HDFS-5923. Do not persist the ACL bit in the FsPermission. Contributed by Haohui Mai.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/HDFS-4685@1567784 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Chris Nauroth 2014-02-12 22:54:49 +00:00
parent 6d2a0aa1db
commit fc14360b03
13 changed files with 301 additions and 322 deletions

View File

@ -58,7 +58,6 @@ public class FsPermission implements Writable {
private FsAction groupaction = null; private FsAction groupaction = null;
private FsAction otheraction = null; private FsAction otheraction = null;
private boolean stickyBit = false; private boolean stickyBit = false;
private boolean aclBit = false;
private FsPermission() {} private FsPermission() {}
@ -73,20 +72,7 @@ public class FsPermission implements Writable {
} }
public FsPermission(FsAction u, FsAction g, FsAction o, boolean sb) { public FsPermission(FsAction u, FsAction g, FsAction o, boolean sb) {
this(u, g, o, sb, false); set(u, g, o, sb);
}
/**
* Construct by the given {@link FsAction} and special bits.
* @param u user action
* @param g group action
* @param o other action
* @param sb sticky bit
* @param ab ACL bit
*/
public FsPermission(FsAction u, FsAction g, FsAction o, boolean sb,
boolean ab) {
set(u, g, o, sb, ab);
} }
/** /**
@ -106,7 +92,6 @@ public class FsPermission implements Writable {
this.groupaction = other.groupaction; this.groupaction = other.groupaction;
this.otheraction = other.otheraction; this.otheraction = other.otheraction;
this.stickyBit = other.stickyBit; this.stickyBit = other.stickyBit;
this.aclBit = other.aclBit;
} }
/** /**
@ -127,18 +112,16 @@ public class FsPermission implements Writable {
/** Return other {@link FsAction}. */ /** Return other {@link FsAction}. */
public FsAction getOtherAction() {return otheraction;} public FsAction getOtherAction() {return otheraction;}
private void set(FsAction u, FsAction g, FsAction o, boolean sb, boolean ab) { private void set(FsAction u, FsAction g, FsAction o, boolean sb) {
useraction = u; useraction = u;
groupaction = g; groupaction = g;
otheraction = o; otheraction = o;
stickyBit = sb; stickyBit = sb;
aclBit = ab;
} }
public void fromShort(short n) { public void fromShort(short n) {
FsAction[] v = FSACTION_VALUES; FsAction[] v = FSACTION_VALUES;
set(v[(n >>> 6) & 7], v[(n >>> 3) & 7], v[n & 7], (((n >>> 9) & 1) == 1), set(v[(n >>> 6) & 7], v[(n >>> 3) & 7], v[n & 7], (((n >>> 9) & 1) == 1) );
(((n >>> 10) & 1) == 1) );
} }
@Override @Override
@ -164,8 +147,7 @@ public class FsPermission implements Writable {
* Encode the object to a short. * Encode the object to a short.
*/ */
public short toShort() { public short toShort() {
int s = (aclBit ? 1 << 10 : 0) | int s = (stickyBit ? 1 << 9 : 0) |
(stickyBit ? 1 << 9 : 0) |
(useraction.ordinal() << 6) | (useraction.ordinal() << 6) |
(groupaction.ordinal() << 3) | (groupaction.ordinal() << 3) |
otheraction.ordinal(); otheraction.ordinal();
@ -180,8 +162,7 @@ public class FsPermission implements Writable {
return this.useraction == that.useraction return this.useraction == that.useraction
&& this.groupaction == that.groupaction && this.groupaction == that.groupaction
&& this.otheraction == that.otheraction && this.otheraction == that.otheraction
&& this.stickyBit == that.stickyBit && this.stickyBit == that.stickyBit;
&& this.aclBit == that.aclBit;
} }
return false; return false;
} }
@ -191,19 +172,15 @@ public class FsPermission implements Writable {
@Override @Override
public String toString() { public String toString() {
StringBuilder sb = new StringBuilder(); String str = useraction.SYMBOL + groupaction.SYMBOL + otheraction.SYMBOL;
sb.append(useraction.SYMBOL); if(stickyBit) {
sb.append(groupaction.SYMBOL); StringBuilder str2 = new StringBuilder(str);
sb.append(otheraction.SYMBOL); str2.replace(str2.length() - 1, str2.length(),
if (stickyBit) {
sb.replace(sb.length() - 1, sb.length(),
otheraction.implies(FsAction.EXECUTE) ? "t" : "T"); otheraction.implies(FsAction.EXECUTE) ? "t" : "T");
} str = str2.toString();
if (aclBit) {
sb.append('+');
} }
return sb.toString(); return str;
} }
/** /**
@ -293,15 +270,6 @@ public class FsPermission implements Writable {
return stickyBit; return stickyBit;
} }
/**
* Returns true if there is also an ACL (access control list).
*
* @return boolean true if there is also an ACL (access control list).
*/
public boolean getAclBit() {
return aclBit;
}
/** Set the user file creation mask (umask) */ /** Set the user file creation mask (umask) */
public static void setUMask(Configuration conf, FsPermission umask) { public static void setUMask(Configuration conf, FsPermission umask) {
conf.set(UMASK_LABEL, String.format("%1$03o", umask.toShort())); conf.set(UMASK_LABEL, String.format("%1$03o", umask.toShort()));
@ -351,14 +319,13 @@ public class FsPermission implements Writable {
if (unixSymbolicPermission == null) { if (unixSymbolicPermission == null) {
return null; return null;
} }
else if (unixSymbolicPermission.length() != 10 && else if (unixSymbolicPermission.length() != 10) {
unixSymbolicPermission.length() != 11) { throw new IllegalArgumentException("length != 10(unixSymbolicPermission="
throw new IllegalArgumentException("invalid length(unixSymbolicPermission="
+ unixSymbolicPermission + ")"); + unixSymbolicPermission + ")");
} }
int n = 0; int n = 0;
for(int i = 1; i < 10; i++) { for(int i = 1; i < unixSymbolicPermission.length(); i++) {
n = n << 1; n = n << 1;
char c = unixSymbolicPermission.charAt(i); char c = unixSymbolicPermission.charAt(i);
n += (c == '-' || c == 'T' || c == 'S') ? 0: 1; n += (c == '-' || c == 'T' || c == 'S') ? 0: 1;
@ -369,11 +336,6 @@ public class FsPermission implements Writable {
unixSymbolicPermission.charAt(9) == 'T') unixSymbolicPermission.charAt(9) == 'T')
n += 01000; n += 01000;
// Add ACL bit value if set
if (unixSymbolicPermission.length() == 11 &&
unixSymbolicPermission.charAt(10) == '+')
n += (1 << 10);
return new FsPermission((short)n); return new FsPermission((short)n);
} }

View File

@ -92,11 +92,12 @@ class AclCommands extends FsCommand {
} }
FsPermission perm = item.stat.getPermission(); FsPermission perm = item.stat.getPermission();
if (perm.getAclBit()) { if (entries.isEmpty()) {
printExtendedAcl(perm, entries);
} else {
printMinimalAcl(perm); printMinimalAcl(perm);
} else {
printExtendedAcl(perm, entries);
} }
out.println(); out.println();
} }

