[ALLUXIO-3307] set ufs ACL on the createFile path (#7844)

* refactor proto and pass ACL info when creating new ufs file * update createOptions to contain acl info * add a setAcl call to initialize file's acl if it is provided in createOptions. * fix checkstyle * add the missing file * modify findbugs-exclude.xml * fix compilation * Add comment
Alluxio · Sep 24, 2018 · 80b4b74 · 80b4b74
1 parent 6ecffe5
commit 80b4b74
Show file tree

Hide file tree

Showing 19 changed files with 5,106 additions and 4,805 deletions.
diff --git a/build/findbugs/findbugs-exclude.xml b/build/findbugs/findbugs-exclude.xml
@@ -6,6 +6,7 @@
       <Package name="alluxio.thrift"/>
       <Package name="alluxio.proto.journal.*"/>
       <Package name="alluxio.proto.dataserver.*"/>
+      <Package name="alluxio.proto.shared.*"/>
     </Or>
   </Match>
 

diff --git a/core/client/fs/src/main/java/alluxio/client/block/stream/NettyPacketWriter.java b/core/client/fs/src/main/java/alluxio/client/block/stream/NettyPacketWriter.java
@@ -26,6 +26,7 @@
 import alluxio.proto.dataserver.Protocol;
 import alluxio.proto.status.Status.PStatus;
 import alluxio.resource.LockResource;
+import alluxio.security.authorization.AccessControlList;
 import alluxio.util.CommonUtils;
 import alluxio.util.proto.ProtoMessage;
 import alluxio.wire.WorkerNetAddress;
@@ -167,7 +168,9 @@ private NettyPacketWriter(FileSystemContext context, final WorkerNetAddress addr
       Protocol.CreateUfsFileOptions ufsFileOptions =
           Protocol.CreateUfsFileOptions.newBuilder().setUfsPath(options.getUfsPath())
               .setOwner(options.getOwner()).setGroup(options.getGroup())
-              .setMode(options.getMode().toShort()).setMountId(options.getMountId()).build();
+              .setMode(options.getMode().toShort()).setMountId(options.getMountId())
+              .setAcl(AccessControlList.toProtoBuf(options.getAcl()))
+              .build();
       builder.setCreateUfsFileOptions(ufsFileOptions);
     }
     mPartialRequest = builder.buildPartial();

diff --git a/core/client/fs/src/main/java/alluxio/client/file/BaseFileSystem.java b/core/client/fs/src/main/java/alluxio/client/file/BaseFileSystem.java
@@ -148,6 +148,7 @@ public FileOutStream createFile(AlluxioURI path, CreateFileOptions options)
     OutStreamOptions outStreamOptions = options.toOutStreamOptions();
     outStreamOptions.setUfsPath(status.getUfsPath());
     outStreamOptions.setMountId(status.getMountId());
+    outStreamOptions.setAcl(status.getAcl());
     try {
       return new FileOutStream(path, outStreamOptions, mFileSystemContext);
     } catch (Exception e) {

diff --git a/core/client/fs/src/main/java/alluxio/client/file/options/OutStreamOptions.java b/core/client/fs/src/main/java/alluxio/client/file/options/OutStreamOptions.java
@@ -19,6 +19,7 @@
 import alluxio.client.UnderStorageType;
 import alluxio.client.WriteType;
 import alluxio.client.file.policy.FileWriteLocationPolicy;
+import alluxio.security.authorization.AccessControlList;
 import alluxio.security.authorization.Mode;
 import alluxio.util.CommonUtils;
 import alluxio.util.IdUtils;
@@ -44,6 +45,7 @@ public final class OutStreamOptions {
   private String mOwner;
   private String mGroup;
   private Mode mMode;
+  private AccessControlList mAcl;
   private String mUfsPath;
   private long mMountId;
 
@@ -70,6 +72,13 @@ private OutStreamOptions() {
     mMountId = IdUtils.INVALID_MOUNT_ID;
   }
 
+  /**
+   * @return the acl
+   */
+  public AccessControlList getAcl() {
+    return mAcl;
+  }
+
   /**
    * @return the block size
    */
@@ -162,6 +171,17 @@ public WriteType getWriteType() {
     return mWriteType;
   }
 
