hadoop-yetus commented on a change in pull request #973: HDDS-1611. Evaluate
ACL on volume bucket key and prefix to authorize access. Contributed by Ajay
Kumar.
URL: https://github.com/apache/hadoop/pull/973#discussion_r298385916
##########
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
##########
@@ -2277,8 +2332,19 @@ public OmKeyLocationInfo allocateBlock(OmKeyArgs args,
long clientID,
ExcludeList excludeList)
throws IOException {
if(isAclEnabled) {
- checkAcls(ResourceType.KEY, StoreType.OZONE, ACLType.WRITE,
- args.getVolumeName(), args.getBucketName(), args.getKeyName());
+ try {
+ checkAcls(ResourceType.KEY, StoreType.OZONE, ACLType.WRITE,
+ args.getVolumeName(), args.getBucketName(), args.getKeyName());
+ } catch (OMException ex) {
+ // For new keys key checkAccess call will fail as key doesn't exist.
+ // Check user access for bucket.
+ if (ex.getResult().equals(KEY_NOT_FOUND)) {
+ checkAcls(ResourceType.BUCKET, StoreType.OZONE, ACLType.WRITE,
+ args.getVolumeName(), args.getBucketName(), args.getKeyName());
+ } else {
+ throw ex;
+ }
Review comment:
whitespace:end of line
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
