[
https://issues.apache.org/jira/browse/HDFS-5758?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Nauroth updated HDFS-5758:
--------------------------------
Attachment: HDFS-5758.2.patch
I'm uploading patch version 2. This is the complete patch this time, including
full tests. Some of the new tests exposed bugs, which I've also fixed in this
patch. Here is a summary of the changes since last time:
# {{DFSClient}}: I updated the client-side exception mapping to include
{{AclException}}.
# {{AclStorage#updateINodeAcl}}: I added a check here to reject attempts to set
a default ACL on a file. Default ACLs are only applicable to directories.
# {{AclTransformation#filterExtendedAclEntries}}: Previously, during code
review of HDFS-5673, we chose to drop this method, but now I'm bringing it
back. We thought that {{removeAcl}} could simply drop the {{AclFeature}} from
the inode. However, it turns out there is an additional complexity in that the
previous ACL group entry needs to be copied back into the group
{{FsPermission}} bits. (Recall that with an ACL, the group {{FsPermission}}
bits actually contain the mask.) The easiest way to handle this was to treat
{{removeAcl}} like every other ACL modification operation and pass it through
{{AclTransformation}}.
# {{AclTransformation#calculateMasks}}: If you use setfacl -x to remove all
extended ACL entries except the mask, then the expected result is that the mask
is recalculated. The logic in here couldn't recognize that a mask was required
in this case, so I've made a small change.
# {{FSDirectory#unprotectedSetPermission}}: I ended up needing to make a small
change here to prevent this API from overwriting the ACL bit in the
{{FsPermission}} bits.
# {{FSDirectory#unprotectedRemoveAcl}}: I updated this to call
{{AclTransformation#filterExtendedAclEntries}} as described above.
# {{TestNameNodeAcl}}: This is now a full test suite covering various usages of
all NameNode ACL modification APIs as well as integration with the existing
{{setPermission}}.
# {{TestSafeMode}}: I also added tests to cover safe mode. {{getAclStatus}} is
the only ACL API that works in safe mode.
# {{TestAclTransformation}}: Tests related to {{filterExtendedAclEntries}} are
back.
# {{TestFSImageWithAcl}}: This had been trying to create a default ACL on a
file, so it was getting rejected by the new validation check in {{AclStorage}}
mentioned above. I changed the test to use a different ACL.
> NameNode: complete implementation of inode modifications for ACLs.
> ------------------------------------------------------------------
>
> Key: HDFS-5758
> URL: https://issues.apache.org/jira/browse/HDFS-5758
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: namenode
> Affects Versions: HDFS ACLs (HDFS-4685)
> Reporter: Chris Nauroth
> Assignee: Chris Nauroth
> Attachments: HDFS-5758.1.patch, HDFS-5758.2.patch
>
>
> This patch will complete the remaining logic for the ACL get and set APIs,
> including remaining work in {{FSNamesystem}}, {{FSDirectory}} and storage in
> the inodes.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
