diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java index 8ee33b4e9990b..2fba29e4896eb 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java @@ -134,6 +134,30 @@ public static OzoneAcl parseAcl(String acl) throws IllegalArgumentException { return new OzoneAcl(aclType, parts[1], acls); } + /** + * Parses an ACL string and returns the ACL object. + * + * @param acls - Acl String , Ex. user:anu:rw + * + * @return - Ozone ACLs + */ + public static List parseAcls(String acls) + throws IllegalArgumentException { + if ((acls == null) || acls.isEmpty()) { + throw new IllegalArgumentException("ACLs cannot be null or empty"); + } + String[] parts = acls.trim().split(","); + if (parts.length < 1) { + throw new IllegalArgumentException("ACLs are not in expected format"); + } + List ozAcls = new ArrayList<>(); + + for(String acl:parts) { + ozAcls.add(parseAcl(acl)); + } + return ozAcls; + } + public static OzoneAclInfo toProtobuf(OzoneAcl acl) { OzoneAclInfo.Builder builder = OzoneAclInfo.newBuilder() .setName(acl.getName()) diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneAclConfig.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneAclConfig.java index 9641eda18dac9..b51af56a4bb14 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneAclConfig.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneAclConfig.java @@ -40,6 +40,9 @@ public class OzoneAclConfig { "OzoneManager." ) public void setUserDefaultRights(String userRights) { + if(userRights == null) { + userRights = "ALL"; + } this.userDefaultRights = ACLType.valueOf(userRights); } @@ -51,6 +54,9 @@ public void setUserDefaultRights(String userRights) { "OzoneManager." ) public void setGroupDefaultRights(String groupRights) { + if(groupRights == null) { + groupRights = "ALL"; + } this.groupDefaultRights = ACLType.valueOf(groupRights); } diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneObjInfo.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneObjInfo.java index cbb9fb8e21a6d..537134a539814 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneObjInfo.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneObjInfo.java @@ -75,8 +75,8 @@ public static OzoneObjInfo fromProtobuf(OzoneManagerProtocolProtos.OzoneObj Builder builder = new Builder() .setResType(ResourceType.valueOf(proto.getResType().name())) .setStoreType(StoreType.valueOf(proto.getStoreType().name())); - String[] tokens = StringUtils.splitPreserveAllTokens(proto.getPath(), - OZONE_URI_DELIMITER); + String[] tokens = StringUtils.split(proto.getPath(), + OZONE_URI_DELIMITER, 3); if(tokens == null) { throw new IllegalArgumentException("Unexpected path:" + proto.getPath()); } @@ -94,7 +94,7 @@ public static OzoneObjInfo fromProtobuf(OzoneManagerProtocolProtos.OzoneObj builder.setBucketName(tokens[1]); break; case KEY: - if (tokens.length != 3) { + if (tokens.length < 3) { throw new IllegalArgumentException("Unexpected argument for " + "Ozone key. Path:" + proto.getPath()); } diff --git a/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto b/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto index 303241e27e2ed..21cacf6ebe552 100644 --- a/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto +++ b/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto @@ -507,15 +507,15 @@ message OzoneAclInfo { } enum OzoneAclRights { - CREATE = 1; - LIST = 2; - DELETE = 3; - READ = 4; - WRITE = 5; - READ_ACL = 6; - WRITE_ACL = 7; - ALL = 8; - NONE = 9; + READ = 1; + WRITE = 2; + CREATE = 3; + LIST = 4; + DELETE = 5; + READ_ACL = 6; + WRITE_ACL = 7; + ALL = 8; + NONE = 9; } required OzoneAclType type = 1; required string name = 2; diff --git a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/TestOzoneAcls.java b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/TestOzoneAcls.java index 5d9a05dd9774e..b9207f4f81f7e 100644 --- a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/TestOzoneAcls.java +++ b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/TestOzoneAcls.java @@ -20,10 +20,12 @@ import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLIdentityType; +import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType; import org.apache.hadoop.test.LambdaTestUtils; import org.junit.Test; import java.util.HashMap; +import java.util.List; import java.util.Set; import static org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType.*; @@ -202,4 +204,44 @@ public void testAclValues() throws Exception { " is not", () -> OzoneAcl.parseAcl("world::rwdlncxncxdfsfgbny")); } + @Test + public void testBitSetToListConversion() throws Exception { + OzoneAcl acl = OzoneAcl.parseAcl("user:bilbo:rw"); + + List rights = acl.getAclList(); + assertTrue(rights.size() == 2); + assertTrue(rights.contains(READ)); + assertTrue(rights.contains(WRITE)); + assertFalse(rights.contains(CREATE)); + + acl = OzoneAcl.parseAcl("user:bilbo:a"); + + rights = acl.getAclList(); + assertTrue(rights.size() == 1); + assertTrue(rights.contains(ALL)); + assertFalse(rights.contains(WRITE)); + assertFalse(rights.contains(CREATE)); + + acl = OzoneAcl.parseAcl("user:bilbo:cxy"); + rights = acl.getAclList(); + assertTrue(rights.size() == 3); + assertTrue(rights.contains(CREATE)); + assertTrue(rights.contains(READ_ACL)); + assertTrue(rights.contains(WRITE_ACL)); + assertFalse(rights.contains(WRITE)); + assertFalse(rights.contains(READ)); + + List acls = OzoneAcl.parseAcls("user:bilbo:cxy,group:hadoop:a"); + assertTrue(acls.size() == 2); + rights = acls.get(0).getAclList(); + assertTrue(rights.size() == 3); + assertTrue(rights.contains(CREATE)); + assertTrue(rights.contains(READ_ACL)); + assertTrue(rights.contains(WRITE_ACL)); + assertFalse(rights.contains(WRITE)); + assertFalse(rights.contains(READ)); + rights = acls.get(1).getAclList(); + assertTrue(rights.contains(ALL)); + } + } diff --git a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneObjInfo.java b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneObjInfo.java index 93dfc4dba5a77..ab24b1b592563 100644 --- a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneObjInfo.java +++ b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneObjInfo.java @@ -16,8 +16,11 @@ */ package org.apache.hadoop.ozone.security.acl; +import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos; import org.junit.Test; +import static org.apache.hadoop.ozone.OzoneConsts.OZONE_URI_DELIMITER; +import static org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OzoneObj.ObjectType.*; import static org.junit.Assert.