This is an automated email from the ASF dual-hosted git repository.
xyao pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new 3b31694 HDDS-1545. Cli to add,remove,get and delete acls for Ozone
objects. Contributed by Ajay Kumar. (#920)
3b31694 is described below
commit 3b31694c3535f746b59ae1765f265ee8f1078c2c
Author: Ajay Yadav <7813154+ajay...@users.noreply.github.com>
AuthorDate: Wed Jun 12 06:51:34 2019 -0700
HDDS-1545. Cli to add,remove,get and delete acls for Ozone objects.
Contributed by Ajay Kumar. (#920)
---
.../java/org/apache/hadoop/ozone/OzoneAcl.java | 24 +++++
.../hadoop/ozone/security/acl/OzoneAclConfig.java | 6 ++
.../hadoop/ozone/security/acl/OzoneObjInfo.java | 6 +-
.../src/main/proto/OzoneManagerProtocol.proto | 18 ++--
.../org/apache/hadoop/ozone/TestOzoneAcls.java | 42 +++++++++
.../ozone/security/acl/TestOzoneObjInfo.java | 69 +++++++++++++-
.../src/main/smoketest/basic/ozone-shell.robot | 62 +++++++++++-
.../main/smoketest/security/ozone-secure-fs.robot | 50 +++++++++-
.../protocolPB/OzoneManagerRequestHandler.java | 3 +-
.../web/ozShell/bucket/AddAclBucketHandler.java | 101 ++++++++++++++++++++
.../ozone/web/ozShell/bucket/BucketCommands.java | 6 +-
.../web/ozShell/bucket/GetAclBucketHandler.java | 84 +++++++++++++++++
.../web/ozShell/bucket/RemoveAclBucketHandler.java | 101 ++++++++++++++++++++
.../web/ozShell/bucket/SetAclBucketHandler.java | 101 ++++++++++++++++++++
.../ozone/web/ozShell/keys/AddAclKeyHandler.java | 104 +++++++++++++++++++++
.../ozone/web/ozShell/keys/GetAclKeyHandler.java | 87 +++++++++++++++++
.../hadoop/ozone/web/ozShell/keys/KeyCommands.java | 6 +-
.../web/ozShell/keys/RemoveAclKeyHandler.java | 104 +++++++++++++++++++++
.../ozone/web/ozShell/keys/SetAclKeyHandler.java | 103 ++++++++++++++++++++
.../web/ozShell/volume/AddAclVolumeHandler.java | 98 +++++++++++++++++++
.../web/ozShell/volume/GetAclVolumeHandler.java | 78 ++++++++++++++++
.../web/ozShell/volume/RemoveAclVolumeHandler.java | 98 +++++++++++++++++++
.../web/ozShell/volume/SetAclVolumeHandler.java | 101 ++++++++++++++++++++
.../ozone/web/ozShell/volume/VolumeCommands.java | 6 +-
24 files changed, 1436 insertions(+), 22 deletions(-)
diff --git
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java
index 8ee33b4..2fba29e 100644
--- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java
@@ -134,6 +134,30 @@ public class OzoneAcl {
return new OzoneAcl(aclType, parts[1], acls);
}
+ /**
+ * Parses an ACL string and returns the ACL object.
+ *
+ * @param acls - Acl String , Ex. user:anu:rw
+ *
+ * @return - Ozone ACLs
+ */
+ public static List<OzoneAcl> parseAcls(String acls)
+ throws IllegalArgumentException {
+ if ((acls == null) || acls.isEmpty()) {
+ throw new IllegalArgumentException("ACLs cannot be null or empty");
+ }
+ String[] parts = acls.trim().split(",");
+ if (parts.length < 1) {
+ throw new IllegalArgumentException("ACLs are not in expected format");
+ }
+ List<OzoneAcl> ozAcls = new ArrayList<>();
+
+ for(String acl:parts) {
+ ozAcls.add(parseAcl(acl));
+ }
+ return ozAcls;
+ }
+
public static OzoneAclInfo toProtobuf(OzoneAcl acl) {
OzoneAclInfo.Builder builder = OzoneAclInfo.newBuilder()
.setName(acl.getName())
diff --git
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneAclConfig.java
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneAclConfig.java
index 9641eda..b51af56 100644
---
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneAclConfig.java
+++
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneAclConfig.java
@@ -40,6 +40,9 @@ public class OzoneAclConfig {
"OzoneManager."
)
public void setUserDefaultRights(String userRights) {
+ if(userRights == null) {
+ userRights = "ALL";
+ }
this.userDefaultRights = ACLType.valueOf(userRights);
}
@@ -51,6 +54,9 @@ public class OzoneAclConfig {
"OzoneManager."
)
public void setGroupDefaultRights(String groupRights) {
+ if(groupRights == null) {
+ groupRights = "ALL";
+ }
this.groupDefaultRights = ACLType.valueOf(groupRights);
}
diff --git
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneObjInfo.java
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneObjInfo.java
index cbb9fb8..537134a 100644
---
a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneObjInfo.java
+++
b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneObjInfo.java
@@ -75,8 +75,8 @@ public final class OzoneObjInfo extends OzoneObj {
Builder builder = new Builder()
.setResType(ResourceType.valueOf(proto.getResType().name()))
.setStoreType(StoreType.valueOf(proto.getStoreType().name()));
- String[] tokens = StringUtils.splitPreserveAllTokens(proto.getPath(),
- OZONE_URI_DELIMITER);
+ String[] tokens = StringUtils.split(proto.getPath(),
+ OZONE_URI_DELIMITER, 3);
if(tokens == null) {
throw new IllegalArgumentException("Unexpected path:" + proto.getPath());
}
@@ -94,7 +94,7 @@ public final class OzoneObjInfo extends OzoneObj {
builder.setBucketName(tokens[1]);
break;
case KEY:
- if (tokens.length != 3) {
+ if (tokens.length < 3) {
throw new IllegalArgumentException("Unexpected argument for " +
"Ozone key. Path:" + proto.getPath());
}
diff --git a/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto
b/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto
index 303241e..21cacf6 100644
--- a/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto
+++ b/hadoop-ozone/common/src/main/proto/OzoneManagerProtocol.proto
@@ -507,15 +507,15 @@ message OzoneAclInfo {
