From b0733ae62cabc921a8ab5860f789eb2dd873c7f9 Mon Sep 17 00:00:00 2001 From: "Doroszlai, Attila" Date: Sat, 3 May 2025 17:28:19 +0200 Subject: [PATCH 1/9] HDDS-12299. Merge OzoneAclConfig into OmConfig --- .../org/apache/hadoop/ozone/om/OmConfig.java | 46 +++++++++++ .../hadoop/ozone/om/helpers/OzoneAclUtil.java | 4 +- .../ozone/security/acl/OzoneAclConfig.java | 76 ------------------- .../ozone/om/helpers/TestOzoneAclUtil.java | 4 +- .../AbstractRootedOzoneFileSystemTest.java | 8 +- .../ozone/client/rpc/OzoneRpcClientTests.java | 4 +- .../ozone/om/TestRecursiveAclWithFSO.java | 5 +- 7 files changed, 58 insertions(+), 89 deletions(-) delete mode 100644 hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneAclConfig.java diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java index f94d05f1be9..7e67425fc43 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java @@ -19,12 +19,16 @@ import com.google.common.base.Preconditions; import java.time.Duration; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; import org.apache.hadoop.hdds.conf.Config; import org.apache.hadoop.hdds.conf.ConfigGroup; import org.apache.hadoop.hdds.conf.ConfigTag; import org.apache.hadoop.hdds.conf.ConfigType; import org.apache.hadoop.hdds.conf.PostConstruct; import org.apache.hadoop.hdds.conf.ReconfigurableConfig; +import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer; /** * Ozone Manager configuration. @@ -81,6 +85,25 @@ public class OmConfig extends ReconfigurableConfig { ) private long ratisBasedFinalizationTimeout = Duration.ofSeconds(30).getSeconds(); + // OM Default user/group permissions + @Config(key = "user.rights", + defaultValue = "ALL", + type = ConfigType.STRING, + tags = {ConfigTag.OM, ConfigTag.SECURITY}, + description = "Default user permissions set for an object in " + + "OzoneManager." + ) + private String userDefaultRights; + + @Config(key = "group.rights", + defaultValue = "READ, LIST", + type = ConfigType.STRING, + tags = {ConfigTag.OM, ConfigTag.SECURITY}, + description = "Default group permissions set for an object in " + + "OzoneManager." + ) + private String groupDefaultRights; + public long getRatisBasedFinalizationTimeout() { return ratisBasedFinalizationTimeout; } @@ -111,6 +134,29 @@ public void setMaxUserVolumeCount(int newValue) { validate(); } + public IAccessAuthorizer.ACLType[] getUserDefaultRights() { + List types = new ArrayList<>(); + if (userDefaultRights == null) { + types.add(IAccessAuthorizer.ACLType.ALL); + } else { + String[] array = userDefaultRights.trim().split(","); + Arrays.stream(array).forEach(t -> types.add(IAccessAuthorizer.ACLType.valueOf(t.trim()))); + } + return types.toArray(new IAccessAuthorizer.ACLType[0]); + } + + public IAccessAuthorizer.ACLType[] getGroupDefaultRights() { + List types = new ArrayList<>(); + if (groupDefaultRights == null) { + types.add(IAccessAuthorizer.ACLType.READ); + types.add(IAccessAuthorizer.ACLType.LIST); + } else { + String[] array = groupDefaultRights.trim().split(","); + Arrays.stream(array).forEach(t -> types.add(IAccessAuthorizer.ACLType.valueOf(t.trim()))); + } + return types.toArray(new IAccessAuthorizer.ACLType[0]); + } + @PostConstruct public void validate() { if (maxListSize <= 0) { diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java index f3af4f73da9..fd8637a8714 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java @@ -30,11 +30,11 @@ import java.util.stream.Stream; import org.apache.hadoop.hdds.conf.OzoneConfiguration; import org.apache.hadoop.ozone.OzoneAcl; +import org.apache.hadoop.ozone.om.OmConfig; import org.apache.hadoop.ozone.om.exceptions.OMException; import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OzoneAclInfo; import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer; import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType; -import org.apache.hadoop.ozone.security.acl.OzoneAclConfig; import org.apache.hadoop.ozone.security.acl.RequestContext; import org.apache.hadoop.security.UserGroupInformation; import org.slf4j.Logger; @@ -62,7 +62,7 @@ private OzoneAclUtil() { public static List getDefaultAclList(UserGroupInformation ugi, OzoneConfiguration conf) { // Get default acl rights for user and group. if (userRights == null || groupRights == null) { - OzoneAclConfig aclConfig = conf.getObject(OzoneAclConfig.class); + OmConfig aclConfig = conf.getObject(OmConfig.class); userRights = aclConfig.getUserDefaultRights(); groupRights = aclConfig.getGroupDefaultRights(); } diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneAclConfig.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneAclConfig.java deleted file mode 100644 index 206ba53df5f..00000000000 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneAclConfig.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.ozone.security.acl; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import org.apache.hadoop.hdds.conf.Config; -import org.apache.hadoop.hdds.conf.ConfigGroup; -import org.apache.hadoop.hdds.conf.ConfigTag; -import org.apache.hadoop.hdds.conf.ConfigType; -import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType; - -/** - * Ozone ACL config pojo. - * */ -@ConfigGroup(prefix = "ozone.om") -public class OzoneAclConfig { - - // OM Default user/group permissions - @Config(key = "user.rights", - defaultValue = "ALL", - type = ConfigType.STRING, - tags = {ConfigTag.OM, ConfigTag.SECURITY}, - description = "Default user permissions set for an object in " + - "OzoneManager." - ) - private String userDefaultRights; - - @Config(key = "group.rights", - defaultValue = "READ, LIST", - type = ConfigType.STRING, - tags = {ConfigTag.OM, ConfigTag.SECURITY}, - description = "Default group permissions set for an object in " + - "OzoneManager." - ) - private String groupDefaultRights; - - public ACLType[] getUserDefaultRights() { - List types = new ArrayList(); - if (userDefaultRights == null) { - types.add(ACLType.ALL); - } else { - String[] array = userDefaultRights.trim().split(","); - Arrays.stream(array).forEach(t -> types.add(ACLType.valueOf(t.trim()))); - } - return types.toArray(new ACLType[0]); - } - - public ACLType[] getGroupDefaultRights() { - List types = new ArrayList(); - if (groupDefaultRights == null) { - types.add(ACLType.READ); - types.add(ACLType.LIST); - } else { - String[] array = groupDefaultRights.trim().split(","); - Arrays.stream(array).forEach(t -> types.add(ACLType.valueOf(t.trim()))); - } - return types.toArray(new