+  /**
+   * Sets the acl of the file.
+   *
+   * @param acl the acl to use
+   * @return the updated options object
+   */
+  public OutStreamOptions setAcl(AccessControlList acl) {
+    mAcl = acl;
+    return this;
+  }
+
   /**
    * Sets the size of the block in bytes.
    *
@@ -281,7 +301,8 @@ public boolean equals(Object o) {
       return false;
     }
     OutStreamOptions that = (OutStreamOptions) o;
-    return Objects.equal(mBlockSizeBytes, that.mBlockSizeBytes)
+    return Objects.equal(mAcl, that.mAcl)
+        && Objects.equal(mBlockSizeBytes, that.mBlockSizeBytes)
         && Objects.equal(mGroup, that.mGroup)
         && Objects.equal(mLocationPolicy, that.mLocationPolicy)
         && Objects.equal(mMode, that.mMode)
@@ -297,6 +318,7 @@ public boolean equals(Object o) {
   @Override
   public int hashCode() {
     return Objects.hashCode(
+        mAcl,
         mBlockSizeBytes,
         mGroup,
         mLocationPolicy,
@@ -314,6 +336,7 @@ public int hashCode() {
   @Override
   public String toString() {
     return Objects.toStringHelper(this)
+        .add("acl", mAcl)
         .add("blockSizeBytes", mBlockSizeBytes)
         .add("group", mGroup)
         .add("locationPolicy", mLocationPolicy)

diff --git a/core/common/src/main/java/alluxio/security/authorization/AccessControlList.java b/core/common/src/main/java/alluxio/security/authorization/AccessControlList.java
@@ -11,7 +11,7 @@
 
 package alluxio.security.authorization;
 
-import alluxio.proto.journal.File;
+import alluxio.proto.shared.Acl;
 import alluxio.thrift.TAcl;
 import alluxio.thrift.TAclEntry;
 
@@ -392,7 +392,7 @@ public int hashCode() {
    * @param acl the protobuf representation
    * @return {@link AccessControlList}
    */
-  public static AccessControlList fromProtoBuf(File.AccessControlList acl) {
+  public static AccessControlList fromProtoBuf(Acl.AccessControlList acl) {
     AccessControlList ret;
     if (acl.hasIsDefault() && acl.getIsDefault()) {
       ret = new DefaultAccessControlList();
@@ -409,7 +409,7 @@ public static AccessControlList fromProtoBuf(File.AccessControlList acl) {
     // true if there are any extended entries (named user or named group)
     boolean hasExtended = false;
 
-    for (File.NamedAclActions namedActions : acl.getUserActionsList()) {
+    for (Acl.NamedAclActions namedActions : acl.getUserActionsList()) {
       String name = namedActions.getName();
       AclActions actions = AclActions.fromProtoBuf(namedActions.getActions());
       AclEntry entry;
@@ -424,7 +424,7 @@ public static AccessControlList fromProtoBuf(File.AccessControlList acl) {
       ret.setEntry(entry);
     }
 
-    for (File.NamedAclActions namedActions : acl.getGroupActionsList()) {
+    for (Acl.NamedAclActions namedActions : acl.getGroupActionsList()) {
       String name = namedActions.getName();
       AclActions actions = AclActions.fromProtoBuf(namedActions.getActions());
       AclEntry entry;
@@ -459,17 +459,17 @@ public static AccessControlList fromProtoBuf(File.AccessControlList acl) {
    * @param acl {@link AccessControlList}
    * @return protobuf representation
    */
-  public static File.AccessControlList toProtoBuf(AccessControlList acl) {
+  public static Acl.AccessControlList toProtoBuf(AccessControlList acl) {
-    File.AccessControlList.Builder builder = File.AccessControlList.newBuilder();
+    Acl.AccessControlList.Builder builder = Acl.AccessControlList.newBuilder();
     builder.setOwningUser(acl.mOwningUser);
     builder.setOwningGroup(acl.mOwningGroup);
 
     // base entries
-    builder.addUserActions(File.NamedAclActions.newBuilder()
+    builder.addUserActions(Acl.NamedAclActions.newBuilder()
         .setName(OWNING_USER_KEY)
         .setActions(AclActions.toProtoBuf(acl.getOwningUserActions()))
         .build());
-    builder.addGroupActions(File.NamedAclActions.newBuilder()
+    builder.addGroupActions(Acl.NamedAclActions.newBuilder()
         .setName(OWNING_GROUP_KEY)
         .setActions(AclActions.toProtoBuf(acl.getOwningGroupActions()))
         .build());

diff --git a/core/common/src/main/java/alluxio/security/authorization/AclAction.java b/core/common/src/main/java/alluxio/security/authorization/AclAction.java
@@ -11,7 +11,7 @@
 
 package alluxio.security.authorization;
 