}
enum OzoneAclRights {
- CREATE = 1;
- LIST = 2;
- DELETE = 3;
- READ = 4;
- WRITE = 5;
- READ_ACL = 6;
- WRITE_ACL = 7;
- ALL = 8;
- NONE = 9;
+ READ = 1;
+ WRITE = 2;
+ CREATE = 3;
+ LIST = 4;
+ DELETE = 5;
+ READ_ACL = 6;
+ WRITE_ACL = 7;
+ ALL = 8;
+ NONE = 9;
}
required OzoneAclType type = 1;
required string name = 2;
diff --git
a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/TestOzoneAcls.java
b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/TestOzoneAcls.java
index 5d9a05d..b9207f4 100644
---
a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/TestOzoneAcls.java
+++
b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/TestOzoneAcls.java
@@ -20,10 +20,12 @@ package org.apache.hadoop.ozone;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLIdentityType;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType;
import org.apache.hadoop.test.LambdaTestUtils;
import org.junit.Test;
import java.util.HashMap;
+import java.util.List;
import java.util.Set;
import static org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType.*;
@@ -202,4 +204,44 @@ public class TestOzoneAcls {
" is not", () -> OzoneAcl.parseAcl("world::rwdlncxncxdfsfgbny"));
}
+ @Test
+ public void testBitSetToListConversion() throws Exception {
+ OzoneAcl acl = OzoneAcl.parseAcl("user:bilbo:rw");
+
+ List<ACLType> rights = acl.getAclList();
+ assertTrue(rights.size() == 2);
+ assertTrue(rights.contains(READ));
+ assertTrue(rights.contains(WRITE));
+ assertFalse(rights.contains(CREATE));
+
+ acl = OzoneAcl.parseAcl("user:bilbo:a");
+
+ rights = acl.getAclList();
+ assertTrue(rights.size() == 1);
+ assertTrue(rights.contains(ALL));
+ assertFalse(rights.contains(WRITE));
+ assertFalse(rights.contains(CREATE));
+
+ acl = OzoneAcl.parseAcl("user:bilbo:cxy");
+ rights = acl.getAclList();
+ assertTrue(rights.size() == 3);
+ assertTrue(rights.contains(CREATE));
+ assertTrue(rights.contains(READ_ACL));
+ assertTrue(rights.contains(WRITE_ACL));
+ assertFalse(rights.contains(WRITE));
+ assertFalse(rights.contains(READ));
+
+ List<OzoneAcl> acls = OzoneAcl.parseAcls("user:bilbo:cxy,group:hadoop:a");
+ assertTrue(acls.size() == 2);
+ rights = acls.get(0).getAclList();
+ assertTrue(rights.size() == 3);
+ assertTrue(rights.contains(CREATE));
+ assertTrue(rights.contains(READ_ACL));
+ assertTrue(rights.contains(WRITE_ACL));
+ assertFalse(rights.contains(WRITE));
+ assertFalse(rights.contains(READ));
+ rights = acls.get(1).getAclList();
+ assertTrue(rights.contains(ALL));
+ }
+
}
diff --git
a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneObjInfo.java
b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneObjInfo.java
index 93dfc4d..ab24b1b 100644
---
a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneObjInfo.java
+++
b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneObjInfo.java
@@ -16,8 +16,11 @@
*/
package org.apache.hadoop.ozone.security.acl;
+import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos;
import org.junit.Test;
+import static org.apache.hadoop.ozone.OzoneConsts.OZONE_URI_DELIMITER;
+import static
org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OzoneObj.ObjectType.*;
import static org.junit.Assert.*;
import org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType;
@@ -76,13 +79,73 @@ public class TestOzoneObjInfo {
objInfo = getBuilder(volume, bucket, key).build();
assertEquals(objInfo.getKeyName(), key);
- objInfo =getBuilder(volume, null, null).build();
+ objInfo = getBuilder(volume, null, null).build();
assertEquals(objInfo.getKeyName(), null);
- objInfo =getBuilder(null, bucket, null).build();
+ objInfo = getBuilder(null, bucket, null).build();
assertEquals(objInfo.getKeyName(), null);
- objInfo =getBuilder(null, null, key).build();
+ objInfo = getBuilder(null, null, key).build();
+ assertEquals(objInfo.getKeyName(), key);
+ }
+
+ @Test
+ public void testFromProtobufOp() {
+ // Key with long path.
+ key = "dir1/dir2/dir3/dir4/dir5/abc.txt";
+ OzoneManagerProtocolProtos.OzoneObj protoObj = OzoneManagerProtocolProtos.
+ OzoneObj.newBuilder()
+ .setResType(KEY)
+ .setStoreType(OzoneManagerProtocolProtos.OzoneObj.StoreType.OZONE)
+ .setPath(volume + OZONE_URI_DELIMITER +
+ bucket + OZONE_URI_DELIMITER + key)
+ .build();
+
+ objInfo = OzoneObjInfo.fromProtobuf(protoObj);
+ assertEquals(objInfo.getKeyName(), key);
+ objInfo = getBuilder(volume, null, null).build();
+ assertEquals(objInfo.getKeyName(), null);
+ objInfo = getBuilder(null, bucket, null).build();
+ assertEquals(objInfo.getKeyName(), null);
+ objInfo = getBuilder(null, null, key).build();
+ assertEquals(objInfo.getKeyName(), key);
+
+ // Key with long path.
+ key = "dir1/dir2/dir3/dir4/dir5/abc.txt";
+ protoObj = OzoneManagerProtocolProtos.
+ OzoneObj.newBuilder()
+ .setResType(KEY)
+ .setStoreType(OzoneManagerProtocolProtos.OzoneObj.StoreType.OZONE)
+ .setPath(OZONE_URI_DELIMITER + volume + OZONE_URI_DELIMITER +
+ bucket + OZONE_URI_DELIMITER + key)
+ .build();
+
+ objInfo = OzoneObjInfo.fromProtobuf(protoObj);
+ assertEquals(objInfo.getKeyName(), key);
+ objInfo = getBuilder(volume, null, null).build();
+ assertEquals(objInfo.getKeyName(), null);
+ objInfo = getBuilder(null, bucket, null).build();
+ assertEquals(objInfo.getKeyName(), null);
+ objInfo = getBuilder(null, null, key).build();
+ assertEquals(objInfo.getKeyName(), key);
+
+ // Key with long path.
+ key = "dir1/dir2/dir3/dir4/dir5/";
+ protoObj = OzoneManagerProtocolProtos.
