This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 8582214315 HDDS-10515. Reduce OzoneAcl constructor count (#6396)
8582214315 is described below
commit 8582214315577b4717ee2ffbcc67fbff637e42a5
Author: Galsza <[email protected]>
AuthorDate: Wed Mar 20 08:24:39 2024 +0100
HDDS-10515. Reduce OzoneAcl constructor count (#6396)
---
.../apache/hadoop/ozone/client/rpc/RpcClient.java | 10 +---
.../java/org/apache/hadoop/ozone/OzoneAcl.java | 22 +++-----
.../hadoop/ozone/om/helpers/OzoneAclUtil.java | 4 +-
.../hadoop/ozone/om/helpers/TestOmBucketInfo.java | 17 +++---
.../hadoop/ozone/om/helpers/TestOmKeyInfo.java | 2 +-
.../hadoop/ozone/om/helpers/TestOmVolumeArgs.java | 8 +--
.../hadoop/ozone/om/helpers/TestOzoneAclUtil.java | 14 ++---
.../ozone/AbstractRootedOzoneFileSystemTest.java | 16 +++---
.../client/rpc/TestOzoneRpcClientAbstract.java | 66 +++++++++-------------
.../rpc/TestOzoneRpcClientForAclAuditLog.java | 4 +-
.../apache/hadoop/ozone/om/TestBucketOwner.java | 6 +-
.../apache/hadoop/ozone/om/TestKeyManagerImpl.java | 29 +++-------
.../org/apache/hadoop/ozone/om/TestOmMetrics.java | 4 +-
.../ozone/om/TestOzoneManagerHAWithAllRunning.java | 62 ++++++++++----------
.../hadoop/ozone/om/snapshot/TestOmSnapshot.java | 2 +-
.../hadoop/ozone/om/helpers/OzoneAclStorage.java | 13 ++++-
.../hadoop/ozone/om/helpers/TestOmPrefixInfo.java | 4 +-
.../ozone/om/helpers/TestOmPrefixInfoCodec.java | 2 +-
.../org/apache/hadoop/ozone/om/OzoneManager.java | 4 +-
.../key/acl/prefix/TestOMPrefixAclResponse.java | 4 +-
.../security/acl/TestOzoneNativeAuthorizer.java | 18 +++---
.../hadoop/ozone/security/acl/TestParentAcl.java | 6 +-
.../hadoop/ozone/recon/api/TestEndpoints.java | 12 ++--
.../hadoop/ozone/recon/common/CommonUtils.java | 2 +-
.../hadoop/ozone/s3/endpoint/BucketEndpoint.java | 19 +++----
.../org/apache/hadoop/ozone/s3/endpoint/S3Acl.java | 66 +++++++++++-----------
.../freon/containergenerator/GeneratorOm.java | 4 +-
27 files changed, 192 insertions(+), 228 deletions(-)
diff --git
a/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java
b/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java
index 178a9919c1..7cd9ed440b 100644
---
a/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java
+++
b/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java
@@ -156,7 +156,6 @@ import java.security.InvalidKeyException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.BitSet;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashMap;
@@ -432,12 +431,12 @@ public class RpcClient implements ClientProtocol {
List<OzoneAcl> listOfAcls = new ArrayList<>();
//User ACL
listOfAcls.add(new OzoneAcl(ACLIdentityType.USER,
- owner, userRights, ACCESS));
+ owner, ACCESS, userRights));
//Group ACLs of the User
List<String> userGroups = Arrays.asList(UserGroupInformation
.createRemoteUser(owner).getGroupNames());
userGroups.stream().forEach((group) -> listOfAcls.add(
- new OzoneAcl(ACLIdentityType.GROUP, group, groupRights, ACCESS)));
+ new OzoneAcl(ACLIdentityType.GROUP, group, ACCESS, groupRights)));
//ACLs from VolumeArgs
List<OzoneAcl> volumeAcls = volArgs.getAcls();
if (volumeAcls != null) {
@@ -757,10 +756,7 @@ public class RpcClient implements ClientProtocol {
* @return OzoneAcl
*/
private OzoneAcl linkBucketDefaultAcl() {
- BitSet aclRights = new BitSet();
- aclRights.set(READ.ordinal());
- aclRights.set(WRITE.ordinal());
- return new OzoneAcl(ACLIdentityType.WORLD, "", aclRights, ACCESS);
+ return new OzoneAcl(ACLIdentityType.WORLD, "", ACCESS, READ, WRITE);
}
/**
diff --git
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java
index edfb194d57..8ab39a9ff9 100644
--- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java
@@ -30,6 +30,7 @@ import
org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType;
import java.util.ArrayList;
import java.util.BitSet;
+import java.util.EnumSet;
import java.util.List;
import java.util.Objects;
import java.util.function.Consumer;
@@ -58,17 +59,12 @@ public class OzoneAcl {
private final AclScope aclScope;
private static final List<ACLType> EMPTY_LIST = new ArrayList<>(0);
- // TODO use varargs constructor
- public OzoneAcl(ACLIdentityType type, String name, ACLType acl, AclScope
scope) {
- this(type, name, scope, bitSetOf(acl));
- }
-
public OzoneAcl(ACLIdentityType type, String name, AclScope scope,
ACLType... acls) {
this(type, name, scope, bitSetOf(acls));
}
- public OzoneAcl(ACLIdentityType type, String name, BitSet acls, AclScope
scope) {
- this(type, name, scope, validateAndCopy(acls));
+ public OzoneAcl(ACLIdentityType type, String name, AclScope scope,
EnumSet<ACLType> acls) {
+ this(type, name, scope, bitSetOf(acls.toArray(new ACLType[0])));
}
private OzoneAcl(ACLIdentityType type, String name, AclScope scope, BitSet
acls) {
@@ -148,7 +144,6 @@ public class OzoneAcl {
}
ACLIdentityType aclType = ACLIdentityType.valueOf(parts[0].toUpperCase());
- BitSet acls = new BitSet(ACLType.getNoOfAcls());
String bits = parts[2];
@@ -163,14 +158,14 @@ public class OzoneAcl {
parts[2].indexOf("]")));
}
- // Set all acl bits.
+ EnumSet<ACLType> acls = EnumSet.noneOf(ACLType.class);
for (char ch : bits.toCharArray()) {
- acls.set(ACLType.getACLRight(String.valueOf(ch)).ordinal());
+ acls.add(ACLType.getACLRight(String.valueOf(ch)));
}
// TODO : Support sanitation of these user names by calling into
// userAuth Interface.
- return new OzoneAcl(aclType, parts[1], acls, aclScope);
+ return new OzoneAcl(aclType, parts[1], aclScope, acls);
}
/**
@@ -208,9 +203,8 @@ public class OzoneAcl {
public static OzoneAcl fromProtobuf(OzoneAclInfo protoAcl) {
BitSet aclRights = BitSet.valueOf(protoAcl.getRights().toByteArray());
- return new OzoneAcl(ACLIdentityType.valueOf(protoAcl.getType().name()),
- protoAcl.getName(), aclRights,
- AclScope.valueOf(protoAcl.getAclScope().name()));
+ return new OzoneAcl(ACLIdentityType.valueOf(protoAcl.getType().name()),
protoAcl.getName(),
+ AclScope.valueOf(protoAcl.getAclScope().name()),
validateAndCopy(aclRights));
}
public AclScope getAclScope() {
diff --git
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java
index a2e738f143..517f0c14ce 100644
---
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java
+++
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java
@@ -60,11 +60,11 @@ public final class OzoneAclUtil {
List<OzoneAcl> listOfAcls = new ArrayList<>();
// User ACL.
- listOfAcls.add(new OzoneAcl(USER, userName, userRights, ACCESS));
+ listOfAcls.add(new OzoneAcl(USER, userName, ACCESS, userRights));
if (userGroups != null) {
// Group ACLs of the User.
