goiri commented on a change in pull request #1478: HDFS-14856 Fetch file ACLs
while mounting external store
URL: https://github.com/apache/hadoop/pull/1478#discussion_r326313522
##########
File path:
hadoop-tools/hadoop-fs2img/src/main/java/org/apache/hadoop/hdfs/server/namenode/UGIResolver.java
##########
@@ -132,4 +138,134 @@ public FsPermission permission(FileStatus s) {
return s.getPermission();
}
+ private long resolve(AclStatus aclStatus) {
+ return buildPermissionStatus(
+ user(aclStatus), group(aclStatus), permission(aclStatus).toShort());
+ }
+
+ /**
+ * Get the locally mapped user for external {@link AclStatus}.
+ *
+ * @param aclStatus AclStatus on external store.
+ * @return locally mapped user name.
+ */
+ public String user(AclStatus aclStatus) {
+ return aclStatus.getOwner();
+ }
+
+ /**
+ * Get the locally mapped group for the external {@link AclStatus}.
+ *
+ * @param aclStatus AclStatus on the external store.
+ * @return locally mapped group name.
+ */
+ public String group(AclStatus aclStatus) {
+ return aclStatus.getGroup();
+ }
+
+ /**
+ * Get the locally mapped {@link FsPermission} for the external
+ * {@link AclStatus}.
+ *
+ * @param aclStatus AclStatus on the external store.
+ * @return local {@link FsPermission} the external AclStatus maps to.
+ */
+ public FsPermission permission(AclStatus aclStatus) {
+ return aclStatus.getPermission();
+ }
+
+ /**
+ * Returns list of Acl entries to apply to local paths based on remote acls.
+ *
+ * @param aclStatus remote ACL status.
+ * @return local HDFS ACL entries.
+ */
+ public List<AclEntry> aclEntries(AclStatus aclStatus) {
+ List<AclEntry> newAclEntries = new ArrayList<>();
+ for (AclEntry entry : aclStatus.getEntries()) {
+ newAclEntries.add(getLocalAclEntry(entry));
+ }
+ return newAclEntries;
+ }
+
+ /**
+ * Map the {@link AclEntry} on the remote store to one on the local HDFS.
+ * @param remoteEntry the {@link AclEntry} on the remote store.
+ * @return the {@link AclEntry} on the local HDFS.
+ */
+ protected AclEntry getLocalAclEntry(AclEntry remoteEntry) {
+ return new AclEntry.Builder()
+ .setType(remoteEntry.getType())
+ .setName(remoteEntry.getName())
+ .setPermission(remoteEntry.getPermission())
+ .setScope(remoteEntry.getScope())
+ .build();
+ }
+
+ /**
+ * Get the local {@link PermissionStatus} the external {@link FileStatus} or
+ * {@link AclStatus} map to. {@code remoteAcl} is used when it
+ * is not null, otherwise {@code remoteStatus} is used.
+ *
+ * @param remoteStatus FileStatus on remote store.
+ * @param remoteAcl AclStatus on external store.
+ * @return the local {@link PermissionStatus}.
+ */
+ public PermissionStatus getPermissions(FileStatus remoteStatus,
+ AclStatus remoteAcl) {
+ addUGI(remoteStatus, remoteAcl);
+ if (remoteAcl == null) {
+ return new PermissionStatus(user(remoteStatus),
+ group(remoteStatus), permission(remoteStatus));
+ } else {
+ return new PermissionStatus(user(remoteAcl),
+ group(remoteAcl), permission(remoteAcl));
+ }
+ }
+
+ /**
+ * Get the serialized, local permissions for the external
+ * {@link FileStatus} or {@link AclStatus}. {@code remoteAcl} is used when it
+ * is not null, otherwise {@code remoteStatus} is used.
+ *
+ * @param remoteStatus FileStatus on remote store.
+ * @param remoteAcl AclStatus on external store.
+ * @return serialized, local permissions the FileStatus or AclStatus map to.
+ */
+ public long getPermissionsProto(FileStatus remoteStatus,
+ AclStatus remoteAcl) {
+ addUGI(remoteStatus, remoteAcl);
+ if (remoteAcl == null) {
+ return resolve(remoteStatus);
+ } else {
+ return resolve(remoteAcl);
+ }
+ }
+
+ /**
+ * Add the users and groups specified by the given {@link FileStatus} and
+ * {@link AclStatus}.
+ *
+ * @param remoteStatus
+ * @param remoteAcl
+ */
+ private void addUGI(FileStatus remoteStatus, AclStatus remoteAcl) {
+ if (remoteAcl != null) {
+ addUser(remoteAcl.getOwner());
+ addGroup(remoteAcl.getGroup());
+ for (AclEntry entry : remoteAcl.getEntries()) {
+ // add the users and groups in this acl entry to ugi
+ if (entry.getName() != null) {
Review comment:
Extract getName()
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