ACLType[0]); - } -} diff --git a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java index ac95929cb34..c2bc7f8617a 100644 --- a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java +++ b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java @@ -32,9 +32,9 @@ import java.util.Arrays; import java.util.List; import org.apache.hadoop.ozone.OzoneAcl; +import org.apache.hadoop.ozone.om.OmConfig; import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer; import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType; -import org.apache.hadoop.ozone.security.acl.OzoneAclConfig; import org.apache.hadoop.security.UserGroupInformation; import org.junit.jupiter.api.Test; @@ -181,7 +181,7 @@ private static List getDefaultAcls() { ugi = UserGroupInformation.createRemoteUser("user0"); } - OzoneAclConfig aclConfig = newInstanceOf(OzoneAclConfig.class); + OmConfig aclConfig = newInstanceOf(OmConfig.class); IAccessAuthorizer.ACLType[] userRights = aclConfig.getUserDefaultRights(); IAccessAuthorizer.ACLType[] groupRights = aclConfig.getGroupDefaultRights(); diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java index df4913789f1..c52a030f14c 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java @@ -116,13 +116,13 @@ import org.apache.hadoop.ozone.client.protocol.ClientProtocol; import org.apache.hadoop.ozone.om.OMConfigKeys; import org.apache.hadoop.ozone.om.OMMetrics; +import org.apache.hadoop.ozone.om.OmConfig; import org.apache.hadoop.ozone.om.TrashPolicyOzone; import org.apache.hadoop.ozone.om.exceptions.OMException; import org.apache.hadoop.ozone.om.helpers.BucketLayout; import org.apache.hadoop.ozone.om.helpers.QuotaUtil; import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLIdentityType; import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType; -import org.apache.hadoop.ozone.security.acl.OzoneAclConfig; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.tools.DistCp; import org.apache.hadoop.tools.DistCpOptions; @@ -1190,7 +1190,7 @@ void testSharedTmpDir() throws IOException { // Use ClientProtocol to pass in volume ACL, ObjectStore won't do it ClientProtocol proxy = objectStore.getClientProxy(); // Get default acl rights for user - OzoneAclConfig aclConfig = conf.getObject(OzoneAclConfig.class); + OmConfig aclConfig = conf.getObject(OmConfig.class); ACLType[] userRights = aclConfig.getUserDefaultRights(); // Construct ACL for world access // ACL admin owner, world read+write @@ -1293,7 +1293,7 @@ void testTempMount() throws IOException { // Use ClientProtocol to pass in volume ACL, ObjectStore won't do it ClientProtocol proxy = objectStore.getClientProxy(); // Get default acl rights for user - OzoneAclConfig aclConfig = conf.getObject(OzoneAclConfig.class); + OmConfig aclConfig = conf.getObject(OmConfig.class); ACLType[] userRights = aclConfig.getUserDefaultRights(); // Construct ACL for world access OzoneAcl aclWorldAccess = OzoneAcl.of(ACLIdentityType.WORLD, "", @@ -2273,7 +2273,7 @@ void testNonPrivilegedUserMkdirCreateBucket() throws IOException { ClientProtocol proxy = objectStore.getClientProxy(); // Get default acl rights for user - OzoneAclConfig aclConfig = conf.getObject(OzoneAclConfig.class); + OmConfig aclConfig = conf.getObject(OmConfig.class); ACLType[] userRights = aclConfig.getUserDefaultRights(); // Construct ACL for world access OzoneAcl aclWorldAccess = OzoneAcl.of(ACLIdentityType.WORLD, "", diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/OzoneRpcClientTests.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/OzoneRpcClientTests.java index 0b26710b7e8..80b3efbd2ad 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/OzoneRpcClientTests.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/OzoneRpcClientTests.java @@ -162,6 +162,7 @@ import org.apache.hadoop.ozone.container.keyvalue.KeyValueContainerData; import org.apache.hadoop.ozone.container.keyvalue.helpers.BlockUtils; import org.apache.hadoop.ozone.om.OMMetadataManager; +import org.apache.hadoop.ozone.om.OmConfig; import org.apache.hadoop.ozone.om.OmFailoverProxyUtil; import org.apache.hadoop.ozone.om.OzoneManager; import org.apache.hadoop.ozone.om.ResolvedBucket; @@ -187,7 +188,6 @@ import org.apache.hadoop.ozone.om.ratis.OzoneManagerStateMachine; import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos; import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType; -import org.apache.hadoop.ozone.security.acl.OzoneAclConfig; import org.apache.hadoop.ozone.security.acl.OzoneObj; import org.apache.hadoop.ozone.security.acl.OzoneObjInfo; import org.apache.hadoop.security.UserGroupInformation; @@ -4108,7 +4108,7 @@ private List getAclList(OzoneConfiguration conf) List listOfAcls = new ArrayList<>(); //User ACL UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); - OzoneAclConfig aclConfig = conf.getObject(OzoneAclConfig.class); + OmConfig aclConfig = conf.getObject(OmConfig.class); ACLType[] userRights = aclConfig.getUserDefaultRights(); ACLType[] groupRights = aclConfig.getGroupDefaultRights(); diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java index c609de6eea3..552ce9b0059 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java @@ -41,7 +41,6 @@ import org.apache.hadoop.ozone.client.OzoneVolume; import org.apache.hadoop.ozone.client.protocol.ClientProtocol; import org.apache.hadoop.ozone.om.exceptions.OMException; -import org.apache.hadoop.ozone.security.acl.OzoneAclConfig; import org.apache.hadoop.ozone.security.acl.OzoneObj; import org.apache.hadoop.ozone.security.acl.OzoneObjInfo; import org.apache.hadoop.security.UserGroupInformation; @@ -213,7 +212,7 @@ public void testKeyDefaultACL() throws Exception { List acls = objectStore.getAcl(obj); assertEquals(3, acls.size()); assertEquals(AclTests.ADMIN_UGI.getShortUserName(), acls.get(0).getName()); - OzoneAclConfig aclConfig = cluster().getConf().getObject(OzoneAclConfig.class); + OmConfig aclConfig = cluster().getConf().getObject(OmConfig.class); assertArrayEquals(aclConfig.getUserDefaultRights(), acls.get(0).getAclList().toArray()); assertEquals(AclTests.ADMIN_UGI.getPrimaryGroupName(), acls.get(1).getName()); assertArrayEquals(aclConfig.getGroupDefaultRights(), acls.get(1).getAclList().toArray()); @@ -239,7 +238,7 @@ public void testKeyDefaultACL() throws Exception { List acls = objectStore.getAcl(obj); assertEquals(2, acls.size()); assertEquals(user3.getShortUserName(), acls.get(0).getName()); - OzoneAclConfig aclConfig = cluster().getConf().getObject(OzoneAclConfig.class); + OmConfig