+ OzoneObj.newBuilder()
+ .setResType(KEY)
+ .setStoreType(OzoneManagerProtocolProtos.OzoneObj.StoreType.OZONE)
+ .setPath(OZONE_URI_DELIMITER + volume + OZONE_URI_DELIMITER +
+ bucket + OZONE_URI_DELIMITER + key)
+ .build();
+
+ objInfo = OzoneObjInfo.fromProtobuf(protoObj);
+ assertEquals(objInfo.getKeyName(), key);
+ objInfo = getBuilder(volume, null, null).build();
+ assertEquals(objInfo.getKeyName(), null);
+ objInfo = getBuilder(null, bucket, null).build();
+ assertEquals(objInfo.getKeyName(), null);
+ objInfo = getBuilder(null, null, key).build();
assertEquals(objInfo.getKeyName(), key);
}
}
\ No newline at end of file
diff --git a/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell.robot
b/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell.robot
index b66e9f8..ee3c6e6 100644
--- a/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell.robot
@@ -25,11 +25,20 @@ Test Timeout 2 minute
RpcClient with port
Test ozone shell o3:// om:9862 rpcwoport
+RpcClient volume acls
+ Test Volume Acls o3:// om:9862 rpcwoport2
+
+RpcClient bucket acls
+ Test Bucket Acls o3:// om:9862 rpcwoport2
+
+RpcClient key acls
+ Test Key Acls o3:// om:9862 rpcwoport2
+
RpcClient without host
- Test ozone shell o3:// ${EMPTY} rpcwport
+ Test ozone shell o3:// ${EMPTY} rpcwport
RpcClient without scheme
- Test ozone shell ${EMPTY} ${EMPTY} rpcwoscheme
+ Test ozone shell ${EMPTY} ${EMPTY} rpcwoscheme
*** Keywords ***
@@ -60,6 +69,39 @@ Test ozone shell
Execute ozone sh bucket delete
${protocol}${server}/${volume}/bb1
Execute ozone sh volume delete
${protocol}${server}/${volume} --user bilbo
+Test Volume Acls
+ [arguments] ${protocol} ${server} ${volume}
+ Execute ozone sh volume create ${protocol}${server}/${volume}
+ ${result} = Execute ozone sh volume getacl
${protocol}${server}/${volume}
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \".*\",\n.*\"aclList\" : . \"ALL\" .
+ ${result} = Execute ozone sh volume addacl
${protocol}${server}/${volume} -a user:superuser1:rwxy
+ ${result} = Execute ozone sh volume getacl
${protocol}${server}/${volume}
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\",
\"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+ ${result} = Execute ozone sh volume removeacl
${protocol}${server}/${volume} -a user:superuser1:xy
+ ${result} = Execute ozone sh volume getacl
${protocol}${server}/${volume}
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"READ\", \"WRITE\"
+ ${result} = Execute ozone sh volume setacl
${protocol}${server}/${volume} -al user:superuser1:rwxy,group:superuser1:a
+ ${result} = Execute ozone sh volume getacl
${protocol}${server}/${volume}
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\",
\"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+ Should Match Regexp ${result} \"type\" :
\"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"ALL\"
+
+Test Bucket Acls
+ [arguments] ${protocol} ${server} ${volume}
+ Execute ozone sh bucket create
${protocol}${server}/${volume}/bb1
+ ${result} = Execute ozone sh bucket getacl
${protocol}${server}/${volume}/bb1
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \".*\",\n.*\"aclList\" : . \"ALL\" .
+ ${result} = Execute ozone sh bucket addacl
${protocol}${server}/${volume}/bb1 -a user:superuser1:rwxy
+ ${result} = Execute ozone sh bucket getacl
${protocol}${server}/${volume}/bb1
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\",
\"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+ ${result} = Execute ozone sh bucket removeacl
${protocol}${server}/${volume}/bb1 -a user:superuser1:xy
+ ${result} = Execute ozone sh bucket getacl
${protocol}${server}/${volume}/bb1
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"READ\", \"WRITE\"
+ ${result} = Execute ozone sh bucket setacl
${protocol}${server}/${volume}/bb1 -al user:superuser1:rwxy,group:superuser1:a
+ ${result} = Execute ozone sh bucket getacl
${protocol}${server}/${volume}/bb1
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\",
\"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+ Should Match Regexp ${result} \"type\" :
\"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"ALL\"
+
+
Test key handling
[arguments] ${protocol} ${server} ${volume}
Execute ozone sh key put
${protocol}${server}/${volume}/bb1/key1 /opt/hadoop/NOTICE.txt
@@ -74,3 +116,19 @@ Test key handling
${result} = Execute ozone sh key list
${protocol}${server}/${volume}/bb1 | grep -Ev
'Removed|WARN|DEBUG|ERROR|INFO|TRACE' | jq -r '.[].keyName'
Should Be Equal ${result} key2
Execute ozone sh key delete
${protocol}${server}/${volume}/bb1/key2
+
+Test key Acls
+ [arguments] ${protocol} ${server} ${volume}
+ Execute ozone sh key put ${protocol}${server}/${volume}/bb1/key2
/opt/hadoop/NOTICE.txt
+ ${result} = Execute ozone sh key getacl
${protocol}${server}/${volume}/bb1/key2
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \".*\",\n.*\"aclList\" : . \"ALL\" .
+ ${result} = Execute ozone sh key addacl
${protocol}${server}/${volume}/bb1/key2 -a user:superuser1:rwxy
+ ${result} = Execute ozone sh key getacl
${protocol}${server}/${volume}/bb1/key2
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\",
\"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+ ${result} = Execute ozone sh key removeacl
${protocol}${server}/${volume}/bb1/key2 -a user:superuser1:xy
+ ${result} = Execute ozone sh key getacl
${protocol}${server}/${volume}/bb1/key2
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"READ\", \"WRITE\"
+ ${result} = Execute ozone sh key setacl
${protocol}${server}/${volume}/bb1/key2 -al
user:superuser1:rwxy,group:superuser1:a
+ ${result} = Execute ozone sh key getacl
${protocol}${server}/${volume}/bb1/key2
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\",
\"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+ Should Match Regexp ${result} \"type\" :
\"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"ALL\"
\ No newline at end of file
diff --git
a/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure-fs.robot
b/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure-fs.robot
index 004d2a9..92cf4cd 100644
--- a/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure-fs.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure-fs.robot
@@ -28,6 +28,7 @@ Setup volume names
${random} Generate Random String 2 [NUMBERS]
Set Suite Variable ${volume1} fstest${random}
Set Suite Variable ${volume2} fstest2${random}
+ Set Suite Variable ${volume3} fstest3${random}
*** Test Cases ***
Create volume bucket with wrong credentials
@@ -46,4 +47,51 @@ Create volume bucket with credentials
Execute ozone sh bucket create o3://om/${volume2}/bucket3
Check volume from ozonefs
- ${result} = Execute ozone fs -ls
o3fs://bucket1.${volume1}/
\ No newline at end of file
+ ${result} = Execute ozone fs -ls
o3fs://bucket1.${volume1}/
+
+Test Volume Acls
+ ${result} = Execute ozone sh volume create ${volume3}
+ Should not contain ${result} Failed
+ ${result} = Execute ozone sh volume getacl ${volume3}
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \".*\",\n.*\"aclList\" : . \"ALL\" .
+ ${result} = Execute ozone sh volume addacl ${volume3} -a
user:superuser1:rwxy
+ ${result} = Execute ozone sh volume getacl ${volume3}
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\",
\"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+ ${result} = Execute ozone sh volume removeacl ${volume3}
-a user:superuser1:xy
+ ${result} = Execute ozone sh volume getacl ${volume3}
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"READ\", \"WRITE\"
+ ${result} = Execute ozone sh volume setacl ${volume3} -al
user:superuser1:rwxy,group:superuser1:a
+ ${result} = Execute ozone sh volume getacl ${volume3}
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\",
\"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+ Should Match Regexp ${result} \"type\" :
\"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"ALL\"
+
+Test Bucket Acls
+ ${result} = Execute ozone sh bucket create ${volume3}/bk1
+ Should not contain ${result} Failed
+ ${result} = Execute ozone sh bucket getacl ${volume3}/bk1
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \".*\",\n.*\"aclList\" : . \"ALL\" .
