This is an automated email from the ASF dual-hosted git repository.
elek pushed a commit to branch HDDS-2181
in repository https://gitbox.apache.org/repos/asf/hadoop-ozone.git
commit 076d05ca473100a3cb8247adcce42dd930231bcb
Author: Vivek Ratnavel Subramanian <vivekratnave...@gmail.com>
AuthorDate: Wed Oct 9 16:08:52 2019 -0700
Fix unit test failures
---
.../main/java/org/apache/hadoop/ozone/OzoneConsts.java | 1 +
.../hadoop/ozone/security/acl/IAccessAuthorizer.java | 2 +-
.../org/apache/hadoop/ozone/security/acl/OzoneObj.java | 1 +
.../ozone/security/acl/TestOzoneNativeAuthorizer.java | 5 ++++-
.../java/org/apache/hadoop/ozone/om/KeyManagerImpl.java | 10 ++++++++--
.../ozone/om/request/file/OMDirectoryCreateRequest.java | 3 ++-
.../hadoop/ozone/om/request/file/OMFileCreateRequest.java | 3 ++-
.../ozone/om/request/key/OMAllocateBlockRequest.java | 15 +++++++++++----
.../hadoop/ozone/om/request/key/OMKeyCommitRequest.java | 15 +++++++++++----
.../hadoop/ozone/om/request/key/OMKeyCreateRequest.java | 3 ++-
.../hadoop/ozone/om/request/key/OMKeyDeleteRequest.java | 3 ++-
.../hadoop/ozone/om/request/key/OMKeyRenameRequest.java | 5 +++--
.../apache/hadoop/ozone/om/request/key/OMKeyRequest.java | 6 +++---
13 files changed, 51 insertions(+), 21 deletions(-)
diff --git
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java
index 9817d87..7c8eb69 100644
--- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java
+++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneConsts.java
@@ -237,6 +237,7 @@ public final class OzoneConsts {
public static final String VOLUME = "volume";
public static final String BUCKET = "bucket";
public static final String KEY = "key";
+ public static final String OPEN_KEY = "openKey";
public static final String QUOTA = "quota";
public static final String QUOTA_IN_BYTES = "quotaInBytes";
public static final String OBJECT_ID = "objectID";
diff --git
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/IAccessAuthorizer.java
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/IAccessAuthorizer.java
index d8a2660..939f2c1 100644
---
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/IAccessAuthorizer.java
+++
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/IAccessAuthorizer.java
@@ -64,7 +64,7 @@ public interface IAccessAuthorizer {
public static ACLType getAclTypeFromOrdinal(int ordinal) {
if (ordinal > length - 1 && ordinal > -1) {
- throw new IllegalArgumentException("Ordinal greater than array lentgh"
+
+ throw new IllegalArgumentException("Ordinal greater than array length"
+
". ordinal:" + ordinal);
}
return vals[ordinal];
diff --git
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneObj.java
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneObj.java
index 4a95e55..1d05ede 100644
---
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneObj.java
+++
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneObj.java
@@ -95,6 +95,7 @@ public abstract class OzoneObj implements IOzoneObj {
VOLUME(OzoneConsts.VOLUME),
BUCKET(OzoneConsts.BUCKET),
KEY(OzoneConsts.KEY),
+ OPEN_KEY(OzoneConsts.OPEN_KEY),
PREFIX(OzoneConsts.PREFIX);
/**
diff --git
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneNativeAuthorizer.java
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneNativeAuthorizer.java
index 43ce679..bedd959 100644
---
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneNativeAuthorizer.java
+++
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneNativeAuthorizer.java
@@ -69,6 +69,7 @@ import static
org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLIdentity
import static
org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLIdentityType.USER;
import static
org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLIdentityType.WORLD;
import static
org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType.ALL;
+import static
org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType.CREATE;
import static
org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType.NONE;
import static
org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.BUCKET;
import static org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.KEY;
@@ -362,6 +363,7 @@ public class TestOzoneNativeAuthorizer {
aclsToBeAdded.remove(NONE);
aclsToBeAdded.remove(ALL);
+ aclsToBeAdded.remove(CREATE);
// Fetch acls again.
