HDDS-1975. Implement default acls for bucket/volume/key for OM HA code. (#1315)
This commit is contained in:
parent
d3ce53e507
commit
d1aa8596e0
|
@ -119,7 +119,6 @@ import static org.junit.Assert.assertNotNull;
|
||||||
import static org.junit.Assert.assertThat;
|
import static org.junit.Assert.assertThat;
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertTrue;
|
||||||
import static org.junit.Assert.fail;
|
import static org.junit.Assert.fail;
|
||||||
import static org.junit.Assume.assumeFalse;
|
|
||||||
|
|
||||||
import org.junit.Ignore;
|
import org.junit.Ignore;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
@ -2221,8 +2220,6 @@ public abstract class TestOzoneRpcClientAbstract {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testNativeAclsForVolume() throws Exception {
|
public void testNativeAclsForVolume() throws Exception {
|
||||||
assumeFalse("Remove this once ACL HA is supported",
|
|
||||||
getClass().equals(TestOzoneRpcClientWithRatis.class));
|
|
||||||
String volumeName = UUID.randomUUID().toString();
|
String volumeName = UUID.randomUUID().toString();
|
||||||
store.createVolume(volumeName);
|
store.createVolume(volumeName);
|
||||||
|
|
||||||
|
@ -2237,8 +2234,6 @@ public abstract class TestOzoneRpcClientAbstract {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testNativeAclsForBucket() throws Exception {
|
public void testNativeAclsForBucket() throws Exception {
|
||||||
assumeFalse("Remove this once ACL HA is supported",
|
|
||||||
getClass().equals(TestOzoneRpcClientWithRatis.class));
|
|
||||||
String volumeName = UUID.randomUUID().toString();
|
String volumeName = UUID.randomUUID().toString();
|
||||||
String bucketName = UUID.randomUUID().toString();
|
String bucketName = UUID.randomUUID().toString();
|
||||||
|
|
||||||
|
@ -2299,8 +2294,6 @@ public abstract class TestOzoneRpcClientAbstract {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testNativeAclsForKey() throws Exception {
|
public void testNativeAclsForKey() throws Exception {
|
||||||
assumeFalse("Remove this once ACL HA is supported",
|
|
||||||
getClass().equals(TestOzoneRpcClientWithRatis.class));
|
|
||||||
String volumeName = UUID.randomUUID().toString();
|
String volumeName = UUID.randomUUID().toString();
|
||||||
String bucketName = UUID.randomUUID().toString();
|
String bucketName = UUID.randomUUID().toString();
|
||||||
String key1 = "dir1/dir2" + UUID.randomUUID().toString();
|
String key1 = "dir1/dir2" + UUID.randomUUID().toString();
|
||||||
|
@ -2363,8 +2356,6 @@ public abstract class TestOzoneRpcClientAbstract {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testNativeAclsForPrefix() throws Exception {
|
public void testNativeAclsForPrefix() throws Exception {
|
||||||
assumeFalse("Remove this once ACL HA is supported",
|
|
||||||
getClass().equals(TestOzoneRpcClientWithRatis.class));
|
|
||||||
String volumeName = UUID.randomUUID().toString();
|
String volumeName = UUID.randomUUID().toString();
|
||||||
String bucketName = UUID.randomUUID().toString();
|
String bucketName = UUID.randomUUID().toString();
|
||||||
|
|
||||||
|
|
|
@ -26,6 +26,7 @@ import java.util.Map;
|
||||||
import com.google.common.annotations.VisibleForTesting;
|
import com.google.common.annotations.VisibleForTesting;
|
||||||
import com.google.common.base.Preconditions;
|
import com.google.common.base.Preconditions;
|
||||||
|
|
||||||
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.apache.hadoop.ipc.ProtobufRpcEngine;
|
import org.apache.hadoop.ipc.ProtobufRpcEngine;
|
||||||
import org.apache.hadoop.ozone.OzoneConsts;
|
import org.apache.hadoop.ozone.OzoneConsts;
|
||||||
import org.apache.hadoop.ozone.audit.AuditAction;
|
import org.apache.hadoop.ozone.audit.AuditAction;
|
||||||
|
@ -142,7 +143,8 @@ public abstract class OMClientRequest implements RequestAuditor {
|
||||||
*/
|
*/
|
||||||
@VisibleForTesting
|
@VisibleForTesting
|
||||||
public UserGroupInformation createUGI() {
|
public UserGroupInformation createUGI() {
|
||||||
if (omRequest.hasUserInfo()) {
|
if (omRequest.hasUserInfo() &&
|
||||||
|
!StringUtils.isBlank(omRequest.getUserInfo().getUserName())) {
|
||||||
return UserGroupInformation.createRemoteUser(
|
return UserGroupInformation.createRemoteUser(
|
||||||
omRequest.getUserInfo().getUserName());
|
omRequest.getUserInfo().getUserName());
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -19,8 +19,14 @@
|
||||||
package org.apache.hadoop.ozone.om.request.bucket;
|
package org.apache.hadoop.ozone.om.request.bucket;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
import com.google.common.base.Optional;
|
import com.google.common.base.Optional;
|
||||||
|
import org.apache.hadoop.ozone.OzoneAcl;
|
||||||
|
import org.apache.hadoop.ozone.om.helpers.OmVolumeArgs;
|
||||||
|
import org.apache.hadoop.ozone.om.helpers.OzoneAclUtil;
|
||||||
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
|
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
@ -146,8 +152,11 @@ public class OMBucketCreateRequest extends OMClientRequest {
|
||||||
volumeName);
|
volumeName);
|
||||||
acquiredBucketLock = metadataManager.getLock().acquireLock(BUCKET_LOCK,
|
acquiredBucketLock = metadataManager.getLock().acquireLock(BUCKET_LOCK,
|
||||||
volumeName, bucketName);
|
volumeName, bucketName);
|
||||||
|
|
||||||
|
OmVolumeArgs omVolumeArgs =
|
||||||
|
metadataManager.getVolumeTable().get(volumeKey);
|
||||||
//Check if the volume exists
|
//Check if the volume exists
|
||||||
if (metadataManager.getVolumeTable().get(volumeKey) == null) {
|
if (omVolumeArgs == null) {
|
||||||
LOG.debug("volume: {} not found ", volumeName);
|
LOG.debug("volume: {} not found ", volumeName);
|
||||||
throw new OMException("Volume doesn't exist",
|
throw new OMException("Volume doesn't exist",
|
||||||
OMException.ResultCodes.VOLUME_NOT_FOUND);
|
OMException.ResultCodes.VOLUME_NOT_FOUND);
|
||||||
|
@ -160,6 +169,9 @@ public class OMBucketCreateRequest extends OMClientRequest {
|
||||||
OMException.ResultCodes.BUCKET_ALREADY_EXISTS);
|
OMException.ResultCodes.BUCKET_ALREADY_EXISTS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Add default acls from volume.