Arrays.asList(userGroups).forEach((group) -> listOfAcls.add(
- new OzoneAcl(GROUP, group, groupRights, ACCESS)));
+ new OzoneAcl(GROUP, group, ACCESS, groupRights)));
}
return listOfAcls;
}
diff --git
a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmBucketInfo.java
b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmBucketInfo.java
index c38c09360f..638dd3414e 100644
---
a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmBucketInfo.java
+++
b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmBucketInfo.java
@@ -81,8 +81,7 @@ public class TestOmBucketInfo {
.setAcls(Collections.singletonList(new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.USER,
"defaultUser",
- IAccessAuthorizer.ACLType.WRITE_ACL,
- OzoneAcl.AclScope.ACCESS
+ OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.WRITE_ACL
)))
.build();
@@ -97,8 +96,7 @@ public class TestOmBucketInfo {
omBucketInfo.setAcls(Collections.singletonList(new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.USER,
"newUser",
- IAccessAuthorizer.ACLType.WRITE_ACL,
- OzoneAcl.AclScope.ACCESS
+ OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.WRITE_ACL
)));
assertNotEquals(
omBucketInfo.getAcls().get(0),
@@ -115,8 +113,7 @@ public class TestOmBucketInfo {
omBucketInfo.removeAcl(new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.USER,
"newUser",
- IAccessAuthorizer.ACLType.WRITE_ACL,
- OzoneAcl.AclScope.ACCESS
+ OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.WRITE_ACL
));
assertEquals(0, omBucketInfo.getAcls().size());
assertEquals(1, cloneBucketInfo.getAcls().size());
@@ -131,8 +128,8 @@ public class TestOmBucketInfo {
.setStorageType(StorageType.ARCHIVE).setAcls(Collections
.singletonList(new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.USER,
- "defaultUser", IAccessAuthorizer.ACLType.WRITE_ACL,
- OzoneAcl.AclScope.ACCESS))).build();
+ "defaultUser", OzoneAcl.AclScope.ACCESS,
IAccessAuthorizer.ACLType.WRITE_ACL
+ ))).build();
OzoneManagerProtocolProtos.BucketInfo protobuf =
omBucketInfo.getProtobuf();
// No EC Config
assertFalse(protobuf.hasDefaultReplicationConfig());
@@ -150,8 +147,8 @@ public class TestOmBucketInfo {
.setStorageType(StorageType.ARCHIVE)
.setAcls(Collections.singletonList(new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.USER,
- "defaultUser", IAccessAuthorizer.ACLType.WRITE_ACL,
- OzoneAcl.AclScope.ACCESS)))
+ "defaultUser", OzoneAcl.AclScope.ACCESS,
IAccessAuthorizer.ACLType.WRITE_ACL
+ )))
.setDefaultReplicationConfig(
new DefaultReplicationConfig(
new ECReplicationConfig(3, 2))).build();
diff --git
a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmKeyInfo.java
b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmKeyInfo.java
index 6396f0318d..4aead0cd8b 100644
---
a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmKeyInfo.java
+++
b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmKeyInfo.java
@@ -182,7 +182,7 @@ public class TestOmKeyInfo {
key.setAcls(Arrays.asList(new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.USER, "user1",
- IAccessAuthorizer.ACLType.WRITE, ACCESS)));
+ ACCESS, IAccessAuthorizer.ACLType.WRITE)));
// Change acls and check.
assertNotEquals(key, cloneKey);
diff --git
a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmVolumeArgs.java
b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmVolumeArgs.java
index f5c854d9e7..41757d957a 100644
---
a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmVolumeArgs.java
+++
b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmVolumeArgs.java
@@ -46,7 +46,7 @@ public class TestOmVolumeArgs {
.addMetadata("key1", "value1").addMetadata("key2", "value2")
.addOzoneAcls(
new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, "user1",
- IAccessAuthorizer.ACLType.READ, ACCESS)).build();
+ ACCESS, IAccessAuthorizer.ACLType.READ)).build();
OmVolumeArgs cloneVolumeArgs = omVolumeArgs.copyObject();
@@ -55,7 +55,7 @@ public class TestOmVolumeArgs {
// add user acl to write.
omVolumeArgs.addAcl(new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.USER, "user1",
- IAccessAuthorizer.ACLType.WRITE, ACCESS));
+ ACCESS, IAccessAuthorizer.ACLType.WRITE));
// Now check clone acl
assertNotEquals(cloneVolumeArgs.getAcls().get(0),
@@ -64,7 +64,7 @@ public class TestOmVolumeArgs {
// Set user acl to Write_ACL.
omVolumeArgs.setAcls(Collections.singletonList(new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.USER, "user1",
- IAccessAuthorizer.ACLType.WRITE_ACL, ACCESS)));
+ ACCESS, IAccessAuthorizer.ACLType.WRITE_ACL)));
assertNotEquals(cloneVolumeArgs.getAcls().get(0),
omVolumeArgs.getAcls().get(0));
@@ -78,7 +78,7 @@ public class TestOmVolumeArgs {
omVolumeArgs.removeAcl(new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.USER, "user1",
- IAccessAuthorizer.ACLType.WRITE_ACL, ACCESS));
+ ACCESS, IAccessAuthorizer.ACLType.WRITE_ACL));
// Removing acl, in original omVolumeArgs it should have no acls.
assertEquals(0, omVolumeArgs.getAcls().size());
diff --git
a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java
b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java
index cebbab7c75..5781a68b58 100644
---
a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java
+++
b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java
@@ -49,13 +49,13 @@ public class TestOzoneAclUtil {
getDefaultAcls();
private static final OzoneAcl USER1 = new OzoneAcl(USER, "user1",
- ACLType.READ_ACL, ACCESS);
+ ACCESS, ACLType.READ_ACL);
private static final OzoneAcl USER2 = new OzoneAcl(USER, "user2",
- ACLType.WRITE, ACCESS);
+ ACCESS, ACLType.WRITE);
private static final OzoneAcl GROUP1 = new OzoneAcl(GROUP, "group1",
- ACLType.ALL, ACCESS);
+ ACCESS, ACLType.ALL);
@Test
public void testAddAcl() throws IOException {
@@ -65,7 +65,7 @@ public class TestOzoneAclUtil {
// Add new permission to existing acl entry.
OzoneAcl oldAcl = currentAcls.get(0);
OzoneAcl newAcl = new OzoneAcl(oldAcl.getType(), oldAcl.getName(),
- ACLType.READ_ACL, ACCESS);
+ ACCESS, ACLType.READ_ACL);
addAndVerifyAcl(currentAcls, newAcl, true, DEFAULT_ACLS.size());
// Add same permission again and verify result
@@ -97,7 +97,7 @@ public class TestOzoneAclUtil {
// Add new permission to existing acl entru.
OzoneAcl oldAcl = currentAcls.get(0);
OzoneAcl newAcl = new OzoneAcl(oldAcl.getType(), oldAcl.getName(),
- ACLType.READ_ACL, ACCESS);
+ ACCESS, ACLType.READ_ACL);
// Remove non existing acl entry
removeAndVerifyAcl(currentAcls, USER1, false, DEFAULT_ACLS.size());
@@ -191,11 +191,11 @@ public class TestOzoneAclUtil {
IAccessAuthorizer.ACLType groupRights = aclConfig.getGroupDefaultRights();
OzoneAclUtil.addAcl(ozoneAcls, new OzoneAcl(USER,
- ugi.getUserName(), userRights, ACCESS));
+ ugi.getUserName(), ACCESS, userRights));
//Group ACLs of the User
List<String> userGroups = Arrays.asList(ugi.getGroupNames());
userGroups.stream().forEach((group) -> OzoneAclUtil.addAcl(ozoneAcls,
- new OzoneAcl(GROUP, group, groupRights, ACCESS)));
+ new OzoneAcl(GROUP, group, ACCESS, groupRights)));
return ozoneAcls;
}
diff --git
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java
index b77be05f67..366e8a1905 100644
---
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java
+++
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java
@@ -94,9 +94,9 @@ import java.nio.file.Paths;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.BitSet;
import java.util.Collection;
import java.util.Collections;
+import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
@@ -1187,17 +1187,15 @@ abstract class AbstractRootedOzoneFileSystemTest {
ACLType userRights = aclConfig.getUserDefaultRights();
// Construct ACL for world access
// ACL admin owner, world read+write
- BitSet aclRights = new BitSet();
- aclRights.set(READ.ordinal());
- aclRights.set(WRITE.ordinal());
+ EnumSet<ACLType> aclRights = EnumSet.of(READ, WRITE);
// volume acls have all access to admin and read+write access to world
// Construct VolumeArgs
VolumeArgs volumeArgs = VolumeArgs.newBuilder()
.setAdmin("admin")
.setOwner("admin")
- .addAcl(new OzoneAcl(ACLIdentityType.WORLD, "", aclRights, ACCESS))
- .addAcl(new OzoneAcl(ACLIdentityType.USER, "admin", userRights,
ACCESS))
+ .addAcl(new OzoneAcl(ACLIdentityType.WORLD, "", ACCESS, aclRights))
+ .addAcl(new OzoneAcl(ACLIdentityType.USER, "admin", ACCESS,
userRights))
.setQuotaInNamespace(1000)
.setQuotaInBytes(Long.MAX_VALUE).build();
// Sanity check
@@ -1232,7 +1230,7 @@ abstract class AbstractRootedOzoneFileSystemTest {
BucketArgs bucketArgs = new BucketArgs.Builder()
