diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/web/utils/OzoneUtils.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/web/utils/OzoneUtils.java index 1cdea8b0e315..81382bbe8c08 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/web/utils/OzoneUtils.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/web/utils/OzoneUtils.java @@ -30,12 +30,16 @@ import org.apache.hadoop.hdds.annotation.InterfaceAudience; import org.apache.hadoop.hdds.conf.ConfigurationSource; +import org.apache.hadoop.hdds.conf.OzoneConfiguration; import org.apache.hadoop.hdds.scm.client.HddsClientUtils; import org.apache.hadoop.ozone.OzoneConsts; import com.google.common.base.Preconditions; import org.apache.ratis.util.TimeDuration; +import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS; +import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_DEFAULT; + /** * Set of Utility functions used in ozone. */ @@ -166,4 +170,22 @@ public static long getTimeDurationInMS(ConfigurationSource conf, String key, .toLong(TimeUnit.MILLISECONDS); } + /** + * Return true, when Authorizer class is configured with non-default value. + * @param configuration + * @return boolean + */ + public static boolean checkExternalAuthorizer( + OzoneConfiguration configuration) { + String authorizerClass = configuration.get(OZONE_ACL_AUTHORIZER_CLASS); + if (authorizerClass != null && + !authorizerClass.equals(OZONE_ACL_AUTHORIZER_CLASS_DEFAULT)) { + System.out.print(String.format("When External Authorizer %s is " + + "configured, Acl commands are not supported via ozone shell.", + authorizerClass)); + return true; + } + return false; + } + } diff --git a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/util/TestOzoneUtils.java b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/util/TestOzoneUtils.java new file mode 100644 index 000000000000..622c6affd081 --- /dev/null +++ b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/util/TestOzoneUtils.java @@ -0,0 +1,23 @@ +package org.apache.hadoop.ozone.util; + +import org.apache.hadoop.hdds.conf.OzoneConfiguration; +import org.apache.hadoop.ozone.OzoneConfigKeys; +import org.apache.hadoop.ozone.web.utils.OzoneUtils; +import org.junit.Assert; +import org.junit.Test; + +/** + * Class tests OzoneUtils. + */ +public class TestOzoneUtils { + + @Test + public void testCheckExternalAuthorizer() { + OzoneConfiguration ozoneConfiguration = new OzoneConfiguration(); + Assert.assertFalse(OzoneUtils.checkExternalAuthorizer(ozoneConfiguration)); + + ozoneConfiguration.set(OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS, + "RangerAuthorizer"); + Assert.assertTrue(OzoneUtils.checkExternalAuthorizer(ozoneConfiguration)); + } +} diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/acl/AclHandler.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/acl/AclHandler.java index 50db64b3ed5d..87997a44e0f9 100644 --- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/acl/AclHandler.java +++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/acl/AclHandler.java @@ -17,12 +17,14 @@ */ package org.apache.hadoop.ozone.shell.acl; + import org.apache.hadoop.ozone.client.OzoneClient; import org.apache.hadoop.ozone.security.acl.OzoneObj; import org.apache.hadoop.ozone.shell.OzoneAddress; import org.apache.hadoop.ozone.shell.StoreTypeOption; import org.apache.hadoop.ozone.shell.Handler; +import org.apache.hadoop.ozone.web.utils.OzoneUtils; import picocli.CommandLine; import java.io.IOException; @@ -55,7 +57,10 @@ protected abstract void execute(OzoneClient client, OzoneObj obj) @Override protected void execute(OzoneClient client, OzoneAddress address) throws IOException { - + boolean externalAuthorizer = OzoneUtils.checkExternalAuthorizer(getConf()); + if (externalAuthorizer) { + return; + } execute(client, address.toOzoneObj(storeType.getValue())); }