|
||||||
|
addDefaultAcls(omBucketInfo, omVolumeArgs);
|
||||||
|
|
||||||
// Update table cache.
|
// Update table cache.
|
||||||
metadataManager.getBucketTable().addCacheEntry(new CacheKey<>(bucketKey),
|
metadataManager.getBucketTable().addCacheEntry(new CacheKey<>(bucketKey),
|
||||||
new CacheValue<>(Optional.of(omBucketInfo), transactionLogIndex));
|
new CacheValue<>(Optional.of(omBucketInfo), transactionLogIndex));
|
||||||
|
@ -205,6 +217,29 @@ public class OMBucketCreateRequest extends OMClientRequest {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add default acls for bucket. These acls are inherited from volume
|
||||||
|
* default acl list.
|
||||||
|
* @param omBucketInfo
|
||||||
|
* @param omVolumeArgs
|
||||||
|
*/
|
||||||
|
private void addDefaultAcls(OmBucketInfo omBucketInfo,
|
||||||
|
OmVolumeArgs omVolumeArgs) {
|
||||||
|
// Add default acls from volume.
|
||||||
|
List<OzoneAcl> acls = new ArrayList<>();
|
||||||
|
if (omBucketInfo.getAcls() != null) {
|
||||||
|
acls.addAll(omBucketInfo.getAcls());
|
||||||
|
}
|
||||||
|
|
||||||
|
List<OzoneAcl> defaultVolumeAclList = omVolumeArgs.getAclMap()
|
||||||
|
.getDefaultAclList().stream().map(OzoneAcl::fromProtobuf)
|
||||||
|
.collect(Collectors.toList());
|
||||||
|
|
||||||
|
OzoneAclUtil.inheritDefaultAcls(acls, defaultVolumeAclList);
|
||||||
|
omBucketInfo.setAcls(acls);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
private BucketInfo getBucketInfoFromRequest() {
|
private BucketInfo getBucketInfoFromRequest() {
|
||||||
CreateBucketRequest createBucketRequest =
|
CreateBucketRequest createBucketRequest =
|
||||||
getOmRequest().getCreateBucketRequest();
|
getOmRequest().getCreateBucketRequest();
|
||||||
|
|
|
@ -57,8 +57,6 @@ import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.OMRequest;
|
.OMRequest;
|
||||||
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.OMResponse;
|
.OMResponse;
|
||||||
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
|
|
||||||
import org.apache.hadoop.ozone.security.acl.OzoneObj;
|
|
||||||
import org.apache.hadoop.util.Time;
|
import org.apache.hadoop.util.Time;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheKey;
|
import org.apache.hadoop.utils.db.cache.CacheKey;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheValue;
|
import org.apache.hadoop.utils.db.cache.CacheValue;
|
||||||
|
@ -129,11 +127,7 @@ public class OMDirectoryCreateRequest extends OMKeyRequest {
|
||||||
OMClientResponse omClientResponse = null;
|
OMClientResponse omClientResponse = null;
|
||||||
try {
|
try {
|
||||||
// check Acl
|
// check Acl
|
||||||
if (ozoneManager.getAclsEnabled()) {
|
checkBucketAcls(ozoneManager, volumeName, bucketName, keyName);
|
||||||
checkAcls(ozoneManager, OzoneObj.ResourceType.BUCKET,
|
|
||||||
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE,
|
|
||||||
volumeName, bucketName, keyName);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check if this is the root of the filesystem.
|
// Check if this is the root of the filesystem.
|
||||||
if (keyName.length() == 0) {
|
if (keyName.length() == 0) {
|
||||||
|
|
|
@ -53,8 +53,6 @@ import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.KeyArgs;
|
.KeyArgs;
|
||||||
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.OMRequest;
|
.OMRequest;
|
||||||
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
|
|
||||||
import org.apache.hadoop.ozone.security.acl.OzoneObj;
|
|
||||||
import org.apache.hadoop.util.Time;
|
import org.apache.hadoop.util.Time;
|
||||||
import org.apache.hadoop.utils.UniqueId;
|
import org.apache.hadoop.utils.UniqueId;
|
||||||
import org.apache.hadoop.utils.db.Table;
|
import org.apache.hadoop.utils.db.Table;
|
||||||
|
@ -179,11 +177,7 @@ public class OMFileCreateRequest extends OMKeyRequest {
|
||||||
OMClientResponse omClientResponse = null;
|
OMClientResponse omClientResponse = null;
|
||||||
try {
|
try {
|
||||||
// check Acl
|
// check Acl
|
||||||
if (ozoneManager.getAclsEnabled()) {
|
checkBucketAcls(ozoneManager, volumeName, bucketName, keyName);
|
||||||
checkAcls(ozoneManager, OzoneObj.ResourceType.BUCKET,
|
|
||||||
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE,
|
|
||||||
volumeName, bucketName, keyName);
|
|
||||||
}
|
|
||||||
|
|
||||||
// acquire lock
|
// acquire lock
|
||||||
acquiredLock = omMetadataManager.getLock().acquireLock(BUCKET_LOCK,
|
acquiredLock = omMetadataManager.getLock().acquireLock(BUCKET_LOCK,
|
||||||
|
@ -265,20 +259,20 @@ public class OMFileCreateRequest extends OMKeyRequest {
|
||||||
omKeyInfo = prepareKeyInfo(omMetadataManager, keyArgs,
|
omKeyInfo = prepareKeyInfo(omMetadataManager, keyArgs,
|
||||||
omMetadataManager.getOzoneKey(volumeName, bucketName,
|
omMetadataManager.getOzoneKey(volumeName, bucketName,
|
||||||
keyName), keyArgs.getDataSize(), locations,
|
keyName), keyArgs.getDataSize(), locations,
|
||||||
encryptionInfo.orNull());
|
encryptionInfo.orNull(), ozoneManager.getPrefixManager(), bucketInfo);
|
||||||
|
|
||||||
omClientResponse = prepareCreateKeyResponse(keyArgs, omKeyInfo,
|
omClientResponse = prepareCreateKeyResponse(keyArgs, omKeyInfo,
|
||||||
locations, encryptionInfo.orNull(), exception,
|
locations, encryptionInfo.orNull(), exception,
|
||||||
createFileRequest.getClientID(), transactionLogIndex, volumeName,
|
createFileRequest.getClientID(), transactionLogIndex, volumeName,
|
||||||
bucketName, keyName, ozoneManager,
|
bucketName, keyName, ozoneManager,
|
||||||
OMAction.CREATE_FILE);
|
OMAction.CREATE_FILE, ozoneManager.getPrefixManager(), bucketInfo);
|
||||||
} catch (IOException ex) {
|
} catch (IOException ex) {
|
||||||
exception = ex;
|
exception = ex;
|
||||||
omClientResponse = prepareCreateKeyResponse(keyArgs, omKeyInfo,
|
omClientResponse = prepareCreateKeyResponse(keyArgs, omKeyInfo,
|
||||||
locations, encryptionInfo.orNull(), exception,
|
locations, encryptionInfo.orNull(), exception,
|
||||||
createFileRequest.getClientID(), transactionLogIndex,
|
createFileRequest.getClientID(), transactionLogIndex,
|
||||||
volumeName, bucketName, keyName, ozoneManager,
|
volumeName, bucketName, keyName, ozoneManager,
|
||||||
OMAction.CREATE_FILE);
|
OMAction.CREATE_FILE, ozoneManager.getPrefixManager(), null);
|
||||||
} finally {
|
} finally {
|
||||||
if (omClientResponse != null) {
|
if (omClientResponse != null) {