*; import org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType; @@ -76,13 +79,73 @@ public void testGetKeyName() { objInfo = getBuilder(volume, bucket, key).build(); assertEquals(objInfo.getKeyName(), key); - objInfo =getBuilder(volume, null, null).build(); + objInfo = getBuilder(volume, null, null).build(); assertEquals(objInfo.getKeyName(), null); - objInfo =getBuilder(null, bucket, null).build(); + objInfo = getBuilder(null, bucket, null).build(); assertEquals(objInfo.getKeyName(), null); - objInfo =getBuilder(null, null, key).build(); + objInfo = getBuilder(null, null, key).build(); + assertEquals(objInfo.getKeyName(), key); + } + + @Test + public void testFromProtobufOp() { + // Key with long path. + key = "dir1/dir2/dir3/dir4/dir5/abc.txt"; + OzoneManagerProtocolProtos.OzoneObj protoObj = OzoneManagerProtocolProtos. + OzoneObj.newBuilder() + .setResType(KEY) + .setStoreType(OzoneManagerProtocolProtos.OzoneObj.StoreType.OZONE) + .setPath(volume + OZONE_URI_DELIMITER + + bucket + OZONE_URI_DELIMITER + key) + .build(); + + objInfo = OzoneObjInfo.fromProtobuf(protoObj); + assertEquals(objInfo.getKeyName(), key); + objInfo = getBuilder(volume, null, null).build(); + assertEquals(objInfo.getKeyName(), null); + objInfo = getBuilder(null, bucket, null).build(); + assertEquals(objInfo.getKeyName(), null); + objInfo = getBuilder(null, null, key).build(); + assertEquals(objInfo.getKeyName(), key); + + // Key with long path. + key = "dir1/dir2/dir3/dir4/dir5/abc.txt"; + protoObj = OzoneManagerProtocolProtos. + OzoneObj.newBuilder() + .setResType(KEY) + .setStoreType(OzoneManagerProtocolProtos.OzoneObj.StoreType.OZONE) + .setPath(OZONE_URI_DELIMITER + volume + OZONE_URI_DELIMITER + + bucket + OZONE_URI_DELIMITER + key) + .build(); + + objInfo = OzoneObjInfo.fromProtobuf(protoObj); + assertEquals(objInfo.getKeyName(), key); + objInfo = getBuilder(volume, null, null).build(); + assertEquals(objInfo.getKeyName(), null); + objInfo = getBuilder(null, bucket, null).build(); + assertEquals(objInfo.getKeyName(), null); + objInfo = getBuilder(null, null, key).build(); + assertEquals(objInfo.getKeyName(), key); + + // Key with long path. + key = "dir1/dir2/dir3/dir4/dir5/"; + protoObj = OzoneManagerProtocolProtos. + OzoneObj.newBuilder() + .setResType(KEY) + .setStoreType(OzoneManagerProtocolProtos.OzoneObj.StoreType.OZONE) + .setPath(OZONE_URI_DELIMITER + volume + OZONE_URI_DELIMITER + + bucket + OZONE_URI_DELIMITER + key) + .build(); + + objInfo = OzoneObjInfo.fromProtobuf(protoObj); + assertEquals(objInfo.getKeyName(), key); + objInfo = getBuilder(volume, null, null).build(); + assertEquals(objInfo.getKeyName(), null); + objInfo = getBuilder(null, bucket, null).build(); + assertEquals(objInfo.getKeyName(), null); + objInfo = getBuilder(null, null, key).build(); assertEquals(objInfo.getKeyName(), key); } } \ No newline at end of file diff --git a/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell.robot b/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell.robot index b66e9f8e91b62..ee3c6e60e6d9c 100644 --- a/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell.robot +++ b/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell.robot @@ -25,11 +25,20 @@ Test Timeout 2 minute RpcClient with port Test ozone shell o3:// om:9862 rpcwoport +RpcClient volume acls + Test Volume Acls o3:// om:9862 rpcwoport2 + +RpcClient bucket acls + Test Bucket Acls o3:// om:9862 rpcwoport2 + +RpcClient key acls + Test Key Acls o3:// om:9862 rpcwoport2 + RpcClient without host - Test ozone shell o3:// ${EMPTY} rpcwport + Test ozone shell o3:// ${EMPTY} rpcwport RpcClient without scheme - Test ozone shell ${EMPTY} ${EMPTY} rpcwoscheme + Test ozone shell ${EMPTY} ${EMPTY} rpcwoscheme *** Keywords *** @@ -60,6 +69,39 @@ Test ozone shell Execute ozone sh bucket delete ${protocol}${server}/${volume}/bb1 Execute ozone sh volume delete ${protocol}${server}/${volume} --user bilbo +Test Volume Acls + [arguments] ${protocol} ${server} ${volume} + Execute ozone sh volume create ${protocol}${server}/${volume} + ${result} = Execute ozone sh volume getacl ${protocol}${server}/${volume} + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \".*\",\n.*\"aclList\" : . \"ALL\" . + ${result} = Execute ozone sh volume addacl ${protocol}${server}/${volume} -a user:superuser1:rwxy + ${result} = Execute ozone sh volume getacl ${protocol}${server}/${volume} + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\" + ${result} = Execute ozone sh volume removeacl ${protocol}${server}/${volume} -a user:superuser1:xy + ${result} = Execute ozone sh volume getacl ${protocol}${server}/${volume} + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"READ\", \"WRITE\" + ${result} = Execute ozone sh volume setacl ${protocol}${server}/${volume} -al user:superuser1:rwxy,group:superuser1:a + ${result} = Execute ozone sh volume getacl ${protocol}${server}/${volume} + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\" + Should Match Regexp ${result} \"type\" : \"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"ALL\" + +Test Bucket Acls + [arguments] ${protocol} ${server} ${volume} + Execute ozone sh bucket create ${protocol}${server}/${volume}/bb1 + ${result} = Execute ozone sh bucket getacl ${protocol}${server}/${volume}/bb1 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \".*\",\n.*\"aclList\" : . \"ALL\" . + ${result} = Execute ozone sh bucket addacl ${protocol}${server}/${volume}/bb1 -a user:superuser1:rwxy + ${result} = Execute ozone sh bucket getacl ${protocol}${server}/${volume}/bb1 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\" + ${result} = Execute ozone sh bucket removeacl ${protocol}${server}/${volume}/bb1 -a user:superuser1:xy + ${result} = Execute ozone sh bucket getacl ${protocol}${server}/${volume}/bb1 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"READ\", \"WRITE\" + ${result} = Execute ozone sh bucket setacl ${protocol}${server}/${volume}/bb1 -al user:superuser1:rwxy,group:superuser1:a + ${result} = Execute ozone sh bucket getacl ${protocol}${server}/${volume}/bb1 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\" + Should Match Regexp ${result} \"type\" : \"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"ALL\" + + Test key handling [arguments] ${protocol} ${server} ${volume} Execute ozone sh key put ${protocol}${server}/${volume}/bb1/key1 /opt/hadoop/NOTICE.txt @@ -74,3 +116,19 @@ Test key handling ${result} = Execute ozone sh key list ${protocol}${server}/${volume}/bb1 | grep -Ev 'Removed|WARN|DEBUG|ERROR|INFO|TRACE' | jq -r '.[].keyName' Should Be Equal ${result} key2 Execute ozone sh key delete ${protocol}${server}/${volume}/bb1/key2 + +Test key Acls + [arguments] ${protocol} ${server} ${volume} + Execute ozone sh key put ${protocol}${server}/${volume}/bb1/key2 /opt/hadoop/NOTICE.txt + ${result} = Execute ozone sh key getacl ${protocol}${server}/${volume}/bb1/key2 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \".*\",\n.*\"aclList\" : . \"ALL\" . + ${result} = Execute ozone sh key addacl ${protocol}${server}/${volume}/bb1/key2 -a user:superuser1:rwxy + ${result} = Execute ozone sh key getacl ${protocol}${server}/${volume}/bb1/key2 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\" + ${result} = Execute ozone sh key removeacl ${protocol}${server}/${volume}/bb1/key2 -a user:superuser1:xy + ${result} = Execute ozone sh key getacl ${protocol}${server}/${volume}/bb1/key2 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"READ\", \"WRITE\" + ${result} = Execute ozone sh key setacl ${protocol}${server}/${volume}/bb1/key2 -al user:superuser1:rwxy,group:superuser1:a + ${result} = Execute ozone sh key getacl ${protocol}${server}/${volume}/bb1/key2 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\" + Should Match Regexp ${result} \"type\" : \"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"ALL\" \ No newline at end of file diff --git a/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure-fs.robot b/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure-fs.robot index 004d2a9312140..92cf4cdcc0816 100644 --- a/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure-fs.robot +++ b/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure-fs.robot @@ -28,6 +28,7 @@ Setup volume names ${random} Generate Random String 2 [NUMBERS] Set Suite Variable ${volume1} fstest${random} Set Suite Variable ${volume2} fstest2${random} + Set Suite Variable ${volume3} fstest3${random} *** Test Cases *** Create volume bucket with wrong credentials @@ -46,4 +47,51 @@ Create volume bucket with credentials Execute ozone sh bucket create o3://om/${volume2}/bucket3 Check volume from ozonefs - ${result} = Execute ozone fs -ls o3fs://bucket1.${volume1}/ \ No newline at end of file + ${result} = Execute ozone fs -ls o3fs://bucket1.${volume1}/ + +Test Volume Acls + ${result} = Execute ozone sh volume create ${volume3} + Should not contain ${result} Failed + ${result} = Execute ozone sh volume getacl ${volume3} + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \".*\",\n.*\"aclList\" : . \"ALL\" . + ${result} = Execute ozone sh volume addacl ${volume3} -a user:superuser1:rwxy + ${result} = Execute ozone sh volume getacl ${volume3} + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\" + ${result} = Execute ozone sh volume removeacl ${volume3} -a user:superuser1:xy + ${result} = Execute ozone sh volume getacl ${volume3} + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"READ\", \"WRITE\" + ${result} = Execute ozone sh volume setacl ${volume3} -al user:superuser1:rwxy,group:superuser1:a + ${result} = Execute ozone sh volume getacl ${volume3} + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\" + Should Match Regexp ${result} \"type\" : \"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"ALL\" + +Test Bucket Acls + ${result} = Execute ozone sh bucket create ${volume3}/bk1 + Should not contain ${result} Failed + ${result} = Execute ozone sh bucket getacl ${volume3}/bk1 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \".*\",\n.*\"aclList\" : . \"ALL\" . + ${result} = Execute ozone sh bucket addacl ${volume3}/bk1 -a user:superuser1:rwxy + ${result} = Execute ozone sh bucket getacl ${volume3}/bk1 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\" + ${result} = Execute ozone sh bucket removeacl ${volume3}/bk1 -a user:superuser1:xy + ${result} = Execute ozone sh bucket getacl ${volume3}/bk1 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"READ\", \"WRITE\" + ${result} = Execute ozone sh bucket setacl ${volume3}/bk1 -al user:superuser1:rwxy,group:superuser1:a + ${result} = Execute ozone sh bucket getacl ${volume3}/bk1 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\" + Should Match Regexp ${result} \"type\" : \"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"ALL\" + +Test key Acls + Execute ozone sh key put ${volume3}/bk1/key1 /opt/hadoop/NOTICE.txt + ${result} = Execute ozone sh key getacl ${volume3}/bk1/key1 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \".*\",\n.*\"aclList\" : . \"ALL\" . + ${result} = Execute ozone sh key addacl ${volume3}/bk1/key1 -a user:superuser1:rwxy + ${result} = Execute ozone sh key getacl ${volume3}/bk1/key1 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\" + ${result} = Execute ozone sh key removeacl ${volume3}/bk1/key1 -a user:superuser1:xy + ${result} = Execute ozone sh key getacl ${volume3}/bk1/key1 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"READ\", \"WRITE\" + ${result} = Execute ozone sh key setacl ${volume3}/bk1/key1 -al user:superuser1:rwxy,group:superuser1:a + ${result} = Execute ozone sh key getacl ${volume3}/bk1/key1 + Should Match Regexp ${result} \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\" + Should Match Regexp ${result} \"type\" : \"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"ALL\" \ No newline at end of file diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/protocolPB/OzoneManagerRequestHandler.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/protocolPB/OzoneManagerRequestHandler.java index 6ea1a2b6d7cb8..69f3b1c688d29 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/protocolPB/OzoneManagerRequestHandler.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/protocolPB/OzoneManagerRequestHandler.java @@ -411,7 +411,8 @@ private RemoveAclResponse removeAcl(RemoveAclRequest req) private SetAclResponse setAcl(SetAclRequest req) throws IOException { List ozoneAcl = new ArrayList<>(); - req.getAclList().forEach(a -> ozoneAcl.add(OzoneAcl.fromProtobuf(a))); + req.getAclList().forEach(a -> + ozoneAcl.add(OzoneAcl.fromProtobuf(a))); boolean response = impl.setAcl(OzoneObjInfo.fromProtobuf(req.getObj()), ozoneAcl); return SetAclResponse.newBuilder().setResponse(response).build(); diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/AddAclBucketHandler.