View File

@ -54,7 +54,7 @@ public class TestFsPermission extends TestCase {
* the expected values back out for all combinations * the expected values back out for all combinations
*/ */
public void testConvertingPermissions() { public void testConvertingPermissions() {
for(short s = 0; s <= 03777; s++) { for(short s = 0; s <= 01777; s++) {
assertEquals(s, new FsPermission(s).toShort()); assertEquals(s, new FsPermission(s).toShort());
} }
@ -70,15 +70,6 @@ public class TestFsPermission extends TestCase {
FsPermission f2 = new FsPermission(f); FsPermission f2 = new FsPermission(f);
assertEquals(s, f2.toShort()); assertEquals(s, f2.toShort());
// Cover constructor with sticky bit and ACL bit.
for(boolean ab : new boolean [] { false, true }) {
short s2 = (short)(ab ? s | (1 << 10) : s);
FsPermission f3 = new FsPermission(u, g, o, sb, ab);
assertEquals(s2, f3.toShort());
FsPermission f4 = new FsPermission(f3);
assertEquals(s2, f4.toShort());
}
s++; s++;
} }
} }
@ -87,34 +78,27 @@ public class TestFsPermission extends TestCase {
} }
public void testSpecialBitsToString() { public void testSpecialBitsToString() {
for(boolean ab : new boolean [] { false, true }) { for (boolean sb : new boolean[] { false, true }) {
for(boolean sb : new boolean [] { false, true }) { for (FsAction u : FsAction.values()) {
for(FsAction u : FsAction.values()) { for (FsAction g : FsAction.values()) {
for(FsAction g : FsAction.values()) { for (FsAction o : FsAction.values()) {
for(FsAction o : FsAction.values()) { FsPermission f = new FsPermission(u, g, o, sb);
FsPermission f = new FsPermission(u, g, o, sb, ab); String fString = f.toString();
String fString = f.toString();
// Check that sticky bit is represented correctly. // Check that sticky bit is represented correctly.
if(f.getStickyBit() && f.getOtherAction().implies(EXECUTE)) if (f.getStickyBit() && f.getOtherAction().implies(EXECUTE))
assertEquals('t', fString.charAt(8)); assertEquals('t', fString.charAt(8));
else if(f.getStickyBit() && !f.getOtherAction().implies(EXECUTE)) else if (f.getStickyBit() && !f.getOtherAction().implies(EXECUTE))
assertEquals('T', fString.charAt(8)); assertEquals('T', fString.charAt(8));
else if(!f.getStickyBit() && f.getOtherAction().implies(EXECUTE)) else if (!f.getStickyBit() && f.getOtherAction().implies(EXECUTE))
assertEquals('x', fString.charAt(8)); assertEquals('x', fString.charAt(8));
else else
assertEquals('-', fString.charAt(8)); assertEquals('-', fString.charAt(8));
// Check that ACL bit is represented correctly. assertEquals(9, fString.length());
if (f.getAclBit()) {
assertEquals(10, fString.length());
assertEquals('+', fString.charAt(9));
} else {
assertEquals(9, fString.length());
}
}
} }
} }
} }
} }
} }
@ -122,7 +106,7 @@ public class TestFsPermission extends TestCase {
public void testFsPermission() { public void testFsPermission() {
String symbolic = "-rwxrwxrwx"; String symbolic = "-rwxrwxrwx";
for(int i = 0; i < (1 << 11); i++) { for(int i = 0; i < (1 << 10); i++) {
StringBuilder b = new StringBuilder("----------"); StringBuilder b = new StringBuilder("----------");
String binary = String.format("%11s", Integer.toBinaryString(i)); String binary = String.format("%11s", Integer.toBinaryString(i));
String permBinary = binary.substring(2, binary.length()); String permBinary = binary.substring(2, binary.length());
@ -141,11 +125,6 @@ public class TestFsPermission extends TestCase {
b.setCharAt(9, replacement); b.setCharAt(9, replacement);
} }
// Check for ACL bit.
if (binary.charAt(0) == '1') {
b.append('+');
}
assertEquals(i, FsPermission.valueOf(b.toString()).toShort()); assertEquals(i, FsPermission.valueOf(b.toString()).toShort());
} }
} }

View File

@ -75,6 +75,9 @@ HDFS-4685 (Unreleased)
HDFS-5925. ACL configuration flag must only reject ACL API calls, not ACLs HDFS-5925. ACL configuration flag must only reject ACL API calls, not ACLs
present in fsimage or edits. (cnauroth) present in fsimage or edits. (cnauroth)
HDFS-5923. Do not persist the ACL bit in the FsPermission.
(Haohui Mai via cnauroth)
OPTIMIZATIONS OPTIMIZATIONS
BUG FIXES BUG FIXES