aclConfig = cluster().getConf().getObject(OmConfig.class); assertArrayEquals(aclConfig.getUserDefaultRights(), acls.get(0).getAclList().toArray()); assertEquals(user3.getPrimaryGroupName(), acls.get(1).getName()); assertArrayEquals(aclConfig.getGroupDefaultRights(), acls.get(1).getAclList().toArray()); From 767a237675dac1db766ac3e323dcb09e53eaeebb Mon Sep 17 00:00:00 2001 From: "Doroszlai, Attila" Date: Sat, 3 May 2025 17:31:26 +0200 Subject: [PATCH 2/9] use OmConfig from OM in integration test --- .../hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java | 6 +++--- .../org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java index c52a030f14c..7c6926d6d5c 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java @@ -1190,7 +1190,7 @@ void testSharedTmpDir() throws IOException { // Use ClientProtocol to pass in volume ACL, ObjectStore won't do it ClientProtocol proxy = objectStore.getClientProxy(); // Get default acl rights for user - OmConfig aclConfig = conf.getObject(OmConfig.class); + OmConfig aclConfig = cluster.getOzoneManager().getConfig(); ACLType[] userRights = aclConfig.getUserDefaultRights(); // Construct ACL for world access // ACL admin owner, world read+write @@ -1293,7 +1293,7 @@ void testTempMount() throws IOException { // Use ClientProtocol to pass in volume ACL, ObjectStore won't do it ClientProtocol proxy = objectStore.getClientProxy(); // Get default acl rights for user - OmConfig aclConfig = conf.getObject(OmConfig.class); + OmConfig aclConfig = cluster.getOzoneManager().getConfig(); ACLType[] userRights = aclConfig.getUserDefaultRights(); // Construct ACL for world access OzoneAcl aclWorldAccess = OzoneAcl.of(ACLIdentityType.WORLD, "", @@ -2273,7 +2273,7 @@ void testNonPrivilegedUserMkdirCreateBucket() throws IOException { ClientProtocol proxy = objectStore.getClientProxy(); // Get default acl rights for user - OmConfig aclConfig = conf.getObject(OmConfig.class); + OmConfig aclConfig = cluster.getOzoneManager().getConfig(); ACLType[] userRights = aclConfig.getUserDefaultRights(); // Construct ACL for world access OzoneAcl aclWorldAccess = OzoneAcl.of(ACLIdentityType.WORLD, "", diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java index 552ce9b0059..8ba402a9f8e 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java @@ -212,7 +212,7 @@ public void testKeyDefaultACL() throws Exception { List acls = objectStore.getAcl(obj); assertEquals(3, acls.size()); assertEquals(AclTests.ADMIN_UGI.getShortUserName(), acls.get(0).getName()); - OmConfig aclConfig = cluster().getConf().getObject(OmConfig.class); + OmConfig aclConfig = cluster().getOzoneManager().getConfig(); assertArrayEquals(aclConfig.getUserDefaultRights(), acls.get(0).getAclList().toArray()); assertEquals(AclTests.ADMIN_UGI.getPrimaryGroupName(), acls.get(1).getName()); assertArrayEquals(aclConfig.getGroupDefaultRights(), acls.get(1).getAclList().toArray()); @@ -238,7 +238,7 @@ public void testKeyDefaultACL() throws Exception { List acls = objectStore.getAcl(obj); assertEquals(2, acls.size()); assertEquals(user3.getShortUserName(), acls.get(0).getName()); - OmConfig aclConfig = cluster().getConf().getObject(OmConfig.class); + OmConfig aclConfig = cluster().getOzoneManager().getConfig(); assertArrayEquals(aclConfig.getUserDefaultRights(), acls.get(0).getAclList().toArray()); assertEquals(user3.getPrimaryGroupName(), acls.get(1).getName()); assertArrayEquals(aclConfig.getGroupDefaultRights(), acls.get(1).getAclList().toArray()); From eb31b1269e3ff6f1cad40cab9537046b0d9c89a6 Mon Sep 17 00:00:00 2001 From: "Doroszlai, Attila" Date: Sat, 3 May 2025 17:33:19 +0200 Subject: [PATCH 3/9] update rights in OmConfig.setFrom --- .../src/main/java/org/apache/hadoop/ozone/om/OmConfig.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java index 7e67425fc43..adf4b63145c 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java @@ -177,6 +177,8 @@ public void setFrom(OmConfig other) { fileSystemPathEnabled = other.fileSystemPathEnabled; maxListSize = other.maxListSize; maxUserVolumeCount = other.maxUserVolumeCount; + userDefaultRights = other.userDefaultRights; + groupDefaultRights = other.groupDefaultRights; } /** From 9e73ec960c3e33a3a16ea2d12b40d6e8aaabd277 Mon Sep 17 00:00:00 2001 From: "Doroszlai, Attila" Date: Sat, 3 May 2025 17:50:10 +0200 Subject: [PATCH 4/9] store parsed list --- .../org/apache/hadoop/ozone/om/OmConfig.java | 45 ++++++++++--------- .../ozone/security/acl/IAccessAuthorizer.java | 16 ++++++- 2 files changed, 39 insertions(+), 22 deletions(-) diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java index adf4b63145c..e36b6ab5282 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java @@ -19,16 +19,18 @@ import com.google.common.base.Preconditions; import java.time.Duration; -import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.List; +import java.util.function.Supplier; import org.apache.hadoop.hdds.conf.Config; import org.apache.hadoop.hdds.conf.ConfigGroup; import org.apache.hadoop.hdds.conf.ConfigTag; import org.apache.hadoop.hdds.conf.ConfigType; import org.apache.hadoop.hdds.conf.PostConstruct; import org.apache.hadoop.hdds.conf.ReconfigurableConfig; -import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer; +import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType; +import org.apache.ratis.util.MemoizedSupplier; /** * Ozone Manager configuration. @@ -94,6 +96,8 @@ public class OmConfig extends ReconfigurableConfig { "OzoneManager." ) private String userDefaultRights; + private final Supplier> userDefaultRightList = + MemoizedSupplier.valueOf(this::getUserDefaultRightList); @Config(key = "group.rights", defaultValue = "READ, LIST", @@ -103,6 +107,8 @@ public class OmConfig extends ReconfigurableConfig { "OzoneManager." ) private String groupDefaultRights; + private final Supplier> groupDefaultRightList = + MemoizedSupplier.valueOf(this::getGroupDefaultRightList); public long getRatisBasedFinalizationTimeout() { return ratisBasedFinalizationTimeout; @@ -134,27 +140,24 @@ public void setMaxUserVolumeCount(int newValue) { validate(); } - public IAccessAuthorizer.ACLType[] getUserDefaultRights() { - List types = new ArrayList<>(); - if (userDefaultRights == null) { - types.add(IAccessAuthorizer.ACLType.ALL); - } else { - String[] array = userDefaultRights.trim().split(","); - Arrays.stream(array).forEach(t -> types.add(IAccessAuthorizer.ACLType.valueOf(t.trim()))); - } - return types.toArray(new