HADOOP-10399. FileContext API for ACLs. Contributed by Vinayakumar B.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1576124 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
5bb794566e
commit
8e68f64daa
|
@ -448,6 +448,8 @@ Release 2.4.0 - UNRELEASED
|
||||||
|
|
||||||
HADOOP-10361. Correct alignment in CLI output for ACLs. (cnauroth)
|
HADOOP-10361. Correct alignment in CLI output for ACLs. (cnauroth)
|
||||||
|
|
||||||
|
HADOOP-10399. FileContext API for ACLs. (Vinayakumar B via cnauroth)
|
||||||
|
|
||||||
Release 2.3.1 - UNRELEASED
|
Release 2.3.1 - UNRELEASED
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
|
@ -42,6 +42,8 @@ import org.apache.hadoop.fs.FileSystem.Statistics;
|
||||||
import org.apache.hadoop.fs.Options.ChecksumOpt;
|
import org.apache.hadoop.fs.Options.ChecksumOpt;
|
||||||
import org.apache.hadoop.fs.Options.CreateOpts;
|
import org.apache.hadoop.fs.Options.CreateOpts;
|
||||||
import org.apache.hadoop.fs.Options.Rename;
|
import org.apache.hadoop.fs.Options.Rename;
|
||||||
|
import org.apache.hadoop.fs.permission.AclEntry;
|
||||||
|
import org.apache.hadoop.fs.permission.AclStatus;
|
||||||
import org.apache.hadoop.fs.permission.FsPermission;
|
import org.apache.hadoop.fs.permission.FsPermission;
|
||||||
import org.apache.hadoop.fs.InvalidPathException;
|
import org.apache.hadoop.fs.InvalidPathException;
|
||||||
import org.apache.hadoop.security.AccessControlException;
|
import org.apache.hadoop.security.AccessControlException;
|
||||||
|
@ -955,7 +957,89 @@ public abstract class AbstractFileSystem {
|
||||||
public List<Token<?>> getDelegationTokens(String renewer) throws IOException {
|
public List<Token<?>> getDelegationTokens(String renewer) throws IOException {
|
||||||
return new ArrayList<Token<?>>(0);
|
return new ArrayList<Token<?>>(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Modifies ACL entries of files and directories. This method can add new ACL
|
||||||
|
* entries or modify the permissions on existing ACL entries. All existing
|
||||||
|
* ACL entries that are not specified in this call are retained without
|
||||||
|
* changes. (Modifications are merged into the current ACL.)
|
||||||
|
*
|
||||||
|
* @param path Path to modify
|
||||||
|
* @param aclSpec List<AclEntry> describing modifications
|
||||||
|
* @throws IOException if an ACL could not be modified
|
||||||
|
*/
|
||||||
|
public void modifyAclEntries(Path path, List<AclEntry> aclSpec)
|
||||||
|
throws IOException {
|
||||||
|
throw new UnsupportedOperationException(getClass().getSimpleName()
|
||||||
|
+ " doesn't support modifyAclEntries");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Removes ACL entries from files and directories. Other ACL entries are
|
||||||
|
* retained.
|
||||||
|
*
|
||||||
|
* @param path Path to modify
|
||||||
|
* @param aclSpec List<AclEntry> describing entries to remove
|
||||||
|
* @throws IOException if an ACL could not be modified
|
||||||
|
*/
|
||||||
|
public void removeAclEntries(Path path, List<AclEntry> aclSpec)
|
||||||
|
throws IOException {
|
||||||
|
throw new UnsupportedOperationException(getClass().getSimpleName()
|
||||||
|
+ " doesn't support removeAclEntries");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Removes all default ACL entries from files and directories.
|
||||||
|
*
|
||||||
|
* @param path Path to modify
|
||||||
|
* @throws IOException if an ACL could not be modified
|
||||||
|
*/
|
||||||
|
public void removeDefaultAcl(Path path)
|
||||||
|
throws IOException {
|
||||||
|
throw new UnsupportedOperationException(getClass().getSimpleName()
|
||||||
|
+ " doesn't support removeDefaultAcl");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Removes all but the base ACL entries of files and directories. The entries
|
||||||
|
* for user, group, and others are retained for compatibility with permission
|
||||||
|
* bits.
|
||||||
|
*
|
||||||
|
* @param path Path to modify
|
||||||
|
* @throws IOException if an ACL could not be removed
|
||||||
|
*/
|
||||||
|
public void removeAcl(Path path)
|
||||||
|
throws IOException {
|
||||||
|
throw new UnsupportedOperationException(getClass().getSimpleName()
|
||||||
|
+ " doesn't support removeAcl");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Fully replaces ACL of files and directories, discarding all existing
|
||||||
|
* entries.
|
||||||
|
*
|
||||||
|
* @param path Path to modify
|
||||||
|
* @param aclSpec List<AclEntry> describing modifications, must include entries
|
||||||
|
* for user, group, and others for compatibility with permission bits.