View File

@ -20,6 +20,7 @@ package org.apache.hadoop.hdfs.server.namenode;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists; import com.google.common.collect.Lists;
import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceAudience;
@ -67,12 +68,8 @@ final class AclStorage {
*/ */
public static void copyINodeDefaultAcl(INode child) { public static void copyINodeDefaultAcl(INode child) {
INodeDirectory parent = child.getParent(); INodeDirectory parent = child.getParent();
if (!parent.getFsPermission().getAclBit()) { AclFeature parentAclFeature = parent.getAclFeature();
return; if (parentAclFeature == null || !(child.isFile() || child.isDirectory())) {
}
// The default ACL is applicable to new child files and directories only.
if (!child.isFile() && !child.isDirectory()) {
return; return;
} }
@ -153,12 +150,8 @@ final class AclStorage {
* @return List<AclEntry> containing extended inode ACL entries * @return List<AclEntry> containing extended inode ACL entries
*/ */
public static List<AclEntry> readINodeAcl(INode inode, int snapshotId) { public static List<AclEntry> readINodeAcl(INode inode, int snapshotId) {
FsPermission perm = inode.getFsPermission(snapshotId); AclFeature f = inode.getAclFeature(snapshotId);
if (perm.getAclBit()) { return f == null ? ImmutableList.<AclEntry> of() : f.getEntries();
return inode.getAclFeature(snapshotId).getEntries();
} else {
return Collections.emptyList();
}
} }
/** /**
@ -176,57 +169,51 @@ final class AclStorage {
* @return List<AclEntry> containing all logical inode ACL entries * @return List<AclEntry> containing all logical inode ACL entries
*/ */
public static List<AclEntry> readINodeLogicalAcl(INode inode) { public static List<AclEntry> readINodeLogicalAcl(INode inode) {
final List<AclEntry> existingAcl;
FsPermission perm = inode.getFsPermission(); FsPermission perm = inode.getFsPermission();
if (perm.getAclBit()) { AclFeature f = inode.getAclFeature();
// Split ACL entries stored in the feature into access vs. default. if (f == null) {
List<AclEntry> featureEntries = inode.getAclFeature().getEntries(); return getMinimalAcl(perm);
ScopedAclEntries scoped = new ScopedAclEntries(featureEntries);
List<AclEntry> accessEntries = scoped.getAccessEntries();
List<AclEntry> defaultEntries = scoped.getDefaultEntries();
// Pre-allocate list size for the explicit entries stored in the feature
// plus the 3 implicit entries (owner, group and other) from the permission
// bits.
existingAcl = Lists.newArrayListWithCapacity(featureEntries.size() + 3);
if (!accessEntries.isEmpty()) {
// Add owner entry implied from user permission bits.
existingAcl.add(new AclEntry.Builder()
.setScope(AclEntryScope.ACCESS)
.setType(AclEntryType.USER)
.setPermission(perm.getUserAction())
.build());
// Next add all named user and group entries taken from the feature.
existingAcl.addAll(accessEntries);
// Add mask entry implied from group permission bits.
existingAcl.add(new AclEntry.Builder()
.setScope(AclEntryScope.ACCESS)
.setType(AclEntryType.MASK)
.setPermission(perm.getGroupAction())
.build());
// Add other entry implied from other permission bits.
existingAcl.add(new AclEntry.Builder()
.setScope(AclEntryScope.ACCESS)
.setType(AclEntryType.OTHER)
.setPermission(perm.getOtherAction())
.build());
} else {
// It's possible that there is a default ACL but no access ACL. In this
// case, add the minimal access ACL implied by the permission bits.
existingAcl.addAll(getMinimalAcl(perm));
}
// Add all default entries after the access entries.
existingAcl.addAll(defaultEntries);
} else {
// If the inode doesn't have an extended ACL, then return a minimal ACL.
existingAcl = getMinimalAcl(perm);
} }
final List<AclEntry> existingAcl;
// Split ACL entries stored in the feature into access vs. default.
List<AclEntry> featureEntries = f.getEntries();
ScopedAclEntries scoped = new ScopedAclEntries(featureEntries);
List<AclEntry> accessEntries = scoped.getAccessEntries();
List<AclEntry> defaultEntries = scoped.getDefaultEntries();
// Pre-allocate list size for the explicit entries stored in the feature
// plus the 3 implicit entries (owner, group and other) from the permission
// bits.
existingAcl = Lists.newArrayListWithCapacity(featureEntries.size() + 3);
if (!accessEntries.isEmpty()) {
// Add owner entry implied from user permission bits.
existingAcl.add(new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
.setType(AclEntryType.USER).setPermission(perm.getUserAction())
.build());
// Next add all named user and group entries taken from the feature.
existingAcl.addAll(accessEntries);
// Add mask entry implied from group permission bits.
existingAcl.add(new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
.setType(AclEntryType.MASK).setPermission(perm.getGroupAction())
.build());
// Add other entry implied from other permission bits.
existingAcl.add(new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
.setType(AclEntryType.OTHER).setPermission(perm.getOtherAction())
.build());
} else {
// It's possible that there is a default ACL but no access ACL. In this
// case, add the minimal access ACL implied by the permission bits.
existingAcl.addAll(getMinimalAcl(perm));
}
// Add all default entries after the access entries.
existingAcl.addAll(defaultEntries);
// The above adds entries in the correct order, so no need to sort here. // The above adds entries in the correct order, so no need to sort here.
return existingAcl; return existingAcl;
} }
@ -240,32 +227,28 @@ final class AclStorage {
*/ */
public static void removeINodeAcl(INode inode, int snapshotId) public static void removeINodeAcl(INode inode, int snapshotId)
throws QuotaExceededException { throws QuotaExceededException {
FsPermission perm = inode.getFsPermission(); AclFeature f = inode.getAclFeature();
if (perm.getAclBit()) { if (f == null) {
List<AclEntry> featureEntries = inode.getAclFeature().getEntries(); return;
final FsAction groupPerm; }
if (featureEntries.get(0).getScope() == AclEntryScope.ACCESS) {
// Restore group permissions from the feature's entry to permission
// bits, overwriting the mask, which is not part of a minimal ACL.
AclEntry groupEntryKey = new AclEntry.Builder()
.setScope(AclEntryScope.ACCESS)
.setType(AclEntryType.GROUP)
.build();
int groupEntryIndex = Collections.binarySearch(featureEntries,
groupEntryKey, AclTransformation.ACL_ENTRY_COMPARATOR);
assert groupEntryIndex >= 0;
groupPerm = featureEntries.get(groupEntryIndex).getPermission();
} else {
groupPerm = perm.getGroupAction();
}
// Remove the feature and turn off the ACL bit. FsPermission perm = inode.getFsPermission();
inode.removeAclFeature(snapshotId); List<AclEntry> featureEntries = f.getEntries();
FsPermission newPerm = new FsPermission(perm.getUserAction(), if (featureEntries.get(0).getScope() == AclEntryScope.ACCESS) {
groupPerm, perm.getOtherAction(), // Restore group permissions from the feature's entry to permission
perm.getStickyBit(), false); // bits, overwriting the mask, which is not part of a minimal ACL.
AclEntry groupEntryKey = new AclEntry.Builder()
.setScope(AclEntryScope.ACCESS).setType(AclEntryType.GROUP).build();
int groupEntryIndex = Collections.binarySearch(featureEntries,
groupEntryKey, AclTransformation.ACL_ENTRY_COMPARATOR);
assert groupEntryIndex >= 0;
FsAction groupPerm = featureEntries.get(groupEntryIndex).getPermission();
FsPermission newPerm = new FsPermission(perm.getUserAction(), groupPerm,
perm.getOtherAction(), perm.getStickyBit());
inode.setPermission(newPerm, snapshotId); inode.setPermission(newPerm, snapshotId);
} }
inode.removeAclFeature(snapshotId);
} }
/** /**
@ -297,7 +280,7 @@ final class AclStorage {
} }
// Attach entries to the feature. // Attach entries to the feature.
if (perm.getAclBit()) { if (inode.getAclFeature() != null) {
inode.removeAclFeature(snapshotId); inode.removeAclFeature(snapshotId);
} }
inode.addAclFeature(createAclFeature(accessEntries, defaultEntries), inode.addAclFeature(createAclFeature(accessEntries, defaultEntries),
@ -305,7 +288,7 @@ final class AclStorage {
newPerm = createFsPermissionForExtendedAcl(accessEntries, perm); newPerm = createFsPermissionForExtendedAcl(accessEntries, perm);
} else { } else {
// This is a minimal ACL. Remove the ACL feature if it previously had one. // This is a minimal ACL. Remove the ACL feature if it previously had one.
if (perm.getAclBit()) { if (inode.getAclFeature() != null) {
inode.removeAclFeature(snapshotId); inode.removeAclFeature(snapshotId);
} }
newPerm = createFsPermissionForMinimalAcl(newAcl, perm); newPerm = createFsPermissionForMinimalAcl(newAcl, perm);
@ -363,7 +346,7 @@ final class AclStorage {
return new FsPermission(accessEntries.get(0).getPermission(), return new FsPermission(accessEntries.get(0).getPermission(),
accessEntries.get(accessEntries.size() - 2).getPermission(), accessEntries.get(accessEntries.size() - 2).getPermission(),
accessEntries.get(accessEntries.size() - 1).getPermission(), accessEntries.get(accessEntries.size() - 1).getPermission(),
existingPerm.getStickyBit(), true); existingPerm.getStickyBit());
} }
/** /**
@ -381,7 +364,7 @@ final class AclStorage {
return new FsPermission(accessEntries.get(0).getPermission(), return new FsPermission(accessEntries.get(0).getPermission(),
accessEntries.get(1).getPermission(), accessEntries.get(1).getPermission(),
accessEntries.get(2).getPermission(), accessEntries.get(2).getPermission(),
existingPerm.getStickyBit(), false); existingPerm.getStickyBit());
} }
/** /**

View File

@ -1177,16 +1177,6 @@ public class FSDirectory implements Closeable {
throw new FileNotFoundException("File does not exist: " + src); throw new FileNotFoundException("File does not exist: " + src);
} }
int snapshotId = inodesInPath.getLatestSnapshotId(); int snapshotId = inodesInPath.getLatestSnapshotId();
FsPermission oldPerm = inode.getPermissionStatus(snapshotId).getPermission();
// This method cannot toggle the ACL bit.
if (oldPerm.getAclBit() != permissions.getAclBit()) {
permissions = new FsPermission(
permissions.getUserAction(),
permissions.getGroupAction(),
permissions.getOtherAction(),
permissions.getStickyBit(),
oldPerm.getAclBit());
}
inode.setPermission(permissions, snapshotId); inode.setPermission(permissions, snapshotId);
} }

View File

@ -696,10 +696,13 @@ public class FSEditLog implements LogsPurgeable {
.setBlockSize(newNode.getPreferredBlockSize()) .setBlockSize(newNode.getPreferredBlockSize())
.setBlocks(newNode.getBlocks()) .setBlocks(newNode.getBlocks())
.setPermissionStatus(permissions) .setPermissionStatus(permissions)
.setAclEntries(permissions.getPermission().getAclBit() ?
AclStorage.readINodeLogicalAcl(newNode) : null)
.setClientName(newNode.getFileUnderConstructionFeature().getClientName()) .setClientName(newNode.getFileUnderConstructionFeature().getClientName())
.setClientMachine(newNode.getFileUnderConstructionFeature().getClientMachine()); .setClientMachine(newNode.getFileUnderConstructionFeature().getClientMachine());
AclFeature f = newNode.getAclFeature();
if (f != null) {
op.setAclEntries(AclStorage.readINodeLogicalAcl(newNode));
}
logRpcIds(op, toLogRpcIds); logRpcIds(op, toLogRpcIds);
logEdit(op); logEdit(op);
} }
@ -749,9 +752,12 @@ public class FSEditLog implements LogsPurgeable {
.setInodeId(newNode.getId()) .setInodeId(newNode.getId())
.setPath(path) .setPath(path)
.setTimestamp(newNode.getModificationTime()) .setTimestamp(newNode.getModificationTime())
.setPermissionStatus(permissions) .setPermissionStatus(permissions);
.setAclEntries(permissions.getPermission().getAclBit() ?
AclStorage.readINodeLogicalAcl(newNode) : null); AclFeature f = newNode.getAclFeature();
if (f != null) {
op.setAclEntries(AclStorage.readINodeLogicalAcl(newNode));
}
logEdit(op); logEdit(op);
} }