+ ${result} = Execute ozone sh bucket addacl ${volume3}/bk1
-a user:superuser1:rwxy
+ ${result} = Execute ozone sh bucket getacl ${volume3}/bk1
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\",
\"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+ ${result} = Execute ozone sh bucket removeacl
${volume3}/bk1 -a user:superuser1:xy
+ ${result} = Execute ozone sh bucket getacl ${volume3}/bk1
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"READ\", \"WRITE\"
+ ${result} = Execute ozone sh bucket setacl ${volume3}/bk1
-al user:superuser1:rwxy,group:superuser1:a
+ ${result} = Execute ozone sh bucket getacl ${volume3}/bk1
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\",
\"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+ Should Match Regexp ${result} \"type\" :
\"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"ALL\"
+
+Test key Acls
+ Execute ozone sh key put ${volume3}/bk1/key1
/opt/hadoop/NOTICE.txt
+ ${result} = Execute ozone sh key getacl ${volume3}/bk1/key1
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \".*\",\n.*\"aclList\" : . \"ALL\" .
+ ${result} = Execute ozone sh key addacl
${volume3}/bk1/key1 -a user:superuser1:rwxy
+ ${result} = Execute ozone sh key getacl ${volume3}/bk1/key1
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\",
\"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+ ${result} = Execute ozone sh key removeacl
${volume3}/bk1/key1 -a user:superuser1:xy
+ ${result} = Execute ozone sh key getacl ${volume3}/bk1/key1
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"READ\", \"WRITE\"
+ ${result} = Execute ozone sh key setacl
${volume3}/bk1/key1 -al user:superuser1:rwxy,group:superuser1:a
+ ${result} = Execute ozone sh key getacl ${volume3}/bk1/key1
+ Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1*\",\n.*\"aclList\" : . \"READ\",
\"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
+ Should Match Regexp ${result} \"type\" :
\"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclList\" : . \"ALL\"
\ No newline at end of file
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/protocolPB/OzoneManagerRequestHandler.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/protocolPB/OzoneManagerRequestHandler.java
index 6ea1a2b..69f3b1c 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/protocolPB/OzoneManagerRequestHandler.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/protocolPB/OzoneManagerRequestHandler.java
@@ -411,7 +411,8 @@ public class OzoneManagerRequestHandler implements
RequestHandler {
private SetAclResponse setAcl(SetAclRequest req) throws IOException {
List<OzoneAcl> ozoneAcl = new ArrayList<>();
- req.getAclList().forEach(a -> ozoneAcl.add(OzoneAcl.fromProtobuf(a)));
+ req.getAclList().forEach(a ->
+ ozoneAcl.add(OzoneAcl.fromProtobuf(a)));
boolean response = impl.setAcl(OzoneObjInfo.fromProtobuf(req.getObj()),
ozoneAcl);
return SetAclResponse.newBuilder().setResponse(response).build();
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/AddAclBucketHandler.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/AddAclBucketHandler.java
new file mode 100644
index 0000000..6b32f64
--- /dev/null
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/AddAclBucketHandler.java
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.web.ozShell.bucket;
+
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.ozone.web.ozShell.Handler;
+import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
+import org.apache.hadoop.ozone.web.ozShell.Shell;
+import org.apache.hadoop.ozone.web.utils.JsonUtils;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Parameters;
+
+import java.util.Objects;
+
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+
+/**
+ * Add acl handler for bucket.
+ */
+@Command(name = "addacl",
+ description = "Add a new Acl.")
+public class AddAclBucketHandler extends Handler {
+
+ @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION)
+ private String uri;
+
+ @CommandLine.Option(names = {"--acl", "-a"},
+ required = true,
+ description = "new acl." +
+ "r = READ," +
+ "w = WRITE," +
+ "c = CREATE," +
+ "d = DELETE," +
+ "l = LIST," +
+ "a = ALL," +
+ "n = NONE," +
+ "x = READ_AC," +
+ "y = WRITE_AC" +
+ "Ex user:user1:rw or group:hadoop:rw")
+ private String acl;
+
+ @CommandLine.Option(names = {"--store", "-s"},
+ required = false,
+ description = "store type. i.e OZONE or S3")
+ private String storeType;
+
+ /**
+ * Executes the Client Calls.
+ */
+ @Override
+ public Void call() throws Exception {
+ Objects.requireNonNull(acl, "New acl to be added not specified.");
+ OzoneAddress address = new OzoneAddress(uri);
+ address.ensureBucketAddress();
+ OzoneClient client = address.createClient(createOzoneConfiguration());
+
+ String volumeName = address.getVolumeName();
+ String bucketName = address.getBucketName();
+
+ if (isVerbose()) {
+ System.out.printf("Volume Name : %s%n", volumeName);
+ System.out.printf("Bucket Name : %s%n", bucketName);
+ }
+
+ OzoneObj obj = OzoneObjInfo.Builder.newBuilder()
+ .setBucketName(bucketName)
+ .setVolumeName(volumeName)
+ .setResType(OzoneObj.ResourceType.BUCKET)
+ .setStoreType(storeType == null ? OZONE :
+ OzoneObj.StoreType.valueOf(storeType))
+ .build();
+
+ boolean result = client.getObjectStore().addAcl(obj,
+ OzoneAcl.parseAcl(acl));
+
+ System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
+ JsonUtils.toJsonString("Acl set successfully: " + result)));
+ client.close();
+ return null;
+ }
+
+}
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/BucketCommands.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/BucketCommands.java
index 64dc91b..6c9de4d 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/BucketCommands.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/BucketCommands.java
@@ -39,7 +39,11 @@ import picocli.CommandLine.ParentCommand;
ListBucketHandler.class,
CreateBucketHandler.class,
UpdateBucketHandler.class,
- DeleteBucketHandler.class
+ DeleteBucketHandler.class,
+ AddAclBucketHandler.class,
+ RemoveAclBucketHandler.class,
+ GetAclBucketHandler.class,
+ SetAclBucketHandler.class
},
mixinStandardHelpOptions = true,
versionProvider = HddsVersionProvider.class)
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/GetAclBucketHandler.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/GetAclBucketHandler.java
new file mode 100644
index 0000000..0bb967c
--- /dev/null
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/GetAclBucketHandler.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.web.ozShell.bucket;
+
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.ozone.web.ozShell.Handler;
+import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
+import org.apache.hadoop.ozone.web.ozShell.Shell;
+import org.apache.hadoop.ozone.web.utils.JsonUtils;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Parameters;
+
+import java.util.List;
+
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+
+/**
+ * Get acl handler for bucket.
+ */
+@Command(name = "getacl",
+ description = "List all acls.")