for (ACLType a2 : aclsToBeAdded) {
@@ -410,7 +412,7 @@ public class TestOzoneNativeAuthorizer {
builder.setAclRights(a2).build()));
aclsToBeValidated.remove(a2);
for (ACLType a3 : aclsToBeValidated) {
- if (!a3.equals(a1) && !a3.equals(a2)) {
+ if (!a3.equals(a1) && !a3.equals(a2) && !a3.equals(CREATE)) {
assertFalse("User shouldn't have right " + a3 + ". " +
"Current acl rights for user:" + a1 + "," + a2,
nativeAuthorizer.checkAccess(obj,
@@ -462,6 +464,7 @@ public class TestOzoneNativeAuthorizer {
builder) throws OMException {
List<ACLType> allAcls = new ArrayList<>(Arrays.asList(ACLType.values()));
allAcls.remove(NONE);
+ allAcls.remove(CREATE);
for (ACLType a : allAcls) {
assertFalse("User shouldn't have right " + a + ".",
nativeAuthorizer.checkAccess(obj, builder.setAclRights(a).build()));
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java
index f3ae9b1..faa65bb 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java
@@ -123,6 +123,7 @@ import static
org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.KEY_
import static
org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.VOLUME_NOT_FOUND;
import static
org.apache.hadoop.ozone.om.lock.OzoneManagerLock.Resource.BUCKET_LOCK;
import static org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.KEY;
+import static
org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.OPEN_KEY;
import static org.apache.hadoop.util.Time.monotonicNow;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -1656,8 +1657,13 @@ public class KeyManagerImpl implements KeyManager {
validateBucket(volume, bucket);
OmKeyInfo keyInfo = null;
try {
- OzoneFileStatus fileStatus = getFileStatus(args);
- keyInfo = fileStatus.getKeyInfo();
+ if (ozObject.getResourceType() == OPEN_KEY) {
+ keyInfo = metadataManager.getOpenKeyTable().get(objectKey);
+ } else {
+ OzoneFileStatus fileStatus = getFileStatus(args);
+ keyInfo = fileStatus.getKeyInfo();
+ }
+
if (keyInfo == null) {
// the key does not exist, but it is a parent "dir" of some key
// let access be determined based on volume/bucket/prefix ACL
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMDirectoryCreateRequest.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMDirectoryCreateRequest.java
index 6e45171..aaac874 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMDirectoryCreateRequest.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMDirectoryCreateRequest.java
@@ -33,6 +33,7 @@ import org.apache.hadoop.ozone.om.helpers.OzoneAclUtil;
import org.apache.hadoop.ozone.om.helpers.OzoneFSUtils;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -129,7 +130,7 @@ public class OMDirectoryCreateRequest extends OMKeyRequest {
try {
// check Acl
checkKeyAcls(ozoneManager, volumeName, bucketName, keyName,
- IAccessAuthorizer.ACLType.CREATE);
+ IAccessAuthorizer.ACLType.CREATE, OzoneObj.ResourceType.KEY);
// Check if this is the root of the filesystem.
if (keyName.length() == 0) {
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMFileCreateRequest.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMFileCreateRequest.java
index 79500cc..52af0a3 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMFileCreateRequest.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMFileCreateRequest.java
@@ -32,6 +32,7 @@ import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -179,7 +180,7 @@ public class OMFileCreateRequest extends OMKeyRequest {
try {
// check Acl
checkKeyAcls(ozoneManager, volumeName, bucketName, keyName,
- IAccessAuthorizer.ACLType.CREATE);
+ IAccessAuthorizer.ACLType.CREATE, OzoneObj.ResourceType.KEY);
// acquire lock
acquiredLock = omMetadataManager.getLock().acquireWriteLock(BUCKET_LOCK,
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMAllocateBlockRequest.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMAllocateBlockRequest.java
index a6702b3..ef2af6d 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMAllocateBlockRequest.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMAllocateBlockRequest.java
@@ -29,6 +29,7 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.ozone.OmUtils;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
import org.apache.hadoop.util.Time;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -176,12 +177,18 @@ public class OMAllocateBlockRequest extends OMKeyRequest {
// write ACL on key. Add client id to key name if ozone native
// authorizer is configured.
Configuration config = ozoneManager.getConfiguration();
- String keyNameForAclCheck = keyName;
if (OmUtils.isNativeAuthorizerEnabled(config)) {
- keyNameForAclCheck = keyName + "/" +
allocateBlockRequest.getClientID();
+ String keyNameForAclCheck =
+ keyName + "/" + allocateBlockRequest.getClientID();
+ // During allocate block request, it is possible that key is
+ // not present in the key table and hence setting the resource type
+ // to OPEN_KEY to check the openKeyTable.
+ checkKeyAcls(ozoneManager, volumeName, bucketName, keyNameForAclCheck,
+ IAccessAuthorizer.ACLType.WRITE, OzoneObj.ResourceType.OPEN_KEY);
+ } else {
+ checkKeyAcls(ozoneManager, volumeName, bucketName, keyName,
+ IAccessAuthorizer.ACLType.WRITE, OzoneObj.ResourceType.KEY);
}
- checkKeyAcls(ozoneManager, volumeName, bucketName, keyNameForAclCheck,
- IAccessAuthorizer.ACLType.WRITE);
OMMetadataManager omMetadataManager = ozoneManager.getMetadataManager();
validateBucketAndVolume(omMetadataManager, volumeName,
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCommitRequest.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCommitRequest.java
index 3fe5206..63ea5a0 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCommitRequest.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCommitRequest.java
@@ -29,6 +29,7 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.ozone.OmUtils;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -123,12 +124,18 @@ public class OMKeyCommitRequest extends OMKeyRequest {
// write ACL on key. Add client id to key name if ozone native
// authorizer is configured.