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/AddAclBucketHandler.java new file mode 100644 index 0000000000000..6b32f6400bd18 --- /dev/null +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/AddAclBucketHandler.java @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.ozone.web.ozShell.bucket; + +import org.apache.hadoop.ozone.OzoneAcl; +import org.apache.hadoop.ozone.client.OzoneClient; +import org.apache.hadoop.ozone.security.acl.OzoneObj; +import org.apache.hadoop.ozone.security.acl.OzoneObjInfo; +import org.apache.hadoop.ozone.web.ozShell.Handler; +import org.apache.hadoop.ozone.web.ozShell.OzoneAddress; +import org.apache.hadoop.ozone.web.ozShell.Shell; +import org.apache.hadoop.ozone.web.utils.JsonUtils; +import picocli.CommandLine; +import picocli.CommandLine.Command; +import picocli.CommandLine.Parameters; + +import java.util.Objects; + +import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE; + +/** + * Add acl handler for bucket. + */ +@Command(name = "addacl", + description = "Add a new Acl.") +public class AddAclBucketHandler extends Handler { + + @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION) + private String uri; + + @CommandLine.Option(names = {"--acl", "-a"}, + required = true, + description = "new acl." + + "r = READ," + + "w = WRITE," + + "c = CREATE," + + "d = DELETE," + + "l = LIST," + + "a = ALL," + + "n = NONE," + + "x = READ_AC," + + "y = WRITE_AC" + + "Ex user:user1:rw or group:hadoop:rw") + private String acl; + + @CommandLine.Option(names = {"--store", "-s"}, + required = false, + description = "store type. i.e OZONE or S3") + private String storeType; + + /** + * Executes the Client Calls. + */ + @Override + public Void call() throws Exception { + Objects.requireNonNull(acl, "New acl to be added not specified."); + OzoneAddress address = new OzoneAddress(uri); + address.ensureBucketAddress(); + OzoneClient client = address.createClient(createOzoneConfiguration()); + + String volumeName = address.getVolumeName(); + String bucketName = address.getBucketName(); + + if (isVerbose()) { + System.out.printf("Volume Name : %s%n", volumeName); + System.out.printf("Bucket Name : %s%n", bucketName); + } + + OzoneObj obj = OzoneObjInfo.Builder.newBuilder() + .setBucketName(bucketName) + .setVolumeName(volumeName) + .setResType(OzoneObj.ResourceType.BUCKET) + .setStoreType(storeType == null ? OZONE : + OzoneObj.StoreType.valueOf(storeType)) + .build(); + + boolean result = client.getObjectStore().addAcl(obj, + OzoneAcl.parseAcl(acl)); + + System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter( + JsonUtils.toJsonString("Acl set successfully: " + result))); + client.close(); + return null; + } + +} diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/BucketCommands.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/BucketCommands.java index 64dc91b55b30e..6c9de4dc03df0 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/BucketCommands.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/BucketCommands.java @@ -39,7 +39,11 @@ ListBucketHandler.class, CreateBucketHandler.class, UpdateBucketHandler.class, - DeleteBucketHandler.class + DeleteBucketHandler.class, + AddAclBucketHandler.class, + RemoveAclBucketHandler.class, + GetAclBucketHandler.class, + SetAclBucketHandler.class }, mixinStandardHelpOptions = true, versionProvider = HddsVersionProvider.class) diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/GetAclBucketHandler.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/GetAclBucketHandler.java new file mode 100644 index 0000000000000..0bb967c62f551 --- /dev/null +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/GetAclBucketHandler.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.ozone.web.ozShell.bucket; + +import org.apache.hadoop.ozone.OzoneAcl; +import org.apache.hadoop.ozone.client.OzoneClient; +import org.apache.hadoop.ozone.security.acl.OzoneObj; +import org.apache.hadoop.ozone.security.acl.OzoneObjInfo; +import org.apache.hadoop.ozone.web.ozShell.Handler; +import org.apache.hadoop.ozone.web.ozShell.OzoneAddress; +import org.apache.hadoop.ozone.web.ozShell.Shell; +import org.apache.hadoop.ozone.web.utils.JsonUtils; +import picocli.CommandLine; +import picocli.CommandLine.Command; +import picocli.CommandLine.Parameters; + +import java.util.List; + +import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE; + +/** + * Get acl handler for bucket. + */ +@Command(name = "getacl", + description = "List all acls.") +public class GetAclBucketHandler extends Handler { + + @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION) + private String uri; + + @CommandLine.Option(names = {"--store", "-s"}, + required = false, + description = "store type. i.e OZONE or S3") + private String storeType; + + /** + * Executes the Client Calls. + */ + @Override + public Void call() throws Exception { + OzoneAddress address = new OzoneAddress(uri); + address.ensureBucketAddress(); + OzoneClient client = address.createClient(createOzoneConfiguration()); + + String volumeName = address.getVolumeName(); + String bucketName = address.getBucketName(); + + if (isVerbose()) { + System.out.printf("Volume Name : %s%n", volumeName); + System.out.printf("Bucket Name : %s%n", bucketName); + } + + OzoneObj obj = OzoneObjInfo.Builder.newBuilder() + .setBucketName(bucketName) + .setVolumeName(volumeName) + .setResType(OzoneObj.ResourceType.BUCKET) + .setStoreType(storeType == null ? OZONE : + OzoneObj.StoreType.valueOf(storeType)) + .build(); + + List result = client.getObjectStore().getAcl(obj); + + System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter( + JsonUtils.toJsonString(result))); + client.close(); + return null; + } + +} diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/RemoveAclBucketHandler.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/RemoveAclBucketHandler.java new file mode 100644 index 0000000000000..635c34bd66f55 --- /dev/null +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/RemoveAclBucketHandler.java @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.ozone.web.ozShell.bucket; + +import org.apache.hadoop.ozone.OzoneAcl; +import org.apache.hadoop.ozone.client.OzoneClient; +import org.apache.hadoop.ozone.security.acl.OzoneObj; +import org.apache.hadoop.ozone.security.acl.OzoneObjInfo; +import org.apache.hadoop.ozone.web.ozShell.Handler; +import org.apache.hadoop.ozone.web.ozShell.OzoneAddress; +import org.apache.hadoop.ozone.web.ozShell.Shell; +import org.apache.hadoop.ozone.web.utils.JsonUtils; +import picocli.CommandLine; +import picocli.CommandLine.Command; +import picocli.CommandLine.Parameters; + +import java.util.Objects; + +import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE; + +/** + * Executes Info bucket. + */ +@Command(name = "removeacl", + description = "Remove an acl.") +public class RemoveAclBucketHandler extends Handler { + + @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION) + private String uri; + + @CommandLine.Option(names = {"--acl", "-a"}, + required = true, + description = "Remove acl." + + "r = READ," + + "w = WRITE," + + "c = CREATE," + + "d = DELETE," + + "l = LIST," + + "a = ALL," + + "n = NONE," + + "x = READ_AC," + + "y = WRITE_AC" + + "Ex user:user1:rw or group:hadoop:rw") + private String acl; + + @CommandLine.Option(names = {"--store", "-s"}, + required = false, + description = "store type. i.e OZONE