-import alluxio.proto.journal.File;
+import alluxio.proto.shared.Acl;
 import alluxio.thrift.TAclAction;
 
 /**
@@ -38,7 +38,7 @@ public static AclAction ofOrdinal(int ordinal) {
    * @param action the protobuf representation of {@link AclAction}
    * @return the {@link AclAction} decoded from the protobuf representation
    */
-  public static AclAction fromProtoBuf(File.AclAction action) {
+  public static AclAction fromProtoBuf(Acl.AclAction action) {
     switch (action) {
       case READ:
         return READ;
@@ -54,14 +54,14 @@ public static AclAction fromProtoBuf(File.AclAction action) {
   /**
    * @return the protobuf representation of action
    */
-  public File.AclAction toProtoBuf() {
+  public Acl.AclAction toProtoBuf() {
     switch (this) {
       case READ:
-        return File.AclAction.READ;
+        return Acl.AclAction.READ;
       case WRITE:
-        return File.AclAction.WRITE;
+        return Acl.AclAction.WRITE;
       case EXECUTE:
-        return File.AclAction.EXECUTE;
+        return Acl.AclAction.EXECUTE;
       default:
         throw new IllegalStateException("Unknown acl action: " + this);
     }

diff --git a/core/common/src/main/java/alluxio/security/authorization/AclActions.java b/core/common/src/main/java/alluxio/security/authorization/AclActions.java
@@ -11,7 +11,7 @@
 
 package alluxio.security.authorization;
 
-import alluxio.proto.journal.File;
+import alluxio.proto.shared.Acl;
 
 import com.google.common.base.Objects;
 import com.google.common.collect.ImmutableSet;
@@ -190,9 +190,9 @@ public Mode.Bits toModeBits() {
    * @param actions the protobuf representation of {@link AclActions}
    * @return the {@link AclActions} decoded from the protobuf representation
    */
-  public static AclActions fromProtoBuf(File.AclActions actions) {
+  public static AclActions fromProtoBuf(Acl.AclActions actions) {
     AclActions ret = new AclActions();
-    for (File.AclAction action : actions.getActionsList()) {
+    for (Acl.AclAction action : actions.getActionsList()) {
       ret.add(AclAction.fromProtoBuf(action));
     }
     return ret;
@@ -202,10 +202,10 @@ public static AclActions fromProtoBuf(File.AclActions actions) {
    * @param actions the {@link AclActions}
    * @return the protobuf representation of {@link AclActions}
    */
-  public static File.AclActions toProtoBuf(AclActions actions) {
+  public static Acl.AclActions toProtoBuf(AclActions actions) {
-    File.AclActions.Builder builder = File.AclActions.newBuilder();
+    Acl.AclActions.Builder builder = Acl.AclActions.newBuilder();
     for (AclAction action : actions.getActions()) {
-      File.AclAction pAction = action.toProtoBuf();
+      Acl.AclAction pAction = action.toProtoBuf();
       builder.addActions(pAction);
     }
     return builder.build();

diff --git a/core/common/src/main/java/alluxio/security/authorization/AclEntry.java b/core/common/src/main/java/alluxio/security/authorization/AclEntry.java
@@ -11,7 +11,7 @@
 
 package alluxio.security.authorization;
 
-import alluxio.proto.journal.File;
+import alluxio.proto.shared.Acl;
 import alluxio.thrift.TAclAction;
 import alluxio.thrift.TAclEntry;
 
@@ -340,13 +340,13 @@ public static AclEntry fromCliStringWithoutPermissions(String stringEntry) {
    * @param pEntry the proto representation
    * @return the {@link AclEntry} instance created from the proto representation
    */
-  public static AclEntry fromProto(File.AclEntry pEntry) {
+  public static AclEntry fromProto(Acl.AclEntry pEntry) {
     AclEntry.Builder builder = new AclEntry.Builder();
     builder.setType(AclEntryType.fromProto(pEntry.getType()));
     builder.setSubject(pEntry.getSubject());
     builder.setIsDefault(pEntry.getIsDefault());
 