.setOwner("admin")
.addAcl(new OzoneAcl(ACLIdentityType.WORLD, "", ACCESS, READ, WRITE,
LIST))
- .addAcl(new OzoneAcl(ACLIdentityType.USER, "admin", userRights,
ACCESS))
+ .addAcl(new OzoneAcl(ACLIdentityType.USER, "admin", ACCESS,
userRights))
.setQuotaInNamespace(1000)
.setQuotaInBytes(Long.MAX_VALUE).build();
@@ -1292,7 +1290,7 @@ abstract class AbstractRootedOzoneFileSystemTest {
ACLType userRights = aclConfig.getUserDefaultRights();
// Construct ACL for world access
OzoneAcl aclWorldAccess = new OzoneAcl(ACLIdentityType.WORLD, "",
- userRights, ACCESS);
+ ACCESS, userRights);
// Construct VolumeArgs
VolumeArgs volumeArgs = VolumeArgs.newBuilder()
.addAcl(aclWorldAccess)
@@ -2293,7 +2291,7 @@ abstract class AbstractRootedOzoneFileSystemTest {
ACLType userRights = aclConfig.getUserDefaultRights();
// Construct ACL for world access
OzoneAcl aclWorldAccess = new OzoneAcl(ACLIdentityType.WORLD, "",
- userRights, ACCESS);
+ ACCESS, userRights);
// Construct VolumeArgs, set ACL to world access
VolumeArgs volumeArgs = VolumeArgs.newBuilder()
.addAcl(aclWorldAccess)
diff --git
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientAbstract.java
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientAbstract.java
index b838686930..a77edd3abc 100644
---
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientAbstract.java
+++
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientAbstract.java
@@ -25,7 +25,6 @@ import java.security.PrivilegedExceptionAction;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.BitSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
@@ -195,13 +194,13 @@ public abstract class TestOzoneRpcClientAbstract {
private static String remoteUserName = "remoteUser";
private static String remoteGroupName = "remoteGroup";
private static OzoneAcl defaultUserAcl = new OzoneAcl(USER, remoteUserName,
- READ, DEFAULT);
+ DEFAULT, READ);
private static OzoneAcl defaultGroupAcl = new OzoneAcl(GROUP,
remoteGroupName,
- READ, DEFAULT);
+ DEFAULT, READ);
private static OzoneAcl inheritedUserAcl = new OzoneAcl(USER, remoteUserName,
- READ, ACCESS);
+ ACCESS, READ);
private static OzoneAcl inheritedGroupAcl = new OzoneAcl(GROUP,
- remoteGroupName, READ, ACCESS);
+ remoteGroupName, ACCESS, READ);
private static MessageDigest eTagProvider;
@BeforeAll
@@ -674,7 +673,7 @@ public abstract class TestOzoneRpcClientAbstract {
String volumeName = UUID.randomUUID().toString();
String bucketName = UUID.randomUUID().toString();
OzoneAcl userAcl = new OzoneAcl(USER, "test",
- READ, ACCESS);
+ ACCESS, READ);
store.createVolume(volumeName);
OzoneVolume volume = store.getVolume(volumeName);
BucketArgs.Builder builder = BucketArgs.newBuilder()
@@ -708,7 +707,7 @@ public abstract class TestOzoneRpcClientAbstract {
String volumeName = UUID.randomUUID().toString();
String bucketName = UUID.randomUUID().toString();
OzoneAcl userAcl = new OzoneAcl(USER, "test",
- ACLType.ALL, ACCESS);
+ ACCESS, ACLType.ALL);
ReplicationConfig repConfig = new ECReplicationConfig(3, 2);
store.createVolume(volumeName);
OzoneVolume volume = store.getVolume(volumeName);
@@ -747,7 +746,7 @@ public abstract class TestOzoneRpcClientAbstract {
OzoneVolume volume = store.getVolume(volumeName);
volume.createBucket(bucketName);
List<OzoneAcl> acls = new ArrayList<>();
- acls.add(new OzoneAcl(USER, "test", ACLType.ALL, ACCESS));
+ acls.add(new OzoneAcl(USER, "test", ACCESS, ACLType.ALL));
OzoneBucket bucket = volume.getBucket(bucketName);
for (OzoneAcl acl : acls) {
assertTrue(bucket.addAcl(acl));
@@ -763,7 +762,7 @@ public abstract class TestOzoneRpcClientAbstract {
String volumeName = UUID.randomUUID().toString();
String bucketName = UUID.randomUUID().toString();
OzoneAcl userAcl = new OzoneAcl(USER, "test",
- ACLType.ALL, ACCESS);
+ ACCESS, ACLType.ALL);
store.createVolume(volumeName);
OzoneVolume volume = store.getVolume(volumeName);
BucketArgs.Builder builder = BucketArgs.newBuilder()
@@ -782,9 +781,9 @@ public abstract class TestOzoneRpcClientAbstract {
String volumeName = UUID.randomUUID().toString();
String bucketName = UUID.randomUUID().toString();
OzoneAcl userAcl = new OzoneAcl(USER, "test",
- ACLType.ALL, ACCESS);
+ ACCESS, ACLType.ALL);
OzoneAcl acl2 = new OzoneAcl(USER, "test1",
- ACLType.ALL, ACCESS);
+ ACCESS, ACLType.ALL);
store.createVolume(volumeName);
OzoneVolume volume = store.getVolume(volumeName);
BucketArgs.Builder builder = BucketArgs.newBuilder()
@@ -2703,10 +2702,10 @@ public abstract class TestOzoneRpcClientAbstract {
OzoneBucket bucket = volume.getBucket(bucketName);
// Add ACL on Bucket
- OzoneAcl acl1 = new OzoneAcl(USER, "Monday", ACLType.ALL, DEFAULT);
- OzoneAcl acl2 = new OzoneAcl(USER, "Friday", ACLType.ALL, DEFAULT);
- OzoneAcl acl3 = new OzoneAcl(USER, "Jan", ACLType.ALL, ACCESS);
- OzoneAcl acl4 = new OzoneAcl(USER, "Feb", ACLType.ALL, ACCESS);
+ OzoneAcl acl1 = new OzoneAcl(USER, "Monday", DEFAULT, ACLType.ALL);
+ OzoneAcl acl2 = new OzoneAcl(USER, "Friday", DEFAULT, ACLType.ALL);
+ OzoneAcl acl3 = new OzoneAcl(USER, "Jan", ACCESS, ACLType.ALL);
+ OzoneAcl acl4 = new OzoneAcl(USER, "Feb", ACCESS, ACLType.ALL);
bucket.addAcl(acl1);
bucket.addAcl(acl2);
bucket.addAcl(acl3);
@@ -2740,8 +2739,8 @@ public abstract class TestOzoneRpcClientAbstract {
try (OzoneClient client =
remoteUser.doAs((PrivilegedExceptionAction<OzoneClient>)
() -> OzoneClientFactory.getRpcClient(cluster.getConf()))) {
- OzoneAcl acl5 = new OzoneAcl(USER, userName, ACLType.READ, DEFAULT);
- OzoneAcl acl6 = new OzoneAcl(USER, userName, ACLType.READ, ACCESS);
+ OzoneAcl acl5 = new OzoneAcl(USER, userName, DEFAULT, ACLType.READ);
+ OzoneAcl acl6 = new OzoneAcl(USER, userName, ACCESS, ACLType.READ);
OzoneObj volumeObj = OzoneObjInfo.Builder.newBuilder()
.setVolumeName(volumeName).setStoreType(OzoneObj.StoreType.OZONE)
.setResType(OzoneObj.ResourceType.VOLUME).build();
@@ -2764,10 +2763,10 @@ public abstract class TestOzoneRpcClientAbstract {
assertEquals(ResultCodes.PERMISSION_DENIED, ome.getResult());
// Add create permission for user, and try multi-upload init again
- OzoneAcl acl7 = new OzoneAcl(USER, userName, ACLType.CREATE, DEFAULT);
- OzoneAcl acl8 = new OzoneAcl(USER, userName, ACLType.CREATE, ACCESS);
- OzoneAcl acl9 = new OzoneAcl(USER, userName, WRITE, DEFAULT);
- OzoneAcl acl10 = new OzoneAcl(USER, userName, WRITE, ACCESS);
+ OzoneAcl acl7 = new OzoneAcl(USER, userName, DEFAULT, ACLType.CREATE);
+ OzoneAcl acl8 = new OzoneAcl(USER, userName, ACCESS, ACLType.CREATE);
+ OzoneAcl acl9 = new OzoneAcl(USER, userName, DEFAULT, WRITE);
+ OzoneAcl acl10 = new OzoneAcl(USER, userName, ACCESS, WRITE);
store.addAcl(volumeObj, acl7);
store.addAcl(volumeObj, acl8);
store.addAcl(volumeObj, acl9);
@@ -3444,11 +3443,7 @@ public abstract class TestOzoneRpcClientAbstract {
.setStoreType(OzoneObj.StoreType.OZONE)
.build();
- // add acl
- BitSet aclRights1 = new BitSet();
- aclRights1.set(READ.ordinal());
- OzoneAcl user1Acl = new OzoneAcl(USER,
- "user1", aclRights1, ACCESS);
+ OzoneAcl user1Acl = new OzoneAcl(USER, "user1", ACCESS, READ);
assertTrue(store.addAcl(prefixObj, user1Acl));
// get acl
@@ -3461,11 +3456,7 @@ public abstract class TestOzoneRpcClientAbstract {
aclsGet = store.getAcl(prefixObj);
assertEquals(0, aclsGet.size());
- // set acl
- BitSet aclRights2 = new BitSet();
- aclRights2.set(ACLType.ALL.ordinal());
- OzoneAcl group1Acl = new OzoneAcl(GROUP,
- "group1", aclRights2, ACCESS);
+ OzoneAcl group1Acl = new OzoneAcl(GROUP, "group1", ACCESS, ACLType.ALL);
List<OzoneAcl> acls = new ArrayList<>();
acls.add(user1Acl);
acls.add(group1Acl);
@@ -3505,12 +3496,11 @@ public abstract class TestOzoneRpcClientAbstract {
ACLType userRights = aclConfig.getUserDefaultRights();
ACLType groupRights = aclConfig.getGroupDefaultRights();
- listOfAcls.add(new OzoneAcl(USER,
- ugi.getUserName(), userRights, ACCESS));
+ listOfAcls.add(new OzoneAcl(USER, ugi.getUserName(), ACCESS, userRights));
//Group ACLs of the User
List<String> userGroups = Arrays.asList(ugi.getGroupNames());
userGroups.stream().forEach((group) -> listOfAcls.add(
- new OzoneAcl(GROUP, group, groupRights, ACCESS)));
+ new OzoneAcl(GROUP, group, ACCESS, groupRights)));
return listOfAcls;
}
@@ -3526,7 +3516,7 @@ public abstract class TestOzoneRpcClientAbstract {
if (expectedAcls.size() > 0) {
OzoneAcl oldAcl = expectedAcls.get(0);
OzoneAcl newAcl = new OzoneAcl(oldAcl.getType(), oldAcl.getName(),
- ACLType.READ_ACL, oldAcl.getAclScope());
+ oldAcl.getAclScope(), ACLType.READ_ACL);
// Verify that operation successful.
