[
https://issues.apache.org/jira/browse/HDFS-7384?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vinayakumar B updated HDFS-7384:
--------------------------------
Attachment: HDFS-7384-006.patch
Updated the patch addressing comments.
1.
bq. AclStatus#getEffectivePermission: I think there is a compatibility problem
in this method. Let's assume this patch goes into 2.7.0, and then we run a
2.7.0 client connected to a 2.6.0 NameNode. The old NameNode will not populate
the new permissions field in the outbound AclStatus. The 2.7.0 client would go
into the null check path and not apply any mask, resulting in hdfs dfs -getfacl
reporting incorrect effective permissions. For compatibility, I think the shell
will need a way to detect that the NameNode didn't populate permissions, and
fall back to the current logic of using permissions from FileStatus.
For this, added one overloaded {{AclStatus#getEffectivePermission(AclEntry
entry, FsPermission permArg)}}. Same has been used in AclCommands.java through
which {{hdfs dfs -getfacl}} can connect to any version of namenode.
While using API, users needs to pass {{permArg}} else throws illegal argument
exception instead of silently returning wrong effective permissions.
2. {quote}AclStatus#getPermission: I suggest adding JavaDocs.
AclStatus#Builder#setPermission: I suggest removing the word "default" here,
just to prevent any confusion that this is somehow related to default ACLs.
Same thing for the private AclStatus constructor.
Let's update the documentation in WebHDFS.apt.vm to show the new fields in the
GETACLSTATUS example JSON response.{quote}
Done.
> 'getfacl' command and 'getAclStatus' output should be in sync
> -------------------------------------------------------------
>
> Key: HDFS-7384
> URL: https://issues.apache.org/jira/browse/HDFS-7384
> Project: Hadoop HDFS
> Issue Type: Improvement
> Reporter: Vinayakumar B
> Assignee: Vinayakumar B
> Attachments: HDFS-7384-001.patch, HDFS-7384-002.patch,
> HDFS-7384-003.patch, HDFS-7384-004.patch, HDFS-7384-005.patch,
> HDFS-7384-006.patch
>
>
> *getfacl* command will print all the entries including basic and extended
> entries, mask entries and effective permissions.
> But, *getAclStatus* FileSystem API will return only extended ACL entries set
> by the user. But this will not include the mask entry as well as effective
> permissions.
> To benefit the client using API, better to include 'mask' entry and effective
> permissions in the return list of entries.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