|
||||||
omClientResponse.setFlushFuture(
|
omClientResponse.setFlushFuture(
|
||||||
|
|
|
@ -53,8 +53,6 @@ import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.OMRequest;
|
.OMRequest;
|
||||||
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.OMResponse;
|
.OMResponse;
|
||||||
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
|
|
||||||
import org.apache.hadoop.ozone.security.acl.OzoneObj;
|
|
||||||
import org.apache.hadoop.utils.db.cache.CacheKey;
|
import org.apache.hadoop.utils.db.cache.CacheKey;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheValue;
|
import org.apache.hadoop.utils.db.cache.CacheValue;
|
||||||
|
|
||||||
|
@ -171,11 +169,7 @@ public class OMAllocateBlockRequest extends OMKeyRequest {
|
||||||
OmKeyInfo omKeyInfo = null;
|
OmKeyInfo omKeyInfo = null;
|
||||||
try {
|
try {
|
||||||
// check Acl
|
// check Acl
|
||||||
if (ozoneManager.getAclsEnabled()) {
|
checkBucketAcls(ozoneManager, volumeName, bucketName, keyName);
|
||||||
checkAcls(ozoneManager, OzoneObj.ResourceType.KEY,
|
|
||||||
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE,
|
|
||||||
volumeName, bucketName, keyName);
|
|
||||||
}
|
|
||||||
|
|
||||||
OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
|
OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
|
||||||
validateBucketAndVolume(omMetadataManager, volumeName,
|
validateBucketAndVolume(omMetadataManager, volumeName,
|
||||||
|
|
|
@ -48,8 +48,6 @@ import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.KeyArgs;
|
.KeyArgs;
|
||||||
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.OMRequest;
|
.OMRequest;
|
||||||
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
|
|
||||||
import org.apache.hadoop.ozone.security.acl.OzoneObj;
|
|
||||||
import org.apache.hadoop.util.Time;
|
import org.apache.hadoop.util.Time;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheKey;
|
import org.apache.hadoop.utils.db.cache.CacheKey;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheValue;
|
import org.apache.hadoop.utils.db.cache.CacheValue;
|
||||||
|
@ -117,11 +115,7 @@ public class OMKeyCommitRequest extends OMKeyRequest {
|
||||||
OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
|
OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
|
||||||
try {
|
try {
|
||||||
// check Acl
|
// check Acl
|
||||||
if (ozoneManager.getAclsEnabled()) {
|
checkBucketAcls(ozoneManager, volumeName, bucketName, keyName);
|
||||||
checkAcls(ozoneManager, OzoneObj.ResourceType.KEY,
|
|
||||||
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE,
|
|
||||||
volumeName, bucketName, keyName);
|
|
||||||
}
|
|
||||||
|
|
||||||
List<OmKeyLocationInfo> locationInfoList = commitKeyArgs
|
List<OmKeyLocationInfo> locationInfoList = commitKeyArgs
|
||||||
.getKeyLocationsList().stream()
|
.getKeyLocationsList().stream()
|
||||||
|
|
|
@ -47,8 +47,6 @@ import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.KeyArgs;
|
.KeyArgs;
|
||||||
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.OMRequest;
|
.OMRequest;
|
||||||
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
|
|
||||||
import org.apache.hadoop.ozone.security.acl.OzoneObj;
|
|
||||||
import org.apache.hadoop.util.Time;
|
import org.apache.hadoop.util.Time;
|
||||||
import org.apache.hadoop.utils.UniqueId;
|
import org.apache.hadoop.utils.UniqueId;
|
||||||
|
|
||||||
|
@ -164,11 +162,7 @@ public class OMKeyCreateRequest extends OMKeyRequest {
|
||||||
OMClientResponse omClientResponse = null;
|
OMClientResponse omClientResponse = null;
|
||||||
try {
|
try {
|
||||||
// check Acl
|
// check Acl
|
||||||
if (ozoneManager.getAclsEnabled()) {
|
checkBucketAcls(ozoneManager, volumeName, bucketName, keyName);
|
||||||
checkAcls(ozoneManager, OzoneObj.ResourceType.KEY,
|
|
||||||
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE,
|
|
||||||
volumeName, bucketName, keyName);
|
|
||||||
}
|
|
||||||
|
|
||||||
acquireLock = omMetadataManager.getLock().acquireLock(BUCKET_LOCK,
|
acquireLock = omMetadataManager.getLock().acquireLock(BUCKET_LOCK,
|
||||||
volumeName, bucketName);
|
volumeName, bucketName);
|
||||||
|
@ -184,17 +178,19 @@ public class OMKeyCreateRequest extends OMKeyRequest {
|
||||||
|
|
||||||
omKeyInfo = prepareKeyInfo(omMetadataManager, keyArgs,
|
omKeyInfo = prepareKeyInfo(omMetadataManager, keyArgs,
|
||||||
omMetadataManager.getOzoneKey(volumeName, bucketName, keyName),
|
omMetadataManager.getOzoneKey(volumeName, bucketName, keyName),
|
||||||
keyArgs.getDataSize(), locations, encryptionInfo.orNull());
|
keyArgs.getDataSize(), locations, encryptionInfo.orNull(),
|
||||||
|
ozoneManager.getPrefixManager(), bucketInfo);
|
||||||
omClientResponse = prepareCreateKeyResponse(keyArgs, omKeyInfo,
|
omClientResponse = prepareCreateKeyResponse(keyArgs, omKeyInfo,
|
||||||
locations, encryptionInfo.orNull(), exception,
|
locations, encryptionInfo.orNull(), exception,
|
||||||
createKeyRequest.getClientID(), transactionLogIndex, volumeName,
|
createKeyRequest.getClientID(), transactionLogIndex, volumeName,
|
||||||
bucketName, keyName, ozoneManager, OMAction.ALLOCATE_KEY);
|
bucketName, keyName, ozoneManager, OMAction.ALLOCATE_KEY,
|
||||||
|
ozoneManager.getPrefixManager(), bucketInfo);
|
||||||
} catch (IOException ex) {
|
} catch (IOException ex) {
|
||||||
exception = ex;
|
exception = ex;
|
||||||
omClientResponse = prepareCreateKeyResponse(keyArgs, omKeyInfo, locations,
|
omClientResponse = prepareCreateKeyResponse(keyArgs, omKeyInfo, locations,
|
||||||
encryptionInfo.orNull(), exception, createKeyRequest.getClientID(),
|
encryptionInfo.orNull(), exception, createKeyRequest.getClientID(),
|
||||||
transactionLogIndex, volumeName, bucketName, keyName, ozoneManager,
|
transactionLogIndex, volumeName, bucketName, keyName, ozoneManager,
|
||||||
OMAction.ALLOCATE_KEY);
|
OMAction.ALLOCATE_KEY, ozoneManager.getPrefixManager(), null);
|
||||||
} finally {
|
} finally {
|
||||||
if (omClientResponse != null) {
|
if (omClientResponse != null) {
|
||||||
omClientResponse.setFlushFuture(
|
omClientResponse.setFlushFuture(
|
||||||
|
|
|
@ -43,8 +43,6 @@ import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.DeleteKeyResponse;
|
.DeleteKeyResponse;
|
||||||
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.OMRequest;
|
.OMRequest;
|
||||||
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
