apache · xiaoyuyao · Jun 12, 2019 · Jun 6, 2019 · Jun 7, 2019 · Jun 10, 2019
diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java
@@ -134,6 +134,30 @@ public static OzoneAcl parseAcl(String acl) throws IllegalArgumentException {
     return new OzoneAcl(aclType, parts[1], acls);
   }
 
+  /**
+   * Parses an ACL string and returns the ACL object.
+   *
+   * @param acls - Acl String , Ex. user:anu:rw
+   *
+   * @return - Ozone ACLs
+   */
+  public static List<OzoneAcl> parseAcls(String acls)
+      throws IllegalArgumentException {
+    if ((acls == null) || acls.isEmpty()) {
+      throw new IllegalArgumentException("ACLs cannot be null or empty");
+    }
+    String[] parts = acls.trim().split(",");
+    if (parts.length < 1) {
+      throw new IllegalArgumentException("ACLs are not in expected format");
+    }
+    List<OzoneAcl> ozAcls = new ArrayList<>();
+
+    for(String acl:parts) {
+      ozAcls.add(parseAcl(acl));
+    }
+    return ozAcls;
+  }
+
   public static OzoneAclInfo toProtobuf(OzoneAcl acl) {
     OzoneAclInfo.Builder builder = OzoneAclInfo.newBuilder()
         .setName(acl.getName())

diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneAclConfig.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneAclConfig.java
@@ -40,6 +40,9 @@ public class OzoneAclConfig {
           "OzoneManager."
   )
   public void setUserDefaultRights(String userRights) {
+    if(userRights == null) {
+      userRights = "ALL";
+    }
     this.userDefaultRights = ACLType.valueOf(userRights);
   }
 
@@ -51,6 +54,9 @@ public void setUserDefaultRights(String userRights) {
           "OzoneManager."
   )
   public void setGroupDefaultRights(String groupRights) {
+    if(groupRights == null) {
+      groupRights = "ALL";
+    }
     this.groupDefaultRights = ACLType.valueOf(groupRights);
   }
 

diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneObjInfo.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneObjInfo.java
@@ -75,8 +75,8 @@ public static OzoneObjInfo fromProtobuf(OzoneManagerProtocolProtos.OzoneObj
     Builder builder = new Builder()
         .setResType(ResourceType.valueOf(proto.getResType().name()))
         .setStoreType(StoreType.valueOf(proto.getStoreType().name()));
-    String[] tokens = StringUtils.splitPreserveAllTokens(proto.getPath(),
-        OZONE_URI_DELIMITER);
+    String[] tokens = StringUtils.split(proto.getPath(),
+        OZONE_URI_DELIMITER, 3);
     if(tokens == null) {
       throw new IllegalArgumentException("Unexpected path:" + proto.getPath());
     }
@@ -94,7 +94,7 @@ public static OzoneObjInfo fromProtobuf(OzoneManagerProtocolProtos.OzoneObj
       builder.setBucketName(tokens[1]);
       break;
     case KEY:
-      if (tokens.length != 3) {
+      if (tokens.length < 3) {
         throw new IllegalArgumentException("Unexpected argument for " +
             "Ozone key. Path:" + proto.getPath());
       }

diff --git a/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto b/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto
@@ -507,15 +507,15 @@ message OzoneAclInfo {
     }
 
     enum OzoneAclRights {
-        CREATE = 1;
-        LIST = 2;
-        DELETE = 3;
-        READ = 4;
-        WRITE = 5;
-        READ_ACL = 6;
-        WRITE_ACL = 7;
-        ALL = 8;
-        NONE = 9;
+      READ = 1;
+      WRITE = 2;
+      CREATE = 3;
+      LIST = 4;
+      DELETE = 5;
+      READ_ACL = 6;
+      WRITE_ACL  = 7;
+      ALL = 8;
+      NONE = 9;
     }
     required OzoneAclType type = 1;
     required string name = 2;

diff --git a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/TestOzoneAcls.java b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/TestOzoneAcls.java
@@ -20,10 +20,12 @@
 
 import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLIdentityType;
 