assertTrue(store.addAcl(ozObj, newAcl));
@@ -3577,9 +3567,9 @@ public abstract class TestOzoneRpcClientAbstract {
// Reset acl's.
OzoneAcl ua = new OzoneAcl(USER, "userx",
- ACLType.READ_ACL, ACCESS);
+ ACCESS, ACLType.READ_ACL);
OzoneAcl ug = new OzoneAcl(GROUP, "userx",
- ACLType.ALL, ACCESS);
+ ACCESS, ACLType.ALL);
store.setAcl(ozObj, Arrays.asList(ua, ug));
newAcls = store.getAcl(ozObj);
assertEquals(2, newAcls.size());
@@ -3907,7 +3897,7 @@ public abstract class TestOzoneRpcClientAbstract {
.setStoreType(OzoneObj.StoreType.OZONE)
.build();
- OzoneAcl ozoneAcl = new OzoneAcl(USER, remoteUserName, WRITE, DEFAULT);
+ OzoneAcl ozoneAcl = new OzoneAcl(USER, remoteUserName, DEFAULT, WRITE);
boolean result = store.addAcl(s3vVolume, ozoneAcl);
diff --git
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
index e373b06d95..8f3c826204 100644
---
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
+++
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
@@ -83,10 +83,10 @@ public class TestOzoneRpcClientForAclAuditLog {
private static UserGroupInformation ugi;
private static final OzoneAcl USER_ACL =
new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
- "johndoe", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ "johndoe", ACCESS, IAccessAuthorizer.ACLType.ALL);
private static final OzoneAcl USER_ACL_2 =
new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
- "jane", IAccessAuthorizer.ACLType.ALL, ACCESS);
+ "jane", ACCESS, IAccessAuthorizer.ACLType.ALL);
private static List<OzoneAcl> aclListToAdd = new ArrayList<>();
private static MiniOzoneCluster cluster = null;
private static OzoneClient ozClient = null;
diff --git
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestBucketOwner.java
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestBucketOwner.java
index 37fec8dcda..97512fec40 100644
---
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestBucketOwner.java
+++
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestBucketOwner.java
@@ -123,7 +123,7 @@ public class TestBucketOwner {
ozoneBucket.getAcls();
//Add Acls
OzoneAcl acl = new OzoneAcl(USER, "testuser",
- IAccessAuthorizer.ACLType.ALL, DEFAULT);
+ DEFAULT, IAccessAuthorizer.ACLType.ALL);
ozoneBucket.addAcl(acl);
}
}
@@ -179,7 +179,7 @@ public class TestBucketOwner {
OzoneVolume volume = client.getObjectStore().getVolume("volume1");
OzoneBucket ozoneBucket = volume.getBucket("bucket1");
OzoneAcl acl = new OzoneAcl(USER, "testuser1",
- IAccessAuthorizer.ACLType.ALL, DEFAULT);
+ DEFAULT, IAccessAuthorizer.ACLType.ALL);
ozoneBucket.addAcl(acl);
}, "Add Acls as non-volume and non-bucket owner should fail");
}
@@ -202,7 +202,7 @@ public class TestBucketOwner {
ozoneBucket.getAcls();
//Add Acls
OzoneAcl acl = new OzoneAcl(USER, "testuser2",
- IAccessAuthorizer.ACLType.ALL, DEFAULT);
+ DEFAULT, IAccessAuthorizer.ACLType.ALL);
ozoneBucket.addAcl(acl);
//Bucket Delete
volume.deleteBucket("bucket2");
diff --git
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestKeyManagerImpl.java
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestKeyManagerImpl.java
index 9a5ded7148..f443104871 100644
---
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestKeyManagerImpl.java
+++
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestKeyManagerImpl.java
@@ -24,7 +24,6 @@ import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.BitSet;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
@@ -87,7 +86,6 @@ import org.apache.hadoop.ozone.om.helpers.OzoneFileStatus;
import org.apache.hadoop.ozone.om.helpers.BucketLayout;
import org.apache.hadoop.ozone.om.protocol.OzoneManagerProtocol;
import org.apache.hadoop.ozone.om.request.OMRequestTestUtils;
-import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLIdentityType;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType;
import org.apache.hadoop.ozone.security.acl.OzoneObj;
@@ -129,6 +127,8 @@ import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import org.junit.jupiter.params.provider.ValueSource;
+import static
org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType.READ;
+import static
org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType.WRITE;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotEquals;
@@ -531,7 +531,7 @@ public class TestKeyManagerImpl {
.build();
OzoneAcl ozAcl1 = new OzoneAcl(ACLIdentityType.USER, "user1",
- ACLType.READ, ACCESS);
+ ACCESS, ACLType.READ);
writeClient.addAcl(ozPrefix1, ozAcl1);
List<OzoneAcl> ozAclGet = writeClient.getAcl(ozPrefix1);
@@ -539,24 +539,13 @@ public class TestKeyManagerImpl {
assertEquals(ozAcl1, ozAclGet.get(0));
List<OzoneAcl> acls = new ArrayList<>();
- OzoneAcl ozAcl2 = new OzoneAcl(ACLIdentityType.USER, "admin",
- ACLType.ALL, ACCESS);
+ OzoneAcl ozAcl2 = new OzoneAcl(ACLIdentityType.USER, "admin", ACCESS,
ACLType.ALL);
- BitSet rwRights = new BitSet();
- rwRights.set(IAccessAuthorizer.ACLType.WRITE.ordinal());
- rwRights.set(IAccessAuthorizer.ACLType.READ.ordinal());
- OzoneAcl ozAcl3 = new OzoneAcl(ACLIdentityType.GROUP, "dev",
- rwRights, ACCESS);
+ OzoneAcl ozAcl3 = new OzoneAcl(ACLIdentityType.GROUP, "dev", ACCESS, READ,
WRITE);
- BitSet wRights = new BitSet();
- wRights.set(IAccessAuthorizer.ACLType.WRITE.ordinal());
- OzoneAcl ozAcl4 = new OzoneAcl(ACLIdentityType.GROUP, "dev",
- wRights, ACCESS);
+ OzoneAcl ozAcl4 = new OzoneAcl(ACLIdentityType.GROUP, "dev", ACCESS,
WRITE);
- BitSet rRights = new BitSet();
- rRights.set(IAccessAuthorizer.ACLType.READ.ordinal());
- OzoneAcl ozAcl5 = new OzoneAcl(ACLIdentityType.GROUP, "dev",
- rRights, ACCESS);
+ OzoneAcl ozAcl5 = new OzoneAcl(ACLIdentityType.GROUP, "dev", ACCESS, READ);
acls.add(ozAcl2);
acls.add(ozAcl3);
@@ -628,7 +617,7 @@ public class TestKeyManagerImpl {
// Invalid prefix not ending with "/"
String invalidPrefix = "invalid/pf";
OzoneAcl ozAcl1 = new OzoneAcl(ACLIdentityType.USER, "user1",
- ACLType.READ, ACCESS);
+ ACCESS, ACLType.READ);
OzoneObj ozInvalidPrefix = new OzoneObjInfo.Builder()
.setVolumeName(volumeName)
@@ -692,7 +681,7 @@ public class TestKeyManagerImpl {
.build();
OzoneAcl ozAcl1 = new OzoneAcl(ACLIdentityType.USER, "user1",
- ACLType.READ, ACCESS);
+ ACCESS, ACLType.READ);
writeClient.addAcl(ozPrefix1, ozAcl1);
OzoneObj ozFile1 = new OzoneObjInfo.Builder()
diff --git
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOmMetrics.java
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOmMetrics.java
index 95335d4e39..901670301e 100644
---
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOmMetrics.java
+++
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOmMetrics.java
@@ -629,7 +629,7 @@ public class TestOmMetrics {
// Test addAcl
writeClient.addAcl(volObj,
new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, "ozoneuser",
- IAccessAuthorizer.ACLType.ALL, ACCESS));
+ ACCESS, IAccessAuthorizer.ACLType.ALL));
omMetrics = getMetrics("OMMetrics");
assertCounter("NumAddAcl", 1L, omMetrics);
@@ -695,7 +695,7 @@ public class TestOmMetrics {
long initialValue = metrics.getNumAddAcl();
objectStore.addAcl(volObj,
new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, "ozoneuser",
- IAccessAuthorizer.ACLType.ALL, ACCESS));
+ ACCESS, IAccessAuthorizer.ACLType.ALL));
assertEquals(initialValue + 1, metrics.getNumAddAcl());
diff --git
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOzoneManagerHAWithAllRunning.java
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOzoneManagerHAWithAllRunning.java
index 0a5fab260b..716c1003d2 100644
---
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOzoneManagerHAWithAllRunning.java
+++
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOzoneManagerHAWithAllRunning.java
@@ -561,7 +561,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
OzoneBucket ozoneBucket = setupBucket();
String remoteUserName = "remoteUser";
OzoneAcl defaultUserAcl = new OzoneAcl(USER, remoteUserName,
- READ, DEFAULT);
+ DEFAULT, READ);
OzoneObj ozoneObj = buildBucketObj(ozoneBucket);
@@ -573,7 +573,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
OzoneBucket ozoneBucket = setupBucket();
