HDDS-3056. Allow users to list volumes they have access to, and optio…

…nally allow all users to list all volumes (#696)
apache · Apr 21, 2020 · 091993b · 091993b
1 parent a59ff25
commit 091993b
Show file tree

Hide file tree

Showing 11 changed files with 354 additions and 57 deletions.
diff --git a/hadoop-hdds/common/src/main/resources/ozone-default.xml b/hadoop-hdds/common/src/main/resources/ozone-default.xml
@@ -583,6 +583,16 @@
       metadata to be cached in memory. This makes OM operations faster.
     </description>
   </property>
+  <property>
+    <name>ozone.om.volume.listall.allowed</name>
+    <value>true</value>
+    <tag>OM, MANAGEMENT</tag>
+    <description>
+      Allows everyone to list all volumes when set to true. Defaults to true.
+      When set to false, non-admin users can only list the volumes they have
+      access to. Admins can always list all volumes.
+    </description>
+  </property>
   <property>
     <name>ozone.om.user.max.volume</name>
     <value>1024</value>

diff --git a/hadoop-hdds/docs/content/shell/VolumeCommands.md b/hadoop-hdds/docs/content/shell/VolumeCommands.md
@@ -85,13 +85,15 @@ The above command will print out the information about hive volume.
 
 ### List
 
-The `volume list` command will list the volumes owned by a user.
+The `volume list` command will list the volumes accessible by a user.
 
 {{< highlight bash >}}
 ozone sh volume list --user hadoop
 {{< /highlight >}}
 
-The above command will print out all the volumes owned by the user hadoop.
+When ACL is enabled, the above command will print out volumes that the user
+hadoop has LIST permission to. When ACL is disabled, the above command will
+print out all the volumes owned by the user hadoop.
 
 ### Update
 

diff --git a/hadoop-hdds/docs/content/shell/VolumeCommands.zh.md b/hadoop-hdds/docs/content/shell/VolumeCommands.zh.md
@@ -80,13 +80,14 @@ ozone sh volume info /hive
 
 ### 列举
 
-`volume list` 命令用来列举一个用户拥有的所有卷。
+`volume list` 命令用来列举一个用户可以访问的所有卷。
 
 {{< highlight bash >}}
 ozone sh volume list --user hadoop
 {{< /highlight >}}
 
-上述命令会打印出 hadoop 用户拥有的所有卷。
+若 ACL 已启用，上述命令会打印出 hadoop 用户有 LIST 权限的所有卷。
+若 ACL 被禁用，上述命令会打印出 hadoop 用户拥有的所有卷。
 
 ### 更新
 

diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java
@@ -76,6 +76,9 @@ private OMConfigKeys() {
       "ozone.om.db.cache.size.mb";
   public static final int OZONE_OM_DB_CACHE_SIZE_DEFAULT = 128;
 
+  public static final String OZONE_OM_VOLUME_LISTALL_ALLOWED =
+      "ozone.om.volume.listall.allowed";
+  public static final boolean OZONE_OM_VOLUME_LISTALL_ALLOWED_DEFAULT = true;
   public static final String OZONE_OM_USER_MAX_VOLUME =
       "ozone.om.user.max.volume";
   public static final int OZONE_OM_USER_MAX_VOLUME_DEFAULT = 1024;

diff --git a/...-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocol/OzoneManagerProtocol.java b/...-ozone/common/src/main/java/org/apache/hadoop/ozone/om/protocol/OzoneManagerProtocol.java
@@ -118,7 +118,7 @@ boolean checkVolumeAccess(String volume, OzoneAclInfo userAcl)
   void deleteVolume(String volume) throws IOException;
 
   /**
-   * Lists volume owned by a specific user.
+   * Lists volumes accessible by a specific user.
    * @param userName - user name
    * @param prefix  - Filter prefix -- Return only entries that match this.
    * @param prevKey - Previous key -- List starts from the next from the prevkey

diff --git a/...ava/org/apache/hadoop/ozone/om/protocolPB/OzoneManagerProtocolClientSideTranslatorPB.java b/...ava/org/apache/hadoop/ozone/om/protocolPB/OzoneManagerProtocolClientSideTranslatorPB.java
@@ -573,7 +573,7 @@ public void deleteVolume(String volume) throws IOException {
   }
 
   /**
-   * Lists volume owned by a specific user.
+   * Lists volumes accessible by a specific user.
    *
    * @param userName - user name
    * @param prefix - Filter prefix -- Return only entries that match this.

diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config b/hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config
@@ -15,6 +15,7 @@
 # limitations under the License.
 