IAccessAuthorizer.ACLType[0]); + public ACLType[] getUserDefaultRights() { + return userDefaultRightList.get().toArray(new ACLType[0]); } - public IAccessAuthorizer.ACLType[] getGroupDefaultRights() { - List types = new ArrayList<>(); - if (groupDefaultRights == null) { - types.add(IAccessAuthorizer.ACLType.READ); - types.add(IAccessAuthorizer.ACLType.LIST); - } else { - String[] array = groupDefaultRights.trim().split(","); - Arrays.stream(array).forEach(t -> types.add(IAccessAuthorizer.ACLType.valueOf(t.trim()))); - } - return types.toArray(new IAccessAuthorizer.ACLType[0]); + private List getUserDefaultRightList() { + return userDefaultRights == null + ? Collections.singletonList(ACLType.ALL) + : ACLType.parseList(userDefaultRights); + } + + public ACLType[] getGroupDefaultRights() { + return groupDefaultRightList.get().toArray(new ACLType[0]); + } + + private List getGroupDefaultRightList() { + return groupDefaultRights == null + ? Collections.unmodifiableList(Arrays.asList(ACLType.READ, ACLType.LIST)) + : ACLType.parseList(groupDefaultRights); } @PostConstruct diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/IAccessAuthorizer.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/IAccessAuthorizer.java index 128939a8714..f030d22b258 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/IAccessAuthorizer.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/IAccessAuthorizer.java @@ -17,7 +17,13 @@ package org.apache.hadoop.ozone.security.acl; +import static java.util.stream.Collectors.toList; + +import java.util.Arrays; import java.util.BitSet; +import java.util.Collections; +import java.util.List; +import java.util.Objects; import org.apache.hadoop.hdds.annotation.InterfaceAudience; import org.apache.hadoop.hdds.annotation.InterfaceStability; import org.apache.hadoop.ozone.OzoneConsts; @@ -119,7 +125,6 @@ public static ACLType getACLRight(String type) { throw new IllegalArgumentException("[" + type + "] ACL right is not " + "recognized"); } - } /** @@ -160,6 +165,15 @@ public static String getAclString(ACLType acl) { throw new IllegalArgumentException("ACL right is not recognized"); } } + + public static List parseList(String conf) { + String[] array = Objects.requireNonNull(conf, "conf == null") + .trim() + .split(","); + return Collections.unmodifiableList(Arrays.stream(array) + .map(each -> ACLType.valueOf(each.trim())) + .collect(toList())); + } } /** From 2a947b2ce1002a3c136e52927ffd0506949f9652 Mon Sep 17 00:00:00 2001 From: "Doroszlai, Attila" Date: Sat, 3 May 2025 18:01:59 +0200 Subject: [PATCH 5/9] pass OMs OmConfig to OzoneAclUtil --- .../hadoop/ozone/om/helpers/OzoneAclUtil.java | 8 +++---- .../request/bucket/OMBucketCreateRequest.java | 2 +- .../file/OMDirectoryCreateRequest.java | 2 +- .../file/OMDirectoryCreateRequestWithFSO.java | 2 +- .../om/request/file/OMFileCreateRequest.java | 2 +- .../file/OMFileCreateRequestWithFSO.java | 2 +- .../om/request/key/OMKeyCreateRequest.java | 2 +- .../key/OMKeyCreateRequestWithFSO.java | 2 +- .../ozone/om/request/key/OMKeyRequest.java | 22 +++++++++---------- .../S3InitiateMultipartUploadRequest.java | 2 +- ...InitiateMultipartUploadRequestWithFSO.java | 2 +- .../S3MultipartUploadCompleteRequest.java | 2 +- .../request/volume/OMVolumeCreateRequest.java | 2 +- 13 files changed, 25 insertions(+), 27 deletions(-) diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java index fd8637a8714..4a8fbf1a81e 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java @@ -28,7 +28,6 @@ import java.util.Objects; import java.util.stream.Collectors; import java.util.stream.Stream; -import org.apache.hadoop.hdds.conf.OzoneConfiguration; import org.apache.hadoop.ozone.OzoneAcl; import org.apache.hadoop.ozone.om.OmConfig; import org.apache.hadoop.ozone.om.exceptions.OMException; @@ -59,12 +58,11 @@ private OzoneAclUtil() { * @param conf current configuration * @return list of OzoneAcls * */ - public static List getDefaultAclList(UserGroupInformation ugi, OzoneConfiguration conf) { + public static List getDefaultAclList(UserGroupInformation ugi, OmConfig conf) { // Get default acl rights for user and group. if (userRights == null || groupRights == null) { - OmConfig aclConfig = conf.getObject(OmConfig.class); - userRights = aclConfig.getUserDefaultRights(); - groupRights = aclConfig.getGroupDefaultRights(); + userRights = conf.getUserDefaultRights(); + groupRights = conf.getGroupDefaultRights(); } List listOfAcls = new ArrayList<>(); // User ACL. diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/bucket/OMBucketCreateRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/bucket/OMBucketCreateRequest.java index e1f15a8246e..2132e42547d 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/bucket/OMBucketCreateRequest.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/bucket/OMBucketCreateRequest.java @@ -323,7 +323,7 @@ private void addDefaultAcls(OmBucketInfo omBucketInfo, OmVolumeArgs omVolumeArgs, OzoneManager ozoneManager) throws OMException { List acls = new ArrayList<>(); // Add default acls - acls.addAll(getDefaultAclList(createUGIForApi(), ozoneManager.getConfiguration())); + acls.addAll(getDefaultAclList(createUGIForApi(), ozoneManager.getConfig())); if (omBucketInfo.getAcls() != null) { // Add acls for bucket creator. acls.addAll(omBucketInfo.getAcls()); diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMDirectoryCreateRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMDirectoryCreateRequest.java index b7adcb6a19d..bd048ea9136 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMDirectoryCreateRequest.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMDirectoryCreateRequest.java @@ -181,7 +181,7 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, Execut dirKeyInfo = createDirectoryKeyInfoWithACL(keyName, keyArgs, baseObjId, omBucketInfo, omPathInfo, trxnLogIndex, - ozoneManager.getDefaultReplicationConfig(), ozoneManager.getConfiguration()); + ozoneManager.getDefaultReplicationConfig(), ozoneManager.getConfig()); missingParentInfos = getAllParentInfo(ozoneManager, keyArgs, missingParents, omBucketInfo, omPathInfo, trxnLogIndex); diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMDirectoryCreateRequestWithFSO.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMDirectoryCreateRequestWithFSO.java index 3ad7cbd17fe..eca6554c504 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMDirectoryCreateRequestWithFSO.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMDirectoryCreateRequestWithFSO.java @@ -152,7 +152,7 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, Execut omPathInfo.getLeafNodeName(), keyArgs, omPathInfo.getLeafNodeObjectId(), omPathInfo.getLastKnownParentId(), trxnLogIndex, - omBucketInfo, omPathInfo, ozoneManager.getConfiguration()); + omBucketInfo, omPathInfo, ozoneManager.getConfig()); OMFileRequest.addDirectoryTableCacheEntries(omMetadataManager, volumeId, bucketId, trxnLogIndex, missingParentInfos, dirInfo); diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMFileCreateRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMFileCreateRequest.java index a76c2182e66..4deb291092d 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMFileCreateRequest.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMFileCreateRequest.java @@ -244,7 +244,7 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, Execut keyArgs.getDataSize(), locations, getFileEncryptionInfo(keyArgs), ozoneManager.getPrefixManager(), omBucketInfo, pathInfo, trxnLogIndex, ozoneManager.getObjectIdFromTxId(trxnLogIndex), - repConfig, ozoneManager.getConfiguration()); + repConfig, ozoneManager.getConfig()); validateEncryptionKeyInfo(omBucketInfo, keyArgs); long openVersion = omKeyInfo.getLatestVersionLocations().getVersion(); diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMFileCreateRequestWithFSO.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMFileCreateRequestWithFSO.java index 6b9a9d76aae..3f5b16ec363 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMFileCreateRequestWithFSO.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/file/OMFileCreateRequestWithFSO.java @@ -168,7 +168,7 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, Execut getFileEncryptionInfo(keyArgs), ozoneManager.getPrefixManager(), bucketInfo, pathInfoFSO, trxnLogIndex, pathInfoFSO.getLeafNodeObjectId(), - repConfig, ozoneManager.getConfiguration()); + repConfig, ozoneManager.getConfig()); validateEncryptionKeyInfo(bucketInfo, keyArgs); long openVersion = omFileInfo.getLatestVersionLocations().getVersion(); diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCreateRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCreateRequest.java index 815005cf104..2cdbe6d44e4 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCreateRequest.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCreateRequest.java @@ -274,7 +274,7 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, Execut keyArgs.getDataSize(), locations, getFileEncryptionInfo(keyArgs), ozoneManager.getPrefixManager(), bucketInfo, pathInfo, trxnLogIndex, ozoneManager.getObjectIdFromTxId(trxnLogIndex), - replicationConfig, ozoneManager.getConfiguration()); + replicationConfig, ozoneManager.getConfig()); validateEncryptionKeyInfo(bucketInfo, keyArgs); diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCreateRequestWithFSO.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCreateRequestWithFSO.java index 806a640b9a9..3672899163b 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCreateRequestWithFSO.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyCreateRequestWithFSO.java @@ -152,7 +152,7 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, Execut getFileEncryptionInfo(keyArgs), ozoneManager.getPrefixManager(), bucketInfo, pathInfoFSO, trxnLogIndex, pathInfoFSO.getLeafNodeObjectId(), - repConfig, ozoneManager.getConfiguration()); + repConfig, ozoneManager.getConfig()); validateEncryptionKeyInfo(bucketInfo, keyArgs); diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyRequest.java index 0a1d4215e84..3242f0f436a 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyRequest.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/key/OMKeyRequest.java @@ -53,7 +53,6 @@ import org.apache.hadoop.hdds.client.ContainerBlockID; import org.apache.hadoop.hdds.client.ECReplicationConfig; import org.apache.hadoop.hdds.client.ReplicationConfig; -import org.apache.hadoop.hdds.conf.OzoneConfiguration; import org.apache.hadoop.hdds.protocol.proto.HddsProtos; import org.apache.hadoop.hdds.scm.container.common.helpers.AllocatedBlock; import org.apache.hadoop.hdds.scm.container.common.helpers.ExcludeList; @@ -68,6 +67,7 @@ import org.apache.hadoop.ozone.om.OMConfigKeys; import org.apache.hadoop.ozone.om.OMMetadataManager; import org.apache.hadoop.ozone.om.OMMetrics; +import org.apache.hadoop.ozone.om.OmConfig; import org.apache.hadoop.ozone.om.OzoneManager; import org.apache.hadoop.ozone.om.PrefixManager; import org.apache.hadoop.ozone.om.ResolvedBucket; @@ -403,7 +403,7 @@ public EncryptedKeyVersion run() throws IOException { protected List getAclsForKey(KeyArgs keyArgs, OmBucketInfo bucketInfo, OMFileRequest.OMPathInfo omPathInfo, - PrefixManager prefixManager, OzoneConfiguration config) throws OMException { + PrefixManager prefixManager, OmConfig config) throws OMException { List acls = new ArrayList<>(); acls.addAll(getDefaultAclList(createUGIForApi(), config)); @@ -463,7 +463,7 @@ protected List getAclsForKey(KeyArgs keyArgs, * @return Acls which inherited parent DEFAULT and keyArgs ACCESS acls. */ protected List getAclsForDir(KeyArgs keyArgs, OmBucketInfo bucketInfo, - OMFileRequest.OMPathInfo omPathInfo, OzoneConfiguration config) throws OMException { + OMFileRequest.OMPathInfo omPathInfo, OmConfig config) throws OMException { // Acls inherited from parent or bucket will convert to DEFAULT scope List acls = new ArrayList<>(); // add default ACLs @@ -528,7 +528,7 @@ protected List getAllMissingParentDirInfo( missingKey); OmDirectoryInfo dirInfo = createDirectoryInfoWithACL(missingKey, keyArgs, nextObjId, lastKnownParentId, trxnLogIndex, - bucketInfo, pathInfo, ozoneManager.getConfiguration()); + bucketInfo, pathInfo, ozoneManager.getConfig()); objectCount++; missingParentInfos.add(dirInfo); @@ -584,7 +584,7 @@ protected List getAllParentInfo(OzoneManager ozoneManager, OmKeyInfo parentKeyInfo = createDirectoryKeyInfoWithACL(missingKey, keyArgs, nextObjId, bucketInfo, omPathInfo, trxnLogIndex, - ozoneManager.getDefaultReplicationConfig(), ozoneManager.getConfiguration()); + ozoneManager.getDefaultReplicationConfig(), ozoneManager.getConfig()); objectCount++; missingParentInfos.add(parentKeyInfo); @@ -609,7 +609,7 @@ protected OmDirectoryInfo createDirectoryInfoWithACL( String dirName, KeyArgs keyArgs, long objectId, long parentObjectId, long transactionIndex, OmBucketInfo bucketInfo, OMFileRequest.OMPathInfo omPathInfo, - OzoneConfiguration config) throws