-    for (File.AclAction pAction : pEntry.getActionsList()) {
+    for (Acl.AclAction pAction : pEntry.getActionsList()) {
       builder.addAction(AclAction.fromProtoBuf(pAction));
     }
     return builder.build();
@@ -355,8 +355,8 @@ public static AclEntry fromProto(File.AclEntry pEntry) {
   /**
    * @return the proto representation of this instance
    */
-  public File.AclEntry toProto() {
+  public Acl.AclEntry toProto() {
-    File.AclEntry.Builder builder = File.AclEntry.newBuilder();
+    Acl.AclEntry.Builder builder = Acl.AclEntry.newBuilder();
     builder.setType(mType.toProto());
     builder.setSubject(mSubject);
     builder.setIsDefault(mIsDefault);

diff --git a/core/common/src/main/java/alluxio/security/authorization/AclEntryType.java b/core/common/src/main/java/alluxio/security/authorization/AclEntryType.java
@@ -11,7 +11,7 @@
 
 package alluxio.security.authorization;
 
-import alluxio.proto.journal.File;
+import alluxio.proto.shared.Acl;
 import alluxio.thrift.TAclEntryType;
 
 /**
@@ -54,7 +54,7 @@ public String toCliString() {
    * @param pAclEntryType the proto representation
    * @return the {@link AclEntryType} created from the proto representation
    */
-  public static AclEntryType fromProto(File.AclEntryType pAclEntryType) {
+  public static AclEntryType fromProto(Acl.AclEntryType pAclEntryType) {
     switch (pAclEntryType) {
       case OWNER:
         return OWNING_USER;
@@ -76,20 +76,20 @@ public static AclEntryType fromProto(File.AclEntryType pAclEntryType) {
   /**
    * @return the proto representation of this enum
    */
-  public File.AclEntryType toProto() {
+  public Acl.AclEntryType toProto() {
     switch (this) {
       case OWNING_USER:
-        return File.AclEntryType.OWNER;
+        return Acl.AclEntryType.OWNER;
       case NAMED_USER:
-        return File.AclEntryType.NAMED_USER;
+        return Acl.AclEntryType.NAMED_USER;
       case OWNING_GROUP:
-        return File.AclEntryType.OWNING_GROUP;
+        return Acl.AclEntryType.OWNING_GROUP;
       case NAMED_GROUP:
-        return File.AclEntryType.NAMED_GROUP;
+        return Acl.AclEntryType.NAMED_GROUP;
       case MASK:
-        return File.AclEntryType.MASK;
+        return Acl.AclEntryType.MASK;
       case OTHER:
-        return File.AclEntryType.OTHER;
+        return Acl.AclEntryType.OTHER;
       default:
         throw new IllegalStateException("Unknown AclEntryType: " + this);
     }

diff --git a/core/common/src/main/java/alluxio/security/authorization/ExtendedACLEntries.java b/core/common/src/main/java/alluxio/security/authorization/ExtendedACLEntries.java
@@ -11,7 +11,7 @@
 
 package alluxio.security.authorization;
 
-import alluxio.proto.journal.File;
+import alluxio.proto.shared.Acl;
 
 import com.google.common.base.Objects;
 import com.google.common.collect.ImmutableList;
@@ -177,10 +177,10 @@ public AclActions getMask() {
   /**
    * @return a list of the proto representation of the named users actions
    */
-  public List<File.NamedAclActions> getNamedUsersProto() {
+  public List<Acl.NamedAclActions> getNamedUsersProto() {
-    List<File.NamedAclActions> actions = new ArrayList<>(mNamedUserActions.size());
+    List<Acl.NamedAclActions> actions = new ArrayList<>(mNamedUserActions.size());
     for (Map.Entry<String, AclActions> kv : mNamedUserActions.entrySet()) {
-      File.NamedAclActions namedActions = File.NamedAclActions.newBuilder()
+      Acl.NamedAclActions namedActions = Acl.NamedAclActions.newBuilder()
           .setName(kv.getKey())
           .setActions(AclActions.toProtoBuf(kv.getValue()))
           .build();
@@ -192,10 +192,10 @@ public List<File.NamedAclActions> getNamedUsersProto() {
   /**
    * @return a list of the proto representation of the named group actions
    */
-  public List<File.NamedAclActions> getNamedGroupsProto() {
+  public List<Acl.NamedAclActions> getNamedGroupsProto() {
-    List<File.NamedAclActions> actions = new ArrayList<>(mNamedGroupActions.size());
+    List<Acl.NamedAclActions> actions = new ArrayList<>(mNamedGroupActions.size());
     for (Map.Entry<String, AclActions> kv : mNamedGroupActions.entrySet()) {
-      File.NamedAclActions namedActions = File.NamedAclActions.newBuilder()
+      Acl.NamedAclActions namedActions = Acl.NamedAclActions.newBuilder()
           .setName(kv.getKey())
           .setActions(AclActions.toProtoBuf(kv.getValue()))
           .build();