View File

@ -298,6 +298,75 @@ public abstract class FSEditLogOp {
Integer.valueOf(callId).toString()); Integer.valueOf(callId).toString());
} }
private static final class AclEditLogUtil {
private static final int ACL_EDITLOG_ENTRY_HAS_NAME_OFFSET = 6;
private static final int ACL_EDITLOG_ENTRY_TYPE_OFFSET = 3;
private static final int ACL_EDITLOG_ENTRY_SCOPE_OFFSET = 5;
private static final int ACL_EDITLOG_PERM_MASK = 7;
private static final int ACL_EDITLOG_ENTRY_TYPE_MASK = 3;
private static final int ACL_EDITLOG_ENTRY_SCOPE_MASK = 1;
private static final FsAction[] FSACTION_VALUES = FsAction.values();
private static final AclEntryScope[] ACL_ENTRY_SCOPE_VALUES = AclEntryScope
.values();
private static final AclEntryType[] ACL_ENTRY_TYPE_VALUES = AclEntryType
.values();
private static List<AclEntry> read(DataInputStream in, int logVersion)
throws IOException {
if (!LayoutVersion.supports(Feature.EXTENDED_ACL, logVersion)) {
return null;
}
int size = in.readInt();
if (size == 0) {
return null;
}
List<AclEntry> aclEntries = Lists.newArrayListWithCapacity(size);
for (int i = 0; i < size; ++i) {
int v = in.read();
int p = v & ACL_EDITLOG_PERM_MASK;
int t = (v >> ACL_EDITLOG_ENTRY_TYPE_OFFSET)
& ACL_EDITLOG_ENTRY_TYPE_MASK;
int s = (v >> ACL_EDITLOG_ENTRY_SCOPE_OFFSET)
& ACL_EDITLOG_ENTRY_SCOPE_MASK;
boolean hasName = ((v >> ACL_EDITLOG_ENTRY_HAS_NAME_OFFSET) & 1) == 1;
String name = hasName ? FSImageSerialization.readString(in) : null;
aclEntries.add(new AclEntry.Builder().setName(name)
.setPermission(FSACTION_VALUES[p])
.setScope(ACL_ENTRY_SCOPE_VALUES[s])
.setType(ACL_ENTRY_TYPE_VALUES[t]).build());
}
return aclEntries;
}
private static void write(List<AclEntry> aclEntries, DataOutputStream out)
throws IOException {
if (aclEntries == null) {
out.writeInt(0);
return;
}
out.writeInt(aclEntries.size());
for (AclEntry e : aclEntries) {
boolean hasName = e.getName() != null;
int v = (e.getScope().ordinal() << ACL_EDITLOG_ENTRY_SCOPE_OFFSET)
| (e.getType().ordinal() << ACL_EDITLOG_ENTRY_TYPE_OFFSET)
| e.getPermission().ordinal();
if (hasName) {
v |= 1 << ACL_EDITLOG_ENTRY_HAS_NAME_OFFSET;
}
out.write(v);
if (hasName) {
FSImageSerialization.writeString(e.getName(), out);
}
}
}
}
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
static abstract class AddCloseOp extends FSEditLogOp implements BlockListUpdatingOp { static abstract class AddCloseOp extends FSEditLogOp implements BlockListUpdatingOp {
int length; int length;
@ -399,11 +468,12 @@ public abstract class FSEditLogOp {
permissions.write(out); permissions.write(out);
if (this.opCode == OP_ADD) { if (this.opCode == OP_ADD) {
if (permissions.getPermission().getAclBit()) { boolean hasAcl = aclEntries != null;
out.writeBoolean(hasAcl);
if (hasAcl) {
AclFeatureProto.newBuilder() AclFeatureProto.newBuilder()
.addAllEntries(PBHelper.convertAclEntryProto(aclEntries)) .addAllEntries(PBHelper.convertAclEntryProto(aclEntries)).build()
.build() .writeDelimitedTo(out);
.writeDelimitedTo(out);
} }
FSImageSerialization.writeString(clientName,out); FSImageSerialization.writeString(clientName,out);
@ -464,13 +534,7 @@ public abstract class FSEditLogOp {
// clientname, clientMachine and block locations of last block. // clientname, clientMachine and block locations of last block.
if (this.opCode == OP_ADD) { if (this.opCode == OP_ADD) {
if (permissions.getPermission().getAclBit()) { aclEntries = AclEditLogUtil.read(in, logVersion);
aclEntries = PBHelper.convertAclEntry(
AclFeatureProto.parseDelimitedFrom((DataInputStream)in)
.getEntriesList());
} else {
aclEntries = null;
}
this.clientName = FSImageSerialization.readString(in); this.clientName = FSImageSerialization.readString(in);
this.clientMachine = FSImageSerialization.readString(in); this.clientMachine = FSImageSerialization.readString(in);
@ -562,7 +626,7 @@ public abstract class FSEditLogOp {
} }
FSEditLogOp.permissionStatusToXml(contentHandler, permissions); FSEditLogOp.permissionStatusToXml(contentHandler, permissions);
if (this.opCode == OP_ADD) { if (this.opCode == OP_ADD) {
if (permissions.getPermission().getAclBit()) { if (aclEntries != null) {
appendAclEntriesToXml(contentHandler, aclEntries); appendAclEntriesToXml(contentHandler, aclEntries);
} }
appendRpcIdsToXml(contentHandler, rpcClientId, rpcCallId); appendRpcIdsToXml(contentHandler, rpcClientId, rpcCallId);
@ -590,11 +654,7 @@ public abstract class FSEditLogOp {
this.blocks = new Block[0]; this.blocks = new Block[0];
} }
this.permissions = permissionStatusFromXml(st); this.permissions = permissionStatusFromXml(st);
if (permissions.getPermission().getAclBit()) { aclEntries = readAclEntriesFromXml(st);
aclEntries = readAclEntriesFromXml(st);
} else {
aclEntries = null;
}
readRpcIdsFromXml(st); readRpcIdsFromXml(st);
} }
} }
@ -1304,11 +1364,13 @@ public abstract class FSEditLogOp {
FSImageSerialization.writeLong(timestamp, out); // mtime FSImageSerialization.writeLong(timestamp, out); // mtime
FSImageSerialization.writeLong(timestamp, out); // atime, unused at this FSImageSerialization.writeLong(timestamp, out); // atime, unused at this
permissions.write(out); permissions.write(out);
if (permissions.getPermission().getAclBit()) {
boolean hasAcl = aclEntries != null;
out.writeBoolean(hasAcl);
if (hasAcl) {
AclFeatureProto.newBuilder() AclFeatureProto.newBuilder()
.addAllEntries(PBHelper.convertAclEntryProto(aclEntries)) .addAllEntries(PBHelper.convertAclEntryProto(aclEntries)).build()
.build() .writeDelimitedTo(out);
.writeDelimitedTo(out);
} }
} }
@ -1347,13 +1409,7 @@ public abstract class FSEditLogOp {
} }
this.permissions = PermissionStatus.read(in); this.permissions = PermissionStatus.read(in);
if (permissions.getPermission().getAclBit()) { aclEntries = AclEditLogUtil.read(in, logVersion);
aclEntries = PBHelper.convertAclEntry(
AclFeatureProto.parseDelimitedFrom((DataInputStream)in)
.getEntriesList());
} else {
aclEntries = null;
}
} }
@Override @Override
@ -1389,7 +1445,7 @@ public abstract class FSEditLogOp {
XMLUtils.addSaxString(contentHandler, "TIMESTAMP", XMLUtils.addSaxString(contentHandler, "TIMESTAMP",
Long.valueOf(timestamp).toString()); Long.valueOf(timestamp).toString());
FSEditLogOp.permissionStatusToXml(contentHandler, permissions); FSEditLogOp.permissionStatusToXml(contentHandler, permissions);
if (permissions.getPermission().getAclBit()) { if (aclEntries != null) {
appendAclEntriesToXml(contentHandler, aclEntries); appendAclEntriesToXml(contentHandler, aclEntries);
} }
} }
@ -1400,11 +1456,7 @@ public abstract class FSEditLogOp {
this.path = st.getValue("PATH"); this.path = st.getValue("PATH");
this.timestamp = Long.valueOf(st.getValue("TIMESTAMP")); this.timestamp = Long.valueOf(st.getValue("TIMESTAMP"));
this.permissions = permissionStatusFromXml(st); this.permissions = permissionStatusFromXml(st);
if (permissions.getPermission().getAclBit()) { aclEntries = readAclEntriesFromXml(st);
aclEntries = readAclEntriesFromXml(st);
} else {
aclEntries = null;
}
} }
} }
@ -3895,7 +3947,7 @@ public abstract class FSEditLogOp {
private static List<AclEntry> readAclEntriesFromXml(Stanza st) { private static List<AclEntry> readAclEntriesFromXml(Stanza st) {
List<AclEntry> aclEntries = Lists.newArrayList(); List<AclEntry> aclEntries = Lists.newArrayList();
if (!st.hasChildren("ENTRY")) if (!st.hasChildren("ENTRY"))
return aclEntries; return null;
List<Stanza> stanzas = st.getChildren("ENTRY"); List<Stanza> stanzas = st.getChildren("ENTRY");
for (Stanza s : stanzas) { for (Stanza s : stanzas) {