OMException { + OmConfig config) throws OMException { return OmDirectoryInfo.newBuilder() .setName(dirName) .setOwner(keyArgs.getOwnerName()) @@ -640,7 +640,7 @@ protected OmDirectoryInfo createDirectoryInfoWithACL( protected OmKeyInfo createDirectoryKeyInfoWithACL(String keyName, KeyArgs keyArgs, long objectId, OmBucketInfo bucketInfo, OMFileRequest.OMPathInfo omPathInfo, long transactionIndex, - ReplicationConfig serverDefaultReplConfig, OzoneConfiguration config) throws OMException { + ReplicationConfig serverDefaultReplConfig, OmConfig config) throws OMException { return dirKeyInfoBuilderNoACL(keyName, keyArgs, objectId, serverDefaultReplConfig) .setAcls(getAclsForDir(keyArgs, bucketInfo, omPathInfo, config)) @@ -1006,7 +1006,7 @@ protected OmKeyInfo prepareKeyInfo( @Nullable OmBucketInfo omBucketInfo, OMFileRequest.OMPathInfo omPathInfo, long transactionLogIndex, long objectID, - ReplicationConfig replicationConfig, OzoneConfiguration config) + ReplicationConfig replicationConfig, OmConfig config) throws IOException { return prepareFileInfo(omMetadataManager, keyArgs, dbKeyInfo, size, @@ -1030,7 +1030,7 @@ protected OmKeyInfo prepareFileInfo( OMFileRequest.OMPathInfo omPathInfo, long transactionLogIndex, long objectID, ReplicationConfig replicationConfig, - OzoneConfiguration config) throws IOException { + OmConfig config) throws IOException { if (keyArgs.getIsMultipartKey()) { return prepareMultipartFileInfo(omMetadataManager, keyArgs, size, locations, encInfo, prefixManager, omBucketInfo, @@ -1095,7 +1095,7 @@ protected OmKeyInfo createFileInfo( @Nullable OmBucketInfo omBucketInfo, OMFileRequest.OMPathInfo omPathInfo, long transactionLogIndex, long objectID, - OzoneConfiguration config) throws OMException { + OmConfig config) throws OMException { OmKeyInfo.Builder builder = new OmKeyInfo.Builder(); builder.setVolumeName(keyArgs.getVolumeName()) .setBucketName(keyArgs.getBucketName()) @@ -1143,7 +1143,7 @@ private OmKeyInfo prepareMultipartFileInfo( @Nullable OmBucketInfo omBucketInfo, OMFileRequest.OMPathInfo omPathInfo, @Nonnull long transactionLogIndex, long objectID, - OzoneConfiguration configuration) throws IOException { + OmConfig configuration) throws IOException { Preconditions.checkArgument(args.getMultipartNumber() > 0, "PartNumber Should be greater than zero"); diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/multipart/S3InitiateMultipartUploadRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/multipart/S3InitiateMultipartUploadRequest.java index e8989cc9538..ae87fc4f735 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/multipart/S3InitiateMultipartUploadRequest.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/multipart/S3InitiateMultipartUploadRequest.java @@ -207,7 +207,7 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, Execut .setOmKeyLocationInfos(Collections.singletonList( new OmKeyLocationInfoGroup(0, new ArrayList<>(), true))) .setAcls(getAclsForKey(keyArgs, bucketInfo, pathInfo, - ozoneManager.getPrefixManager(), ozoneManager.getConfiguration())) + ozoneManager.getPrefixManager(), ozoneManager.getConfig())) .setObjectID(objectID) .setUpdateID(transactionLogIndex) .setFileEncryptionInfo(keyArgs.hasFileEncryptionInfo() ? diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/multipart/S3InitiateMultipartUploadRequestWithFSO.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/multipart/S3InitiateMultipartUploadRequestWithFSO.java index c4110c1ea41..3dcbcc96943 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/multipart/S3InitiateMultipartUploadRequestWithFSO.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/multipart/S3InitiateMultipartUploadRequestWithFSO.java @@ -181,7 +181,7 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, Execut .setOmKeyLocationInfos(Collections.singletonList( new OmKeyLocationInfoGroup(0, new ArrayList<>(), true))) .setAcls(getAclsForKey(keyArgs, bucketInfo, pathInfoFSO, - ozoneManager.getPrefixManager(), ozoneManager.getConfiguration())) + ozoneManager.getPrefixManager(), ozoneManager.getConfig())) .setObjectID(pathInfoFSO.getLeafNodeObjectId()) .setUpdateID(transactionLogIndex) .setFileEncryptionInfo(keyArgs.hasFileEncryptionInfo() ? diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/multipart/S3MultipartUploadCompleteRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/multipart/S3MultipartUploadCompleteRequest.java index bafac0d968a..2fb897db576 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/multipart/S3MultipartUploadCompleteRequest.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/s3/multipart/S3MultipartUploadCompleteRequest.java @@ -230,7 +230,7 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, Execut .setOmKeyLocationInfos(Collections.singletonList( new OmKeyLocationInfoGroup(0, new ArrayList<>(), true))) .setAcls(getAclsForKey(keyArgs, omBucketInfo, pathInfoFSO, - ozoneManager.getPrefixManager(), ozoneManager.getConfiguration())) + ozoneManager.getPrefixManager(), ozoneManager.getConfig())) .setObjectID(pathInfoFSO.getLeafNodeObjectId()) .setUpdateID(trxnLogIndex) .setFileEncryptionInfo(keyArgs.hasFileEncryptionInfo() ? diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/volume/OMVolumeCreateRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/volume/OMVolumeCreateRequest.java index 6507351522a..43afb3f7359 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/volume/OMVolumeCreateRequest.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/volume/OMVolumeCreateRequest.java @@ -156,7 +156,7 @@ public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, Execut // Add default ACL for volume List listOfAcls = getDefaultAclList(UserGroupInformation.createRemoteUser(owner), - ozoneManager.getConfiguration()); + ozoneManager.getConfig()); // ACLs from VolumeArgs if (omVolumeArgs.getAcls() != null) { listOfAcls.addAll(omVolumeArgs.getAcls()); From 6800abd672f275862a7d23ff371753f5817bc524 Mon Sep 17 00:00:00 2001 From: "Doroszlai, Attila" Date: Sat, 3 May 2025 18:03:42 +0200 Subject: [PATCH 6/9] remove static state --- .../org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java index 4a8fbf1a81e..09d5c375299 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java @@ -45,9 +45,6 @@ public final class OzoneAclUtil { static final Logger LOG = LoggerFactory.getLogger(OzoneAclUtil.class); - private static ACLType[] userRights; - private static ACLType[] groupRights; - private OzoneAclUtil() { } @@ -60,10 +57,8 @@ private