xiaoyuyao commented on a change in pull request #1701:
URL: https://github.com/apache/ozone/pull/1701#discussion_r612649256
##########
File path:
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/BucketEndpoint.java
##########
@@ -353,6 +373,204 @@ public MultiDeleteResponse
multiDelete(@PathParam("bucket") String bucketName,
return result;
}
+ /**
+ * Implement acl get.
+ * <p>
+ * see: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html
+ */
+ public S3BucketAcl getAcl(String bucketName)
+ throws OS3Exception, IOException {
+ S3BucketAcl result = new S3BucketAcl();
+ try {
+ OzoneBucket bucket = getBucket(bucketName);
+ OzoneVolume volume = getVolume();
+ // TODO: use bucket owner instead of volume owner here once bucket owner
+ // TODO: is supported.
+ S3Owner owner = new S3Owner(volume.getOwner(), volume.getOwner());
+ result.setOwner(owner);
+
+ // TODO: remove this duplication avoid logic when ACCESS and DEFAULT
scope
+ // TODO: are merged.
+ // Use set to remove ACLs with different scopes(ACCESS and DEFAULT)
+ Set<Grant> grantSet = new HashSet<>();
+ // Return ACL list
+ for (OzoneAcl acl : bucket.getAcls()) {
+ List<Grant> grants = S3Acl.ozoneNativeAclToS3Acl(acl);
+ grantSet.addAll(grants);
+ }
+ ArrayList<Grant> grantList = new ArrayList<>();
+ grantList.addAll(grantSet);
+ result.setAclList(
+ new S3BucketAcl.AccessControlList(grantList));
+ return result;
+ } catch (OMException ex) {
+ if (ex.getResult() == ResultCodes.BUCKET_NOT_FOUND) {
+ throw S3ErrorTable.newError(S3ErrorTable
+ .NO_SUCH_BUCKET, bucketName);
+ } else if (ex.getResult() == ResultCodes.PERMISSION_DENIED) {
+ throw S3ErrorTable.newError(S3ErrorTable
+ .ACCESS_DENIED, bucketName);
+ } else {
+ LOG.error("Failed to get acl of Bucket " + bucketName, ex);
+ throw S3ErrorTable.newError(S3ErrorTable.INTERNAL_ERROR, bucketName);
+ }
+ }
+ }
+
+ /**
+ * Implement acl put.
+ * <p>
+ * see: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html
+ */
+ public Response putAcl(String bucketName, HttpHeaders httpHeaders,
+ InputStream body) throws IOException, OS3Exception {
+ String grantReads = httpHeaders.getHeaderString(S3Acl.grantRead);
+ String grantWrites = httpHeaders.getHeaderString(S3Acl.grantWrite);
+ String grantReadACP = httpHeaders.getHeaderString(S3Acl.grantReadACP);
+ String grantWriteACP = httpHeaders.getHeaderString(S3Acl.grantWriteACP);
+ String grantFull = httpHeaders.getHeaderString(S3Acl.grantFullControl);
+
+ try {
+ OzoneBucket bucket = getBucket(bucketName);
+ OzoneVolume volume = getVolume();
+
+ List<OzoneAcl> ozoneAclListOnBucket = new ArrayList<>();
+ List<OzoneAcl> ozoneAclListOnVolume = new ArrayList<>();
+
+ if (grantReads == null && grantWrites == null && grantReadACP == null
+ && grantWriteACP == null && grantFull == null) {
+ S3BucketAcl putBucketAclRequest =
+ new PutBucketAclRequestUnmarshaller().readFrom(
+ null, null, null, null, null, body);
+ // Handle grants in body
+ ozoneAclListOnBucket.addAll(
+ S3Acl.s3AclToOzoneNativeAclOnBucket(putBucketAclRequest));
+ ozoneAclListOnVolume.addAll(
+ S3Acl.s3AclToOzoneNativeAclOnVolume(putBucketAclRequest));
+ } else {
+
+ // Handle grants in headers
+ if (grantReads != null) {
+ ozoneAclListOnBucket.addAll(getAndConvertAclOnBucket(grantReads,
+ S3Acl.ACLType.READ.getValue()));
+ ozoneAclListOnVolume.addAll(getAndConvertAclOnVolume(grantReads,
+ S3Acl.ACLType.READ.getValue()));
+ }
+ if (grantWrites != null) {
+ ozoneAclListOnBucket.addAll(getAndConvertAclOnBucket(grantWrites,
+ S3Acl.ACLType.WRITE.getValue()));
+ ozoneAclListOnVolume.addAll(getAndConvertAclOnVolume(grantWrites,
+ S3Acl.ACLType.WRITE.getValue()));
+ }
+ if (grantReadACP != null) {
+ ozoneAclListOnBucket.addAll(getAndConvertAclOnBucket(grantReadACP,
+ S3Acl.ACLType.READ_ACP.getValue()));
+ ozoneAclListOnVolume.addAll(getAndConvertAclOnVolume(grantReadACP,
+ S3Acl.ACLType.READ_ACP.getValue()));
+ }
+ if (grantWriteACP != null) {
+ ozoneAclListOnBucket.addAll(getAndConvertAclOnBucket(grantWriteACP,
+ S3Acl.ACLType.WRITE_ACP.getValue()));
+ ozoneAclListOnVolume.addAll(getAndConvertAclOnVolume(grantWriteACP,
+ S3Acl.ACLType.WRITE_ACP.getValue()));
+ }
+ if (grantFull != null) {
+ ozoneAclListOnBucket.addAll(getAndConvertAclOnBucket(grantFull,
+ S3Acl.ACLType.FULL_CONTROL.getValue()));
+ ozoneAclListOnVolume.addAll(getAndConvertAclOnVolume(grantFull,
+ S3Acl.ACLType.FULL_CONTROL.getValue()));
+ }
+ }
+
+ // A put request will reset all previous ACLs
+ bucket.setAcl(ozoneAclListOnBucket);
+ volume.setAcl(ozoneAclListOnVolume);
Review comment:
Should we read the existing volume acl, add the new ones necessary and
set it back instead of overwrite the existing ACL on the s3 volume?
@xiaoyuyao , I updated the implementation. Now it will remove all the ACLs
of import users from Volume first, then apply the new ACLs on Volume.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
