From 88a31e69d578a980499c0719e7ef9914cb75de4f Mon Sep 17 00:00:00 2001
From: Piotr Grabuszynski <piotr.grabuszynski@intel.com>
Date: Mon, 20 Feb 2017 16:32:19 +0100
Subject: [PATCH] DPNG-15268-tap_user_permission_propagation: (#17)

* fix for tap user permissions not propagation when creating hdfs instance
---
 pom.xml                                       |  2 +-
 .../HdfsDirectoryProvisioningOperations.java  |  1 +
 .../provisioning/HdfsProvisioningClient.java  | 19 +++++++++++++++++++
 .../hdfs/plans/HdfsPlanEncryptedDirTest.java  |  2 +-
 .../hdfs/plans/HdfsPlanPlainDirTest.java      |  2 +-
 5 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 07707c0..94a3e0d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <artifactId>hdfs-broker</artifactId>
-    <version>0.12.7</version>
+    <version>0.12.8</version>
 
     <parent>
         <groupId>org.trustedanalytics</groupId>
diff --git a/src/main/java/org/trustedanalytics/servicebroker/hdfs/plans/provisioning/HdfsDirectoryProvisioningOperations.java b/src/main/java/org/trustedanalytics/servicebroker/hdfs/plans/provisioning/HdfsDirectoryProvisioningOperations.java
index 05873d3..27b3a55 100644
--- a/src/main/java/org/trustedanalytics/servicebroker/hdfs/plans/provisioning/HdfsDirectoryProvisioningOperations.java
+++ b/src/main/java/org/trustedanalytics/servicebroker/hdfs/plans/provisioning/HdfsDirectoryProvisioningOperations.java
@@ -20,4 +20,5 @@
 public interface HdfsDirectoryProvisioningOperations {
   String provisionDirectory(String instanceId, String orgId) throws ServiceBrokerException;
   void addHiveUserGroupAcl(String path, String orgId) throws ServiceBrokerException;
+  void addTapUserAcl(String path, String orgId) throws ServiceBrokerException;
 }
diff --git a/src/main/java/org/trustedanalytics/servicebroker/hdfs/plans/provisioning/HdfsProvisioningClient.java b/src/main/java/org/trustedanalytics/servicebroker/hdfs/plans/provisioning/HdfsProvisioningClient.java
index 7828de0..97f7c9a 100644
--- a/src/main/java/org/trustedanalytics/servicebroker/hdfs/plans/provisioning/HdfsProvisioningClient.java
+++ b/src/main/java/org/trustedanalytics/servicebroker/hdfs/plans/provisioning/HdfsProvisioningClient.java
@@ -51,12 +51,31 @@ public String provisionDirectory(String instanceId, String orgId) throws Service
       hdfsClient.createDir(path);
       hdfsClient.setPermission(path, FS_PERMISSION);
       addHiveUserGroupAcl(path, orgId);
+      addTapUserAcl(path, orgId);
       return path;
     } catch (IOException e) {
       throw new ServiceBrokerException("Unable to provision directory for: " + instanceId, e);
     }
   }
 
+  @Override
+  public void addTapUserAcl(String path, String orgId) throws ServiceBrokerException {
+    try {
+      AclEntry.Builder builder = new AclEntry.Builder()
+              .setType(AclEntryType.USER)
+              .setPermission(FsAction.ALL)
+              .setName("tap");
+
+      AclEntry tapDefaultUserAcl = builder.setScope(AclEntryScope.DEFAULT).build();
+      AclEntry tapUserAcl = builder.setScope(AclEntryScope.ACCESS).build();
+
+      setAclRecursively(path, tapUserAcl);
+      setAclRecursively(path, tapDefaultUserAcl);
+    } catch (IOException e) {
+      throw new ServiceBrokerException("Unable to add system users groups ACL for path: " + path, e);
+    }
+  }
+
   @Override
   public void addHiveUserGroupAcl(String path, String orgId) throws ServiceBrokerException {
     try {
diff --git a/src/test/java/org/trustedanalytics/servicebroker/hdfs/plans/HdfsPlanEncryptedDirTest.java b/src/test/java/org/trustedanalytics/servicebroker/hdfs/plans/HdfsPlanEncryptedDirTest.java
index ef20db0..a90c9ff 100644
--- a/src/test/java/org/trustedanalytics/servicebroker/hdfs/plans/HdfsPlanEncryptedDirTest.java
+++ b/src/test/java/org/trustedanalytics/servicebroker/hdfs/plans/HdfsPlanEncryptedDirTest.java
@@ -83,7 +83,7 @@ public void provision_templateWithOrgAndInstanceVariables_replaceVariablesWithVa
         new Path(getDirectoryPathToProvision(serviceInstance)));
     verify(hdfsClient).setPermission(getDirectoryPathToProvision(serviceInstance), FS_PERMISSION);
 
-    verify(encryptedHdfsClient, times(2)).listFiles("/org/"+ serviceInstance.getOrganizationGuid()+"/brokers/userspace/"+serviceInstance.getServiceInstanceId(), true);
+    verify(encryptedHdfsClient, times(4)).listFiles("/org/"+ serviceInstance.getOrganizationGuid()+"/brokers/userspace/"+serviceInstance.getServiceInstanceId(), true);
 
     verifyNoMoreInteractions(hdfsClient, encryptedHdfsClient);
   }
diff --git a/src/test/java/org/trustedanalytics/servicebroker/hdfs/plans/HdfsPlanPlainDirTest.java b/src/test/java/org/trustedanalytics/servicebroker/hdfs/plans/HdfsPlanPlainDirTest.java
index 7791898..f23c2cf 100644
--- a/src/test/java/org/trustedanalytics/servicebroker/hdfs/plans/HdfsPlanPlainDirTest.java
+++ b/src/test/java/org/trustedanalytics/servicebroker/hdfs/plans/HdfsPlanPlainDirTest.java
@@ -75,7 +75,7 @@ public void provision_templateWithOrgAndInstanceVariables_replaceVariablesWithVa
     verify(encryptedHdfsClient).addAclEntry("/org/"+ serviceInstance.getOrganizationGuid()+"/brokers/userspace/"+serviceInstance.getServiceInstanceId(), TestUtil.hiveUserAcl());
     verify(encryptedHdfsClient).addAclEntry("/org/"+ serviceInstance.getOrganizationGuid()+"/brokers/userspace/"+serviceInstance.getServiceInstanceId(), TestUtil.hiveDefaultUserAcl());
 
-    verify(encryptedHdfsClient, times(2)).listFiles("/org/"+ serviceInstance.getOrganizationGuid()+"/brokers/userspace/"+serviceInstance.getServiceInstanceId(), true);
+    verify(encryptedHdfsClient, times(4)).listFiles("/org/"+ serviceInstance.getOrganizationGuid()+"/brokers/userspace/"+serviceInstance.getServiceInstanceId(), true);
 
     verifyNoMoreInteractions(hdfsClient, encryptedHdfsClient);
   }