This is an automated email from the ASF dual-hosted git repository.
hemant pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new b02741fa5f HDDS-8793. Added integration test to confirm prefix Acls
work properly with snapshots (#6128)
b02741fa5f is described below
commit b02741fa5f1af6c65f9928ed2f57f7212c7081e0
Author: Hemant Kumar <[email protected]>
AuthorDate: Wed Jan 31 16:02:00 2024 -0800
HDDS-8793. Added integration test to confirm prefix Acls work properly with
snapshots (#6128)
---
.../om/snapshot/TestOzoneManagerSnapshotAcl.java | 145 ++++++++++++++++++---
1 file changed, 124 insertions(+), 21 deletions(-)
diff --git
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOzoneManagerSnapshotAcl.java
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOzoneManagerSnapshotAcl.java
index efe854dbc3..0fa439f2ac 100644
---
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOzoneManagerSnapshotAcl.java
+++
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOzoneManagerSnapshotAcl.java
@@ -97,7 +97,8 @@ public class TestOzoneManagerSnapshotAcl {
private static OzoneClient client;
private String volumeName;
private String bucketName;
- private static final String KEY_PREFIX = "key-";
+ private static final String DIR_PREFIX = "dir1/";
+ private static final String KEY_PREFIX = DIR_PREFIX + "key-";
private String keyName;
private String snapshotKeyPrefix;
@@ -382,6 +383,69 @@ public class TestOzoneManagerSnapshotAcl {
assertDoesNotThrow(() -> ozoneManager.getAcl(keyObj));
}
+ @ParameterizedTest
+ @EnumSource(BucketLayout.class)
+ public void testLookupKeyWithAllowedUserForPrefixAcl(BucketLayout
bucketLayout) throws Exception {
+ UserGroupInformation.setLoginUser(UGI1);
+
+ createVolume();
+
+ final OzoneVolume volume = objectStore.getVolume(volumeName);
+ createBucket(bucketLayout, volume);
+
+ final OzoneBucket bucket = volume.getBucket(bucketName);
+
+ setDefaultPrefixAcls();
+
+ createKey(bucket);
+
+ setDefaultVolumeAcls();
+ setDefaultBucketAcls();
+
+ createSnapshot();
+
+ final OmKeyArgs snapshotKeyArgs = getOmKeyArgs(true);
+ assertDoesNotThrow(() -> ozoneManager.lookupKey(snapshotKeyArgs));
+ }
+
+ @ParameterizedTest
+ @EnumSource(BucketLayout.class)
+ public void testLookupKeyWithNotAllowedUserForPrefixAcl(BucketLayout
bucketLayout) throws Exception {
+ UserGroupInformation.setLoginUser(UGI1);
+
+ createVolume();
+
+ final OzoneVolume volume = objectStore.getVolume(volumeName);
+ createBucket(bucketLayout, volume);
+
+ final OzoneBucket bucket = volume.getBucket(bucketName);
+
+ setDefaultPrefixAcls();
+
+ createKey(bucket);
+
+ setDefaultVolumeAcls();
+ setDefaultBucketAcls();
+
+ createSnapshot();
+
+ final OmKeyArgs snapshotKeyArgs = getOmKeyArgs(true);
+
+ // Add user2 to bucket and prefix ACL
+ setBucketAcl();
+ setPrefixAcls();
+
+ createKey(bucket);
+ final OmKeyArgs keyArgs = getOmKeyArgs(false);
+
+ UserGroupInformation.setLoginUser(UGI2);
+ final OMException ex = assertThrows(OMException.class, () ->
ozoneManager.lookupKey(snapshotKeyArgs));
+ assertEquals(OMException.ResultCodes.PERMISSION_DENIED, ex.getResult());
+
+ assertDoesNotThrow(() -> ozoneManager.lookupKey(keyArgs));
+ }
+
+
private void setup(BucketLayout bucketLayout)
throws IOException {
UserGroupInformation.setLoginUser(UGI1);
@@ -403,6 +467,12 @@ public class TestOzoneManagerSnapshotAcl {
}
private void setDefaultAcls() throws IOException {
+ setDefaultVolumeAcls();
+ setDefaultBucketAcls();
+ setDefaultKeyAcls();
+ }
+
+ private void setDefaultVolumeAcls() throws IOException {
final OzoneObj volumeObj = OzoneObjInfo.Builder.newBuilder()
.setResType(OzoneObj.ResourceType.VOLUME)