|
||||||
|
* @throws IOException if an ACL could not be modified
|
||||||
|
*/
|
||||||
|
public void setAcl(Path path, List<AclEntry> aclSpec) throws IOException {
|
||||||
|
throw new UnsupportedOperationException(getClass().getSimpleName()
|
||||||
|
+ " doesn't support setAcl");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets the ACLs of files and directories.
|
||||||
|
*
|
||||||
|
* @param path Path to get
|
||||||
|
* @return RemoteIterator<AclStatus> which returns each AclStatus
|
||||||
|
* @throws IOException if an ACL could not be read
|
||||||
|
*/
|
||||||
|
public AclStatus getAclStatus(Path path) throws IOException {
|
||||||
|
throw new UnsupportedOperationException(getClass().getSimpleName()
|
||||||
|
+ " doesn't support getAclStatus");
|
||||||
|
}
|
||||||
|
|
||||||
@Override //Object
|
@Override //Object
|
||||||
public int hashCode() {
|
public int hashCode() {
|
||||||
return myUri.hashCode();
|
return myUri.hashCode();
|
||||||
|
|
|
@ -24,7 +24,6 @@ import java.io.OutputStream;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.security.PrivilegedExceptionAction;
|
import java.security.PrivilegedExceptionAction;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
|
||||||
import java.util.EnumSet;
|
import java.util.EnumSet;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.IdentityHashMap;
|
import java.util.IdentityHashMap;
|
||||||
|
@ -43,6 +42,8 @@ import org.apache.hadoop.classification.InterfaceStability;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.fs.FileSystem.Statistics;
|
import org.apache.hadoop.fs.FileSystem.Statistics;
|
||||||
import org.apache.hadoop.fs.Options.CreateOpts;
|
import org.apache.hadoop.fs.Options.CreateOpts;
|
||||||
|
import org.apache.hadoop.fs.permission.AclEntry;
|
||||||
|
import org.apache.hadoop.fs.permission.AclStatus;
|
||||||
import org.apache.hadoop.fs.permission.FsPermission;
|
import org.apache.hadoop.fs.permission.FsPermission;
|
||||||
import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.FS_DEFAULT_NAME_KEY;
|
import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.FS_DEFAULT_NAME_KEY;
|
||||||
import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.FS_DEFAULT_NAME_DEFAULT;
|
import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.FS_DEFAULT_NAME_DEFAULT;
|
||||||
|
@ -2205,4 +2206,127 @@ public final class FileContext {
|
||||||
}
|
}
|
||||||
return tokenList;
|
return tokenList;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Modifies ACL entries of files and directories. This method can add new ACL
|
||||||
|
* entries or modify the permissions on existing ACL entries. All existing
|
||||||
|
* ACL entries that are not specified in this call are retained without
|
||||||
|
* changes. (Modifications are merged into the current ACL.)
|
||||||
|
*
|
||||||
|
* @param path Path to modify
|
||||||
|
* @param aclSpec List<AclEntry> describing modifications
|
||||||
|
* @throws IOException if an ACL could not be modified
|
||||||
|
*/
|
||||||
|
public void modifyAclEntries(final Path path, final List<AclEntry> aclSpec)
|
||||||
|
throws IOException {
|
||||||
|
Path absF = fixRelativePart(path);
|
||||||
|
new FSLinkResolver<Void>() {
|
||||||
|
@Override
|
||||||
|
public Void next(final AbstractFileSystem fs, final Path p)
|
||||||
|
throws IOException {
|
||||||
|
fs.modifyAclEntries(p, aclSpec);
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}.resolve(this, absF);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Removes ACL entries from files and directories. Other ACL entries are
|
||||||
|
* retained.
|
||||||
|
*
|
||||||
|
* @param path Path to modify
|
||||||
|
* @param aclSpec List<AclEntry> describing entries to remove
|
||||||
|
* @throws IOException if an ACL could not be modified
|
||||||
|
*/
|
||||||
|
public void removeAclEntries(final Path path, final List<AclEntry> aclSpec)
|
||||||
|
throws IOException {
|
||||||
|
Path absF = fixRelativePart(path);
|
||||||
|
new FSLinkResolver<Void>() {
|
||||||
|
@Override
|
||||||
|
public Void next(final AbstractFileSystem fs, final Path p)
|
||||||
|
throws IOException {
|
||||||
|
fs.removeAclEntries(p, aclSpec);
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}.resolve(this, absF);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Removes all default ACL entries from files and directories.