|
|
||||||
import org.apache.hadoop.ozone.security.acl.OzoneObj;
|
|
||||||
import org.apache.hadoop.util.Time;
|
import org.apache.hadoop.util.Time;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheKey;
|
import org.apache.hadoop.utils.db.cache.CacheKey;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheValue;
|
import org.apache.hadoop.utils.db.cache.CacheValue;
|
||||||
|
@ -111,11 +109,7 @@ public class OMKeyDeleteRequest extends OMKeyRequest {
|
||||||
OMClientResponse omClientResponse = null;
|
OMClientResponse omClientResponse = null;
|
||||||
try {
|
try {
|
||||||
// check Acl
|
// check Acl
|
||||||
if (ozoneManager.getAclsEnabled()) {
|
checkKeyAcls(ozoneManager, volumeName, bucketName, keyName);
|
||||||
checkAcls(ozoneManager, OzoneObj.ResourceType.KEY,
|
|
||||||
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.DELETE,
|
|
||||||
volumeName, bucketName, keyName);
|
|
||||||
}
|
|
||||||
|
|
||||||
String objectKey = omMetadataManager.getOzoneKey(
|
String objectKey = omMetadataManager.getOzoneKey(
|
||||||
volumeName, bucketName, keyName);
|
volumeName, bucketName, keyName);
|
||||||
|
|
|
@ -44,8 +44,6 @@ import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.RenameKeyRequest;
|
.RenameKeyRequest;
|
||||||
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.RenameKeyResponse;
|
.RenameKeyResponse;
|
||||||
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
|
|
||||||
import org.apache.hadoop.ozone.security.acl.OzoneObj;
|
|
||||||
import org.apache.hadoop.util.Time;
|
import org.apache.hadoop.util.Time;
|
||||||
import org.apache.hadoop.utils.db.Table;
|
import org.apache.hadoop.utils.db.Table;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheKey;
|
import org.apache.hadoop.utils.db.cache.CacheKey;
|
||||||
|
@ -120,11 +118,7 @@ public class OMKeyRenameRequest extends OMKeyRequest {
|
||||||
OMException.ResultCodes.INVALID_KEY_NAME);
|
OMException.ResultCodes.INVALID_KEY_NAME);
|
||||||
}
|
}
|
||||||
// check Acl
|
// check Acl
|
||||||
if (ozoneManager.getAclsEnabled()) {
|
checkKeyAcls(ozoneManager, volumeName, bucketName, fromKeyName);
|
||||||
checkAcls(ozoneManager, OzoneObj.ResourceType.KEY,
|
|
||||||
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE,
|
|
||||||
volumeName, bucketName, fromKeyName);
|
|
||||||
}
|
|
||||||
|
|
||||||
acquiredLock = omMetadataManager.getLock().acquireLock(BUCKET_LOCK,
|
acquiredLock = omMetadataManager.getLock().acquireLock(BUCKET_LOCK,
|
||||||
volumeName, bucketName);
|
volumeName, bucketName);
|
||||||
|
|
|
@ -32,12 +32,17 @@ import java.util.stream.Collectors;
|
||||||
|
|
||||||
import com.google.common.base.Optional;
|
import com.google.common.base.Optional;
|
||||||
import com.google.common.base.Preconditions;
|
import com.google.common.base.Preconditions;
|
||||||
|
import org.apache.hadoop.ozone.OzoneAcl;
|
||||||
|
import org.apache.hadoop.ozone.om.PrefixManager;
|
||||||
import org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo;
|
import org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo;
|
||||||
import org.apache.hadoop.ozone.om.helpers.OmBucketInfo;
|
import org.apache.hadoop.ozone.om.helpers.OmBucketInfo;
|
||||||
import org.apache.hadoop.ozone.om.helpers.OmKeyInfo;
|
import org.apache.hadoop.ozone.om.helpers.OmKeyInfo;
|
||||||
import org.apache.hadoop.ozone.om.helpers.OmKeyLocationInfo;
|
import org.apache.hadoop.ozone.om.helpers.OmKeyLocationInfo;
|
||||||
import org.apache.hadoop.ozone.om.helpers.OmKeyLocationInfoGroup;
|
import org.apache.hadoop.ozone.om.helpers.OmKeyLocationInfoGroup;
|
||||||
|
import org.apache.hadoop.ozone.om.helpers.OmPrefixInfo;
|
||||||
import org.apache.hadoop.ozone.om.helpers.OzoneAclUtil;
|
import org.apache.hadoop.ozone.om.helpers.OzoneAclUtil;
|
||||||
|
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
|
||||||
|
import org.apache.hadoop.ozone.security.acl.OzoneObj;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
@ -78,6 +83,7 @@ import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheKey;
|
import org.apache.hadoop.utils.db.cache.CacheKey;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheValue;
|
import org.apache.hadoop.utils.db.cache.CacheValue;
|
||||||
|
|
||||||
|
import static org.apache.hadoop.ozone.OzoneConsts.OZONE_URI_DELIMITER;
|
||||||
import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes
|
import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes
|
||||||
.BUCKET_NOT_FOUND;
|
.BUCKET_NOT_FOUND;
|
||||||
import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes
|
import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes
|
||||||
|
@ -248,7 +254,9 @@ public abstract class OMKeyRequest extends OMClientRequest {
|
||||||
FileEncryptionInfo encryptionInfo, @Nullable IOException exception,
|
FileEncryptionInfo encryptionInfo, @Nullable IOException exception,
|
||||||
long clientID, long transactionLogIndex, @Nonnull String volumeName,
|
long clientID, long transactionLogIndex, @Nonnull String volumeName,
|
||||||
@Nonnull String bucketName, @Nonnull String keyName,
|
@Nonnull String bucketName, @Nonnull String keyName,
|
||||||
@Nonnull OzoneManager ozoneManager, @Nonnull OMAction omAction) {
|
@Nonnull OzoneManager ozoneManager, @Nonnull OMAction omAction,
|
||||||
|
@Nonnull PrefixManager prefixManager,
|
||||||
|
@Nullable OmBucketInfo omBucketInfo) {
|
||||||
|
|
||||||
OMResponse.Builder omResponse = OMResponse.newBuilder()
|
OMResponse.Builder omResponse = OMResponse.newBuilder()
|
||||||
.setStatus(OzoneManagerProtocolProtos.Status.OK);
|
.setStatus(OzoneManagerProtocolProtos.Status.OK);
|
||||||
|
@ -263,7 +271,7 @@ public abstract class OMKeyRequest extends OMClientRequest {
|
||||||
// version 0
|
// version 0
|
||||||
omKeyInfo = createKeyInfo(keyArgs, locations, keyArgs.getFactor(),
|
omKeyInfo = createKeyInfo(keyArgs, locations, keyArgs.getFactor(),
|
||||||
keyArgs.getType(), keyArgs.getDataSize(),
|
keyArgs.getType(), keyArgs.getDataSize(),
|
||||||
encryptionInfo);
|
encryptionInfo, prefixManager, omBucketInfo);
|
||||||
}
|
}
|
||||||
|
|
||||||
long openVersion = omKeyInfo.getLatestVersionLocations().getVersion();
|
long openVersion = omKeyInfo.getLatestVersionLocations().getVersion();
|
||||||
|
@ -335,12 +343,15 @@ public abstract class OMKeyRequest extends OMClientRequest {
|
||||||
* Create OmKeyInfo object.