OzoneAclUtil() { * */ public static List getDefaultAclList(UserGroupInformation ugi, OmConfig conf) { // Get default acl rights for user and group. - if (userRights == null || groupRights == null) { - userRights = conf.getUserDefaultRights(); - groupRights = conf.getGroupDefaultRights(); - } + ACLType[] userRights = conf.getUserDefaultRights(); + ACLType[] groupRights = conf.getGroupDefaultRights(); List listOfAcls = new ArrayList<>(); // User ACL. listOfAcls.add(OzoneAcl.of(USER, ugi.getShortUserName(), ACCESS, userRights)); From f384524d6cec26afc40897e760bc1ed0a25c7f93 Mon Sep 17 00:00:00 2001 From: "Doroszlai, Attila" Date: Sat, 3 May 2025 18:04:50 +0200 Subject: [PATCH 7/9] rename aclConfig variables to omConfig --- .../ozone/om/helpers/TestOzoneAclUtil.java | 6 +++--- .../AbstractRootedOzoneFileSystemTest.java | 12 ++++++------ .../ozone/client/rpc/OzoneRpcClientTests.java | 6 +++--- .../ozone/om/TestRecursiveAclWithFSO.java | 18 +++++++++--------- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java index c2bc7f8617a..02534c74cb4 100644 --- a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java +++ b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java @@ -181,9 +181,9 @@ private static List getDefaultAcls() { ugi = UserGroupInformation.createRemoteUser("user0"); } - OmConfig aclConfig = newInstanceOf(OmConfig.class); - IAccessAuthorizer.ACLType[] userRights = aclConfig.getUserDefaultRights(); - IAccessAuthorizer.ACLType[] groupRights = aclConfig.getGroupDefaultRights(); + OmConfig omConfig = newInstanceOf(OmConfig.class); + IAccessAuthorizer.ACLType[] userRights = omConfig.getUserDefaultRights(); + IAccessAuthorizer.ACLType[] groupRights = omConfig.getGroupDefaultRights(); OzoneAclUtil.addAcl(ozoneAcls, OzoneAcl.of(USER, ugi.getUserName(), ACCESS, userRights)); diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java index 7c6926d6d5c..ac96e3ca83c 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java @@ -1190,8 +1190,8 @@ void testSharedTmpDir() throws IOException { // Use ClientProtocol to pass in volume ACL, ObjectStore won't do it ClientProtocol proxy = objectStore.getClientProxy(); // Get default acl rights for user - OmConfig aclConfig = cluster.getOzoneManager().getConfig(); - ACLType[] userRights = aclConfig.getUserDefaultRights(); + OmConfig omConfig = cluster.getOzoneManager().getConfig(); + ACLType[] userRights = omConfig.getUserDefaultRights(); // Construct ACL for world access // ACL admin owner, world read+write EnumSet aclRights = EnumSet.of(READ, WRITE); @@ -1293,8 +1293,8 @@ void testTempMount() throws IOException { // Use ClientProtocol to pass in volume ACL, ObjectStore won't do it ClientProtocol proxy = objectStore.getClientProxy(); // Get default acl rights for user - OmConfig aclConfig = cluster.getOzoneManager().getConfig(); - ACLType[] userRights = aclConfig.getUserDefaultRights(); + OmConfig omConfig = cluster.getOzoneManager().getConfig(); + ACLType[] userRights = omConfig.getUserDefaultRights(); // Construct ACL for world access OzoneAcl aclWorldAccess = OzoneAcl.of(ACLIdentityType.WORLD, "", ACCESS, userRights); @@ -2273,8 +2273,8 @@ void testNonPrivilegedUserMkdirCreateBucket() throws IOException { ClientProtocol proxy = objectStore.getClientProxy(); // Get default acl rights for user - OmConfig aclConfig = cluster.getOzoneManager().getConfig(); - ACLType[] userRights = aclConfig.getUserDefaultRights(); + OmConfig omConfig = cluster.getOzoneManager().getConfig(); + ACLType[] userRights = omConfig.getUserDefaultRights(); // Construct ACL for world access OzoneAcl aclWorldAccess = OzoneAcl.of(ACLIdentityType.WORLD, "", ACCESS, userRights); diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/OzoneRpcClientTests.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/OzoneRpcClientTests.java index 80b3efbd2ad..a9020c55383 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/OzoneRpcClientTests.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/OzoneRpcClientTests.java @@ -4108,9 +4108,9 @@ private List getAclList(OzoneConfiguration conf) List listOfAcls = new ArrayList<>(); //User ACL UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); - OmConfig aclConfig = conf.getObject(OmConfig.class); - ACLType[] userRights = aclConfig.getUserDefaultRights(); - ACLType[] groupRights = aclConfig.getGroupDefaultRights(); + OmConfig omConfig = conf.getObject(OmConfig.class); + ACLType[] userRights = omConfig.getUserDefaultRights(); + ACLType[] groupRights = omConfig.getGroupDefaultRights(); listOfAcls.add(OzoneAcl.of(USER, ugi.getShortUserName(), ACCESS, userRights)); //Group ACL of the User diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java index 8ba402a9f8e..e314749e972 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java @@ -212,12 +212,12 @@ public void testKeyDefaultACL() throws Exception { List acls = objectStore.getAcl(obj); assertEquals(3, acls.size()); assertEquals(AclTests.ADMIN_UGI.getShortUserName(), acls.get(0).getName()); - OmConfig aclConfig = cluster().getOzoneManager().getConfig(); - assertArrayEquals(aclConfig.getUserDefaultRights(), acls.get(0).getAclList().toArray()); + OmConfig omConfig = cluster().getOzoneManager().getConfig(); + assertArrayEquals(omConfig.getUserDefaultRights(), acls.get(0).getAclList().toArray()); assertEquals(AclTests.ADMIN_UGI.getPrimaryGroupName(), acls.get(1).getName()); - assertArrayEquals(aclConfig.getGroupDefaultRights(), acls.get(1).getAclList().toArray()); + assertArrayEquals(omConfig.getGroupDefaultRights(), acls.get(1).getAclList().toArray()); assertEquals("WORLD", acls.get(2).getName()); - assertArrayEquals(aclConfig.getUserDefaultRights(), acls.get(2).getAclList().toArray()); + assertArrayEquals(omConfig.getUserDefaultRights(), acls.get(2).getAclList().toArray()); } // set LoginUser as user3 @@ -238,10 +238,10 @@ public void testKeyDefaultACL() throws Exception { List acls = objectStore.getAcl(obj); assertEquals(2, acls.size()); assertEquals(user3.getShortUserName(), acls.get(0).getName()); - OmConfig aclConfig = cluster().getOzoneManager().getConfig(); - assertArrayEquals(aclConfig.getUserDefaultRights(), acls.get(0).getAclList().toArray()); + OmConfig omConfig = cluster().getOzoneManager().getConfig(); + assertArrayEquals(omConfig.getUserDefaultRights(), acls.get(0).getAclList().toArray()); assertEquals(user3.getPrimaryGroupName(), acls.get(1).getName()); - assertArrayEquals(aclConfig.getGroupDefaultRights(), acls.get(1).getAclList().toArray()); + assertArrayEquals(omConfig.getGroupDefaultRights(), acls.get(1).getAclList().toArray()); // verify