 CORE-SITE.XML_fs.o3fs.impl=org.apache.hadoop.fs.ozone.OzoneFileSystem
+OZONE-SITE.XML_ozone.om.volume.listall.allowed=false
 
 OZONE-SITE.XML_ozone.om.address=om
 OZONE-SITE.XML_ozone.om.http-address=om:9874

diff --git a/...ntegration-test/src/test/java/org/apache/hadoop/ozone/om/TestOzoneManagerListVolumes.java b/...ntegration-test/src/test/java/org/apache/hadoop/ozone/om/TestOzoneManagerListVolumes.java
@@ -0,0 +1,238 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.ozone.om;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+import java.util.UUID;
+
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.ozone.MiniOzoneCluster;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.client.protocol.ClientProtocol;
+import org.apache.hadoop.ozone.om.exceptions.OMException;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+
+import static org.apache.hadoop.hdds.scm.ScmConfigKeys.OZONE_SCM_RATIS_PIPELINE_LIMIT;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ADMINISTRATORS;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_OPEN_KEY_EXPIRE_THRESHOLD_SECONDS;
+import static org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_VOLUME_LISTALL_ALLOWED;
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.Timeout;
+
+/**
+ * Test OzoneManager list volume operation under combinations of configs.
+ */
+public class TestOzoneManagerListVolumes {
+
+  @Rule
+  public Timeout timeout = new Timeout(120_000);
+
+  private UserGroupInformation loginUser;
+  private UserGroupInformation user1 =
+      UserGroupInformation.createRemoteUser("user1");  // Admin user
+  private UserGroupInformation user2 =
+      UserGroupInformation.createRemoteUser("user2");  // Non-admin user
+
+  @Before
+  public void init() throws Exception {
+    loginUser = UserGroupInformation.getLoginUser();
+  }
+
+  /**
+   * Create a MiniDFSCluster for testing.
+   */
+  private MiniOzoneCluster startCluster(boolean aclEnabled,
+      boolean volListAllAllowed) throws Exception {
+
+    OzoneConfiguration conf = new OzoneConfiguration();
+    String clusterId = UUID.randomUUID().toString();
+    String scmId = UUID.randomUUID().toString();
+    String omId = UUID.randomUUID().toString();
+    conf.setInt(OZONE_OPEN_KEY_EXPIRE_THRESHOLD_SECONDS, 2);
+    conf.set(OZONE_ADMINISTRATORS, "user1");
+    conf.setInt(OZONE_SCM_RATIS_PIPELINE_LIMIT, 10);
+
+    // Use native impl here, default impl doesn't do actual checks
+    conf.set(OZONE_ACL_AUTHORIZER_CLASS, OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
+    // Note: OM doesn't support live config reloading
+    conf.setBoolean(OZONE_ACL_ENABLED, aclEnabled);
+    conf.setBoolean(OZONE_OM_VOLUME_LISTALL_ALLOWED, volListAllAllowed);
+
+    MiniOzoneCluster cluster = MiniOzoneCluster.newBuilder(conf)
+        .setClusterId(clusterId).setScmId(scmId).setOmId(omId).build();
+    cluster.waitForClusterToBeReady();
+
+    // loginUser is the user running this test.
+    // Implication: loginUser is automatically added to the OM admin list.
+    UserGroupInformation.setLoginUser(loginUser);
+    // Create volumes with non-default owners and ACLs
+    OzoneClient client = cluster.getClient();
+    ObjectStore objectStore = client.getObjectStore();
+
+    /* r = READ, w = WRITE, c = CREATE, d = DELETE
+       l = LIST, a = ALL, n = NONE, x = READ_ACL, y = WRITE_ACL */
+    String aclUser1All = "user:user1:a";
+    String aclUser2All = "user:user2:a";
+    String aclWorldAll = "world::a";
+    createVolumeWithOwnerAndAcl(objectStore, "volume1", "user1", aclUser1All);
+    createVolumeWithOwnerAndAcl(objectStore, "volume2", "user2", aclUser2All);
+    createVolumeWithOwnerAndAcl(objectStore, "volume3", "user1", aclUser2All);
+    createVolumeWithOwnerAndAcl(objectStore, "volume4", "user2", aclUser1All);
+    createVolumeWithOwnerAndAcl(objectStore, "volume5", "user1", aclWorldAll);
+
+    return cluster;
+  }
+
+  private void stopCluster(MiniOzoneCluster cluster) {
+    if (cluster != null) {
+      cluster.shutdown();
+    }
+  }
+
+  private void createVolumeWithOwnerAndAcl(ObjectStore objectStore,
+      String volumeName, String ownerName, String aclString)
+      throws IOException {