or S3") + private String storeType; + + /** + * Remove acl handler for bucket. + */ + @Override + public Void call() throws Exception { + Objects.requireNonNull(acl, "New acl to be added not specified."); + OzoneAddress address = new OzoneAddress(uri); + address.ensureBucketAddress(); + OzoneClient client = address.createClient(createOzoneConfiguration()); + + String volumeName = address.getVolumeName(); + String bucketName = address.getBucketName(); + + if (isVerbose()) { + System.out.printf("Volume Name : %s%n", volumeName); + System.out.printf("Bucket Name : %s%n", bucketName); + } + + OzoneObj obj = OzoneObjInfo.Builder.newBuilder() + .setBucketName(bucketName) + .setVolumeName(volumeName) + .setResType(OzoneObj.ResourceType.BUCKET) + .setStoreType(storeType == null ? OZONE : + OzoneObj.StoreType.valueOf(storeType)) + .build(); + + boolean result = client.getObjectStore().removeAcl(obj, + OzoneAcl.parseAcl(acl)); + + System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter( + JsonUtils.toJsonString("Acl removed successfully: " + result))); + client.close(); + return null; + } + +} diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/SetAclBucketHandler.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/SetAclBucketHandler.java new file mode 100644 index 0000000000000..2fc43f9bd0255 --- /dev/null +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/SetAclBucketHandler.java @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.ozone.web.ozShell.bucket; + +import org.apache.hadoop.ozone.OzoneAcl; +import org.apache.hadoop.ozone.client.OzoneClient; +import org.apache.hadoop.ozone.security.acl.OzoneObj; +import org.apache.hadoop.ozone.security.acl.OzoneObjInfo; +import org.apache.hadoop.ozone.web.ozShell.Handler; +import org.apache.hadoop.ozone.web.ozShell.OzoneAddress; +import org.apache.hadoop.ozone.web.ozShell.Shell; +import org.apache.hadoop.ozone.web.utils.JsonUtils; +import picocli.CommandLine; +import picocli.CommandLine.Command; +import picocli.CommandLine.Parameters; + +import java.util.Objects; + +import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE; + +/** + * Set acl handler for bucket. + */ +@Command(name = "setacl", + description = "Set acls.") +public class SetAclBucketHandler extends Handler { + + @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION) + private String uri; + + @CommandLine.Option(names = {"--acls", "-al"}, + required = true, + description = "Comma seperated acls." + + "r = READ," + + "w = WRITE," + + "c = CREATE," + + "d = DELETE," + + "l = LIST," + + "a = ALL," + + "n = NONE," + + "x = READ_AC," + + "y = WRITE_AC" + + "Ex user:user1:rw,user:user2:a,group:hadoop:a") + private String acls; + + @CommandLine.Option(names = {"--store", "-s"}, + required = false, + description = "store type. i.e OZONE or S3") + private String storeType; + + /** + * Executes the Client Calls. + */ + @Override + public Void call() throws Exception { + Objects.requireNonNull(acls, "Acls to be set not specified."); + OzoneAddress address = new OzoneAddress(uri); + address.ensureBucketAddress(); + OzoneClient client = address.createClient(createOzoneConfiguration()); + + String volumeName = address.getVolumeName(); + String bucketName = address.getBucketName(); + + if (isVerbose()) { + System.out.printf("Volume Name : %s%n", volumeName); + System.out.printf("Bucket Name : %s%n", bucketName); + } + + OzoneObj obj = OzoneObjInfo.Builder.newBuilder() + .setBucketName(bucketName) + .setVolumeName(volumeName) + .setResType(OzoneObj.ResourceType.BUCKET) + .setStoreType(storeType == null ? OZONE : + OzoneObj.StoreType.valueOf(storeType)) + .build(); + + boolean result = client.getObjectStore().setAcl(obj, + OzoneAcl.parseAcls(acls)); + + System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter( + JsonUtils.toJsonString("Acl set successfully: " + result))); + client.close(); + return null; + } + +} diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/AddAclKeyHandler.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/AddAclKeyHandler.java new file mode 100644 index 0000000000000..13298dceb526f --- /dev/null +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/AddAclKeyHandler.java @@ -0,0 +1,104 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.ozone.web.ozShell.keys; + +import org.apache.hadoop.ozone.OzoneAcl; +import org.apache.hadoop.ozone.client.OzoneClient; +import org.apache.hadoop.ozone.security.acl.OzoneObj; +import org.apache.hadoop.ozone.security.acl.OzoneObjInfo; +import org.apache.hadoop.ozone.web.ozShell.Handler; +import org.apache.hadoop.ozone.web.ozShell.OzoneAddress; +import org.apache.hadoop.ozone.web.ozShell.Shell; +import org.apache.hadoop.ozone.web.utils.JsonUtils; +import picocli.CommandLine; +import picocli.CommandLine.Command; +import picocli.CommandLine.Parameters; + +import java.util.Objects; + +import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE; + +/** + * Add acl handler for key. + */ +@Command(name = "addacl", + description = "Add a new Acl.") +public class AddAclKeyHandler extends Handler { + + @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION) + private String uri; + + @CommandLine.Option(names = {"--acl", "-a"}, + required = true, + description = "Add acl." + + "r = READ," + + "w = WRITE," + + "c = CREATE," + + "d = DELETE," + + "l = LIST," + + "a = ALL," + + "n = NONE," + + "x = READ_AC," + + "y = WRITE_AC" + + "Ex user:user1:rw or group:hadoop:rw") + private String acl; + + @CommandLine.Option(names = {"--store", "-s"}, + required = false, + description = "store type. i.e OZONE or S3") + private String storeType; + + /** + * Executes the Client Calls. + */ + @Override + public Void call() throws Exception { + Objects.requireNonNull(acl, "New acl to be added not specified."); + OzoneAddress address = new OzoneAddress(uri); + address.ensureKeyAddress(); + OzoneClient client = address.createClient(createOzoneConfiguration()); + + String volumeName = address.getVolumeName(); + String bucketName = address.getBucketName(); + String keyName = address.getKeyName(); + + if (isVerbose()) { + System.out.printf("Volume Name : %s%n", volumeName); + System.out.printf("Bucket Name : %s%n", bucketName); + System.out.printf("Key Name : %s%n", keyName); + } + + OzoneObj obj = OzoneObjInfo.Builder.newBuilder() + .setBucketName(bucketName) + .setVolumeName(volumeName) + .setKeyName(address.getKeyName()) + .setResType(OzoneObj.ResourceType.KEY) + .setStoreType(storeType == null ? OZONE : + OzoneObj.StoreType.valueOf(storeType)) + .build(); + + boolean result = client.getObjectStore().addAcl(obj, + OzoneAcl.parseAcl(acl)); + + System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter( + JsonUtils.toJsonString("Acl set successfully: " + result))); + client.close(); + return null; + } + +} diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/GetAclKeyHandler.