Configuration config = ozoneManager.getConfiguration();
- String keyNameForAclCheck = keyName;
if (OmUtils.isNativeAuthorizerEnabled(config)) {
- keyNameForAclCheck = keyName + "/" + commitKeyRequest.getClientID();
+ String keyNameForAclCheck =
+ keyName + "/" + commitKeyRequest.getClientID();
+ // During key commit request, it is possible that key is
+ // not present in the key table and hence setting the resource type
+ // to OPEN_KEY to check the openKeyTable.
+ checkKeyAcls(ozoneManager, volumeName, bucketName, keyNameForAclCheck,
+ IAccessAuthorizer.ACLType.WRITE, OzoneObj.ResourceType.OPEN_KEY);
+ } else {
+ checkKeyAcls(ozoneManager, volumeName, bucketName, keyName,
+ IAccessAuthorizer.ACLType.WRITE, OzoneObj.ResourceType.KEY);
}
- checkKeyAcls(ozoneManager, volumeName, bucketName, keyNameForAclCheck,
- IAccessAuthorizer.ACLType.WRITE);
List<OmKeyLocationInfo> locationInfoList = commitKeyArgs
.getKeyLocationsList().stream()
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCreateRequest.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCreateRequest.java
index 5229e81..9681b20 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCreateRequest.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCreateRequest.java
@@ -27,6 +27,7 @@ import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -164,7 +165,7 @@ public class OMKeyCreateRequest extends OMKeyRequest {
try {
// check Acl
checkKeyAcls(ozoneManager, volumeName, bucketName, keyName,
- IAccessAuthorizer.ACLType.CREATE);
+ IAccessAuthorizer.ACLType.CREATE, OzoneObj.ResourceType.KEY);
acquireLock = omMetadataManager.getLock().acquireWriteLock(BUCKET_LOCK,
volumeName, bucketName);
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyDeleteRequest.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyDeleteRequest.java
index 97c2554..28dfaa5 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyDeleteRequest.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyDeleteRequest.java
@@ -24,6 +24,7 @@ import java.util.Map;
import com.google.common.base.Optional;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -111,7 +112,7 @@ public class OMKeyDeleteRequest extends OMKeyRequest {
try {
// check Acl
checkKeyAcls(ozoneManager, volumeName, bucketName, keyName,
- IAccessAuthorizer.ACLType.DELETE);
+ IAccessAuthorizer.ACLType.DELETE, OzoneObj.ResourceType.KEY);
String objectKey = omMetadataManager.getOzoneKey(
volumeName, bucketName, keyName);
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyRenameRequest.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyRenameRequest.java
index c594120..6f7ff60 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyRenameRequest.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyRenameRequest.java
@@ -25,6 +25,7 @@ import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -121,9 +122,9 @@ public class OMKeyRenameRequest extends OMKeyRequest {
// check Acls to see if user has access to perform delete operation on
// old key and create operation on new key
checkKeyAcls(ozoneManager, volumeName, bucketName, fromKeyName,
- IAccessAuthorizer.ACLType.DELETE);
+ IAccessAuthorizer.ACLType.DELETE, OzoneObj.ResourceType.KEY);
checkKeyAcls(ozoneManager, volumeName, bucketName, toKeyName,
- IAccessAuthorizer.ACLType.CREATE);
+ IAccessAuthorizer.ACLType.CREATE, OzoneObj.ResourceType.KEY);
acquiredLock = omMetadataManager.getLock().acquireWriteLock(BUCKET_LOCK,
volumeName, bucketName);
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyRequest.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyRequest.java
index 9520863..16e97e8 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyRequest.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyRequest.java
@@ -526,11 +526,11 @@ public abstract class OMKeyRequest extends
OMClientRequest {
* @throws IOException
*/
protected void checkKeyAcls(OzoneManager ozoneManager, String volume,
- String bucket, String key, IAccessAuthorizer.ACLType aclType)
+ String bucket, String key, IAccessAuthorizer.ACLType aclType,
+ OzoneObj.ResourceType resourceType)
throws IOException {
if (ozoneManager.getAclsEnabled()) {
- checkAcls(ozoneManager, OzoneObj.ResourceType.KEY,
- OzoneObj.StoreType.OZONE, aclType,
+ checkAcls(ozoneManager, resourceType, OzoneObj.StoreType.OZONE, aclType,
volume, bucket, key);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-commits-h...@hadoop.apache.org