|
* Create OmKeyInfo object.
|
||||||
* @return OmKeyInfo
|
* @return OmKeyInfo
|
||||||
*/
|
*/
|
||||||
|
@SuppressWarnings("parameterNumber")
|
||||||
protected OmKeyInfo createKeyInfo(@Nonnull KeyArgs keyArgs,
|
protected OmKeyInfo createKeyInfo(@Nonnull KeyArgs keyArgs,
|
||||||
@Nonnull List<OmKeyLocationInfo> locations,
|
@Nonnull List<OmKeyLocationInfo> locations,
|
||||||
@Nonnull HddsProtos.ReplicationFactor factor,
|
@Nonnull HddsProtos.ReplicationFactor factor,
|
||||||
@Nonnull HddsProtos.ReplicationType type, long size,
|
@Nonnull HddsProtos.ReplicationType type, long size,
|
||||||
@Nullable FileEncryptionInfo encInfo) {
|
@Nullable FileEncryptionInfo encInfo,
|
||||||
OmKeyInfo.Builder builder = new OmKeyInfo.Builder()
|
@Nonnull PrefixManager prefixManager,
|
||||||
|
@Nullable OmBucketInfo omBucketInfo) {
|
||||||
|
return new OmKeyInfo.Builder()
|
||||||
.setVolumeName(keyArgs.getVolumeName())
|
.setVolumeName(keyArgs.getVolumeName())
|
||||||
.setBucketName(keyArgs.getBucketName())
|
.setBucketName(keyArgs.getBucketName())
|
||||||
.setKeyName(keyArgs.getKeyName())
|
.setKeyName(keyArgs.getKeyName())
|
||||||
|
@ -351,11 +362,46 @@ public abstract class OMKeyRequest extends OMClientRequest {
|
||||||
.setDataSize(size)
|
.setDataSize(size)
|
||||||
.setReplicationType(type)
|
.setReplicationType(type)
|
||||||
.setReplicationFactor(factor)
|
.setReplicationFactor(factor)
|
||||||
.setFileEncryptionInfo(encInfo);
|
.setFileEncryptionInfo(encInfo)
|
||||||
|
.setAcls(getAclsForKey(keyArgs, omBucketInfo, prefixManager)).build();
|
||||||
|
}
|
||||||
|
|
||||||
|
private List< OzoneAcl > getAclsForKey(KeyArgs keyArgs,
|
||||||
|
OmBucketInfo bucketInfo, PrefixManager prefixManager) {
|
||||||
|
List<OzoneAcl> acls = new ArrayList<>();
|
||||||
|
|
||||||
if(keyArgs.getAclsList() != null) {
|
if(keyArgs.getAclsList() != null) {
|
||||||
builder.setAcls(OzoneAclUtil.fromProtobuf(keyArgs.getAclsList()));
|
acls.addAll(OzoneAclUtil.fromProtobuf(keyArgs.getAclsList()));
|
||||||
}
|
}
|
||||||
return builder.build();
|
|
||||||
|
// Inherit DEFAULT acls from prefix.
|
||||||
|
if(prefixManager != null) {
|
||||||
|
List< OmPrefixInfo > prefixList = prefixManager.getLongestPrefixPath(
|
||||||
|
OZONE_URI_DELIMITER +
|
||||||
|
keyArgs.getVolumeName() + OZONE_URI_DELIMITER +
|
||||||
|
keyArgs.getBucketName() + OZONE_URI_DELIMITER +
|
||||||
|
keyArgs.getKeyName());
|
||||||
|
|
||||||
|
if(prefixList.size() > 0) {
|
||||||
|
// Add all acls from direct parent to key.
|
||||||
|
OmPrefixInfo prefixInfo = prefixList.get(prefixList.size() - 1);
|
||||||
|
if(prefixInfo != null) {
|
||||||
|
if (OzoneAclUtil.inheritDefaultAcls(acls, prefixInfo.getAcls())) {
|
||||||
|
return acls;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Inherit DEFAULT acls from bucket only if DEFAULT acls for
|
||||||
|
// prefix are not set.