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/GetAclKeyHandler.java new file mode 100644 index 0000000000000..edfa66aa30948 --- /dev/null +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/GetAclKeyHandler.java @@ -0,0 +1,87 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.ozone.web.ozShell.keys; + +import org.apache.hadoop.ozone.OzoneAcl; +import org.apache.hadoop.ozone.client.OzoneClient; +import org.apache.hadoop.ozone.security.acl.OzoneObj; +import org.apache.hadoop.ozone.security.acl.OzoneObjInfo; +import org.apache.hadoop.ozone.web.ozShell.Handler; +import org.apache.hadoop.ozone.web.ozShell.OzoneAddress; +import org.apache.hadoop.ozone.web.ozShell.Shell; +import org.apache.hadoop.ozone.web.utils.JsonUtils; +import picocli.CommandLine; +import picocli.CommandLine.Command; +import picocli.CommandLine.Parameters; + +import java.util.List; + +import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE; + +/** + * Get acl handler for Key. + */ +@Command(name = "getacl", + description = "List all acls.") +public class GetAclKeyHandler extends Handler { + + @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION) + private String uri; + + @CommandLine.Option(names = {"--store", "-s"}, + required = false, + description = "store type. i.e OZONE or S3") + private String storeType; + + /** + * Executes the Client Calls. + */ + @Override + public Void call() throws Exception { + OzoneAddress address = new OzoneAddress(uri); + address.ensureKeyAddress(); + OzoneClient client = address.createClient(createOzoneConfiguration()); + + String volumeName = address.getVolumeName(); + String bucketName = address.getBucketName(); + String keyName = address.getKeyName(); + + if (isVerbose()) { + System.out.printf("Volume Name : %s%n", volumeName); + System.out.printf("Bucket Name : %s%n", bucketName); + System.out.printf("Key Name : %s%n", keyName); + } + + OzoneObj obj = OzoneObjInfo.Builder.newBuilder() + .setBucketName(bucketName) + .setVolumeName(volumeName) + .setKeyName(keyName) + .setResType(OzoneObj.ResourceType.KEY) + .setStoreType(storeType == null ? OZONE : + OzoneObj.StoreType.valueOf(storeType)) + .build(); + + List result = client.getObjectStore().getAcl(obj); + + System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter( + JsonUtils.toJsonString(result))); + client.close(); + return null; + } + +} diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/KeyCommands.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/KeyCommands.java index 405c3c51d0468..4de97c57f2f02 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/KeyCommands.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/KeyCommands.java @@ -40,7 +40,11 @@ GetKeyHandler.class, PutKeyHandler.class, RenameKeyHandler.class, - DeleteKeyHandler.class + DeleteKeyHandler.class, + AddAclKeyHandler.class, + RemoveAclKeyHandler.class, + SetAclKeyHandler.class, + GetAclKeyHandler.class }, mixinStandardHelpOptions = true, versionProvider = HddsVersionProvider.class) diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/RemoveAclKeyHandler.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/RemoveAclKeyHandler.java new file mode 100644 index 0000000000000..1359721642310 --- /dev/null +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/RemoveAclKeyHandler.java @@ -0,0 +1,104 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.ozone.web.ozShell.keys; + +import org.apache.hadoop.ozone.OzoneAcl; +import org.apache.hadoop.ozone.client.OzoneClient; +import org.apache.hadoop.ozone.security.acl.OzoneObj; +import org.apache.hadoop.ozone.security.acl.OzoneObjInfo; +import org.apache.hadoop.ozone.web.ozShell.Handler; +import org.apache.hadoop.ozone.web.ozShell.OzoneAddress; +import org.apache.hadoop.ozone.web.ozShell.Shell; +import org.apache.hadoop.ozone.web.utils.JsonUtils; +import picocli.CommandLine; +import picocli.CommandLine.Command; +import picocli.CommandLine.Parameters; + +import java.util.Objects; + +import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE; + +/** + * Remove acl handler for key. + */ +@Command(name = "removeacl", + description = "Remove an acl.") +public class RemoveAclKeyHandler extends Handler { + + @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION) + private String uri; + + @CommandLine.Option(names = {"--acl", "-a"}, + required = true, + description = "Remove acl." + + "r = READ," + + "w = WRITE," + + "c = CREATE," + + "d = DELETE," + + "l = LIST," + + "a = ALL," + + "n = NONE," + + "x = READ_AC," + + "y = WRITE_AC" + + "Ex user:user1:rw or group:hadoop:rw") + private String acl; + + @CommandLine.Option(names = {"--store", "-s"}, + required = false, + description = "store type. i.e OZONE or S3") + private String storeType; + + /** + * Executes the Client Calls. + */ + @Override + public Void call() throws Exception { + Objects.requireNonNull(acl, "New acl to be added not specified."); + OzoneAddress address = new OzoneAddress(uri); + address.ensureKeyAddress(); + OzoneClient client = address.createClient(createOzoneConfiguration()); + + String volumeName = address.getVolumeName(); + String bucketName = address.getBucketName(); + String keyName = address.getKeyName(); + + if (isVerbose()) { + System.out.printf("Volume Name : %s%n", volumeName); + System.out.printf("Bucket Name : %s%n", bucketName); + System.out.printf("Key Name : %s%n", keyName); + } + + OzoneObj obj = OzoneObjInfo.Builder.newBuilder() + .setBucketName(bucketName) + .setVolumeName(volumeName) + .setKeyName(keyName) + .setResType(OzoneObj.ResourceType.KEY) + .setStoreType(storeType == null ? OZONE : + OzoneObj.StoreType.valueOf(storeType)) + .build(); + + boolean result = client.getObjectStore().removeAcl(obj, + OzoneAcl.parseAcl(acl)); + + System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter( + JsonUtils.toJsonString("Acl set successfully: " + result))); + client.close(); + return null; + } + +} diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/SetAclKeyHandler.