String remoteUserName = "remoteUser";
OzoneAcl defaultUserAcl = new OzoneAcl(USER, remoteUserName,
- READ, DEFAULT);
+ DEFAULT, READ);
OzoneObj ozoneObj = buildBucketObj(ozoneBucket);
@@ -586,7 +586,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
OzoneBucket ozoneBucket = setupBucket();
String remoteUserName = "remoteUser";
OzoneAcl defaultUserAcl = new OzoneAcl(USER, remoteUserName,
- READ, DEFAULT);
+ DEFAULT, READ);
OzoneObj ozoneObj = buildBucketObj(ozoneBucket);
@@ -618,7 +618,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
OzoneBucket ozoneBucket = setupBucket();
String remoteUserName = "remoteUser";
OzoneAcl userAcl = new OzoneAcl(USER, remoteUserName,
- READ, DEFAULT);
+ DEFAULT, READ);
String key = createKey(ozoneBucket);
@@ -632,7 +632,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
OzoneBucket ozoneBucket = setupBucket();
String remoteUserName = "remoteUser";
OzoneAcl userAcl = new OzoneAcl(USER, remoteUserName,
- READ, DEFAULT);
+ DEFAULT, READ);
String key = createKey(ozoneBucket);
@@ -647,7 +647,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
OzoneBucket ozoneBucket = setupBucket();
String remoteUserName = "remoteUser";
OzoneAcl userAcl = new OzoneAcl(USER, remoteUserName,
- READ, DEFAULT);
+ DEFAULT, READ);
String key = createKey(ozoneBucket);
@@ -663,7 +663,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
String remoteUserName = "remoteUser";
String prefixName = RandomStringUtils.randomAlphabetic(5) + "/";
OzoneAcl defaultUserAcl = new OzoneAcl(USER, remoteUserName,
- READ, DEFAULT);
+ DEFAULT, READ);
OzoneObj ozoneObj = buildPrefixObj(ozoneBucket, prefixName);
@@ -676,9 +676,9 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
String remoteUserName = "remoteUser";
String prefixName = RandomStringUtils.randomAlphabetic(5) + "/";
OzoneAcl userAcl = new OzoneAcl(USER, remoteUserName,
- READ, ACCESS);
+ ACCESS, READ);
OzoneAcl userAcl1 = new OzoneAcl(USER, "remote",
- READ, ACCESS);
+ ACCESS, READ);
OzoneObj ozoneObj = buildPrefixObj(ozoneBucket, prefixName);
@@ -708,7 +708,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
String remoteUserName = "remoteUser";
String prefixName = RandomStringUtils.randomAlphabetic(5) + "/";
OzoneAcl defaultUserAcl = new OzoneAcl(USER, remoteUserName,
- READ, DEFAULT);
+ DEFAULT, READ);
OzoneObj ozoneObj = buildPrefixObj(ozoneBucket, prefixName);
@@ -724,13 +724,13 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
OzoneObj srcObj = buildBucketObj(srcBucket);
// Add ACL to the LINK and verify that it is added to the source bucket
- OzoneAcl acl1 = new OzoneAcl(USER, "remoteUser1", READ, DEFAULT);
+ OzoneAcl acl1 = new OzoneAcl(USER, "remoteUser1", DEFAULT, READ);
boolean addAcl = getObjectStore().addAcl(linkObj, acl1);
assertTrue(addAcl);
assertEqualsAcls(srcObj, linkObj);
// Add ACL to the SOURCE and verify that it from link
- OzoneAcl acl2 = new OzoneAcl(USER, "remoteUser2", WRITE, DEFAULT);
+ OzoneAcl acl2 = new OzoneAcl(USER, "remoteUser2", DEFAULT, WRITE);
boolean addAcl2 = getObjectStore().addAcl(srcObj, acl2);
assertTrue(addAcl2);
assertEqualsAcls(srcObj, linkObj);
@@ -777,14 +777,14 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
// Set ACL to the LINK and verify that it is set to the source bucket
List<OzoneAcl> acl1 = Collections.singletonList(
- new OzoneAcl(USER, "remoteUser1", READ, DEFAULT));
+ new OzoneAcl(USER, "remoteUser1", DEFAULT, READ));
boolean setAcl1 = getObjectStore().setAcl(linkObj, acl1);
assertTrue(setAcl1);
assertEqualsAcls(srcObj, linkObj);
// Set ACL to the SOURCE and verify that it from link
List<OzoneAcl> acl2 = Collections.singletonList(
- new OzoneAcl(USER, "remoteUser2", WRITE, DEFAULT));
+ new OzoneAcl(USER, "remoteUser2", DEFAULT, WRITE));
boolean setAcl2 = getObjectStore().setAcl(srcObj, acl2);
assertTrue(setAcl2);
assertEqualsAcls(srcObj, linkObj);
@@ -800,12 +800,12 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
OzoneObj srcObj = buildKeyObj(srcBucket, key);
String user1 = "remoteUser1";
- OzoneAcl acl1 = new OzoneAcl(USER, user1, READ, DEFAULT);
+ OzoneAcl acl1 = new OzoneAcl(USER, user1, DEFAULT, READ);
testAddAcl(user1, linkObj, acl1); // case1: set link acl
assertEqualsAcls(srcObj, linkObj);
String user2 = "remoteUser2";
- OzoneAcl acl2 = new OzoneAcl(USER, user2, READ, DEFAULT);
+ OzoneAcl acl2 = new OzoneAcl(USER, user2, DEFAULT, READ);
testAddAcl(user2, srcObj, acl2); // case2: set src acl
assertEqualsAcls(srcObj, linkObj);
@@ -821,7 +821,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
OzoneObj linkObj = buildKeyObj(linkedBucket, key);
OzoneObj srcObj = buildKeyObj(srcBucket, key);
String user = "remoteUser1";
- OzoneAcl acl = new OzoneAcl(USER, user, READ, DEFAULT);
+ OzoneAcl acl = new OzoneAcl(USER, user, DEFAULT, READ);
testRemoveAcl(user, linkObj, acl);
assertEqualsAcls(srcObj, linkObj);
@@ -832,7 +832,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
OzoneObj linkObj2 = buildKeyObj(linkedBucket2, key2);
OzoneObj srcObj2 = buildKeyObj(srcBucket2, key2);
String user2 = "remoteUser2";
- OzoneAcl acl2 = new OzoneAcl(USER, user2, READ, DEFAULT);
+ OzoneAcl acl2 = new OzoneAcl(USER, user2, DEFAULT, READ);
testRemoveAcl(user2, srcObj2, acl2);
assertEqualsAcls(srcObj2, linkObj2);
@@ -847,12 +847,12 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
OzoneObj srcObj = buildKeyObj(srcBucket, key);
String user1 = "remoteUser1";
- OzoneAcl acl1 = new OzoneAcl(USER, user1, READ, DEFAULT);
+ OzoneAcl acl1 = new OzoneAcl(USER, user1, DEFAULT, READ);
testSetAcl(user1, linkObj, acl1); // case1: set link acl
assertEqualsAcls(srcObj, linkObj);
String user2 = "remoteUser2";
- OzoneAcl acl2 = new OzoneAcl(USER, user2, READ, DEFAULT);
+ OzoneAcl acl2 = new OzoneAcl(USER, user2, DEFAULT, READ);
testSetAcl(user2, srcObj, acl2); // case2: set src acl
assertEqualsAcls(srcObj, linkObj);
@@ -868,12 +868,12 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
createPrefix(linkObj);
String user1 = "remoteUser1";
- OzoneAcl acl1 = new OzoneAcl(USER, user1, READ, DEFAULT);
+ OzoneAcl acl1 = new OzoneAcl(USER, user1, DEFAULT, READ);
testAddAcl(user1, linkObj, acl1); // case1: set link acl
assertEqualsAcls(srcObj, linkObj);
String user2 = "remoteUser2";
- OzoneAcl acl2 = new OzoneAcl(USER, user2, READ, DEFAULT);
+ OzoneAcl acl2 = new OzoneAcl(USER, user2, DEFAULT, READ);
testAddAcl(user2, srcObj, acl2); // case2: set src acl
assertEqualsAcls(srcObj, linkObj);
@@ -891,7 +891,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
createPrefix(linkObj);
String user = "remoteUser1";
- OzoneAcl acl = new OzoneAcl(USER, user, READ, DEFAULT);
+ OzoneAcl acl = new OzoneAcl(USER, user, DEFAULT, READ);
testRemoveAcl(user, linkObj, acl);
assertEqualsAcls(srcObj, linkObj);
@@ -904,7 +904,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
createPrefix(srcObj2);
String user2 = "remoteUser2";
- OzoneAcl acl2 = new OzoneAcl(USER, user2, READ, DEFAULT);
+ OzoneAcl acl2 = new OzoneAcl(USER, user2, DEFAULT, READ);
testRemoveAcl(user2, srcObj2, acl2);
assertEqualsAcls(srcObj2, linkObj2);
@@ -920,12 +920,12 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
createPrefix(linkObj);
String user1 = "remoteUser1";
- OzoneAcl acl1 = new OzoneAcl(USER, user1, READ, DEFAULT);
+ OzoneAcl acl1 = new OzoneAcl(USER, user1, DEFAULT, READ);
testSetAcl(user1, linkObj, acl1); // case1: set link acl
assertEqualsAcls(srcObj, linkObj);
String user2 = "remoteUser2";
- OzoneAcl acl2 = new OzoneAcl(USER, user2, READ, DEFAULT);
+ OzoneAcl acl2 = new OzoneAcl(USER, user2, DEFAULT, READ);
testSetAcl(user2, srcObj, acl2); // case2: set src acl
assertEqualsAcls(srcObj, linkObj);
@@ -998,7 +998,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
}
OzoneAcl modifiedUserAcl = new OzoneAcl(USER, remoteUserName,
- WRITE, DEFAULT);
+ DEFAULT, WRITE);
List<OzoneAcl> newAcls = Collections.singletonList(modifiedUserAcl);
boolean setAcl = objectStore.setAcl(ozoneObj, newAcls);
@@ -1031,7 +1031,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
// Add an acl by changing acl type with same type, name and scope.