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType;
 import org.apache.hadoop.test.LambdaTestUtils;
 import org.junit.Test;
 
 import java.util.HashMap;
+import java.util.List;
 import java.util.Set;
 
 import static org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType.*;
@@ -202,4 +204,44 @@ public void testAclValues() throws Exception {
             " is not", () -> OzoneAcl.parseAcl("world::rwdlncxncxdfsfgbny"));
   }
 
+  @Test
+  public void testBitSetToListConversion() throws Exception {
+    OzoneAcl acl = OzoneAcl.parseAcl("user:bilbo:rw");
+
+    List<ACLType> rights = acl.getAclList();
+    assertTrue(rights.size() == 2);
+    assertTrue(rights.contains(READ));
+    assertTrue(rights.contains(WRITE));
+    assertFalse(rights.contains(CREATE));
+
+    acl = OzoneAcl.parseAcl("user:bilbo:a");
+
+    rights = acl.getAclList();
+    assertTrue(rights.size() == 1);
+    assertTrue(rights.contains(ALL));
+    assertFalse(rights.contains(WRITE));
+    assertFalse(rights.contains(CREATE));
+
+    acl = OzoneAcl.parseAcl("user:bilbo:cxy");
+    rights = acl.getAclList();
+    assertTrue(rights.size() == 3);
+    assertTrue(rights.contains(CREATE));
+    assertTrue(rights.contains(READ_ACL));
+    assertTrue(rights.contains(WRITE_ACL));
+    assertFalse(rights.contains(WRITE));
+    assertFalse(rights.contains(READ));
+
+    List<OzoneAcl> acls = OzoneAcl.parseAcls("user:bilbo:cxy,group:hadoop:a");
+    assertTrue(acls.size() == 2);
+    rights = acls.get(0).getAclList();
+    assertTrue(rights.size() == 3);
+    assertTrue(rights.contains(CREATE));
+    assertTrue(rights.contains(READ_ACL));
+    assertTrue(rights.contains(WRITE_ACL));
+    assertFalse(rights.contains(WRITE));
+    assertFalse(rights.contains(READ));
+    rights = acls.get(1).getAclList();
+    assertTrue(rights.contains(ALL));
+  }
+
 }
diff --git a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneObjInfo.java b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneObjInfo.java
@@ -16,8 +16,11 @@
  */
 package org.apache.hadoop.ozone.security.acl;
 
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos;
 import org.junit.Test;
 
+import static org.apache.hadoop.ozone.OzoneConsts.OZONE_URI_DELIMITER;
+import static org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OzoneObj.ObjectType.*;
 import static org.junit.Assert.*;
 import org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType;
 
@@ -76,13 +79,73 @@ public void testGetKeyName() {
     objInfo = getBuilder(volume, bucket, key).build();
     assertEquals(objInfo.getKeyName(), key);
 
-    objInfo =getBuilder(volume, null, null).build();
+    objInfo = getBuilder(volume, null, null).build();
     assertEquals(objInfo.getKeyName(), null);
 
-    objInfo =getBuilder(null, bucket, null).build();
+    objInfo = getBuilder(null, bucket, null).build();
     assertEquals(objInfo.getKeyName(), null);
 