+public class GetAclBucketHandler extends Handler {
+
+ @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION)
+ private String uri;
+
+ @CommandLine.Option(names = {"--store", "-s"},
+ required = false,
+ description = "store type. i.e OZONE or S3")
+ private String storeType;
+
+ /**
+ * Executes the Client Calls.
+ */
+ @Override
+ public Void call() throws Exception {
+ OzoneAddress address = new OzoneAddress(uri);
+ address.ensureBucketAddress();
+ OzoneClient client = address.createClient(createOzoneConfiguration());
+
+ String volumeName = address.getVolumeName();
+ String bucketName = address.getBucketName();
+
+ if (isVerbose()) {
+ System.out.printf("Volume Name : %s%n", volumeName);
+ System.out.printf("Bucket Name : %s%n", bucketName);
+ }
+
+ OzoneObj obj = OzoneObjInfo.Builder.newBuilder()
+ .setBucketName(bucketName)
+ .setVolumeName(volumeName)
+ .setResType(OzoneObj.ResourceType.BUCKET)
+ .setStoreType(storeType == null ? OZONE :
+ OzoneObj.StoreType.valueOf(storeType))
+ .build();
+
+ List<OzoneAcl> result = client.getObjectStore().getAcl(obj);
+
+ System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
+ JsonUtils.toJsonString(result)));
+ client.close();
+ return null;
+ }
+
+}
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/RemoveAclBucketHandler.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/RemoveAclBucketHandler.java
new file mode 100644
index 0000000..635c34b
--- /dev/null
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/RemoveAclBucketHandler.java
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.web.ozShell.bucket;
+
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.ozone.web.ozShell.Handler;
+import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
+import org.apache.hadoop.ozone.web.ozShell.Shell;
+import org.apache.hadoop.ozone.web.utils.JsonUtils;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Parameters;
+
+import java.util.Objects;
+
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+
+/**
+ * Executes Info bucket.
+ */
+@Command(name = "removeacl",
+ description = "Remove an acl.")
+public class RemoveAclBucketHandler extends Handler {
+
+ @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION)
+ private String uri;
+
+ @CommandLine.Option(names = {"--acl", "-a"},
+ required = true,
+ description = "Remove acl." +
+ "r = READ," +
+ "w = WRITE," +
+ "c = CREATE," +
+ "d = DELETE," +
+ "l = LIST," +
+ "a = ALL," +
+ "n = NONE," +
+ "x = READ_AC," +
+ "y = WRITE_AC" +
+ "Ex user:user1:rw or group:hadoop:rw")
+ private String acl;
+
+ @CommandLine.Option(names = {"--store", "-s"},
+ required = false,
+ description = "store type. i.e OZONE or S3")
+ private String storeType;
+
+ /**
+ * Remove acl handler for bucket.
+ */
+ @Override
+ public Void call() throws Exception {
+ Objects.requireNonNull(acl, "New acl to be added not specified.");
+ OzoneAddress address = new OzoneAddress(uri);
+ address.ensureBucketAddress();
+ OzoneClient client = address.createClient(createOzoneConfiguration());
+
+ String volumeName = address.getVolumeName();
+ String bucketName = address.getBucketName();
+
+ if (isVerbose()) {
+ System.out.printf("Volume Name : %s%n", volumeName);
+ System.out.printf("Bucket Name : %s%n", bucketName);
+ }
+
+ OzoneObj obj = OzoneObjInfo.Builder.newBuilder()
+ .setBucketName(bucketName)
+ .setVolumeName(volumeName)
+ .setResType(OzoneObj.ResourceType.BUCKET)
+ .setStoreType(storeType == null ? OZONE :
+ OzoneObj.StoreType.valueOf(storeType))
+ .build();
+
+ boolean result = client.getObjectStore().removeAcl(obj,
+ OzoneAcl.parseAcl(acl));
+
+ System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
+ JsonUtils.toJsonString("Acl removed successfully: " + result)));
+ client.close();
+ return null;
+ }
+
+}
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/SetAclBucketHandler.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/SetAclBucketHandler.java
new file mode 100644
index 0000000..2fc43f9
--- /dev/null
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/SetAclBucketHandler.java
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.web.ozShell.bucket;
+
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.ozone.web.ozShell.Handler;
+import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
+import org.apache.hadoop.ozone.web.ozShell.Shell;
+import org.apache.hadoop.ozone.web.utils.JsonUtils;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Parameters;
+
+import java.util.Objects;
+
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+
+/**
+ * Set acl handler for bucket.
+ */
+@Command(name = "setacl",
+ description = "Set acls.")
+public class SetAclBucketHandler extends Handler {
+
+ @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION)
+ private String uri;
+
+ @CommandLine.Option(names = {"--acls", "-al"},
+ required = true,
+ description = "Comma seperated acls." +
+ "r = READ," +
+ "w = WRITE," +
+ "c = CREATE," +
+ "d = DELETE," +
+ "l = LIST," +
+ "a = ALL," +
+ "n = NONE," +
+ "x = READ_AC," +
+ "y = WRITE_AC" +
+ "Ex user:user1:rw,user:user2:a,group:hadoop:a")
+ private String acls;
+
+ @CommandLine.Option(names = {"--store", "-s"},
+ required = false,
+ description = "store type. i.e OZONE or S3")
+ private String storeType;
+
+ /**
+ * Executes the Client Calls.
+ */
+ @Override
+ public Void call() throws Exception {
+ Objects.requireNonNull(acls, "Acls to be set not specified.");
+ OzoneAddress address = new OzoneAddress(uri);
+ address.ensureBucketAddress();
+ OzoneClient client = address.createClient(createOzoneConfiguration());
+
+ String volumeName = address.getVolumeName();
+ String bucketName = address.getBucketName();
+
+ if (isVerbose()) {
+ System.out.printf("Volume Name : %s%n", volumeName);
+ System.out.printf("Bucket Name : %s%n", bucketName);
+ }
+
+ OzoneObj obj = OzoneObjInfo.Builder.newBuilder()
+ .setBucketName(bucketName)
+ .setVolumeName(volumeName)
+ .setResType(OzoneObj.ResourceType.BUCKET)
+ .setStoreType(storeType == null ? OZONE :
+ OzoneObj.StoreType.valueOf(storeType))
+ .build();
+
+ boolean result = client.getObjectStore().setAcl(obj,
+ OzoneAcl.parseAcls(acls));
+
+ System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
+ JsonUtils.toJsonString("Acl set successfully: " + result)));
+ client.close();
+ return null;
+ }
+
+}
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/AddAclKeyHandler.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/AddAclKeyHandler.java
new file mode 100644
index 0000000..13298dc
--- /dev/null
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/AddAclKeyHandler.java
@@ -0,0 +1,104 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.web.ozShell.keys;
+
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.ozone.web.ozShell.Handler;
+import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
+import org.apache.hadoop.ozone.web.ozShell.Shell;
+import org.apache.hadoop.ozone.web.utils.JsonUtils;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Parameters;
+
+import java.util.Objects;
+
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+
+/**
+ * Add acl handler for key.