|
||||||
|
if (bucketInfo != null) {
|
||||||
|
if (OzoneAclUtil.inheritDefaultAcls(acls, bucketInfo.getAcls())) {
|
||||||
|
return acls;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return acls;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -363,16 +409,18 @@ public abstract class OMKeyRequest extends OMClientRequest {
|
||||||
* @return OmKeyInfo
|
* @return OmKeyInfo
|
||||||
* @throws IOException
|
* @throws IOException
|
||||||
*/
|
*/
|
||||||
|
@SuppressWarnings("parameternumber")
|
||||||
protected OmKeyInfo prepareKeyInfo(
|
protected OmKeyInfo prepareKeyInfo(
|
||||||
@Nonnull OMMetadataManager omMetadataManager,
|
@Nonnull OMMetadataManager omMetadataManager,
|
||||||
@Nonnull KeyArgs keyArgs, @Nonnull String dbKeyName, long size,
|
@Nonnull KeyArgs keyArgs, @Nonnull String dbKeyName, long size,
|
||||||
@Nonnull List<OmKeyLocationInfo> locations,
|
@Nonnull List<OmKeyLocationInfo> locations,
|
||||||
@Nullable FileEncryptionInfo encInfo)
|
@Nullable FileEncryptionInfo encInfo,
|
||||||
|
@Nonnull PrefixManager prefixManager, @Nullable OmBucketInfo omBucketInfo)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
OmKeyInfo keyInfo = null;
|
OmKeyInfo keyInfo = null;
|
||||||
if (keyArgs.getIsMultipartKey()) {
|
if (keyArgs.getIsMultipartKey()) {
|
||||||
keyInfo = prepareMultipartKeyInfo(omMetadataManager, keyArgs, size,
|
keyInfo = prepareMultipartKeyInfo(omMetadataManager, keyArgs, size,
|
||||||
locations, encInfo);
|
locations, encInfo, prefixManager, omBucketInfo);
|
||||||
//TODO args.getMetadata
|
//TODO args.getMetadata
|
||||||
} else if (omMetadataManager.getKeyTable().isExist(dbKeyName)) {
|
} else if (omMetadataManager.getKeyTable().isExist(dbKeyName)) {
|
||||||
// TODO: Need to be fixed, as when key already exists, we are
|
// TODO: Need to be fixed, as when key already exists, we are
|
||||||
|
@ -400,7 +448,8 @@ public abstract class OMKeyRequest extends OMClientRequest {
|
||||||
@Nonnull OMMetadataManager omMetadataManager,
|
@Nonnull OMMetadataManager omMetadataManager,
|
||||||
@Nonnull KeyArgs args, long size,
|
@Nonnull KeyArgs args, long size,
|
||||||
@Nonnull List<OmKeyLocationInfo> locations,
|
@Nonnull List<OmKeyLocationInfo> locations,
|
||||||
FileEncryptionInfo encInfo) throws IOException {
|
FileEncryptionInfo encInfo, @Nonnull PrefixManager prefixManager,
|
||||||
|
@Nullable OmBucketInfo omBucketInfo) throws IOException {
|
||||||
HddsProtos.ReplicationFactor factor;
|
HddsProtos.ReplicationFactor factor;
|
||||||
HddsProtos.ReplicationType type;
|
HddsProtos.ReplicationType type;
|
||||||
|
|
||||||
|
@ -427,7 +476,8 @@ public abstract class OMKeyRequest extends OMClientRequest {
|
||||||
}
|
}
|
||||||
// For this upload part we don't need to check in KeyTable. As this
|
// For this upload part we don't need to check in KeyTable. As this
|
||||||
// is not an actual key, it is a part of the key.
|
// is not an actual key, it is a part of the key.
|
||||||
return createKeyInfo(args, locations, factor, type, size, encInfo);
|
return createKeyInfo(args, locations, factor, type, size, encInfo,
|
||||||
|
prefixManager, omBucketInfo);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -447,4 +497,39 @@ public abstract class OMKeyRequest extends OMClientRequest {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check Acls for the ozone bucket.
|
||||||
|
* @param ozoneManager
|
||||||
|
* @param volume
|
||||||
|
* @param bucket
|
||||||
|
* @param key
|
||||||
|
* @throws IOException
|
||||||
|
*/
|
||||||
|
protected void checkBucketAcls(OzoneManager ozoneManager, String volume,
|
||||||
|
String bucket, String key) throws IOException {
|
||||||
|
if (ozoneManager.getAclsEnabled()) {
|
||||||
|
checkAcls(ozoneManager, OzoneObj.ResourceType.KEY,
|
||||||
|
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE,
|
||||||
|
volume, bucket, key);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check Acls for the ozone key.
|
||||||
|
* @param ozoneManager
|
||||||
|
* @param volume
|
||||||
|
* @param bucket
|
||||||
|
* @param key
|
||||||
|
* @throws IOException
|
||||||
|
*/
|
||||||
|
protected void checkKeyAcls(OzoneManager ozoneManager, String volume,
|
||||||
|
String bucket, String key) throws IOException {
|
||||||
|
if (ozoneManager.getAclsEnabled()) {
|
||||||
|
checkAcls(ozoneManager, OzoneObj.ResourceType.KEY,
|
||||||
|
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE,
|
||||||
|
volume, bucket, key);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,12 +20,15 @@ package org.apache.hadoop.ozone.om.request.s3.bucket;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import com.google.common.annotations.VisibleForTesting;
|
import com.google.common.annotations.VisibleForTesting;
|
||||||
import com.google.common.base.Optional;
|
import com.google.common.base.Optional;
|
||||||
import com.google.common.base.Preconditions;
|
import com.google.common.base.Preconditions;
|
||||||
|
import org.apache.hadoop.ozone.OzoneAcl;
|
||||||
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
|
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
|
||||||
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
@ -56,8 +59,6 @@ import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.S3CreateVolumeInfo;
|
.S3CreateVolumeInfo;
|
||||||
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.VolumeList;
|
.VolumeList;
|
||||||
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
|
|
||||||
import org.apache.hadoop.ozone.security.acl.OzoneObj;
|
|
||||||
import org.apache.hadoop.util.Time;
|
import org.apache.hadoop.util.Time;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheKey;
|
import org.apache.hadoop.utils.db.cache.CacheKey;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheValue;
|
import org.apache.hadoop.utils.db.cache.CacheValue;
|
||||||
|
@ -151,13 +152,8 @@ public class S3BucketCreateRequest extends OMVolumeRequest {
|
||||||
String volumeName = formatOzoneVolumeName(userName);
|
String volumeName = formatOzoneVolumeName(userName);
|
||||||
OMClientResponse omClientResponse = null;
|
OMClientResponse omClientResponse = null;
|
||||||
try {
|
try {
|
||||||
// check Acl
|
|
||||||
if (ozoneManager.getAclsEnabled()) {
|
|
||||||
checkAcls(ozoneManager, OzoneObj.ResourceType.BUCKET,
|
|
||||||
OzoneObj.StoreType.S3, IAccessAuthorizer.ACLType.CREATE, null,
|
|
||||||
s3BucketName, null);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
// TODO to support S3 ACL later.