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/SetAclKeyHandler.java new file mode 100644 index 0000000000000..397330591ea3a --- /dev/null +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/SetAclKeyHandler.java @@ -0,0 +1,103 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.ozone.web.ozShell.keys; + +import org.apache.hadoop.ozone.OzoneAcl; +import org.apache.hadoop.ozone.client.OzoneClient; +import org.apache.hadoop.ozone.security.acl.OzoneObj; +import org.apache.hadoop.ozone.security.acl.OzoneObjInfo; +import org.apache.hadoop.ozone.web.ozShell.Handler; +import org.apache.hadoop.ozone.web.ozShell.OzoneAddress; +import org.apache.hadoop.ozone.web.ozShell.Shell; +import org.apache.hadoop.ozone.web.utils.JsonUtils; +import picocli.CommandLine; +import picocli.CommandLine.Command; +import picocli.CommandLine.Parameters; + +import java.util.Objects; + +import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE; + +/** + * Set acl handler for Key. + */ +@Command(name = "setacl", + description = "Set acls.") +public class SetAclKeyHandler extends Handler { + + @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION) + private String uri; + + @CommandLine.Option(names = {"--acls", "-al"}, + required = true, + description = "Comma separated acls." + + "r = READ," + + "w = WRITE," + + "c = CREATE," + + "d = DELETE," + + "l = LIST," + + "a = ALL," + + "n = NONE," + + "x = READ_AC," + + "y = WRITE_AC" + + "Ex user:user1:rw,user:user2:a,group:hadoop:a") + private String acls; + + @CommandLine.Option(names = {"--store", "-s"}, + required = false, + description = "store type. i.e OZONE or S3") + private String storeType; + + /** + * Executes the Client Calls. + */ + @Override + public Void call() throws Exception { + Objects.requireNonNull(acls, "New acls to be added not specified."); + OzoneAddress address = new OzoneAddress(uri); + address.ensureKeyAddress(); + OzoneClient client = address.createClient(createOzoneConfiguration()); + + String volumeName = address.getVolumeName(); + String bucketName = address.getBucketName(); + String keyName = address.getKeyName(); + + if (isVerbose()) { + System.out.printf("Volume Name : %s%n", volumeName); + System.out.printf("Bucket Name : %s%n", bucketName); + } + + OzoneObj obj = OzoneObjInfo.Builder.newBuilder() + .setBucketName(bucketName) + .setVolumeName(volumeName) + .setKeyName(keyName) + .setResType(OzoneObj.ResourceType.KEY) + .setStoreType(storeType == null ? OZONE : + OzoneObj.StoreType.valueOf(storeType)) + .build(); + + boolean result = client.getObjectStore().setAcl(obj, + OzoneAcl.parseAcls(acls)); + + System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter( + JsonUtils.toJsonString("Acl set successfully: " + result))); + client.close(); + return null; + } + +} diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/AddAclVolumeHandler.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/AddAclVolumeHandler.java new file mode 100644 index 0000000000000..acce64860dac5 --- /dev/null +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/AddAclVolumeHandler.java @@ -0,0 +1,98 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.ozone.web.ozShell.volume; + +import org.apache.hadoop.ozone.OzoneAcl; +import org.apache.hadoop.ozone.client.OzoneClient; +import org.apache.hadoop.ozone.security.acl.OzoneObj; +import org.apache.hadoop.ozone.security.acl.OzoneObjInfo; +import org.apache.hadoop.ozone.web.ozShell.Handler; +import org.apache.hadoop.ozone.web.ozShell.OzoneAddress; +import org.apache.hadoop.ozone.web.ozShell.Shell; +import org.apache.hadoop.ozone.web.utils.JsonUtils; +import picocli.CommandLine; +import picocli.CommandLine.Command; +import picocli.CommandLine.Parameters; + +import java.util.Objects; + +import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE; + +/** + * Add acl handler for volume. + */ +@Command(name = "addacl", + description = "Add a new Acl.") +public class AddAclVolumeHandler extends Handler { + + @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION) + private String uri; + + @CommandLine.Option(names = {"--acl", "-a"}, + required = true, + description = "Add acl." + + "r = READ," + + "w = WRITE," + + "c = CREATE," + + "d = DELETE," + + "l = LIST," + + "a = ALL," + + "n = NONE," + + "x = READ_AC," + + "y = WRITE_AC" + + "Ex user:user1:rw or group:hadoop:rw") + private String acl; + + @CommandLine.Option(names = {"--store", "-s"}, + required = false, + description = "store type. i.e OZONE or S3") + private String storeType; + + /** + * Executes the Client Calls. + */ + @Override + public Void call() throws Exception { + Objects.requireNonNull(acl, "New acl to be added not specified."); + OzoneAddress address = new OzoneAddress(uri); + address.ensureVolumeAddress(); + OzoneClient client = address.createClient(createOzoneConfiguration()); + + String volumeName = address.getVolumeName(); + + if (isVerbose()) { + System.out.printf("Volume Name : %s%n", volumeName); + } + + OzoneObj obj = OzoneObjInfo.Builder.newBuilder() + .setVolumeName(volumeName) + .setResType(OzoneObj.ResourceType.VOLUME) + .setStoreType(storeType == null ? OZONE : + OzoneObj.StoreType.valueOf(storeType)) + .build(); + + boolean result = client.getObjectStore().addAcl(obj, + OzoneAcl.parseAcl(acl)); + + System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter( + JsonUtils.toJsonString("Acl set successfully: " + result))); + client.close(); + return null; + } + +} diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/GetAclVolumeHandler.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/GetAclVolumeHandler.java new file mode 100644 index 0000000000000..b4be3f8249d40 --- /dev/null +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/GetAclVolumeHandler.java @@ -0,0 +1,78 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.ozone.web.ozShell.volume; + +import org.apache.hadoop.ozone.OzoneAcl; +import org.apache.hadoop.ozone.client.OzoneClient; +import org.apache.hadoop.ozone.security.acl.OzoneObj; +import org.apache.hadoop.ozone.security.acl.OzoneObjInfo; +import org.apache.hadoop.ozone.web.ozShell.Handler; +import org.apache.hadoop.ozone.web.ozShell.OzoneAddress; +import org.apache.hadoop.ozone.web.ozShell.Shell; +import org.apache.hadoop.ozone.web.utils.JsonUtils; +import picocli.CommandLine; +import picocli.CommandLine.Command; +import picocli.CommandLine.Parameters; + +import java.util.List; + +import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE; + +/** + * Get acl handler for volume. + */ +@Command(name = "getacl", + description = "List all acls.") +public class GetAclVolumeHandler extends Handler { + + @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION) + private String uri; + + @CommandLine.Option(names = {"--store", "-s"}, + required = false, + description = "store type. i.e OZONE or S3") + private String storeType; + + /** + * Executes the Client Calls. + */ + @Override + public Void call() throws Exception { + OzoneAddress address = new OzoneAddress(uri); + address.ensureVolumeAddress(); + OzoneClient client = address.createClient(createOzoneConfiguration()); + String volumeName = address.getVolumeName(); + + if (isVerbose()) { + System.out.printf("Volume Name : %s%n", volumeName); + } + + OzoneObj obj = OzoneObjInfo.Builder.newBuilder() + .setVolumeName(volumeName) + .setResType(OzoneObj.ResourceType.VOLUME) + .setStoreType(storeType == null ? OZONE : + OzoneObj.StoreType.valueOf(storeType)) + .build(); + List result = client.getObjectStore().getAcl(obj); + System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter( + JsonUtils.toJsonString(result))); + client.close(); + return null; + } + +} diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/RemoveAclVolumeHandler.