+ */
+@Command(name = "addacl",
+ description = "Add a new Acl.")
+public class AddAclKeyHandler extends Handler {
+
+ @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION)
+ private String uri;
+
+ @CommandLine.Option(names = {"--acl", "-a"},
+ required = true,
+ description = "Add acl." +
+ "r = READ," +
+ "w = WRITE," +
+ "c = CREATE," +
+ "d = DELETE," +
+ "l = LIST," +
+ "a = ALL," +
+ "n = NONE," +
+ "x = READ_AC," +
+ "y = WRITE_AC" +
+ "Ex user:user1:rw or group:hadoop:rw")
+ private String acl;
+
+ @CommandLine.Option(names = {"--store", "-s"},
+ required = false,
+ description = "store type. i.e OZONE or S3")
+ private String storeType;
+
+ /**
+ * Executes the Client Calls.
+ */
+ @Override
+ public Void call() throws Exception {
+ Objects.requireNonNull(acl, "New acl to be added not specified.");
+ OzoneAddress address = new OzoneAddress(uri);
+ address.ensureKeyAddress();
+ OzoneClient client = address.createClient(createOzoneConfiguration());
+
+ String volumeName = address.getVolumeName();
+ String bucketName = address.getBucketName();
+ String keyName = address.getKeyName();
+
+ if (isVerbose()) {
+ System.out.printf("Volume Name : %s%n", volumeName);
+ System.out.printf("Bucket Name : %s%n", bucketName);
+ System.out.printf("Key Name : %s%n", keyName);
+ }
+
+ OzoneObj obj = OzoneObjInfo.Builder.newBuilder()
+ .setBucketName(bucketName)
+ .setVolumeName(volumeName)
+ .setKeyName(address.getKeyName())
+ .setResType(OzoneObj.ResourceType.KEY)
+ .setStoreType(storeType == null ? OZONE :
+ OzoneObj.StoreType.valueOf(storeType))
+ .build();
+
+ boolean result = client.getObjectStore().addAcl(obj,
+ OzoneAcl.parseAcl(acl));
+
+ System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
+ JsonUtils.toJsonString("Acl set successfully: " + result)));
+ client.close();
+ return null;
+ }
+
+}
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/GetAclKeyHandler.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/GetAclKeyHandler.java
new file mode 100644
index 0000000..edfa66a
--- /dev/null
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/GetAclKeyHandler.java
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.web.ozShell.keys;
+
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.ozone.web.ozShell.Handler;
+import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
+import org.apache.hadoop.ozone.web.ozShell.Shell;
+import org.apache.hadoop.ozone.web.utils.JsonUtils;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Parameters;
+
+import java.util.List;
+
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+
+/**
+ * Get acl handler for Key.
+ */
+@Command(name = "getacl",
+ description = "List all acls.")
+public class GetAclKeyHandler extends Handler {
+
+ @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION)
+ private String uri;
+
+ @CommandLine.Option(names = {"--store", "-s"},
+ required = false,
+ description = "store type. i.e OZONE or S3")
+ private String storeType;
+
+ /**
+ * Executes the Client Calls.
+ */
+ @Override
+ public Void call() throws Exception {
+ OzoneAddress address = new OzoneAddress(uri);
+ address.ensureKeyAddress();
+ OzoneClient client = address.createClient(createOzoneConfiguration());
+
+ String volumeName = address.getVolumeName();
+ String bucketName = address.getBucketName();
+ String keyName = address.getKeyName();
+
+ if (isVerbose()) {
+ System.out.printf("Volume Name : %s%n", volumeName);
+ System.out.printf("Bucket Name : %s%n", bucketName);
+ System.out.printf("Key Name : %s%n", keyName);
+ }
+
+ OzoneObj obj = OzoneObjInfo.Builder.newBuilder()
+ .setBucketName(bucketName)
+ .setVolumeName(volumeName)
+ .setKeyName(keyName)
+ .setResType(OzoneObj.ResourceType.KEY)
+ .setStoreType(storeType == null ? OZONE :
+ OzoneObj.StoreType.valueOf(storeType))
+ .build();
+
+ List<OzoneAcl> result = client.getObjectStore().getAcl(obj);
+
+ System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
+ JsonUtils.toJsonString(result)));
+ client.close();
+ return null;
+ }
+
+}
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/KeyCommands.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/KeyCommands.java
index 405c3c5..4de97c5 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/KeyCommands.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/KeyCommands.java
@@ -40,7 +40,11 @@ import picocli.CommandLine.ParentCommand;
GetKeyHandler.class,
PutKeyHandler.class,
RenameKeyHandler.class,
- DeleteKeyHandler.class
+ DeleteKeyHandler.class,
+ AddAclKeyHandler.class,
+ RemoveAclKeyHandler.class,
+ SetAclKeyHandler.class,
+ GetAclKeyHandler.class
},
mixinStandardHelpOptions = true,
versionProvider = HddsVersionProvider.class)
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/RemoveAclKeyHandler.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/RemoveAclKeyHandler.java
new file mode 100644
index 0000000..1359721
--- /dev/null
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/RemoveAclKeyHandler.java
@@ -0,0 +1,104 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.web.ozShell.keys;
+
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.ozone.web.ozShell.Handler;
+import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
+import org.apache.hadoop.ozone.web.ozShell.Shell;
+import org.apache.hadoop.ozone.web.utils.JsonUtils;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Parameters;
+
+import java.util.Objects;
+
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+
+/**
+ * Remove acl handler for key.
+ */
+@Command(name = "removeacl",
+ description = "Remove an acl.")
+public class RemoveAclKeyHandler extends Handler {
+
+ @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION)
+ private String uri;
+
+ @CommandLine.Option(names = {"--acl", "-a"},
+ required = true,
+ description = "Remove acl." +
+ "r = READ," +
+ "w = WRITE," +
+ "c = CREATE," +
+ "d = DELETE," +
+ "l = LIST," +
+ "a = ALL," +
+ "n = NONE," +
+ "x = READ_AC," +
+ "y = WRITE_AC" +
+ "Ex user:user1:rw or group:hadoop:rw")
+ private String acl;
+
+ @CommandLine.Option(names = {"--store", "-s"},
+ required = false,
+ description = "store type. i.e OZONE or S3")
+ private String storeType;
+
+ /**
+ * Executes the Client Calls.