View File

@ -239,9 +239,8 @@ class FSPermissionChecker {
return; return;
} }
FsPermission mode = inode.getFsPermission(snapshotId); FsPermission mode = inode.getFsPermission(snapshotId);
if (mode.getAclBit()) { AclFeature aclFeature = inode.getAclFeature(snapshotId);
AclFeature aclFeature = inode.getAclFeature(snapshotId); if (aclFeature != null) {
assert aclFeature != null;
List<AclEntry> featureEntries = aclFeature.getEntries(); List<AclEntry> featureEntries = aclFeature.getEntries();
// It's possible that the inode has a default ACL but no access ACL. // It's possible that the inode has a default ACL but no access ACL.
if (featureEntries.get(0).getScope() == AclEntryScope.ACCESS) { if (featureEntries.get(0).getScope() == AclEntryScope.ACCESS) {

View File

@ -17,6 +17,12 @@
*/ */
package org.apache.hadoop.hdfs.server.namenode; package org.apache.hadoop.hdfs.server.namenode;
import static org.junit.Assert.*;
import java.io.IOException;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.AclEntry; import org.apache.hadoop.fs.permission.AclEntry;
import org.apache.hadoop.fs.permission.AclEntryScope; import org.apache.hadoop.fs.permission.AclEntryScope;
import org.apache.hadoop.fs.permission.AclEntryType; import org.apache.hadoop.fs.permission.AclEntryType;
@ -93,4 +99,17 @@ public final class AclTestHelpers {
.setType(type) .setType(type)
.build(); .build();
} }
/**
* Asserts the value of the FsPermission bits on the inode of a specific path.
*
* @param fs FileSystem to use for check
* @param pathToCheck Path inode to check
* @param perm short expected permission bits
* @throws IOException thrown if there is an I/O error
*/
public static void assertPermission(FileSystem fs, Path pathToCheck,
short perm) throws IOException {
assertEquals(perm, fs.getFileStatus(pathToCheck).getPermission().toShort());
}
} }