|
||||||
acquiredS3Lock = omMetadataManager.getLock().acquireLock(S3_BUCKET_LOCK,
|
acquiredS3Lock = omMetadataManager.getLock().acquireLock(S3_BUCKET_LOCK,
|
||||||
s3BucketName);
|
s3BucketName);
|
||||||
|
|
||||||
|
@ -202,7 +198,7 @@ public class S3BucketCreateRequest extends OMVolumeRequest {
|
||||||
// check if ozone bucket exists, if it does not exist create ozone
|
// check if ozone bucket exists, if it does not exist create ozone
|
||||||
// bucket
|
// bucket
|
||||||
OmBucketInfo omBucketInfo = createBucket(omMetadataManager, volumeName,
|
OmBucketInfo omBucketInfo = createBucket(omMetadataManager, volumeName,
|
||||||
s3BucketName,
|
s3BucketName, userName,
|
||||||
s3CreateBucketRequest.getS3CreateVolumeInfo().getCreationTime(),
|
s3CreateBucketRequest.getS3CreateVolumeInfo().getCreationTime(),
|
||||||
transactionLogIndex);
|
transactionLogIndex);
|
||||||
|
|
||||||
|
@ -262,8 +258,8 @@ public class S3BucketCreateRequest extends OMVolumeRequest {
|
||||||
|
|
||||||
|
|
||||||
private OmBucketInfo createBucket(OMMetadataManager omMetadataManager,
|
private OmBucketInfo createBucket(OMMetadataManager omMetadataManager,
|
||||||
String volumeName, String s3BucketName, long creationTime,
|
String volumeName, String s3BucketName, String userName,
|
||||||
long transactionLogIndex) throws IOException {
|
long creationTime, long transactionLogIndex) throws IOException {
|
||||||
// check if ozone bucket exists, if it does not exist create ozone
|
// check if ozone bucket exists, if it does not exist create ozone
|
||||||
// bucket
|
// bucket
|
||||||
boolean acquireBucketLock = false;
|
boolean acquireBucketLock = false;
|
||||||
|
@ -275,7 +271,7 @@ public class S3BucketCreateRequest extends OMVolumeRequest {
|
||||||
String bucketKey = omMetadataManager.getBucketKey(volumeName,
|
String bucketKey = omMetadataManager.getBucketKey(volumeName,
|
||||||
s3BucketName);
|
s3BucketName);
|
||||||
if (!omMetadataManager.getBucketTable().isExist(bucketKey)) {
|
if (!omMetadataManager.getBucketTable().isExist(bucketKey)) {
|
||||||
omBucketInfo = createOmBucketInfo(volumeName, s3BucketName,
|
omBucketInfo = createOmBucketInfo(volumeName, s3BucketName, userName,
|
||||||
creationTime);
|
creationTime);
|
||||||
// Add to bucket table cache.
|
// Add to bucket table cache.
|
||||||
omMetadataManager.getBucketTable().addCacheEntry(
|
omMetadataManager.getBucketTable().addCacheEntry(
|
||||||
|
@ -329,12 +325,19 @@ public class S3BucketCreateRequest extends OMVolumeRequest {
|
||||||
* @return {@link OmVolumeArgs}
|
* @return {@link OmVolumeArgs}
|
||||||
*/
|
*/
|
||||||
private OmVolumeArgs createOmVolumeArgs(String volumeName, String userName,
|
private OmVolumeArgs createOmVolumeArgs(String volumeName, String userName,
|
||||||
long creationTime) {
|
long creationTime) throws IOException {
|
||||||
return OmVolumeArgs.newBuilder()
|
OmVolumeArgs.Builder builder = OmVolumeArgs.newBuilder()
|
||||||
.setAdminName(S3_ADMIN_NAME).setVolume(volumeName)
|
.setAdminName(S3_ADMIN_NAME).setVolume(volumeName)
|
||||||
.setQuotaInBytes(OzoneConsts.MAX_QUOTA_IN_BYTES)
|
.setQuotaInBytes(OzoneConsts.MAX_QUOTA_IN_BYTES)
|
||||||
.setOwnerName(userName)
|
.setOwnerName(userName)
|
||||||
.setCreationTime(creationTime).build();
|
.setCreationTime(creationTime);
|
||||||
|
|
||||||
|
// Set default acls.
|
||||||
|
for (OzoneAcl acl : getDefaultAcls(userName)) {
|
||||||
|
builder.addOzoneAcls(OzoneAcl.toProtobuf(acl));
|
||||||
|
}
|
||||||
|
|
||||||
|
return builder.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -346,13 +349,18 @@ public class S3BucketCreateRequest extends OMVolumeRequest {
|
||||||
* @return {@link OmBucketInfo}
|
* @return {@link OmBucketInfo}
|
||||||
*/
|
*/
|
||||||
private OmBucketInfo createOmBucketInfo(String volumeName,
|
private OmBucketInfo createOmBucketInfo(String volumeName,
|
||||||
String s3BucketName, long creationTime) {
|
String s3BucketName, String userName, long creationTime) {
|
||||||
//TODO: Now S3Bucket API takes only bucketName as param. In future if we
|
//TODO: Now S3Bucket API takes only bucketName as param. In future if we
|
||||||
// support some configurable options we need to fix this.
|
// support some configurable options we need to fix this.
|
||||||
return OmBucketInfo.newBuilder().setVolumeName(volumeName)
|
OmBucketInfo.Builder builder =
|
||||||
.setBucketName(s3BucketName).setIsVersionEnabled(Boolean.FALSE)
|
OmBucketInfo.newBuilder().setVolumeName(volumeName)
|
||||||
.setStorageType(StorageType.DEFAULT).setCreationTime(creationTime)
|
.setBucketName(s3BucketName).setIsVersionEnabled(Boolean.FALSE)
|
||||||
.build();
|
.setStorageType(StorageType.DEFAULT).setCreationTime(creationTime);
|
||||||
|
|
||||||
|
// Set default acls.
|
||||||
|
builder.setAcls(getDefaultAcls(userName));
|
||||||
|
|
||||||
|
return builder.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -368,5 +376,14 @@ public class S3BucketCreateRequest extends OMVolumeRequest {
|
||||||
auditMap.put(s3BucketName, OzoneConsts.S3_BUCKET);
|
auditMap.put(s3BucketName, OzoneConsts.S3_BUCKET);
|
||||||
return auditMap;
|
return auditMap;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get default acls.
|
||||||
|
* */
|
||||||
|
private List<OzoneAcl> getDefaultAcls(String userName) {
|
||||||
|
UserGroupInformation ugi = createUGI();
|
||||||
|
return OzoneAcl.parseAcls("user:" + (ugi == null ? userName :
|
||||||
|
ugi.getUserName()) + ":a,user:" + S3_ADMIN_NAME + ":a");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -43,8 +43,6 @@ import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.OMResponse;
|
.OMResponse;
|
||||||
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.S3DeleteBucketRequest;
|
.S3DeleteBucketRequest;
|
||||||
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
|
|
||||||
import org.apache.hadoop.ozone.security.acl.OzoneObj;
|
|
||||||
import org.apache.hadoop.utils.db.cache.CacheKey;
|
import org.apache.hadoop.utils.db.cache.CacheKey;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheValue;
|
import org.apache.hadoop.utils.db.cache.CacheValue;
|
||||||
|
|
||||||
|
@ -107,13 +105,7 @@ public class S3BucketDeleteRequest extends OMVolumeRequest {
|
||||||
OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
|
OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
|
||||||
OMClientResponse omClientResponse = null;
|
OMClientResponse omClientResponse = null;
|
||||||
try {
|
try {
|
||||||
// check Acl
|
// TODO to support S3 ACL later.