|
||||||
|
*
|
||||||
|
* @param path Path to modify
|
||||||
|
* @throws IOException if an ACL could not be modified
|
||||||
|
*/
|
||||||
|
public void removeDefaultAcl(Path path)
|
||||||
|
throws IOException {
|
||||||
|
Path absF = fixRelativePart(path);
|
||||||
|
new FSLinkResolver<Void>() {
|
||||||
|
@Override
|
||||||
|
public Void next(final AbstractFileSystem fs, final Path p)
|
||||||
|
throws IOException {
|
||||||
|
fs.removeDefaultAcl(p);
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}.resolve(this, absF);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Removes all but the base ACL entries of files and directories. The entries
|
||||||
|
* for user, group, and others are retained for compatibility with permission
|
||||||
|
* bits.
|
||||||
|
*
|
||||||
|
* @param path Path to modify
|
||||||
|
* @throws IOException if an ACL could not be removed
|
||||||
|
*/
|
||||||
|
public void removeAcl(Path path) throws IOException {
|
||||||
|
Path absF = fixRelativePart(path);
|
||||||
|
new FSLinkResolver<Void>() {
|
||||||
|
@Override
|
||||||
|
public Void next(final AbstractFileSystem fs, final Path p)
|
||||||
|
throws IOException {
|
||||||
|
fs.removeAcl(p);
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}.resolve(this, absF);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Fully replaces ACL of files and directories, discarding all existing
|
||||||
|
* entries.
|
||||||
|
*
|
||||||
|
* @param path Path to modify
|
||||||
|
* @param aclSpec List<AclEntry> describing modifications, must include entries
|
||||||
|
* for user, group, and others for compatibility with permission bits.
|
||||||
|
* @throws IOException if an ACL could not be modified
|
||||||
|
*/
|
||||||
|
public void setAcl(Path path, final List<AclEntry> aclSpec)
|
||||||
|
throws IOException {
|
||||||
|
Path absF = fixRelativePart(path);
|
||||||
|
new FSLinkResolver<Void>() {
|
||||||
|
@Override
|
||||||
|
public Void next(final AbstractFileSystem fs, final Path p)
|
||||||
|
throws IOException {
|
||||||
|
fs.setAcl(p, aclSpec);
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}.resolve(this, absF);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets the ACLs of files and directories.
|
||||||
|
*
|
||||||
|
* @param path Path to get
|
||||||
|
* @return RemoteIterator<AclStatus> which returns each AclStatus
|
||||||
|
* @throws IOException if an ACL could not be read
|
||||||
|
*/
|
||||||
|
public AclStatus getAclStatus(Path path) throws IOException {
|
||||||
|
Path absF = fixRelativePart(path);
|
||||||
|
return new FSLinkResolver<AclStatus>() {
|
||||||
|
@Override
|
||||||
|
public AclStatus next(final AbstractFileSystem fs, final Path p)
|
||||||
|
throws IOException {
|
||||||
|
return fs.getAclStatus(p);
|
||||||
|
}
|
||||||
|
}.resolve(this, absF);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,6 +26,8 @@ import java.util.List;
|
||||||
import org.apache.hadoop.classification.InterfaceAudience;
|
import org.apache.hadoop.classification.InterfaceAudience;
|
||||||
import org.apache.hadoop.classification.InterfaceStability;
|
import org.apache.hadoop.classification.InterfaceStability;
|
||||||
import org.apache.hadoop.fs.FileSystem.Statistics;
|
import org.apache.hadoop.fs.FileSystem.Statistics;
|
||||||
|
import org.apache.hadoop.fs.permission.AclEntry;
|
||||||
|
import org.apache.hadoop.fs.permission.AclStatus;
|
||||||
import org.apache.hadoop.fs.permission.FsPermission;
|
import org.apache.hadoop.fs.permission.FsPermission;
|
||||||
import org.apache.hadoop.fs.Options.ChecksumOpt;
|
import org.apache.hadoop.fs.Options.ChecksumOpt;
|
||||||
import org.apache.hadoop.security.AccessControlException;
|
import org.apache.hadoop.security.AccessControlException;
|
||||||
|
@ -283,4 +285,36 @@ public abstract class FilterFs extends AbstractFileSystem {
|
||||||
public boolean isValidName(String src) {
|
public boolean isValidName(String src) {
|
||||||
return myFs.isValidName(src);
|
return myFs.isValidName(src);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void modifyAclEntries(Path path, List<AclEntry> aclSpec)
|
||||||
|
throws IOException {
|
||||||
|
myFs.modifyAclEntries(path, aclSpec);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void removeAclEntries(Path path, List<AclEntry> aclSpec)
|
||||||
|
throws IOException {
|
||||||
|
myFs.removeAclEntries(path, aclSpec);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void removeDefaultAcl(Path path) throws IOException {
|
||||||
|
myFs.removeDefaultAcl(path);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void removeAcl(Path path) throws IOException {
|
||||||
|
myFs.removeAcl(path);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setAcl(Path path, List<AclEntry> aclSpec) throws IOException {
|
||||||
|
myFs.setAcl(path, aclSpec);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public AclStatus getAclStatus(Path path) throws IOException {
|
||||||
|
return myFs.getAclStatus(path);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue