Add unit test for GCSUtils

underfs/gcs/src/main/java/alluxio/underfs/gcs/GCSUnderFileSystem.java

@@ -24,7 +24,6 @@
 import com.google.common.base.Preconditions;
 import org.jets3t.service.ServiceException;
 import org.jets3t.service.StorageObjectsChunk;
-import org.jets3t.service.acl.GrantAndPermission;
 import org.jets3t.service.acl.gs.GSAccessControlList;
 import org.jets3t.service.impl.rest.httpclient.GoogleStorageService;
 import org.jets3t.service.model.GSObject;
@@ -363,17 +362,13 @@ public boolean rename(String src, String dst) throws IOException {
   @Override
   public void setConf(Object conf) {}
 
+  // Setting GCS owner via Alluxio is not supported yet. This is a no-op.
   @Override
-  public void setOwner(String path, String user, String group) throws IOException {
-    // Do not allow setting GCS owner via Alluxio yet.
-    throw new IOException("setOwner is not supported to GCS via Alluxio.");
-  }
+  public void setOwner(String path, String user, String group) {}
 
+  // Setting GCS mode via Alluxio is not supported yet. This is a no-op.
   @Override
-  public void setMode(String path, short mode) throws IOException {
-    // Do not allow setting GCS owner via Alluxio yet.
-    throw new IOException("setMode is not supported to GCS via Alluxio.");
-  }
+  public void setMode(String path, short mode) throws IOException {}
 
   // Returns the bucket owner.
   @Override

underfs/gcs/src/main/java/alluxio/underfs/gcs/GCSUtils.java

@@ -25,32 +25,40 @@ public final class GCSUtils {
    * Translates GCS bucket owner ACL to Alluxio owner mode.
    *
    * @param acl the acl of GCS bucket
-   * @param bucketOwnerId the bucket owner id
+   * @param userId the S3 user id of the Alluxio owner
    * @return the translated posix mode in short format
    */
-  public static short translateBucketAcl(GSAccessControlList acl, String bucketOwnerId) {
+  public static short translateBucketAcl(GSAccessControlList acl, String userId) {
     short mode = (short) 0;
     for (GrantAndPermission gp : acl.getGrantAndPermissions()) {
       Permission perm = gp.getPermission();
       GranteeInterface grantee = gp.getGrantee();
-      // If the bucket is readable by the owner, add r and x to the owner mode.
-      if (perm.equals(Permission.PERMISSION_READ)
-          && (grantee.getIdentifier().equals(bucketOwnerId)
-              || grantee.equals(GroupGrantee.ALL_USERS)
-              || grantee.equals(GroupGrantee.AUTHENTICATED_USERS))) {
-        mode |= (short) 0500;
-      }
-      // If the bucket is writable by the owner, +w to the owner mode.
-      if (perm.equals(Permission.PERMISSION_FULL_CONTROL)
-          && (grantee.getIdentifier().equals(bucketOwnerId)
-              || grantee.equals(GroupGrantee.ALL_USERS)
-              || grantee.equals(GroupGrantee.AUTHENTICATED_USERS))) {
-        mode |= (short) 0700;
+      if (perm.equals(Permission.PERMISSION_READ)) {
+        if (isUserIdInGrantee(grantee, userId)) {
+          // If the bucket is readable by the user, add r and x to the owner mode.
+          mode |= (short) 0500;
+        }
+      } else if (perm.equals(Permission.PERMISSION_WRITE)) {
+        if (isUserIdInGrantee(grantee, userId)) {
+          // If the bucket is writable by the user, +w to the owner mode.
+          mode |= (short) 0200;
+        }
+      } else if (perm.equals(Permission.PERMISSION_FULL_CONTROL)) {
+        if (isUserIdInGrantee(grantee, userId)) {
+          // If the user has full control to the bucket, +rwx to the owner mode.
+          mode |= (short) 0700;
+        }
       }
     }
     return mode;
   }
 
+  private static boolean isUserIdInGrantee(GranteeInterface grantee, String userId) {
+    return grantee.getIdentifier().equals(userId)
+        || grantee.equals(GroupGrantee.ALL_USERS)
+        || grantee.equals(GroupGrantee.AUTHENTICATED_USERS);
+  }
+
   private GCSUtils() {} // prevent instantiation
 }
 