-    objInfo =getBuilder(null, null, key).build();
+    objInfo = getBuilder(null, null, key).build();
+    assertEquals(objInfo.getKeyName(), key);
+  }
+
+  @Test
+  public void testFromProtobufOp() {
+    // Key with long path.
+    key = "dir1/dir2/dir3/dir4/dir5/abc.txt";
+    OzoneManagerProtocolProtos.OzoneObj protoObj = OzoneManagerProtocolProtos.
+        OzoneObj.newBuilder()
+        .setResType(KEY)
+        .setStoreType(OzoneManagerProtocolProtos.OzoneObj.StoreType.OZONE)
+        .setPath(volume + OZONE_URI_DELIMITER +
+            bucket + OZONE_URI_DELIMITER + key)
+        .build();
+
+    objInfo = OzoneObjInfo.fromProtobuf(protoObj);
+    assertEquals(objInfo.getKeyName(), key);
+    objInfo = getBuilder(volume, null, null).build();
+    assertEquals(objInfo.getKeyName(), null);
+    objInfo = getBuilder(null, bucket, null).build();
+    assertEquals(objInfo.getKeyName(), null);
+    objInfo = getBuilder(null, null, key).build();
+    assertEquals(objInfo.getKeyName(), key);
+
+    // Key with long path.
+    key = "dir1/dir2/dir3/dir4/dir5/abc.txt";
+    protoObj = OzoneManagerProtocolProtos.
+        OzoneObj.newBuilder()
+        .setResType(KEY)
+        .setStoreType(OzoneManagerProtocolProtos.OzoneObj.StoreType.OZONE)
+        .setPath(OZONE_URI_DELIMITER + volume + OZONE_URI_DELIMITER +
+            bucket + OZONE_URI_DELIMITER + key)
+        .build();
+
+    objInfo = OzoneObjInfo.fromProtobuf(protoObj);
+    assertEquals(objInfo.getKeyName(), key);
+    objInfo = getBuilder(volume, null, null).build();
+    assertEquals(objInfo.getKeyName(), null);
+    objInfo = getBuilder(null, bucket, null).build();
+    assertEquals(objInfo.getKeyName(), null);
+    objInfo = getBuilder(null, null, key).build();
+    assertEquals(objInfo.getKeyName(), key);
+
+    // Key with long path.
+    key = "dir1/dir2/dir3/dir4/dir5/";
+    protoObj = OzoneManagerProtocolProtos.
+        OzoneObj.newBuilder()
+        .setResType(KEY)
+        .setStoreType(OzoneManagerProtocolProtos.OzoneObj.StoreType.OZONE)
+        .setPath(OZONE_URI_DELIMITER + volume + OZONE_URI_DELIMITER +
+            bucket + OZONE_URI_DELIMITER + key)
+        .build();
+
+    objInfo = OzoneObjInfo.fromProtobuf(protoObj);
+    assertEquals(objInfo.getKeyName(), key);
+    objInfo = getBuilder(volume, null, null).build();
+    assertEquals(objInfo.getKeyName(), null);
+    objInfo = getBuilder(null, bucket, null).build();
+    assertEquals(objInfo.getKeyName(), null);
+    objInfo = getBuilder(null, null, key).build();
     assertEquals(objInfo.getKeyName(), key);
   }
 }
diff --git a/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell.robot b/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell.robot
@@ -25,11 +25,20 @@ Test Timeout        2 minute
 RpcClient with port
    Test ozone shell       o3://            om:9862     rpcwoport
 
+RpcClient volume acls
+   Test Volume Acls       o3://            om:9862     rpcwoport2
+
+RpcClient bucket acls
+    Test Bucket Acls      o3://            om:9862     rpcwoport2
+
+RpcClient key acls
+    Test Key Acls         o3://            om:9862     rpcwoport2
+
 RpcClient without host
-   Test ozone shell       o3://            ${EMPTY}              rpcwport
+    Test ozone shell      o3://            ${EMPTY}    rpcwport
 
 RpcClient without scheme
-   Test ozone shell       ${EMPTY}         ${EMPTY}              rpcwoscheme
+    Test ozone shell      ${EMPTY}         ${EMPTY}    rpcwoscheme
 
 
 *** Keywords ***
@@ -60,6 +69,39 @@ Test ozone shell
                     Execute             ozone sh bucket delete ${protocol}${server}/${volume}/bb1
                     Execute             ozone sh volume delete ${protocol}${server}/${volume} --user bilbo
 