+    ClientProtocol proxy = objectStore.getClientProxy();
+    objectStore.createVolume(volumeName);
+    proxy.setVolumeOwner(volumeName, ownerName);
+    setVolumeAcl(objectStore, volumeName, aclString);
+  }
+
+  /**
+   * Helper function to set volume ACL.
+   */
+  private void setVolumeAcl(ObjectStore objectStore, String volumeName,
+      String aclString) throws IOException {
+    OzoneObj obj = OzoneObjInfo.Builder.newBuilder().setVolumeName(volumeName)
+        .setResType(OzoneObj.ResourceType.VOLUME).setStoreType(OZONE).build();
+    Assert.assertTrue(objectStore.setAcl(obj, OzoneAcl.parseAcls(aclString)));
+  }
+
+  /**
+   * Helper function to reduce code redundancy for test checks with each user
+   * under different config combination.
+   */
+  private void checkUser(MiniOzoneCluster cluster, UserGroupInformation user,
+      List<String> expectVol, boolean expectListAllSuccess) throws IOException {
+
+    UserGroupInformation.setLoginUser(user);
+    OzoneClient client = cluster.getClient();
+    ObjectStore objectStore = client.getObjectStore();
+
+    // `ozone sh volume list` shall return volumes with LIST permission of user.
+    Iterator<? extends OzoneVolume> it = objectStore.listVolumesByUser(
+        null, "", "");
+    Set<String> accessibleVolumes = new HashSet<>();
+    while (it.hasNext()) {
+      OzoneVolume vol = it.next();
+      String volumeName = vol.getName();
+      accessibleVolumes.add(volumeName);
+    }
+    Assert.assertEquals(new HashSet<>(expectVol), accessibleVolumes);
+
+    // `ozone sh volume list --all` returns all volumes,
+    //  or throws exception (for non-admin if acl enabled & listall disallowed).
+    if (expectListAllSuccess) {
+      it = objectStore.listVolumes("volume");
+      int count = 0;
+      while (it.hasNext()) {
+        it.next();
+        count++;
+      }
+      Assert.assertEquals(5, count);
+    } else {
+      try {
+        objectStore.listVolumes("volume");
+        Assert.fail("listAllVolumes should fail for " + user.getUserName());
+      } catch (RuntimeException ex) {
+        // Current listAllVolumes throws RuntimeException
+        if (ex.getCause() instanceof OMException) {
+          // Expect PERMISSION_DENIED
+          if (((OMException) ex.getCause()).getResult() !=
+              OMException.ResultCodes.PERMISSION_DENIED) {
+            throw ex;
+          }
+        } else {
+          throw ex;
+        }
+      }
+    }
+  }
+
+  @Test
+  public void testAclEnabledListAllAllowed() throws Exception {
+    // ozone.acl.enabled = true, ozone.om.volume.listall.allowed = true
+    MiniOzoneCluster cluster = startCluster(true, true);
+    checkUser(cluster, user1, Arrays.asList("volume1", "volume4", "volume5"),
+        true);
+    checkUser(cluster, user2, Arrays.asList("volume2", "volume3", "volume5"),
+        true);
+    stopCluster(cluster);
+  }
+
+  @Test
+  public void testAclEnabledListAllDisallowed() throws Exception {
+    // ozone.acl.enabled = true, ozone.om.volume.listall.allowed = false
+    MiniOzoneCluster cluster = startCluster(true, false);
+    checkUser(cluster, user1, Arrays.asList("volume1", "volume4", "volume5"),
+        true);
+    checkUser(cluster, user2, Arrays.asList("volume2", "volume3", "volume5"),
+        false);
+    stopCluster(cluster);
+  }
+
+  @Test
+  public void testAclDisabledListAllAllowed() throws Exception {
+    // ozone.acl.enabled = false, ozone.om.volume.listall.allowed = true
+    MiniOzoneCluster cluster = startCluster(false, true);
+    checkUser(cluster, user1, Arrays.asList("volume1", "volume3", "volume5"),
+        true);
+    checkUser(cluster, user2, Arrays.asList("volume2", "volume4"),
+        true);
+    stopCluster(cluster);
+  }
+
+  @Test
+  public void testAclDisabledListAllDisallowed() throws Exception {
+    // ozone.acl.enabled = false, ozone.om.volume.listall.allowed = false
+    MiniOzoneCluster cluster = startCluster(false, false);
+    checkUser(cluster, user1, Arrays.asList("volume1", "volume3", "volume5"),
+        true);
+    checkUser(cluster, user2, Arrays.asList("volume2", "volume4"),
+        true);  // listall will succeed since acl is disabled
+    stopCluster(cluster);
+  }
+}