+ */
+ @Override
+ public Void call() throws Exception {
+ Objects.requireNonNull(acl, "New acl to be added not specified.");
+ OzoneAddress address = new OzoneAddress(uri);
+ address.ensureKeyAddress();
+ OzoneClient client = address.createClient(createOzoneConfiguration());
+
+ String volumeName = address.getVolumeName();
+ String bucketName = address.getBucketName();
+ String keyName = address.getKeyName();
+
+ if (isVerbose()) {
+ System.out.printf("Volume Name : %s%n", volumeName);
+ System.out.printf("Bucket Name : %s%n", bucketName);
+ System.out.printf("Key Name : %s%n", keyName);
+ }
+
+ OzoneObj obj = OzoneObjInfo.Builder.newBuilder()
+ .setBucketName(bucketName)
+ .setVolumeName(volumeName)
+ .setKeyName(keyName)
+ .setResType(OzoneObj.ResourceType.KEY)
+ .setStoreType(storeType == null ? OZONE :
+ OzoneObj.StoreType.valueOf(storeType))
+ .build();
+
+ boolean result = client.getObjectStore().removeAcl(obj,
+ OzoneAcl.parseAcl(acl));
+
+ System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
+ JsonUtils.toJsonString("Acl set successfully: " + result)));
+ client.close();
+ return null;
+ }
+
+}
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/SetAclKeyHandler.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/SetAclKeyHandler.java
new file mode 100644
index 0000000..3973305
--- /dev/null
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/keys/SetAclKeyHandler.java
@@ -0,0 +1,103 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.web.ozShell.keys;
+
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.ozone.web.ozShell.Handler;
+import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
+import org.apache.hadoop.ozone.web.ozShell.Shell;
+import org.apache.hadoop.ozone.web.utils.JsonUtils;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Parameters;
+
+import java.util.Objects;
+
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+
+/**
+ * Set acl handler for Key.
+ */
+@Command(name = "setacl",
+ description = "Set acls.")
+public class SetAclKeyHandler extends Handler {
+
+ @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION)
+ private String uri;
+
+ @CommandLine.Option(names = {"--acls", "-al"},
+ required = true,
+ description = "Comma separated acls." +
+ "r = READ," +
+ "w = WRITE," +
+ "c = CREATE," +
+ "d = DELETE," +
+ "l = LIST," +
+ "a = ALL," +
+ "n = NONE," +
+ "x = READ_AC," +
+ "y = WRITE_AC" +
+ "Ex user:user1:rw,user:user2:a,group:hadoop:a")
+ private String acls;
+
+ @CommandLine.Option(names = {"--store", "-s"},
+ required = false,
+ description = "store type. i.e OZONE or S3")
+ private String storeType;
+
+ /**
+ * Executes the Client Calls.
+ */
+ @Override
+ public Void call() throws Exception {
+ Objects.requireNonNull(acls, "New acls to be added not specified.");
+ OzoneAddress address = new OzoneAddress(uri);
+ address.ensureKeyAddress();
+ OzoneClient client = address.createClient(createOzoneConfiguration());
+
+ String volumeName = address.getVolumeName();
+ String bucketName = address.getBucketName();
+ String keyName = address.getKeyName();
+
+ if (isVerbose()) {
+ System.out.printf("Volume Name : %s%n", volumeName);
+ System.out.printf("Bucket Name : %s%n", bucketName);
+ }
+
+ OzoneObj obj = OzoneObjInfo.Builder.newBuilder()
+ .setBucketName(bucketName)
+ .setVolumeName(volumeName)
+ .setKeyName(keyName)
+ .setResType(OzoneObj.ResourceType.KEY)
+ .setStoreType(storeType == null ? OZONE :
+ OzoneObj.StoreType.valueOf(storeType))
+ .build();
+
+ boolean result = client.getObjectStore().setAcl(obj,
+ OzoneAcl.parseAcls(acls));
+
+ System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
+ JsonUtils.toJsonString("Acl set successfully: " + result)));
+ client.close();
+ return null;
+ }
+
+}
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/AddAclVolumeHandler.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/AddAclVolumeHandler.java
new file mode 100644
index 0000000..acce648
--- /dev/null
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/AddAclVolumeHandler.java
@@ -0,0 +1,98 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.web.ozShell.volume;
+
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.ozone.web.ozShell.Handler;
+import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
+import org.apache.hadoop.ozone.web.ozShell.Shell;
+import org.apache.hadoop.ozone.web.utils.JsonUtils;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Parameters;
+
+import java.util.Objects;
+
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+
+/**
+ * Add acl handler for volume.
+ */
+@Command(name = "addacl",
+ description = "Add a new Acl.")
+public class AddAclVolumeHandler extends Handler {
+
+ @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION)
+ private String uri;
+
+ @CommandLine.Option(names = {"--acl", "-a"},
+ required = true,
+ description = "Add acl." +
+ "r = READ," +
+ "w = WRITE," +
+ "c = CREATE," +
+ "d = DELETE," +
+ "l = LIST," +
+ "a = ALL," +
+ "n = NONE," +
+ "x = READ_AC," +
+ "y = WRITE_AC" +
+ "Ex user:user1:rw or group:hadoop:rw")
+ private String acl;
+
+ @CommandLine.Option(names = {"--store", "-s"},
+ required = false,
+ description = "store type. i.e OZONE or S3")
+ private String storeType;
+
+ /**
+ * Executes the Client Calls.
+ */
+ @Override
+ public Void call() throws Exception {
+ Objects.requireNonNull(acl, "New acl to be added not specified.");
+ OzoneAddress address = new OzoneAddress(uri);
+ address.ensureVolumeAddress();
+ OzoneClient client = address.createClient(createOzoneConfiguration());
+
+ String volumeName = address.getVolumeName();
+
+ if (isVerbose()) {
+ System.out.printf("Volume Name : %s%n", volumeName);
+ }
+
+ OzoneObj obj = OzoneObjInfo.Builder.newBuilder()
+ .setVolumeName(volumeName)
+ .setResType(OzoneObj.ResourceType.VOLUME)
+ .setStoreType(storeType == null ? OZONE :
+ OzoneObj.StoreType.valueOf(storeType))
+ .build();
+
+ boolean result = client.getObjectStore().addAcl(obj,
+ OzoneAcl.parseAcl(acl));
+
+ System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
+ JsonUtils.toJsonString("Acl set successfully: " + result)));
+ client.close();
+ return null;
+ }
+
+}
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/GetAclVolumeHandler.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/GetAclVolumeHandler.java
new file mode 100644
index 0000000..b4be3f8
--- /dev/null
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/GetAclVolumeHandler.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.web.ozShell.volume;
+
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.ozone.web.ozShell.Handler;
+import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
+import org.apache.hadoop.ozone.web.ozShell.Shell;
+import org.apache.hadoop.ozone.web.utils.JsonUtils;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Parameters;
+
+import java.util.List;
+
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+
+/**
+ * Get acl handler for volume.
+ */
+@Command(name = "getacl",
+ description = "List all acls.")
+public class GetAclVolumeHandler extends Handler {
+
+ @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION)
+ private String uri;
+
+ @CommandLine.Option(names = {"--store", "-s"},
+ required = false,
+ description = "store type. i.e OZONE or S3")
+ private String storeType;
+
+ /**
+ * Executes the Client Calls.
