[
https://issues.apache.org/jira/browse/HDFS-5673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13858998#comment-13858998
]
Haohui Mai commented on HDFS-5673:
----------------------------------
Thanks Chris. The latest version is much more readable to me. It seems to me
that the code is essentially doing the following:
1. promoteDefaultEntries:
{code}
foreach AclEntryType:
if there's an {{ACCESS}} entry without a name and no default entry for the
type:
promote it as a default entry.
{code}
(However, it seems that for some reasons the code keeps the original entry as
well)
2. calculateMask:
{code}
foreach scope:
if there exists an entry without a name and no mask entry:
add a mask entry whose permission equals to or(forall entries.perm)
{code}
The code can be further simplified when the ACL entries are sorted. Recall the
ACL entries are sorted by scope, name, type, and finally permissions.
For example:
{code}
promoteDefaultEntries(entries):
pivot = the index of first entry with type ACCESS
while (pivot < entries.length && entries[pivot].name() != null)
if there is no corresponding default entry in entries[0..pivot - 1]:
entries[pivot].type = DEFAULT
calculateMask(entries):
pivot = the index of first entry with type ACCESS
calculateMaskForScope(entries, 0, pivot - 1, DEFAULT)
calculateMaskForScope(entries, pivot, entries.lengt, ACCESS)
sort(entries)
calculateMaskForScope(entries, start, end, type):
if entries[start].type != MASK:
perm = or(forall entries[start..end].perm())
entries.append(newMaskEntry(type, perm))
merge(existing, new):
out = concat(existing, new)
sort(out)
remove duplicate in out
validate(out)
promoteDefaultEntries(out)
calculateMask(out)
validate(out)
return out
{code}
That way you don't need to keep track on things like scopeDirty / providedMask.
I also propose to move the compareTo() function AclEntry out to a new
comparator inside AclTransformationLogic.
Questions:
# Is it possible to have multiple entries whose type equals to ACCESS, and
empty names? If the answer is yes, {{copyDefaultsIfNeeded}} will always pick up
the last entry. Is it expected?
# How are you going to use these functions? It is not immediately clear to me
that you can implement the APIs using these functions directly.
> Implement logic for modification of ACLs.
> -----------------------------------------
>
> Key: HDFS-5673
> URL: https://issues.apache.org/jira/browse/HDFS-5673
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: namenode
> Affects Versions: HDFS ACLs (HDFS-4685)
> Reporter: Chris Nauroth
> Assignee: Chris Nauroth
> Attachments: HDFS-5673.1.patch, HDFS-5673.2.patch, HDFS-5673.3.patch,
> HDFS-5673.4.patch
>
>
> This patch will include the core logic for modification of ACLs. This
> includes support for all user-facing APIs that modify ACLs. This will cover
> access ACLs, default ACLs, automatic mask calculations, automatic inference
> of unprovided default ACL entries, and validation to prevent creation of an
> invalid ACL.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