View File

@ -91,7 +91,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, MASK, READ_EXECUTE), aclEntry(DEFAULT, MASK, READ_EXECUTE),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)02750); assertPermission((short)0750);
assertAclFeature(true); assertAclFeature(true);
} }
@ -113,7 +113,7 @@ public abstract class FSAclBaseTest {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "foo", READ_EXECUTE), aclEntry(ACCESS, USER, "foo", READ_EXECUTE),
aclEntry(ACCESS, GROUP, READ_EXECUTE) }, returned); aclEntry(ACCESS, GROUP, READ_EXECUTE) }, returned);
assertPermission((short)02750); assertPermission((short)0750);
assertAclFeature(true); assertAclFeature(true);
} }
@ -134,7 +134,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, MASK, READ_EXECUTE), aclEntry(DEFAULT, MASK, READ_EXECUTE),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)02750); assertPermission((short)0750);
assertAclFeature(true); assertAclFeature(true);
} }
@ -150,7 +150,7 @@ public abstract class FSAclBaseTest {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "foo", READ_WRITE), aclEntry(ACCESS, USER, "foo", READ_WRITE),
aclEntry(ACCESS, GROUP, READ) }, returned); aclEntry(ACCESS, GROUP, READ) }, returned);
assertPermission((short)02660); assertPermission((short)0660);
assertAclFeature(true); assertAclFeature(true);
} }
@ -168,7 +168,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, USER, ALL), aclEntry(DEFAULT, USER, ALL),
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)02750); assertPermission((short)0750);
assertAclFeature(true); assertAclFeature(true);
} }
@ -185,7 +185,7 @@ public abstract class FSAclBaseTest {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "foo", ALL), aclEntry(ACCESS, USER, "foo", ALL),
aclEntry(ACCESS, GROUP, READ) }, returned); aclEntry(ACCESS, GROUP, READ) }, returned);
assertPermission((short)02600); assertPermission((short)0600);
assertAclFeature(true); assertAclFeature(true);
} }
@ -213,7 +213,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, MASK, READ_EXECUTE), aclEntry(DEFAULT, MASK, READ_EXECUTE),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)03750); assertPermission((short)01750);
assertAclFeature(true); assertAclFeature(true);
} }
@ -259,7 +259,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, MASK, READ_EXECUTE), aclEntry(DEFAULT, MASK, READ_EXECUTE),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)02750); assertPermission((short)0750);
assertAclFeature(true); assertAclFeature(true);
} }
@ -282,7 +282,7 @@ public abstract class FSAclBaseTest {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "bar", READ_WRITE), aclEntry(ACCESS, USER, "bar", READ_WRITE),
aclEntry(ACCESS, GROUP, READ_WRITE) }, returned); aclEntry(ACCESS, GROUP, READ_WRITE) }, returned);
assertPermission((short)02760); assertPermission((short)0760);
assertAclFeature(true); assertAclFeature(true);
} }
@ -307,7 +307,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, MASK, READ_EXECUTE), aclEntry(DEFAULT, MASK, READ_EXECUTE),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)02750); assertPermission((short)0750);
assertAclFeature(true); assertAclFeature(true);
} }
@ -355,7 +355,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, USER, ALL), aclEntry(DEFAULT, USER, ALL),
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)02750); assertPermission((short)0750);
assertAclFeature(true); assertAclFeature(true);
} }
@ -381,7 +381,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, MASK, READ_EXECUTE), aclEntry(DEFAULT, MASK, READ_EXECUTE),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)03750); assertPermission((short)01750);
assertAclFeature(true); assertAclFeature(true);
} }
@ -409,7 +409,7 @@ public abstract class FSAclBaseTest {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "foo", ALL), aclEntry(ACCESS, USER, "foo", ALL),
aclEntry(ACCESS, GROUP, READ_EXECUTE) }, returned); aclEntry(ACCESS, GROUP, READ_EXECUTE) }, returned);
assertPermission((short)02770); assertPermission((short)0770);
assertAclFeature(true); assertAclFeature(true);
} }
@ -429,7 +429,7 @@ public abstract class FSAclBaseTest {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "foo", ALL), aclEntry(ACCESS, USER, "foo", ALL),
aclEntry(ACCESS, GROUP, READ_EXECUTE) }, returned); aclEntry(ACCESS, GROUP, READ_EXECUTE) }, returned);
assertPermission((short)02770); assertPermission((short)0770);
assertAclFeature(true); assertAclFeature(true);
} }
@ -474,7 +474,7 @@ public abstract class FSAclBaseTest {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "foo", ALL), aclEntry(ACCESS, USER, "foo", ALL),
aclEntry(ACCESS, GROUP, READ_EXECUTE) }, returned); aclEntry(ACCESS, GROUP, READ_EXECUTE) }, returned);
assertPermission((short)03770); assertPermission((short)01770);
assertAclFeature(true); assertAclFeature(true);
} }
@ -575,7 +575,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, MASK, ALL), aclEntry(DEFAULT, MASK, ALL),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)02770); assertPermission((short)0770);
assertAclFeature(true); assertAclFeature(true);
} }
@ -594,7 +594,7 @@ public abstract class FSAclBaseTest {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "foo", READ), aclEntry(ACCESS, USER, "foo", READ),
aclEntry(ACCESS, GROUP, READ) }, returned); aclEntry(ACCESS, GROUP, READ) }, returned);
assertPermission((short)02640); assertPermission((short)0640);
assertAclFeature(true); assertAclFeature(true);
} }
@ -612,7 +612,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, MASK, ALL), aclEntry(DEFAULT, MASK, ALL),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)02750); assertPermission((short)0750);
assertAclFeature(true); assertAclFeature(true);
} }
@ -652,7 +652,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, USER, ALL), aclEntry(DEFAULT, USER, ALL),
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)02750); assertPermission((short)0750);
assertAclFeature(true); assertAclFeature(true);
} }
@ -672,7 +672,7 @@ public abstract class FSAclBaseTest {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "foo", READ), aclEntry(ACCESS, USER, "foo", READ),
aclEntry(ACCESS, GROUP, READ) }, returned); aclEntry(ACCESS, GROUP, READ) }, returned);
assertPermission((short)02670); assertPermission((short)0670);
assertAclFeature(true); assertAclFeature(true);
} }
@ -696,7 +696,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, MASK, ALL), aclEntry(DEFAULT, MASK, ALL),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)03770); assertPermission((short)01770);
assertAclFeature(true); assertAclFeature(true);
} }
@ -741,7 +741,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, MASK, ALL), aclEntry(DEFAULT, MASK, ALL),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)02700); assertPermission((short)0700);
assertAclFeature(true); assertAclFeature(true);
} }
@ -761,7 +761,7 @@ public abstract class FSAclBaseTest {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "foo", READ), aclEntry(ACCESS, USER, "foo", READ),
aclEntry(ACCESS, GROUP, READ) }, returned); aclEntry(ACCESS, GROUP, READ) }, returned);
assertPermission((short)02600); assertPermission((short)0600);
assertAclFeature(true); assertAclFeature(true);
} }
@ -783,7 +783,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, MASK, ALL), aclEntry(DEFAULT, MASK, ALL),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)02700); assertPermission((short)0700);
assertAclFeature(true); assertAclFeature(true);
} }
@ -800,7 +800,7 @@ public abstract class FSAclBaseTest {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "foo", ALL), aclEntry(ACCESS, USER, "foo", ALL),
aclEntry(ACCESS, GROUP, READ_EXECUTE) }, returned); aclEntry(ACCESS, GROUP, READ_EXECUTE) }, returned);
assertPermission(filePath, (short)02640); assertPermission(filePath, (short)0640);
assertAclFeature(filePath, true); assertAclFeature(filePath, true);
} }
@ -854,7 +854,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, MASK, ALL), aclEntry(DEFAULT, MASK, ALL),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission(dirPath, (short)02750); assertPermission(dirPath, (short)0750);
assertAclFeature(dirPath, true); assertAclFeature(dirPath, true);
} }
@ -889,7 +889,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, USER, ALL), aclEntry(DEFAULT, USER, ALL),
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission(dirPath, (short)02750); assertPermission(dirPath, (short)0750);
assertAclFeature(dirPath, true); assertAclFeature(dirPath, true);
} }
@ -913,7 +913,7 @@ public abstract class FSAclBaseTest {
AclStatus s = fs.getAclStatus(dirPath); AclStatus s = fs.getAclStatus(dirPath);
AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]); AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission(dirPath, (short)02750); assertPermission(dirPath, (short)0750);
assertAclFeature(dirPath, true); assertAclFeature(dirPath, true);
expected = new AclEntry[] { expected = new AclEntry[] {
aclEntry(ACCESS, USER, "foo", ALL), aclEntry(ACCESS, USER, "foo", ALL),
@ -921,7 +921,7 @@ public abstract class FSAclBaseTest {
s = fs.getAclStatus(filePath); s = fs.getAclStatus(filePath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission(filePath, (short)02640); assertPermission(filePath, (short)0640);
assertAclFeature(filePath, true); assertAclFeature(filePath, true);
} }
@ -945,12 +945,12 @@ public abstract class FSAclBaseTest {
AclStatus s = fs.getAclStatus(dirPath); AclStatus s = fs.getAclStatus(dirPath);
AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]); AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission(dirPath, (short)02750); assertPermission(dirPath, (short)0750);
assertAclFeature(dirPath, true); assertAclFeature(dirPath, true);
s = fs.getAclStatus(subdirPath); s = fs.getAclStatus(subdirPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission(subdirPath, (short)02750); assertPermission(subdirPath, (short)0750);
assertAclFeature(subdirPath, true); assertAclFeature(subdirPath, true);
} }
@ -977,7 +977,7 @@ public abstract class FSAclBaseTest {
AclStatus s = fs.getAclStatus(dirPath); AclStatus s = fs.getAclStatus(dirPath);
AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]); AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission(dirPath, (short)02750); assertPermission(dirPath, (short)0750);
assertAclFeature(dirPath, true); assertAclFeature(dirPath, true);
expected = new AclEntry[] { }; expected = new AclEntry[] { };
s = fs.getAclStatus(linkPath); s = fs.getAclStatus(linkPath);
@ -1010,7 +1010,7 @@ public abstract class FSAclBaseTest {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "foo", ALL), aclEntry(ACCESS, USER, "foo", ALL),
aclEntry(ACCESS, GROUP, READ_EXECUTE) }, returned); aclEntry(ACCESS, GROUP, READ_EXECUTE) }, returned);
assertPermission(filePath, (short)02740); assertPermission(filePath, (short)0740);
assertAclFeature(filePath, true); assertAclFeature(filePath, true);
} }
@ -1032,7 +1032,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, MASK, ALL), aclEntry(DEFAULT, MASK, ALL),
aclEntry(DEFAULT, OTHER, READ_EXECUTE) }, returned); aclEntry(DEFAULT, OTHER, READ_EXECUTE) }, returned);
assertPermission(dirPath, (short)02740); assertPermission(dirPath, (short)0740);
assertAclFeature(dirPath, true); assertAclFeature(dirPath, true);
} }
@ -1088,7 +1088,6 @@ public abstract class FSAclBaseTest {
*/ */
private static void assertPermission(Path pathToCheck, short perm) private static void assertPermission(Path pathToCheck, short perm)
throws IOException { throws IOException {
assertEquals(FsPermission.createImmutable(perm), AclTestHelpers.assertPermission(fs, pathToCheck, perm);
fs.getFileStatus(pathToCheck).getPermission());
} }
} }

View File

@ -142,7 +142,7 @@ public class TestFSImageWithAcl {
AclEntry[] subdirReturned = fs.getAclStatus(subdirPath).getEntries() AclEntry[] subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]); .toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned); Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)02755); assertPermission(fs, subdirPath, (short)0755);
restart(fs, persistNamespace); restart(fs, persistNamespace);
@ -152,7 +152,7 @@ public class TestFSImageWithAcl {
subdirReturned = fs.getAclStatus(subdirPath).getEntries() subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]); .toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned); Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)02755); assertPermission(fs, subdirPath, (short)0755);
aclSpec = Lists.newArrayList(aclEntry(DEFAULT, USER, "foo", READ_WRITE)); aclSpec = Lists.newArrayList(aclEntry(DEFAULT, USER, "foo", READ_WRITE));
fs.modifyAclEntries(dirPath, aclSpec); fs.modifyAclEntries(dirPath, aclSpec);
@ -163,7 +163,7 @@ public class TestFSImageWithAcl {
subdirReturned = fs.getAclStatus(subdirPath).getEntries() subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]); .toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned); Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)02755); assertPermission(fs, subdirPath, (short)0755);
restart(fs, persistNamespace); restart(fs, persistNamespace);
@ -173,7 +173,7 @@ public class TestFSImageWithAcl {
subdirReturned = fs.getAclStatus(subdirPath).getEntries() subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]); .toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned); Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)02755); assertPermission(fs, subdirPath, (short)0755);
fs.removeAcl(dirPath); fs.removeAcl(dirPath);
@ -183,7 +183,7 @@ public class TestFSImageWithAcl {
subdirReturned = fs.getAclStatus(subdirPath).getEntries() subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]); .toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned); Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)02755); assertPermission(fs, subdirPath, (short)0755);
restart(fs, persistNamespace); restart(fs, persistNamespace);
@ -193,7 +193,7 @@ public class TestFSImageWithAcl {
subdirReturned = fs.getAclStatus(subdirPath).getEntries() subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]); .toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned); Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)02755); assertPermission(fs, subdirPath, (short)0755);
} }
@Test @Test
@ -206,20 +206,6 @@ public class TestFSImageWithAcl {
doTestDefaultAclNewChildren(false); doTestDefaultAclNewChildren(false);
} }
/**
* Asserts the value of the FsPermission bits on the inode of a specific path.
*
* @param fs DistributedFileSystem to use for check
* @param pathToCheck Path inode to check
* @param perm short expected permission bits
* @throws IOException thrown if there is an I/O error
*/
private static void assertPermission(DistributedFileSystem fs,
Path pathToCheck, short perm) throws IOException {
Assert.assertEquals(FsPermission.createImmutable(perm),
fs.getFileStatus(pathToCheck).getPermission());
}
/** /**
* Restart the NameNode, optionally saving a new checkpoint. * Restart the NameNode, optionally saving a new checkpoint.
* *