+ */
+ @Override
+ public Void call() throws Exception {
+ OzoneAddress address = new OzoneAddress(uri);
+ address.ensureVolumeAddress();
+ OzoneClient client = address.createClient(createOzoneConfiguration());
+ String volumeName = address.getVolumeName();
+
+ if (isVerbose()) {
+ System.out.printf("Volume Name : %s%n", volumeName);
+ }
+
+ OzoneObj obj = OzoneObjInfo.Builder.newBuilder()
+ .setVolumeName(volumeName)
+ .setResType(OzoneObj.ResourceType.VOLUME)
+ .setStoreType(storeType == null ? OZONE :
+ OzoneObj.StoreType.valueOf(storeType))
+ .build();
+ List<OzoneAcl> result = client.getObjectStore().getAcl(obj);
+ System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
+ JsonUtils.toJsonString(result)));
+ client.close();
+ return null;
+ }
+
+}
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/RemoveAclVolumeHandler.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/RemoveAclVolumeHandler.java
new file mode 100644
index 0000000..9b3420b
--- /dev/null
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/RemoveAclVolumeHandler.java
@@ -0,0 +1,98 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.web.ozShell.volume;
+
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.ozone.web.ozShell.Handler;
+import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
+import org.apache.hadoop.ozone.web.ozShell.Shell;
+import org.apache.hadoop.ozone.web.utils.JsonUtils;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Parameters;
+
+import java.util.Objects;
+
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+
+/**
+ * Remove acl handler for volume.
+ */
+@Command(name = "removeacl",
+ description = "Remove an acl.")
+public class RemoveAclVolumeHandler extends Handler {
+
+ @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION)
+ private String uri;
+
+ @CommandLine.Option(names = {"--acl", "-a"},
+ required = true,
+ description = "Remove acl." +
+ "r = READ," +
+ "w = WRITE," +
+ "c = CREATE," +
+ "d = DELETE," +
+ "l = LIST," +
+ "a = ALL," +
+ "n = NONE," +
+ "x = READ_AC," +
+ "y = WRITE_AC" +
+ "Ex user:user1:rw or group:hadoop:rw")
+ private String acl;
+
+ @CommandLine.Option(names = {"--store", "-s"},
+ required = false,
+ description = "store type. i.e OZONE or S3")
+ private String storeType;
+
+ /**
+ * Executes the Client Calls.
+ */
+ @Override
+ public Void call() throws Exception {
+ Objects.requireNonNull(acl, "New acl to be added not specified.");
+ OzoneAddress address = new OzoneAddress(uri);
+ address.ensureVolumeAddress();
+ OzoneClient client = address.createClient(createOzoneConfiguration());
+
+ String volumeName = address.getVolumeName();
+
+ if (isVerbose()) {
+ System.out.printf("Volume Name : %s%n", volumeName);
+ }
+
+ OzoneObj obj = OzoneObjInfo.Builder.newBuilder()
+ .setVolumeName(volumeName)
+ .setResType(OzoneObj.ResourceType.VOLUME)
+ .setStoreType(storeType == null ? OZONE :
+ OzoneObj.StoreType.valueOf(storeType))
+ .build();
+
+ boolean result = client.getObjectStore().removeAcl(obj,
+ OzoneAcl.parseAcl(acl));
+
+ System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
+ JsonUtils.toJsonString("Acl removed successfully: " + result)));
+ client.close();
+ return null;
+ }
+
+}
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/SetAclVolumeHandler.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/SetAclVolumeHandler.java
new file mode 100644
index 0000000..e3299e3
--- /dev/null
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/SetAclVolumeHandler.java
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.ozone.web.ozShell.volume;
+
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.ozone.web.ozShell.Handler;
+import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
+import org.apache.hadoop.ozone.web.ozShell.Shell;
+import org.apache.hadoop.ozone.web.utils.JsonUtils;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Parameters;
+
+import java.util.Objects;
+
+import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE;
+
+/**
+ * Set acl handler for volume.
+ */
+@Command(name = "setacl",
+ description = "Set acls.")
+public class SetAclVolumeHandler extends Handler {
+
+ @Parameters(arity = "1..1", description = Shell.OZONE_BUCKET_URI_DESCRIPTION)
+ private String uri;
+
+ @CommandLine.Option(names = {"--acls", "-al"},
+ required = true,
+ description = "Comma separated acls." +
+ "r = READ," +
+ "w = WRITE," +
+ "c = CREATE," +
+ "d = DELETE," +
+ "l = LIST," +
+ "a = ALL," +
+ "n = NONE," +
+ "x = READ_AC," +
+ "y = WRITE_AC" +
+ "Ex user:user1:rw,user:user2:a,group:hadoop:a")
+ private String acls;
+
+ @CommandLine.Option(names = {"--store", "-s"},
+ required = false,
+ description = "store type. i.e OZONE or S3")
+ private String storeType;
+
+ /**
+ * Executes the Client Calls.
+ */
+ @Override
+ public Void call() throws Exception {
+ Objects.requireNonNull(acls, "New acls to be added not specified.");
+ OzoneAddress address = new OzoneAddress(uri);
+ address.ensureVolumeAddress();
+ OzoneClient client = address.createClient(createOzoneConfiguration());
+
+ String volumeName = address.getVolumeName();
+ String bucketName = address.getBucketName();
+
+ if (isVerbose()) {
+ System.out.printf("Volume Name : %s%n", volumeName);
+ System.out.printf("Bucket Name : %s%n", bucketName);
+ }
+
+ OzoneObj obj = OzoneObjInfo.Builder.newBuilder()
+ .setBucketName(bucketName)
+ .setVolumeName(volumeName)
+ .setResType(OzoneObj.ResourceType.VOLUME)
+ .setStoreType(storeType == null ? OZONE :
+ OzoneObj.StoreType.valueOf(storeType))
+ .build();
+ System.out.printf(" acls" +acls.length() + " " + acls);
+ boolean result = client.getObjectStore().setAcl(obj,
+ OzoneAcl.parseAcls(acls));
+
+ System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
+ JsonUtils.toJsonString("Acl set successfully: " + result)));
+ client.close();
+ return null;
+ }
+
+}
diff --git
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/VolumeCommands.java
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/VolumeCommands.java
index 4fb71c3..833457b 100644
---
a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/VolumeCommands.java
+++
b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/volume/VolumeCommands.java
@@ -40,7 +40,11 @@ import picocli.CommandLine.ParentCommand;
ListVolumeHandler.class,
CreateVolumeHandler.class,
UpdateVolumeHandler.class,
- DeleteVolumeHandler.class
+ DeleteVolumeHandler.class,
+ AddAclVolumeHandler.class,
+ RemoveAclVolumeHandler.class,
+ SetAclVolumeHandler.class,
+ GetAclVolumeHandler.class
},
mixinStandardHelpOptions = true,
versionProvider = HddsVersionProvider.class)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org