.setStoreType(OzoneObj.StoreType.OZONE)
@@ -410,8 +480,10 @@ public class TestOzoneManagerSnapshotAcl {
.build();
objectStore.setAcl(volumeObj, OzoneAcl.parseAcls(
"user:" + USER1 + ":r," +
- "user:" + USER2 + ":r"));
+ "user:" + USER2 + ":r"));
+ }
+ private void setDefaultBucketAcls() throws IOException {
final OzoneObj bucketObj = OzoneObjInfo.Builder.newBuilder()
.setResType(OzoneObj.ResourceType.BUCKET)
.setStoreType(OzoneObj.StoreType.OZONE)
@@ -420,8 +492,10 @@ public class TestOzoneManagerSnapshotAcl {
.build();
objectStore.setAcl(bucketObj, OzoneAcl.parseAcls(
"user:" + USER1 + ":r," +
- "user:" + USER1 + ":l"));
+ "user:" + USER1 + ":l"));
+ }
+ private void setDefaultKeyAcls() throws IOException {
final OzoneObj keyObj = OzoneObjInfo.Builder.newBuilder()
.setResType(RESOURCE_TYPE_KEY)
.setStoreType(OzoneObj.StoreType.OZONE)
@@ -431,7 +505,36 @@ public class TestOzoneManagerSnapshotAcl {
.build();
objectStore.setAcl(keyObj, OzoneAcl.parseAcls(
"user:" + USER1 + ":r," +
- "user:" + USER1 + ":x"));
+ "user:" + USER1 + ":x"));
+ }
+
+ private void setDefaultPrefixAcls() throws IOException {
+ final OzoneObj prefixObj = OzoneObjInfo.Builder.newBuilder()
+ .setResType(OzoneObj.ResourceType.PREFIX)
+ .setStoreType(OzoneObj.StoreType.OZONE)
+ .setVolumeName(volumeName)
+ .setBucketName(bucketName)
+ .setPrefixName(DIR_PREFIX)
+ .build();
+
+ objectStore.setAcl(prefixObj, OzoneAcl.parseAcls(
+ "user:" + USER1 + ":r[DEFAULT]," +
+ "user:" + USER1 + ":x[DEFAULT]"));
+ }
+
+ private void setBucketAcl() throws IOException {
+ OzoneObj bucketObj = OzoneObjInfo.Builder.newBuilder()
+ .setResType(OzoneObj.ResourceType.BUCKET)
+ .setStoreType(OzoneObj.StoreType.OZONE)
+ .setVolumeName(volumeName)
+ .setBucketName(bucketName)
+ .build();
+
+ objectStore.setAcl(bucketObj, OzoneAcl.parseAcls(
+ "user:" + USER1 + ":r," +
+ "user:" + USER1 + ":l," +
+ "user:" + USER2 + ":r," +
+ "user:" + USER2 + ":l"));
}
private void setKeyAcl() throws IOException {
@@ -449,8 +552,23 @@ public class TestOzoneManagerSnapshotAcl {
"user:" + USER2 + ":x"));
}
- private void createKey(OzoneBucket bucket)
- throws IOException {
+ private void setPrefixAcls() throws IOException {
+ final OzoneObj prefixObj = OzoneObjInfo.Builder.newBuilder()
+ .setResType(OzoneObj.ResourceType.PREFIX)
+ .setStoreType(OzoneObj.StoreType.OZONE)
+ .setVolumeName(volumeName)
+ .setBucketName(bucketName)
+ .setPrefixName(DIR_PREFIX)
+ .build();
+
+ objectStore.setAcl(prefixObj, OzoneAcl.parseAcls(
+ "user:" + USER1 + ":r[DEFAULT]," +
+ "user:" + USER1 + ":x[DEFAULT]," +
+ "user:" + USER2 + ":r[DEFAULT]," +
+ "user:" + USER2 + ":x[DEFAULT]"));
+ }
+
+ private void createKey(OzoneBucket bucket) throws IOException {
keyName = KEY_PREFIX + RandomStringUtils.randomNumeric(32);
byte[] data = RandomStringUtils.randomAscii(1).getBytes(UTF_8);
final OzoneOutputStream fileKey = bucket.createKey(keyName, data.length);
@@ -480,21 +598,6 @@ public class TestOzoneManagerSnapshotAcl {
}
}
- private void setBucketAcl() throws IOException {
- OzoneObj bucketObj = OzoneObjInfo.Builder.newBuilder()
- .setResType(OzoneObj.ResourceType.BUCKET)
- .setStoreType(OzoneObj.StoreType.OZONE)
- .setVolumeName(volumeName)
- .setBucketName(bucketName)
- .build();
-
- objectStore.setAcl(bucketObj, OzoneAcl.parseAcls(
- "user:" + USER1 + ":r," +
- "user:" + USER1 + ":l," +
- "user:" + USER2 + ":r," +
- "user:" + USER2 + ":l"));
- }
-
private static Stream<Arguments> getListStatusArguments() {
return Stream.of(
arguments(BucketLayout.OBJECT_STORE, false, false),
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
