetadataManager.getLock().acquireLock(BUCKET_LOCK,
volumeName, bucketName);
Expand Down
10 changes: 6 additions & 4 deletions ...zone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -507,10 +507,11 @@ private OMClientResponse createKeyErrorResponse(@Nonnull OMMetrics omMetrics,
* @throws IOException
*/
protected void checkBucketAcls(OzoneManager ozoneManager, String volume,
String bucket, String key) throws IOException {
String bucket, String key, IAccessAuthorizer.ACLType aclType)
throws IOException {
if (ozoneManager.getAclsEnabled()) {
checkAcls(ozoneManager, OzoneObj.ResourceType.BUCKET,
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE,
OzoneObj.StoreType.OZONE, aclType,
volume, bucket, key);
}
}
Expand All @@ -525,10 +526,11 @@ protected void checkBucketAcls(OzoneManager ozoneManager, String volume,
* @throws IOException
*/
protected void checkKeyAcls(OzoneManager ozoneManager, String volume,
String bucket, String key) throws IOException {
String bucket, String key, IAccessAuthorizer.ACLType aclType)
throws IOException {
if (ozoneManager.getAclsEnabled()) {
checkAcls(ozoneManager, OzoneObj.ResourceType.KEY,
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE,
OzoneObj.StoreType.OZONE, aclType,
volume, bucket, key);
}
}
Expand Down