View File

@ -38,6 +38,7 @@ import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.protocol.HdfsConstants; import org.apache.hadoop.hdfs.protocol.HdfsConstants;
import org.apache.hadoop.hdfs.protocol.NSQuotaExceededException; import org.apache.hadoop.hdfs.protocol.NSQuotaExceededException;
import org.apache.hadoop.hdfs.protocol.SnapshotAccessControlException; import org.apache.hadoop.hdfs.protocol.SnapshotAccessControlException;
import org.apache.hadoop.hdfs.server.namenode.AclTestHelpers;
import org.apache.hadoop.hdfs.server.namenode.NameNode; import org.apache.hadoop.hdfs.server.namenode.NameNode;
import org.apache.hadoop.hdfs.server.namenode.NameNodeAdapter; import org.apache.hadoop.hdfs.server.namenode.NameNodeAdapter;
import org.apache.hadoop.io.IOUtils; import org.apache.hadoop.io.IOUtils;
@ -118,14 +119,14 @@ public class TestAclWithSnapshot {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "bruce", READ_EXECUTE), aclEntry(ACCESS, USER, "bruce", READ_EXECUTE),
aclEntry(ACCESS, GROUP, NONE) }, returned); aclEntry(ACCESS, GROUP, NONE) }, returned);
assertPermission((short)02750, path); assertPermission((short)0750, path);
s = hdfs.getAclStatus(snapshotPath); s = hdfs.getAclStatus(snapshotPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "bruce", READ_EXECUTE), aclEntry(ACCESS, USER, "bruce", READ_EXECUTE),
aclEntry(ACCESS, GROUP, NONE) }, returned); aclEntry(ACCESS, GROUP, NONE) }, returned);
assertPermission((short)02750, snapshotPath); assertPermission((short)0750, snapshotPath);
assertDirPermissionGranted(fsAsBruce, BRUCE, snapshotPath); assertDirPermissionGranted(fsAsBruce, BRUCE, snapshotPath);
assertDirPermissionDenied(fsAsDiana, DIANA, snapshotPath); assertDirPermissionDenied(fsAsDiana, DIANA, snapshotPath);
@ -152,14 +153,14 @@ public class TestAclWithSnapshot {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "diana", READ_EXECUTE), aclEntry(ACCESS, USER, "diana", READ_EXECUTE),
aclEntry(ACCESS, GROUP, NONE) }, returned); aclEntry(ACCESS, GROUP, NONE) }, returned);
assertPermission((short)02550, path); assertPermission((short)0550, path);
s = hdfs.getAclStatus(snapshotPath); s = hdfs.getAclStatus(snapshotPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "bruce", READ_EXECUTE), aclEntry(ACCESS, USER, "bruce", READ_EXECUTE),
aclEntry(ACCESS, GROUP, NONE) }, returned); aclEntry(ACCESS, GROUP, NONE) }, returned);
assertPermission((short)02750, snapshotPath); assertPermission((short)0750, snapshotPath);
assertDirPermissionDenied(fsAsBruce, BRUCE, path); assertDirPermissionDenied(fsAsBruce, BRUCE, path);
assertDirPermissionGranted(fsAsDiana, DIANA, path); assertDirPermissionGranted(fsAsDiana, DIANA, path);
@ -201,24 +202,24 @@ public class TestAclWithSnapshot {
AclStatus s = hdfs.getAclStatus(filePath); AclStatus s = hdfs.getAclStatus(filePath);
AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]); AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission((short)02550, filePath); assertPermission((short)0550, filePath);
s = hdfs.getAclStatus(subdirPath); s = hdfs.getAclStatus(subdirPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission((short)02550, subdirPath); assertPermission((short)0550, subdirPath);
s = hdfs.getAclStatus(fileSnapshotPath); s = hdfs.getAclStatus(fileSnapshotPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission((short)02550, fileSnapshotPath); assertPermission((short)0550, fileSnapshotPath);
assertFilePermissionGranted(fsAsBruce, BRUCE, fileSnapshotPath); assertFilePermissionGranted(fsAsBruce, BRUCE, fileSnapshotPath);
assertFilePermissionDenied(fsAsDiana, DIANA, fileSnapshotPath); assertFilePermissionDenied(fsAsDiana, DIANA, fileSnapshotPath);
s = hdfs.getAclStatus(subdirSnapshotPath); s = hdfs.getAclStatus(subdirSnapshotPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission((short)02550, subdirSnapshotPath); assertPermission((short)0550, subdirSnapshotPath);
assertDirPermissionGranted(fsAsBruce, BRUCE, subdirSnapshotPath); assertDirPermissionGranted(fsAsBruce, BRUCE, subdirSnapshotPath);
assertDirPermissionDenied(fsAsDiana, DIANA, subdirSnapshotPath); assertDirPermissionDenied(fsAsDiana, DIANA, subdirSnapshotPath);
@ -250,14 +251,14 @@ public class TestAclWithSnapshot {
AclStatus s = hdfs.getAclStatus(filePath); AclStatus s = hdfs.getAclStatus(filePath);
AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]); AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission((short)02570, filePath); assertPermission((short)0570, filePath);
assertFilePermissionDenied(fsAsBruce, BRUCE, filePath); assertFilePermissionDenied(fsAsBruce, BRUCE, filePath);
assertFilePermissionGranted(fsAsDiana, DIANA, filePath); assertFilePermissionGranted(fsAsDiana, DIANA, filePath);
s = hdfs.getAclStatus(subdirPath); s = hdfs.getAclStatus(subdirPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission((short)02570, subdirPath); assertPermission((short)0570, subdirPath);
assertDirPermissionDenied(fsAsBruce, BRUCE, subdirPath); assertDirPermissionDenied(fsAsBruce, BRUCE, subdirPath);
assertDirPermissionGranted(fsAsDiana, DIANA, subdirPath); assertDirPermissionGranted(fsAsDiana, DIANA, subdirPath);
@ -267,14 +268,14 @@ public class TestAclWithSnapshot {
s = hdfs.getAclStatus(fileSnapshotPath); s = hdfs.getAclStatus(fileSnapshotPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission((short)02550, fileSnapshotPath); assertPermission((short)0550, fileSnapshotPath);
assertFilePermissionGranted(fsAsBruce, BRUCE, fileSnapshotPath); assertFilePermissionGranted(fsAsBruce, BRUCE, fileSnapshotPath);
assertFilePermissionDenied(fsAsDiana, DIANA, fileSnapshotPath); assertFilePermissionDenied(fsAsDiana, DIANA, fileSnapshotPath);
s = hdfs.getAclStatus(subdirSnapshotPath); s = hdfs.getAclStatus(subdirSnapshotPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission((short)02550, subdirSnapshotPath); assertPermission((short)0550, subdirSnapshotPath);
assertDirPermissionGranted(fsAsBruce, BRUCE, subdirSnapshotPath); assertDirPermissionGranted(fsAsBruce, BRUCE, subdirSnapshotPath);
assertDirPermissionDenied(fsAsDiana, DIANA, subdirSnapshotPath); assertDirPermissionDenied(fsAsDiana, DIANA, subdirSnapshotPath);
} }
@ -301,14 +302,14 @@ public class TestAclWithSnapshot {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "bruce", READ_EXECUTE), aclEntry(ACCESS, USER, "bruce", READ_EXECUTE),
aclEntry(ACCESS, GROUP, NONE) }, returned); aclEntry(ACCESS, GROUP, NONE) }, returned);
assertPermission((short)02750, path); assertPermission((short)0750, path);
s = hdfs.getAclStatus(snapshotPath); s = hdfs.getAclStatus(snapshotPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "bruce", READ_EXECUTE), aclEntry(ACCESS, USER, "bruce", READ_EXECUTE),
aclEntry(ACCESS, GROUP, NONE) }, returned); aclEntry(ACCESS, GROUP, NONE) }, returned);
assertPermission((short)02750, snapshotPath); assertPermission((short)0750, snapshotPath);