|
||||||
if (ozoneManager.getAclsEnabled()) {
|
|
||||||
checkAcls(ozoneManager, OzoneObj.ResourceType.BUCKET,
|
|
||||||
OzoneObj.StoreType.S3, IAccessAuthorizer.ACLType.DELETE, null,
|
|
||||||
s3BucketName, null);
|
|
||||||
}
|
|
||||||
|
|
||||||
acquiredS3Lock = omMetadataManager.getLock().acquireLock(S3_BUCKET_LOCK,
|
acquiredS3Lock = omMetadataManager.getLock().acquireLock(S3_BUCKET_LOCK,
|
||||||
s3BucketName);
|
s3BucketName);
|
||||||
|
|
||||||
|
|
|
@ -36,8 +36,6 @@ import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.Multipa
|
||||||
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.MultipartInfoInitiateResponse;
|
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.MultipartInfoInitiateResponse;
|
||||||
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMRequest;
|
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMRequest;
|
||||||
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMResponse;
|
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMResponse;
|
||||||
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
|
|
||||||
import org.apache.hadoop.ozone.security.acl.OzoneObj;
|
|
||||||
import org.apache.hadoop.util.Time;
|
import org.apache.hadoop.util.Time;
|
||||||
import org.apache.hadoop.utils.UniqueId;
|
import org.apache.hadoop.utils.UniqueId;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheKey;
|
import org.apache.hadoop.utils.db.cache.CacheKey;
|
||||||
|
@ -114,13 +112,7 @@ public class S3InitiateMultipartUploadRequest extends OMKeyRequest {
|
||||||
.setSuccess(true);
|
.setSuccess(true);
|
||||||
OMClientResponse omClientResponse = null;
|
OMClientResponse omClientResponse = null;
|
||||||
try {
|
try {
|
||||||
// check Acl
|
// TODO to support S3 ACL later.
|
||||||
if (ozoneManager.getAclsEnabled()) {
|
|
||||||
checkAcls(ozoneManager, OzoneObj.ResourceType.KEY,
|
|
||||||
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE,
|
|
||||||
volumeName, bucketName, keyName);
|
|
||||||
}
|
|
||||||
|
|
||||||
acquiredBucketLock =
|
acquiredBucketLock =
|
||||||
omMetadataManager.getLock().acquireLock(BUCKET_LOCK, volumeName,
|
omMetadataManager.getLock().acquireLock(BUCKET_LOCK, volumeName,
|
||||||
bucketName);
|
bucketName);
|
||||||
|
|
|
@ -44,8 +44,6 @@ import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.OMRequest;
|
.OMRequest;
|
||||||
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.OMResponse;
|
.OMResponse;
|
||||||
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
|
|
||||||
import org.apache.hadoop.ozone.security.acl.OzoneObj;
|
|
||||||
import org.apache.hadoop.util.Time;
|
import org.apache.hadoop.util.Time;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheKey;
|
import org.apache.hadoop.utils.db.cache.CacheKey;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheValue;
|
import org.apache.hadoop.utils.db.cache.CacheValue;
|
||||||
|
@ -98,13 +96,7 @@ public class S3MultipartUploadAbortRequest extends OMKeyRequest {
|
||||||
.setSuccess(true);
|
.setSuccess(true);
|
||||||
OMClientResponse omClientResponse = null;
|
OMClientResponse omClientResponse = null;
|
||||||
try {
|
try {
|
||||||
// check Acl
|
// TODO to support S3 ACL later.
|
||||||
if (ozoneManager.getAclsEnabled()) {
|
|
||||||
checkAcls(ozoneManager, OzoneObj.ResourceType.KEY,
|
|
||||||
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE,
|
|
||||||
volumeName, bucketName, keyName);
|
|
||||||
}
|
|
||||||
|
|
||||||
acquiredLock =
|
acquiredLock =
|
||||||
omMetadataManager.getLock().acquireLock(BUCKET_LOCK, volumeName,
|
omMetadataManager.getLock().acquireLock(BUCKET_LOCK, volumeName,
|
||||||
bucketName);
|
bucketName);
|
||||||
|
|
|
@ -40,8 +40,6 @@ import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.OMRequest;
|
.OMRequest;
|
||||||
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.OMResponse;
|
.OMResponse;
|
||||||
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
|
|
||||||
import org.apache.hadoop.ozone.security.acl.OzoneObj;
|
|
||||||
import org.apache.hadoop.util.Time;
|
import org.apache.hadoop.util.Time;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheKey;
|
import org.apache.hadoop.utils.db.cache.CacheKey;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheValue;
|
import org.apache.hadoop.utils.db.cache.CacheValue;
|
||||||
|
@ -111,13 +109,7 @@ public class S3MultipartUploadCommitPartRequest extends OMKeyRequest {
|
||||||
String multipartKey = null;
|
String multipartKey = null;
|
||||||
OmMultipartKeyInfo multipartKeyInfo = null;
|
OmMultipartKeyInfo multipartKeyInfo = null;
|
||||||
try {
|
try {
|
||||||
// check Acl
|
// TODO to support S3 ACL later.
|
||||||
if (ozoneManager.getAclsEnabled()) {
|
|
||||||
checkAcls(ozoneManager, OzoneObj.ResourceType.KEY,
|
|
||||||
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE,
|
|
||||||
volumeName, bucketName, keyName);
|
|
||||||
}
|
|
||||||
|
|
||||||
acquiredLock =
|
acquiredLock =
|
||||||
omMetadataManager.getLock().acquireLock(BUCKET_LOCK, volumeName,
|
omMetadataManager.getLock().acquireLock(BUCKET_LOCK, volumeName,
|
||||||
bucketName);
|
bucketName);
|
||||||
|
|
|
@ -59,8 +59,6 @@ import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.OMResponse;
|
.OMResponse;
|
||||||
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos
|
||||||
.PartKeyInfo;
|
.PartKeyInfo;
|
||||||
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
|
|
||||||
import org.apache.hadoop.ozone.security.acl.OzoneObj;
|
|
||||||
import org.apache.hadoop.util.Time;
|
import org.apache.hadoop.util.Time;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheKey;
|
import org.apache.hadoop.utils.db.cache.CacheKey;
|
||||||
import org.apache.hadoop.utils.db.cache.CacheValue;
|
import org.apache.hadoop.utils.db.cache.CacheValue;
|
||||||
|
@ -125,13 +123,7 @@ public class S3MultipartUploadCompleteRequest extends OMKeyRequest {
|
||||||
IOException exception = null;
|
IOException exception = null;
|
||||||
OmMultipartUploadList multipartUploadList = null;
|
OmMultipartUploadList multipartUploadList = null;
|
||||||
try {
|
try {
|
||||||
// check Acl
|
// TODO to support S3 ACL later.
|
||||||
if (ozoneManager.getAclsEnabled()) {
|
|
||||||
checkAcls(ozoneManager, OzoneObj.ResourceType.KEY,
|
|
||||||
OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE,
|
|
||||||
volumeName, bucketName, keyName);
|
|
||||||
}
|
|
||||||
|
|
||||||
TreeMap<Integer, String> partsMap = new TreeMap<>();
|
TreeMap<Integer, String> partsMap = new TreeMap<>();
|
||||||
for (OzoneManagerProtocolProtos.Part part : partsList) {
|
for (OzoneManagerProtocolProtos.Part part : partsList) {
|
||||||
partsMap.put(part.getPartNumber(), part.getPartName());
|
partsMap.put(part.getPartNumber(), part.getPartName());
|
||||||
|
|
Loading…
Reference in New Issue