userAcl = new OzoneAcl(USER, remoteUserName,
- WRITE, DEFAULT);
+ DEFAULT, WRITE);
addAcl = objectStore.addAcl(ozoneObj, userAcl);
assertTrue(addAcl);
}
@@ -1052,7 +1052,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
// Add an acl by changing acl type with same type, name and scope.
userAcl = new OzoneAcl(USER, remoteUserName,
- WRITE, DEFAULT);
+ DEFAULT, WRITE);
addAcl = objectStore.addAcl(ozoneObj, userAcl);
assertTrue(addAcl);
}
@@ -1067,7 +1067,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
objectStore.addAcl(ozoneObj, userAcl);
// Add another arbitrary group ACL since the prefix will be removed when
removing
// the last ACL for the prefix and PREFIX_NOT_FOUND will be thrown
- OzoneAcl groupAcl = new OzoneAcl(GROUP, "arbitrary-group", READ, ACCESS);
+ OzoneAcl groupAcl = new OzoneAcl(GROUP, "arbitrary-group", ACCESS, READ);
objectStore.addAcl(ozoneObj, groupAcl);
}
acls = objectStore.getAcl(ozoneObj);
@@ -1087,7 +1087,7 @@ class TestOzoneManagerHAWithAllRunning extends
TestOzoneManagerHA {
// Just changed acl type here to write, rest all is same as defaultUserAcl.
OzoneAcl modifiedUserAcl = new OzoneAcl(USER, remoteUserName,
- WRITE, DEFAULT);
+ DEFAULT, WRITE);
addAcl = objectStore.addAcl(ozoneObj, modifiedUserAcl);
assertTrue(addAcl);
diff --git
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOmSnapshot.java
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOmSnapshot.java
index b4e06c0342..ed399b3704 100644
---
a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOmSnapshot.java
+++
b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOmSnapshot.java
@@ -1090,7 +1090,7 @@ public abstract class TestOmSnapshot {
createSnapshot(testVolumeName, testBucketName, snap1);
OzoneObj keyObj = buildKeyObj(bucket, key1);
OzoneAcl userAcl = new OzoneAcl(USER, "user",
- WRITE, DEFAULT);
+ DEFAULT, WRITE);
store.addAcl(keyObj, userAcl);
String snap2 = "snap2";
diff --git
a/hadoop-ozone/interface-storage/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclStorage.java
b/hadoop-ozone/interface-storage/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclStorage.java
index 22284e1170..cb9bdc2b4b 100644
---
a/hadoop-ozone/interface-storage/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclStorage.java
+++
b/hadoop-ozone/interface-storage/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclStorage.java
@@ -18,9 +18,15 @@
package org.apache.hadoop.ozone.om.helpers;
import com.google.protobuf.ByteString;
+
import java.util.BitSet;
+import java.util.EnumSet;
+import java.util.List;
+import java.util.stream.Collectors;
+
import org.apache.hadoop.ozone.OzoneAcl;
import org.apache.hadoop.ozone.OzoneAcl.AclScope;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLIdentityType;
import
org.apache.hadoop.ozone.storage.proto.OzoneManagerStorageProtos.OzoneAclInfo;
import
org.apache.hadoop.ozone.storage.proto.OzoneManagerStorageProtos.OzoneAclInfo.OzoneAclScope;
@@ -55,9 +61,12 @@ final class OzoneAclStorage {
public static OzoneAcl fromProtobuf(OzoneAclInfo protoAcl) {
BitSet aclRights = BitSet.valueOf(protoAcl.getRights().toByteArray());
+ List<IAccessAuthorizer.ACLType> aclTypeList = aclRights.stream()
+ .mapToObj(a -> IAccessAuthorizer.ACLType.values()[a])
+ .collect(Collectors.toList());
+ EnumSet<IAccessAuthorizer.ACLType> aclSet = EnumSet.copyOf(aclTypeList);
return new OzoneAcl(ACLIdentityType.valueOf(protoAcl.getType().name()),
- protoAcl.getName(), aclRights,
- AclScope.valueOf(protoAcl.getAclScope().name()));
+ protoAcl.getName(), AclScope.valueOf(protoAcl.getAclScope().name()),
aclSet);
}
}
diff --git
a/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfo.java
b/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfo.java
index a8394b68f9..8070c93cd6 100644
---
a/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfo.java
+++
b/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfo.java
@@ -77,7 +77,7 @@ public class TestOmPrefixInfo {
return new OmPrefixInfo(path,
new ArrayList<>(Collections.singletonList(new OzoneAcl(
identityType, identityString,
- aclType, scope))), new HashMap<>(), 10, 100);
+ scope, aclType))), new HashMap<>(), 10, 100);
}
@@ -98,7 +98,7 @@ public class TestOmPrefixInfo {
// Change acls and check.
omPrefixInfo.addAcl(new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.USER, username,
- IAccessAuthorizer.ACLType.READ, ACCESS));
+ ACCESS, IAccessAuthorizer.ACLType.READ));
assertNotEquals(omPrefixInfo, clonePrefixInfo);
diff --git
a/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfoCodec.java
b/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfoCodec.java
index f3ad1d8c76..4820b37e1b 100644
---
a/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfoCodec.java
+++
b/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfoCodec.java
@@ -45,7 +45,7 @@ public class TestOmPrefixInfoCodec extends
Proto2CodecTestBase<OmPrefixInfo> {
List<OzoneAcl> acls = new LinkedList<>();
OzoneAcl ozoneAcl = new OzoneAcl(ACLIdentityType.USER,
- "hive", ACLType.ALL, ACCESS);
+ "hive", ACCESS, ACLType.ALL);
acls.add(ozoneAcl);
OmPrefixInfo opiSave = OmPrefixInfo.newBuilder()
.setName("/user/hive/warehouse")
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
index 9d18107a5d..52299c820a 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
@@ -4495,13 +4495,13 @@ public final class OzoneManager extends
ServiceRuntimeInfoImpl
List<OzoneAcl> listOfAcls = new ArrayList<>();
//User ACL
listOfAcls.add(new OzoneAcl(ACLIdentityType.USER,
- userName, ACLType.ALL, ACCESS));
+ userName, ACCESS, ACLType.ALL));
//Group ACLs of the User
List<String> userGroups = Arrays.asList(UserGroupInformation
.createRemoteUser(userName).getGroupNames());
userGroups.forEach((group) -> listOfAcls.add(
- new OzoneAcl(ACLIdentityType.GROUP, group, ACLType.ALL, ACCESS)));
+ new OzoneAcl(ACLIdentityType.GROUP, group, ACCESS, ACLType.ALL)));
// Add ACLs
for (OzoneAcl ozoneAcl : listOfAcls) {
diff --git
a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/response/key/acl/prefix/TestOMPrefixAclResponse.java
b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/response/key/acl/prefix/TestOMPrefixAclResponse.java
index 543266b51a..5ebd2e6fa1 100644
---
a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/response/key/acl/prefix/TestOMPrefixAclResponse.java
+++
b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/response/key/acl/prefix/TestOMPrefixAclResponse.java
@@ -51,9 +51,9 @@ public class TestOMPrefixAclResponse extends
TestOMKeyResponse {
@Test
public void testAddToDBBatch() throws Exception {
final OzoneAcl user1 = new OzoneAcl(USER, "user1",
- ACLType.READ_ACL, ACCESS);
+ ACCESS, ACLType.READ_ACL);
final OzoneAcl user2 = new OzoneAcl(USER, "user2",
- ACLType.WRITE, ACCESS);
+ ACCESS, ACLType.WRITE);
final String prefixName = "/vol/buck/prefix/";
List<OzoneAcl> acls = Arrays.asList(user1, user2);
diff --git
a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneNativeAuthorizer.java
b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneNativeAuthorizer.java
index 52dea922d5..7eb46f617f 100644
---
a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneNativeAuthorizer.java
+++
b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneNativeAuthorizer.java
@@ -242,9 +242,9 @@ public class TestOzoneNativeAuthorizer {
ACLType groupRight, boolean expectedResult) throws Exception {
createAll(keyName, prefixName, userRight, groupRight, expectedResult);
OzoneAcl userAcl = new OzoneAcl(USER, testUgi.getUserName(),
- parentDirUserAcl, ACCESS);
+ ACCESS, parentDirUserAcl);
OzoneAcl groupAcl = new OzoneAcl(GROUP, testUgi.getGroups().size() > 0 ?
- testUgi.getGroups().get(0) : "", parentDirGroupAcl, ACCESS);
+ testUgi.getGroups().get(0) : "", ACCESS, parentDirGroupAcl);
// Set access for volume.
// We should directly add to table because old API's update to DB.
@@ -264,9 +264,9 @@ public class TestOzoneNativeAuthorizer {
ACLType groupRight, boolean expectedResult) throws Exception {
createAll(keyName, prefixName, userRight, groupRight, expectedResult);
OzoneAcl userAcl = new OzoneAcl(USER, testUgi.getUserName(),
- parentDirUserAcl, ACCESS);
+ ACCESS, parentDirUserAcl);
OzoneAcl groupAcl = new OzoneAcl(GROUP, testUgi.getGroups().size() > 0 ?
- testUgi.getGroups().get(0) : "", parentDirGroupAcl, ACCESS);
+ testUgi.getGroups().get(0) : "", ACCESS, parentDirGroupAcl);
// Set access for volume & bucket. We should directly add to table
// because old API's update to DB.
@@ -294,9 +294,9 @@ public class TestOzoneNativeAuthorizer {
.build();
OzoneAcl userAcl = new OzoneAcl(USER, testUgi.getUserName(),
- parentDirUserAcl, ACCESS);
+ ACCESS, parentDirUserAcl);
OzoneAcl groupAcl = new OzoneAcl(GROUP, testUgi.getGroups().size() > 0 ?
- testUgi.getGroups().get(0) : "", parentDirGroupAcl, ACCESS);
+ testUgi.getGroups().get(0) : "", ACCESS, parentDirGroupAcl);
// Set access for volume & bucket. We should directly add to table
// because old API's update to DB.
@@ -351,8 +351,8 @@ public class TestOzoneNativeAuthorizer {
* if user/group has access to them.
*/
for (ACLType a1 : allAcls) {
- OzoneAcl newAcl = new OzoneAcl(accessType, getAclName(accessType), a1,
- ACCESS);
+ OzoneAcl newAcl = new OzoneAcl(accessType, getAclName(accessType),
ACCESS, a1
+ );
// Reset acls to only one right.
if (obj.getResourceType() == VOLUME) {
@@ -431,7 +431,7 @@ public class TestOzoneNativeAuthorizer {
ACLIdentityType identityType = ACLIdentityType.values()[type];
// Add remaining acls one by one and then check access.
OzoneAcl addAcl = new OzoneAcl(identityType,
- getAclName(identityType), a2, ACCESS);
+ getAclName(identityType), ACCESS, a2);
// For volume and bucket update to cache. As Old API's update to
// only DB not cache.
diff --git
a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestParentAcl.java
b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestParentAcl.java
index f5220df178..e7ef8f51c4 100644
---
a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestParentAcl.java
+++
b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestParentAcl.java
@@ -223,10 +223,10 @@ public class TestParentAcl {
.setAclRights(childAclType).build();
OzoneAcl childAcl = new OzoneAcl(USER,
- testUgi1.getUserName(), childAclType, ACCESS);
+ testUgi1.getUserName(), ACCESS, childAclType);
OzoneAcl parentAcl = new OzoneAcl(USER,
- testUgi1.getUserName(), parentAclType, ACCESS);
+ testUgi1.getUserName(), ACCESS, parentAclType);
assertFalse(nativeAuthorizer.checkAccess(child, requestContext));
if (child.getResourceType() == BUCKET) {
@@ -254,7 +254,7 @@ public class TestParentAcl {
// add the volume acl (grand-parent), now key access is allowed.
OzoneAcl parentVolumeAcl = new OzoneAcl(USER,
- testUgi1.getUserName(), READ, ACCESS);
+ testUgi1.getUserName(), ACCESS, READ);
addVolumeAcl(child.getVolumeName(), parentVolumeAcl);
assertTrue(nativeAuthorizer.checkAccess(
child, requestContext));
diff --git
a/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/api/TestEndpoints.java
b/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/api/TestEndpoints.java
index 9c92ad4d7e..310c8a28e7 100644
---
a/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/api/TestEndpoints.java
+++
b/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/api/TestEndpoints.java
@@ -435,14 +435,12 @@ public class TestEndpoints extends AbstractReconSqlDBTest
{
.addOzoneAcls(new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.USER,
"TestUser2",
- IAccessAuthorizer.ACLType.WRITE,
- OzoneAcl.AclScope.ACCESS
+ OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.WRITE
))
.addOzoneAcls(new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.USER,
"TestUser2",
- IAccessAuthorizer.ACLType.READ,
- OzoneAcl.AclScope.ACCESS
+ OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.READ
))
.build();
reconOMMetadataManager.getVolumeTable().put(volumeKey, args);
@@ -453,8 +451,7 @@ public class TestEndpoints extends AbstractReconSqlDBTest {
.addAcl(new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.GROUP,
"TestGroup2",
- IAccessAuthorizer.ACLType.WRITE,
- OzoneAcl.AclScope.ACCESS
+ OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.WRITE
))
.setQuotaInBytes(OzoneConsts.GB)
.setUsedBytes(OzoneConsts.MB)
@@ -477,8 +474,7 @@ public class TestEndpoints extends AbstractReconSqlDBTest {
.addAcl(new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.GROUP,
"TestGroup2",
- IAccessAuthorizer.ACLType.READ,
- OzoneAcl.AclScope.ACCESS
+ OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.READ
))
.setQuotaInBytes(OzoneConsts.GB)
.setUsedBytes(100 * OzoneConsts.MB)
diff --git
a/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/common/CommonUtils.java
b/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/common/CommonUtils.java
index f555e55ead..0414b8715c 100644
---
a/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/common/CommonUtils.java
+++
b/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/common/CommonUtils.java
@@ -67,7 +67,7 @@ public class CommonUtils {
return new OmPrefixInfo(path,
new ArrayList<>(Collections.singletonList(new OzoneAcl(
identityType, identityString,
- aclType, scope))), new HashMap<>(), 10, 100);
+ scope, aclType))), new HashMap<>(), 10, 100);
}
public void testNSSummaryBasicInfoRoot(
diff --git
a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/BucketEndpoint.java
b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/BucketEndpoint.java
index b8cd56d5f9..b7a5af7340 100644
---
a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/BucketEndpoint.java
+++
b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/BucketEndpoint.java
@@ -63,7 +63,7 @@ import javax.ws.rs.core.Response;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
-import java.util.BitSet;
+import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
@@ -665,14 +665,11 @@ public class BucketEndpoint extends EndpointBase {
throw newError(NOT_IMPLEMENTED, part[0]);
}
// Build ACL on Bucket
- BitSet aclsOnBucket =
- S3Acl.getOzoneAclOnBucketFromS3Permission(permission);
+ EnumSet<IAccessAuthorizer.ACLType> aclsOnBucket =
S3Acl.getOzoneAclOnBucketFromS3Permission(permission);
OzoneAcl defaultOzoneAcl = new OzoneAcl(
- IAccessAuthorizer.ACLIdentityType.USER, part[1], aclsOnBucket,
- OzoneAcl.AclScope.DEFAULT);
- OzoneAcl accessOzoneAcl = new OzoneAcl(
- IAccessAuthorizer.ACLIdentityType.USER, part[1], aclsOnBucket,
- ACCESS);
+ IAccessAuthorizer.ACLIdentityType.USER, part[1],
OzoneAcl.AclScope.DEFAULT, aclsOnBucket
+ );
+ OzoneAcl accessOzoneAcl = new
OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, part[1], ACCESS, aclsOnBucket);
ozoneAclList.add(defaultOzoneAcl);
ozoneAclList.add(accessOzoneAcl);
}
@@ -699,11 +696,9 @@ public class BucketEndpoint extends EndpointBase {
throw newError(NOT_IMPLEMENTED, part[0]);
}