assertDirPermissionGranted(fsAsBruce, BRUCE, snapshotPath); assertDirPermissionGranted(fsAsBruce, BRUCE, snapshotPath);
assertDirPermissionDenied(fsAsDiana, DIANA, snapshotPath); assertDirPermissionDenied(fsAsDiana, DIANA, snapshotPath);
@ -335,7 +336,7 @@ public class TestAclWithSnapshot {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "bruce", READ_EXECUTE), aclEntry(ACCESS, USER, "bruce", READ_EXECUTE),
aclEntry(ACCESS, GROUP, NONE) }, returned); aclEntry(ACCESS, GROUP, NONE) }, returned);
assertPermission((short)02750, snapshotPath); assertPermission((short)0750, snapshotPath);
assertDirPermissionDenied(fsAsBruce, BRUCE, path); assertDirPermissionDenied(fsAsBruce, BRUCE, path);
assertDirPermissionDenied(fsAsDiana, DIANA, path); assertDirPermissionDenied(fsAsDiana, DIANA, path);
@ -377,24 +378,24 @@ public class TestAclWithSnapshot {
AclStatus s = hdfs.getAclStatus(filePath); AclStatus s = hdfs.getAclStatus(filePath);
AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]); AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission((short)02550, filePath); assertPermission((short)0550, filePath);
s = hdfs.getAclStatus(subdirPath); s = hdfs.getAclStatus(subdirPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission((short)02550, subdirPath); assertPermission((short)0550, subdirPath);
s = hdfs.getAclStatus(fileSnapshotPath); s = hdfs.getAclStatus(fileSnapshotPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission((short)02550, fileSnapshotPath); assertPermission((short)0550, fileSnapshotPath);
assertFilePermissionGranted(fsAsBruce, BRUCE, fileSnapshotPath); assertFilePermissionGranted(fsAsBruce, BRUCE, fileSnapshotPath);
assertFilePermissionDenied(fsAsDiana, DIANA, fileSnapshotPath); assertFilePermissionDenied(fsAsDiana, DIANA, fileSnapshotPath);
s = hdfs.getAclStatus(subdirSnapshotPath); s = hdfs.getAclStatus(subdirSnapshotPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission((short)02550, subdirSnapshotPath); assertPermission((short)0550, subdirSnapshotPath);
assertDirPermissionGranted(fsAsBruce, BRUCE, subdirSnapshotPath); assertDirPermissionGranted(fsAsBruce, BRUCE, subdirSnapshotPath);
assertDirPermissionDenied(fsAsDiana, DIANA, subdirSnapshotPath); assertDirPermissionDenied(fsAsDiana, DIANA, subdirSnapshotPath);
@ -436,14 +437,14 @@ public class TestAclWithSnapshot {
s = hdfs.getAclStatus(fileSnapshotPath); s = hdfs.getAclStatus(fileSnapshotPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission((short)02550, fileSnapshotPath); assertPermission((short)0550, fileSnapshotPath);
assertFilePermissionGranted(fsAsBruce, BRUCE, fileSnapshotPath); assertFilePermissionGranted(fsAsBruce, BRUCE, fileSnapshotPath);
assertFilePermissionDenied(fsAsDiana, DIANA, fileSnapshotPath); assertFilePermissionDenied(fsAsDiana, DIANA, fileSnapshotPath);
s = hdfs.getAclStatus(subdirSnapshotPath); s = hdfs.getAclStatus(subdirSnapshotPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission((short)02550, subdirSnapshotPath); assertPermission((short)0550, subdirSnapshotPath);
assertDirPermissionGranted(fsAsBruce, BRUCE, subdirSnapshotPath); assertDirPermissionGranted(fsAsBruce, BRUCE, subdirSnapshotPath);
assertDirPermissionDenied(fsAsDiana, DIANA, subdirSnapshotPath); assertDirPermissionDenied(fsAsDiana, DIANA, subdirSnapshotPath);
} }
@ -469,7 +470,7 @@ public class TestAclWithSnapshot {
AclStatus s = hdfs.getAclStatus(path); AclStatus s = hdfs.getAclStatus(path);
AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]); AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission((short)02770, path); assertPermission((short)0770, path);
assertDirPermissionGranted(fsAsBruce, BRUCE, path); assertDirPermissionGranted(fsAsBruce, BRUCE, path);
assertDirPermissionGranted(fsAsDiana, DIANA, path); assertDirPermissionGranted(fsAsDiana, DIANA, path);
} }
@ -513,7 +514,7 @@ public class TestAclWithSnapshot {
aclEntry(DEFAULT, GROUP, NONE), aclEntry(DEFAULT, GROUP, NONE),
aclEntry(DEFAULT, MASK, READ_EXECUTE), aclEntry(DEFAULT, MASK, READ_EXECUTE),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)02700, path); assertPermission((short)0700, path);
s = hdfs.getAclStatus(snapshotPath); s = hdfs.getAclStatus(snapshotPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
@ -523,7 +524,7 @@ public class TestAclWithSnapshot {
aclEntry(DEFAULT, GROUP, NONE), aclEntry(DEFAULT, GROUP, NONE),
aclEntry(DEFAULT, MASK, READ_EXECUTE), aclEntry(DEFAULT, MASK, READ_EXECUTE),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission((short)02700, snapshotPath); assertPermission((short)0700, snapshotPath);
assertDirPermissionDenied(fsAsBruce, BRUCE, snapshotPath); assertDirPermissionDenied(fsAsBruce, BRUCE, snapshotPath);
} }
@ -595,14 +596,14 @@ public class TestAclWithSnapshot {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "bruce", READ_WRITE), aclEntry(ACCESS, USER, "bruce", READ_WRITE),
aclEntry(ACCESS, GROUP, NONE) }, returned); aclEntry(ACCESS, GROUP, NONE) }, returned);
assertPermission((short)02660, filePath); assertPermission((short)0660, filePath);
s = hdfs.getAclStatus(fileSnapshotPath); s = hdfs.getAclStatus(fileSnapshotPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "bruce", READ_WRITE), aclEntry(ACCESS, USER, "bruce", READ_WRITE),
aclEntry(ACCESS, GROUP, NONE) }, returned); aclEntry(ACCESS, GROUP, NONE) }, returned);
assertPermission((short)02660, filePath); assertPermission((short)0660, filePath);
aclSpec = Lists.newArrayList( aclSpec = Lists.newArrayList(
aclEntry(ACCESS, USER, "bruce", READ)); aclEntry(ACCESS, USER, "bruce", READ));
@ -631,14 +632,14 @@ public class TestAclWithSnapshot {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "bruce", READ_WRITE), aclEntry(ACCESS, USER, "bruce", READ_WRITE),
aclEntry(ACCESS, GROUP, NONE) }, returned); aclEntry(ACCESS, GROUP, NONE) }, returned);
assertPermission((short)02660, filePath); assertPermission((short)0660, filePath);
s = hdfs.getAclStatus(fileSnapshotPath); s = hdfs.getAclStatus(fileSnapshotPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "bruce", READ_WRITE), aclEntry(ACCESS, USER, "bruce", READ_WRITE),
aclEntry(ACCESS, GROUP, NONE) }, returned); aclEntry(ACCESS, GROUP, NONE) }, returned);
assertPermission((short)02660, filePath); assertPermission((short)0660, filePath);
aclSpec = Lists.newArrayList( aclSpec = Lists.newArrayList(
aclEntry(ACCESS, USER, "bruce", READ)); aclEntry(ACCESS, USER, "bruce", READ));
@ -740,8 +741,7 @@ public class TestAclWithSnapshot {
*/ */
private static void assertPermission(short perm, Path pathToCheck) private static void assertPermission(short perm, Path pathToCheck)
throws Exception { throws Exception {
assertEquals(FsPermission.createImmutable(perm), AclTestHelpers.assertPermission(hdfs, pathToCheck, perm);
hdfs.getFileStatus(pathToCheck).getPermission());
} }
/** /**