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/RemoveAclVolumeHandler.java new file mode 100644 index 0000000000000..9b3420b3f3a6e --- /dev/null +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/RemoveAclVolumeHandler.java @@ -0,0 +1,98 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.ozone.web.ozShell.volume; + +import org.apache.hadoop.ozone.OzoneAcl; +import org.apache.hadoop.ozone.client.OzoneClient; +import org.apache.hadoop.ozone.security.acl.OzoneObj; +import org.apache.hadoop.ozone.security.acl.OzoneObjInfo; +import org.apache.hadoop.ozone.web.ozShell.Handler; +import org.apache.hadoop.ozone.web.ozShell.OzoneAddress; +import org.apache.hadoop.ozone.web.ozShell.Shell; +import org.apache.hadoop.ozone.web.utils.JsonUtils; +import picocli.CommandLine; +import picocli.CommandLine.Command; +import picocli.CommandLine.Parameters; + +import java.util.Objects; + +import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE; + +/** + * Remove acl handler for volume. + */ +@Command(name = "removeacl", + description = "Remove an acl.") +public class RemoveAclVolumeHandler extends Handler { + + @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION) + private String uri; + + @CommandLine.Option(names = {"--acl", "-a"}, + required = true, + description = "Remove acl." + + "r = READ," + + "w = WRITE," + + "c = CREATE," + + "d = DELETE," + + "l = LIST," + + "a = ALL," + + "n = NONE," + + "x = READ_AC," + + "y = WRITE_AC" + + "Ex user:user1:rw or group:hadoop:rw") + private String acl; + + @CommandLine.Option(names = {"--store", "-s"}, + required = false, + description = "store type. i.e OZONE or S3") + private String storeType; + + /** + * Executes the Client Calls. + */ + @Override + public Void call() throws Exception { + Objects.requireNonNull(acl, "New acl to be added not specified."); + OzoneAddress address = new OzoneAddress(uri); + address.ensureVolumeAddress(); + OzoneClient client = address.createClient(createOzoneConfiguration()); + + String volumeName = address.getVolumeName(); + + if (isVerbose()) { + System.out.printf("Volume Name : %s%n", volumeName); + } + + OzoneObj obj = OzoneObjInfo.Builder.newBuilder() + .setVolumeName(volumeName) + .setResType(OzoneObj.ResourceType.VOLUME) + .setStoreType(storeType == null ? OZONE : + OzoneObj.StoreType.valueOf(storeType)) + .build(); + + boolean result = client.getObjectStore().removeAcl(obj, + OzoneAcl.parseAcl(acl)); + + System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter( + JsonUtils.toJsonString("Acl removed successfully: " + result))); + client.close(); + return null; + } + +} diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/SetAclVolumeHandler.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/SetAclVolumeHandler.java new file mode 100644 index 0000000000000..e3299e35946fc --- /dev/null +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/SetAclVolumeHandler.java @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.ozone.web.ozShell.volume; + +import org.apache.hadoop.ozone.OzoneAcl; +import org.apache.hadoop.ozone.client.OzoneClient; +import org.apache.hadoop.ozone.security.acl.OzoneObj; +import org.apache.hadoop.ozone.security.acl.OzoneObjInfo; +import org.apache.hadoop.ozone.web.ozShell.Handler; +import org.apache.hadoop.ozone.web.ozShell.OzoneAddress; +import org.apache.hadoop.ozone.web.ozShell.Shell; +import org.apache.hadoop.ozone.web.utils.JsonUtils; +import picocli.CommandLine; +import picocli.CommandLine.Command; +import picocli.CommandLine.Parameters; + +import java.util.Objects; + +import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE; + +/** + * Set acl handler for volume. + */ +@Command(name = "setacl", + description = "Set acls.") +public class SetAclVolumeHandler extends Handler { + + @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION) + private String uri; + + @CommandLine.Option(names = {"--acls", "-al"}, + required = true, + description = "Comma separated acls." + + "r = READ," + + "w = WRITE," + + "c = CREATE," + + "d = DELETE," + + "l = LIST," + + "a = ALL," + + "n = NONE," + + "x = READ_AC," + + "y = WRITE_AC" + + "Ex user:user1:rw,user:user2:a,group:hadoop:a") + private String acls; + + @CommandLine.Option(names = {"--store", "-s"}, + required = false, + description = "store type. i.e OZONE or S3") + private String storeType; + + /** + * Executes the Client Calls. + */ + @Override + public Void call() throws Exception { + Objects.requireNonNull(acls, "New acls to be added not specified."); + OzoneAddress address = new OzoneAddress(uri); + address.ensureVolumeAddress(); + OzoneClient client = address.createClient(createOzoneConfiguration()); + + String volumeName = address.getVolumeName(); + String bucketName = address.getBucketName(); + + if (isVerbose()) { + System.out.printf("Volume Name : %s%n", volumeName); + System.out.printf("Bucket Name : %s%n", bucketName); + } + + OzoneObj obj = OzoneObjInfo.Builder.newBuilder() + .setBucketName(bucketName) + .setVolumeName(volumeName) + .setResType(OzoneObj.ResourceType.VOLUME) + .setStoreType(storeType == null ? OZONE : + OzoneObj.StoreType.valueOf(storeType)) + .build(); + System.out.printf(" acls" +acls.length() + " " + acls); + boolean result = client.getObjectStore().setAcl(obj, + OzoneAcl.parseAcls(acls)); + + System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter( + JsonUtils.toJsonString("Acl set successfully: " + result))); + client.close(); + return null; + } + +} diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/VolumeCommands.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/VolumeCommands.java index 4fb71c3b4171d..833457bcbefbc 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/VolumeCommands.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/VolumeCommands.java @@ -40,7 +40,11 @@ ListVolumeHandler.class, CreateVolumeHandler.class, UpdateVolumeHandler.class, - DeleteVolumeHandler.class + DeleteVolumeHandler.class, + AddAclVolumeHandler.class, + RemoveAclVolumeHandler.class, + SetAclVolumeHandler.class, + GetAclVolumeHandler.class }, mixinStandardHelpOptions = true, versionProvider = HddsVersionProvider.class)