underfs/gcs/src/test/java/alluxio/underfs/gcs/GCSUtilsTest.java

@@ -0,0 +1,100 @@
+/*
+ * The Alluxio Open Foundation licenses this work under the Apache License, version 2.0
+ * (the "License"). You may not use this work except in compliance with the License, which is
+ * available at www.apache.org/licenses/LICENSE-2.0
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied, as more fully set forth in the License.
+ *
+ * See the NOTICE file distributed with this work for information regarding copyright ownership.
+ */
+
+package alluxio.underfs.gcs;
+
+import org.jets3t.service.acl.CanonicalGrantee;
+import org.jets3t.service.acl.GroupGrantee;
+import org.jets3t.service.acl.Permission;
+import org.jets3t.service.acl.gs.GSAccessControlList;
+import org.jets3t.service.model.StorageOwner;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * Tests for {@link GCSUtils} methods.
+ */
+public final class GCSUtilsTest {
+
+  private static final String NAME = "foo";
+  private static final String ID = "123456789012";
+  private static final String OTHER = "987654321098";
+
+  private CanonicalGrantee mOwnerGrantee;
+  private GSAccessControlList mAcl;
+
+  @Before
+  public void before() throws Exception {
+    // Setup owner.
+    mOwnerGrantee = new CanonicalGrantee(ID);
+    mOwnerGrantee.setDisplayName(NAME);
+
+    // Setup the acl.
+    mAcl = new GSAccessControlList();
+    mAcl.setOwner(new StorageOwner(ID, NAME));
+  }
+
+  @Test
+  public void translateUserAcl() {
+    // Grant only READ, READ_ACP permission to the user. Check the translated mode is 0500.
+    mAcl.grantPermission(mOwnerGrantee, Permission.PERMISSION_READ);
+    mAcl.grantPermission(mOwnerGrantee, Permission.PERMISSION_READ_ACP);
+    Assert.assertEquals((short) 0500, GCSUtils.translateBucketAcl(mAcl, ID));
+    Assert.assertEquals((short) 0000, GCSUtils.translateBucketAcl(mAcl, OTHER));
+
+    // Grant WRITE permission to the user. Check the translated mode is 0700.
+    mAcl.grantPermission(mOwnerGrantee, Permission.PERMISSION_WRITE);
+    Assert.assertEquals((short) 0700, GCSUtils.translateBucketAcl(mAcl, ID));
+    // Add WRITE_ACP permission to the user. Check the translated mode is still 0700.
+    mAcl.grantPermission(mOwnerGrantee, Permission.PERMISSION_WRITE_ACP);
+    Assert.assertEquals((short) 0700, GCSUtils.translateBucketAcl(mAcl, ID));
+    Assert.assertEquals((short) 0000, GCSUtils.translateBucketAcl(mAcl, OTHER));
+  }
+
+  @Test
+  public void translateUserFullPermission() {
+    mAcl.grantPermission(mOwnerGrantee, Permission.PERMISSION_FULL_CONTROL);
+    Assert.assertEquals((short) 0700, GCSUtils.translateBucketAcl(mAcl, ID));
+    Assert.assertEquals((short) 0000, GCSUtils.translateBucketAcl(mAcl, OTHER));
+  }
+
+  @Test
+  public void translateEveryoneAcl() {
+    GroupGrantee allUsersGrantee = GroupGrantee.ALL_USERS;
+    // Assign READ only permission to "everyone".
+    mAcl.grantPermission(allUsersGrantee, Permission.PERMISSION_READ);
+    mAcl.grantPermission(allUsersGrantee, Permission.PERMISSION_READ_ACP);
+    // Check the translated mode is now 0500.
+    Assert.assertEquals((short) 0500, GCSUtils.translateBucketAcl(mAcl, ID));
+    Assert.assertEquals((short) 0500, GCSUtils.translateBucketAcl(mAcl, OTHER));
+    // Add WRITE permission to "everyone", and check the translated mode becomes 0700.
+    mAcl.grantPermission(allUsersGrantee, Permission.PERMISSION_WRITE);
+    Assert.assertEquals((short) 0700, GCSUtils.translateBucketAcl(mAcl, ID));
+    Assert.assertEquals((short) 0700, GCSUtils.translateBucketAcl(mAcl, OTHER));
+  }
+
+  @Test
+  public void translateAuthenticatedUserAcl() {
+    // Add READ only permission to "all authenticated users".
+    GroupGrantee authenticatedUsersGrantee = GroupGrantee.AUTHENTICATED_USERS;
+    mAcl.grantPermission(authenticatedUsersGrantee, Permission.PERMISSION_READ);
+    mAcl.grantPermission(authenticatedUsersGrantee, Permission.PERMISSION_READ_ACP);
+    // Check the mode is 0500.
+    Assert.assertEquals((short) 0500, GCSUtils.translateBucketAcl(mAcl, ID));
+    Assert.assertEquals((short) 0500, GCSUtils.translateBucketAcl(mAcl, OTHER));
+    // Add WRITE permission to "all authenticated users" and check permission.
+    mAcl.grantPermission(authenticatedUsersGrantee, Permission.PERMISSION_WRITE);
+    Assert.assertEquals((short) 0700, GCSUtils.translateBucketAcl(mAcl, ID));
+    Assert.assertEquals((short) 0700, GCSUtils.translateBucketAcl(mAcl, OTHER));
+  }
+}