// Build ACL on Volume
- BitSet aclsOnVolume =
+ EnumSet<IAccessAuthorizer.ACLType> aclsOnVolume =
S3Acl.getOzoneAclOnVolumeFromS3Permission(permission);
- OzoneAcl accessOzoneAcl = new OzoneAcl(
- IAccessAuthorizer.ACLIdentityType.USER, part[1], aclsOnVolume,
- ACCESS);
+ OzoneAcl accessOzoneAcl = new
OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, part[1], ACCESS, aclsOnVolume);
ozoneAclList.add(accessOzoneAcl);
}
return ozoneAclList;
diff --git
a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/S3Acl.java
b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/S3Acl.java
index 792f2e2ef5..5d6057f061 100644
---
a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/S3Acl.java
+++
b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/S3Acl.java
@@ -29,7 +29,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.ArrayList;
-import java.util.BitSet;
+import java.util.EnumSet;
import java.util.List;
import static
org.apache.hadoop.ozone.s3.exception.S3ErrorTable.INVALID_ARGUMENT;
@@ -228,15 +228,15 @@ public final class S3Acl {
grant.getGrantee().getXsiType());
if (identityType != null && identityType.isSupported()) {
String permission = grant.getPermission();
- BitSet acls = getOzoneAclOnBucketFromS3Permission(permission);
+ EnumSet<IAccessAuthorizer.ACLType> acls =
getOzoneAclOnBucketFromS3Permission(permission);
OzoneAcl defaultOzoneAcl = new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.USER,
- grant.getGrantee().getId(), acls,
- OzoneAcl.AclScope.DEFAULT);
+ grant.getGrantee().getId(), OzoneAcl.AclScope.DEFAULT, acls
+ );
OzoneAcl accessOzoneAcl = new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.USER,
- grant.getGrantee().getId(), acls,
- OzoneAcl.AclScope.ACCESS);
+ grant.getGrantee().getId(), OzoneAcl.AclScope.ACCESS, acls
+ );
ozoneAclList.add(defaultOzoneAcl);
ozoneAclList.add(accessOzoneAcl);
} else {
@@ -249,31 +249,31 @@ public final class S3Acl {
return ozoneAclList;
}
- public static BitSet getOzoneAclOnBucketFromS3Permission(String permission)
+ public static EnumSet<IAccessAuthorizer.ACLType>
getOzoneAclOnBucketFromS3Permission(String permission)
throws OS3Exception {
ACLType permissionType = ACLType.getType(permission);
if (permissionType == null) {
throw S3ErrorTable.newError(S3ErrorTable.INVALID_ARGUMENT, permission);
}
- BitSet acls = new BitSet(IAccessAuthorizer.ACLType.getNoOfAcls());
+ EnumSet<IAccessAuthorizer.ACLType> acls =
EnumSet.noneOf(IAccessAuthorizer.ACLType.class);
switch (permissionType) {
case FULL_CONTROL:
- acls.set(IAccessAuthorizer.ACLType.ALL.ordinal());
+ acls.add(IAccessAuthorizer.ACLType.ALL);
break;
case WRITE_ACP:
- acls.set(IAccessAuthorizer.ACLType.WRITE_ACL.ordinal());
+ acls.add(IAccessAuthorizer.ACLType.WRITE_ACL);
break;
case READ_ACP:
- acls.set(IAccessAuthorizer.ACLType.READ_ACL.ordinal());
+ acls.add(IAccessAuthorizer.ACLType.READ_ACL);
break;
case WRITE:
- acls.set(IAccessAuthorizer.ACLType.WRITE.ordinal());
- acls.set(IAccessAuthorizer.ACLType.DELETE.ordinal());
- acls.set(IAccessAuthorizer.ACLType.CREATE.ordinal());
+ acls.add(IAccessAuthorizer.ACLType.WRITE);
+ acls.add(IAccessAuthorizer.ACLType.DELETE);
+ acls.add(IAccessAuthorizer.ACLType.CREATE);
break;
case READ:
- acls.set(IAccessAuthorizer.ACLType.READ.ordinal());
- acls.set(IAccessAuthorizer.ACLType.LIST.ordinal());
+ acls.add(IAccessAuthorizer.ACLType.READ);
+ acls.add(IAccessAuthorizer.ACLType.LIST);
break;
default:
LOG.error("Failed to recognize S3 permission {}", permission);
@@ -292,11 +292,11 @@ public final class S3Acl {
grant.getGrantee().getXsiType());
if (identityType != null && identityType.isSupported()) {
String permission = grant.getPermission();
- BitSet acls = getOzoneAclOnVolumeFromS3Permission(permission);
+ EnumSet<IAccessAuthorizer.ACLType> acls =
getOzoneAclOnVolumeFromS3Permission(permission);
OzoneAcl accessOzoneAcl = new OzoneAcl(
IAccessAuthorizer.ACLIdentityType.USER,
- grant.getGrantee().getId(), acls,
- OzoneAcl.AclScope.ACCESS);
+ grant.getGrantee().getId(), OzoneAcl.AclScope.ACCESS, acls
+ );
ozoneAclList.add(accessOzoneAcl);
} else {
LOG.error("Grantee type {} is not supported",
@@ -309,35 +309,35 @@ public final class S3Acl {
}
// User privilege on volume follows the "lest privilege" principle.
- public static BitSet getOzoneAclOnVolumeFromS3Permission(String permission)
+ public static EnumSet<IAccessAuthorizer.ACLType>
getOzoneAclOnVolumeFromS3Permission(String permission)
throws OS3Exception {
- BitSet acls = new BitSet(IAccessAuthorizer.ACLType.getNoOfAcls());
+ EnumSet<IAccessAuthorizer.ACLType> acls =
EnumSet.noneOf(IAccessAuthorizer.ACLType.class);
ACLType permissionType = ACLType.getType(permission);
if (permissionType == null) {
throw S3ErrorTable.newError(S3ErrorTable.INVALID_ARGUMENT, permission);
}
switch (permissionType) {
case FULL_CONTROL:
- acls.set(IAccessAuthorizer.ACLType.READ.ordinal());
- acls.set(IAccessAuthorizer.ACLType.WRITE.ordinal());
- acls.set(IAccessAuthorizer.ACLType.READ_ACL.ordinal());
- acls.set(IAccessAuthorizer.ACLType.WRITE_ACL.ordinal());
+ acls.add(IAccessAuthorizer.ACLType.READ);
+ acls.add(IAccessAuthorizer.ACLType.WRITE);
+ acls.add(IAccessAuthorizer.ACLType.READ_ACL);
+ acls.add(IAccessAuthorizer.ACLType.WRITE_ACL);
break;
case WRITE_ACP:
- acls.set(IAccessAuthorizer.ACLType.READ.ordinal());
- acls.set(IAccessAuthorizer.ACLType.READ_ACL.ordinal());
- acls.set(IAccessAuthorizer.ACLType.WRITE_ACL.ordinal());
+ acls.add(IAccessAuthorizer.ACLType.READ);
+ acls.add(IAccessAuthorizer.ACLType.READ_ACL);
+ acls.add(IAccessAuthorizer.ACLType.WRITE_ACL);
break;
case READ_ACP:
- acls.set(IAccessAuthorizer.ACLType.READ.ordinal());
- acls.set(IAccessAuthorizer.ACLType.READ_ACL.ordinal());
+ acls.add(IAccessAuthorizer.ACLType.READ);
+ acls.add(IAccessAuthorizer.ACLType.READ_ACL);
break;
case WRITE:
- acls.set(IAccessAuthorizer.ACLType.READ.ordinal());
- acls.set(IAccessAuthorizer.ACLType.WRITE.ordinal());
+ acls.add(IAccessAuthorizer.ACLType.READ);
+ acls.add(IAccessAuthorizer.ACLType.WRITE);
break;
case READ:
- acls.set(IAccessAuthorizer.ACLType.READ.ordinal());
+ acls.add(IAccessAuthorizer.ACLType.READ);
break;
default:
LOG.error("Failed to recognize S3 permission {}", permission);
diff --git
a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/containergenerator/GeneratorOm.java
b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/containergenerator/GeneratorOm.java
index b8509d60c9..7390488c81 100644
---
a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/containergenerator/GeneratorOm.java
+++
b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/containergenerator/GeneratorOm.java
@@ -156,10 +156,10 @@ public class GeneratorOm extends BaseGenerator implements
.setQuotaInBytes(100L)
.addOzoneAcls(
new OzoneAcl(IAccessAuthorizer.ACLIdentityType.WORLD, "",
- IAccessAuthorizer.ACLType.ALL, ACCESS))
+ ACCESS, IAccessAuthorizer.ACLType.ALL))
.addOzoneAcls(
new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, getUserId(),
- IAccessAuthorizer.ACLType.ALL, ACCESS)
+ ACCESS, IAccessAuthorizer.ACLType.ALL)
).build();
volTable.put("/" + volumeName, omVolumeArgs);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