+Test Volume Acls
+    [arguments]     ${protocol}         ${server}       ${volume}
+    Execute         ozone sh volume create ${protocol}${server}/${volume}
+    ${result} =     Execute             ozone sh volume getacl ${protocol}${server}/${volume}
+    Should Match Regexp                 ${result}       \"type\" : \"USER\",\n.*\"name\" : \".*\",\n.*\"aclList\" : . \"ALL\" .
+    ${result} =     Execute             ozone sh volume addacl ${protocol}${server}/${volume} -a user:superuser1:rwxy
+    ${result} =     Execute             ozone sh volume getacl ${protocol}${server}/${volume}
+    Should Match Regexp                 ${result}       \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+    ${result} =     Execute             ozone sh volume removeacl ${protocol}${server}/${volume} -a user:superuser1:xy
+    ${result} =     Execute             ozone sh volume getacl ${protocol}${server}/${volume}
+    Should Match Regexp                 ${result}       \"type\" : \"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"READ\", \"WRITE\"
+    ${result} =     Execute             ozone sh volume setacl ${protocol}${server}/${volume} -al user:superuser1:rwxy,group:superuser1:a
+    ${result} =     Execute             ozone sh volume getacl ${protocol}${server}/${volume}
+    Should Match Regexp                 ${result}       \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+    Should Match Regexp                 ${result}       \"type\" : \"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"ALL\"
+
+Test Bucket Acls
+    [arguments]     ${protocol}         ${server}       ${volume}
+    Execute             ozone sh bucket create ${protocol}${server}/${volume}/bb1
+    ${result} =     Execute             ozone sh bucket getacl ${protocol}${server}/${volume}/bb1
+    Should Match Regexp                 ${result}       \"type\" : \"USER\",\n.*\"name\" : \".*\",\n.*\"aclList\" : . \"ALL\" .
+    ${result} =     Execute             ozone sh bucket addacl ${protocol}${server}/${volume}/bb1 -a user:superuser1:rwxy
+    ${result} =     Execute             ozone sh bucket getacl ${protocol}${server}/${volume}/bb1
+    Should Match Regexp                 ${result}       \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+    ${result} =     Execute             ozone sh bucket removeacl ${protocol}${server}/${volume}/bb1 -a user:superuser1:xy
+    ${result} =     Execute             ozone sh bucket getacl ${protocol}${server}/${volume}/bb1
+    Should Match Regexp                 ${result}       \"type\" : \"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"READ\", \"WRITE\"
+    ${result} =     Execute             ozone sh bucket setacl ${protocol}${server}/${volume}/bb1 -al user:superuser1:rwxy,group:superuser1:a
+    ${result} =     Execute             ozone sh bucket getacl ${protocol}${server}/${volume}/bb1
+    Should Match Regexp                 ${result}       \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+    Should Match Regexp                 ${result}       \"type\" : \"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"ALL\"
+
+
 Test key handling
     [arguments]     ${protocol}         ${server}       ${volume}
                     Execute             ozone sh key put ${protocol}${server}/${volume}/bb1/key1 /opt/hadoop/NOTICE.txt
@@ -74,3 +116,19 @@ Test key handling
     ${result} =     Execute             ozone sh key list ${protocol}${server}/${volume}/bb1 | grep -Ev 'Removed|WARN|DEBUG|ERROR|INFO|TRACE' | jq -r '.[].keyName'
                     Should Be Equal     ${result}       key2
                     Execute             ozone sh key delete ${protocol}${server}/${volume}/bb1/key2
+
+Test key Acls
+    [arguments]     ${protocol}         ${server}       ${volume}
+    Execute         ozone sh key put ${protocol}${server}/${volume}/bb1/key2 /opt/hadoop/NOTICE.txt
+    ${result} =     Execute             ozone sh key getacl ${protocol}${server}/${volume}/bb1/key2
+    Should Match Regexp                 ${result}       \"type\" : \"USER\",\n.*\"name\" : \".*\",\n.*\"aclList\" : . \"ALL\" .
+    ${result} =     Execute             ozone sh key addacl ${protocol}${server}/${volume}/bb1/key2 -a user:superuser1:rwxy
+    ${result} =     Execute             ozone sh key getacl ${protocol}${server}/${volume}/bb1/key2
+    Should Match Regexp                 ${result}       \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+    ${result} =     Execute             ozone sh key removeacl ${protocol}${server}/${volume}/bb1/key2 -a user:superuser1:xy
+    ${result} =     Execute             ozone sh key getacl ${protocol}${server}/${volume}/bb1/key2
+    Should Match Regexp                 ${result}       \"type\" : \"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"READ\", \"WRITE\"
+    ${result} =     Execute             ozone sh key setacl ${protocol}${server}/${volume}/bb1/key2 -al user:superuser1:rwxy,group:superuser1:a
+    ${result} =     Execute             ozone sh key getacl ${protocol}${server}/${volume}/bb1/key2
+    Should Match Regexp                 ${result}       \"type\" : \"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+    Should Match Regexp                 ${result}       \"type\" : \"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"ALL\"