key default ACLs int length = 10; @@ -255,9 +255,9 @@ public void testKeyDefaultACL() throws Exception { acls = objectStore.getAcl(obj); assertEquals(2, acls.size()); assertEquals(user3.getShortUserName(), acls.get(0).getName()); - assertArrayEquals(aclConfig.getUserDefaultRights(), acls.get(0).getAclList().toArray()); + assertArrayEquals(omConfig.getUserDefaultRights(), acls.get(0).getAclList().toArray()); assertEquals(user3.getPrimaryGroupName(), acls.get(1).getName()); - assertArrayEquals(aclConfig.getGroupDefaultRights(), acls.get(1).getAclList().toArray()); + assertArrayEquals(omConfig.getGroupDefaultRights(), acls.get(1).getAclList().toArray()); } } From 91817e1c5d575d17fc64dcc2baa546b9c0734a36 Mon Sep 17 00:00:00 2001 From: "Doroszlai, Attila" Date: Sat, 3 May 2025 19:51:02 +0200 Subject: [PATCH 8/9] fix unit tests --- .../om/ratis/TestOzoneManagerDoubleBufferWithOMResponse.java | 2 ++ .../hadoop/ozone/om/request/bucket/TestBucketRequest.java | 2 ++ .../ozone/om/request/file/TestOMDirectoryCreateRequest.java | 2 ++ .../om/request/file/TestOMDirectoryCreateRequestWithFSO.java | 2 ++ .../hadoop/ozone/om/request/key/TestOMKeyCreateRequest.java | 2 ++ .../apache/hadoop/ozone/om/request/key/TestOMKeyRequest.java | 2 ++ .../ozone/om/request/s3/multipart/TestS3MultipartRequest.java | 2 ++ .../hadoop/ozone/om/request/volume/TestOMVolumeRequest.java | 2 ++ 8 files changed, 16 insertions(+) diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/ratis/TestOzoneManagerDoubleBufferWithOMResponse.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/ratis/TestOzoneManagerDoubleBufferWithOMResponse.java index cae1a33b703..3f1d1df52f3 100644 --- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/ratis/TestOzoneManagerDoubleBufferWithOMResponse.java +++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/ratis/TestOzoneManagerDoubleBufferWithOMResponse.java @@ -47,6 +47,7 @@ import org.apache.hadoop.ozone.om.OMConfigKeys; import org.apache.hadoop.ozone.om.OMMetadataManager; import org.apache.hadoop.ozone.om.OMMetrics; +import org.apache.hadoop.ozone.om.OmConfig; import org.apache.hadoop.ozone.om.OmMetadataManagerImpl; import org.apache.hadoop.ozone.om.OzoneManager; import org.apache.hadoop.ozone.om.execution.flowcontrol.ExecutionContext; @@ -104,6 +105,7 @@ public void setup() throws IOException { auditLogger = mock(AuditLogger.class); when(ozoneManager.getAuditLogger()).thenReturn(auditLogger); when(ozoneManager.getConfiguration()).thenReturn(ozoneConfiguration); + when(ozoneManager.getConfig()).thenReturn(ozoneConfiguration.getObject(OmConfig.class)); doNothing().when(auditLogger).logWrite(any(AuditMessage.class)); doubleBuffer = OzoneManagerDoubleBuffer.newBuilder() .setOmMetadataManager(omMetadataManager) diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/bucket/TestBucketRequest.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/bucket/TestBucketRequest.java index 81e227bbce0..018e60633a5 100644 --- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/bucket/TestBucketRequest.java +++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/bucket/TestBucketRequest.java @@ -32,6 +32,7 @@ import org.apache.hadoop.ozone.om.OMConfigKeys; import org.apache.hadoop.ozone.om.OMMetadataManager; import org.apache.hadoop.ozone.om.OMMetrics; +import org.apache.hadoop.ozone.om.OmConfig; import org.apache.hadoop.ozone.om.OmMetadataManagerImpl; import org.apache.hadoop.ozone.om.OzoneManager; import org.apache.hadoop.ozone.om.ResolvedBucket; @@ -63,6 +64,7 @@ public void setup() throws Exception { ozoneConfiguration.set(OMConfigKeys.OZONE_OM_DB_DIRS, folder.toAbsolutePath().toString()); when(ozoneManager.getConfiguration()).thenReturn(ozoneConfiguration); + when(ozoneManager.getConfig()).thenReturn(ozoneConfiguration.getObject(OmConfig.class)); omMetadataManager = new OmMetadataManagerImpl(ozoneConfiguration, ozoneManager); when(ozoneManager.getMetrics()).thenReturn(omMetrics); diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/file/TestOMDirectoryCreateRequest.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/file/TestOMDirectoryCreateRequest.java index 65cc1c0d7e5..1cdf808ff3d 100644 --- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/file/TestOMDirectoryCreateRequest.java +++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/file/TestOMDirectoryCreateRequest.java @@ -51,6 +51,7 @@ import org.apache.hadoop.ozone.om.OMConfigKeys; import org.apache.hadoop.ozone.om.OMMetadataManager; import org.apache.hadoop.ozone.om.OMMetrics; +import org.apache.hadoop.ozone.om.OmConfig; import org.apache.hadoop.ozone.om.OmMetadataManagerImpl; import org.apache.hadoop.ozone.om.OzoneManager; import org.apache.hadoop.ozone.om.ResolvedBucket; @@ -97,6 +98,7 @@ public void setup() throws Exception { omMetadataManager = new OmMetadataManagerImpl(ozoneConfiguration, ozoneManager); when(ozoneManager.getConfiguration()).thenReturn(ozoneConfiguration); + when(ozoneManager.getConfig()).thenReturn(ozoneConfiguration.getObject(OmConfig.class)); when(ozoneManager.getMetrics()).thenReturn(omMetrics); when(ozoneManager.getMetadataManager()).thenReturn(omMetadataManager); AuditLogger auditLogger = mock(AuditLogger.class); diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/file/TestOMDirectoryCreateRequestWithFSO.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/file/TestOMDirectoryCreateRequestWithFSO.java index 0c36d57da4c..2f8fdffc5f5 100644 --- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/file/TestOMDirectoryCreateRequestWithFSO.java +++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/file/TestOMDirectoryCreateRequestWithFSO.java @@ -51,6 +51,7 @@ import org.apache.hadoop.ozone.om.OMConfigKeys; import org.apache.hadoop.ozone.om.OMMetadataManager; import org.apache.hadoop.ozone.om.OMMetrics; +import org.apache.hadoop.ozone.om.OmConfig; import org.apache.hadoop.ozone.om.OmMetadataManagerImpl; import org.apache.hadoop.ozone.om.OzoneManager; import org.apache.hadoop.ozone.om.ResolvedBucket; @@ -97,6 +98,7 @@ public void setup() throws Exception { omMetadataManager = new OmMetadataManagerImpl(ozoneConfiguration, ozoneManager); when(ozoneManager.getConfiguration()).thenReturn(ozoneConfiguration); + when(ozoneManager.getConfig()).thenReturn(ozoneConfiguration.getObject(OmConfig.class)); when(ozoneManager.getMetrics()).thenReturn(omMetrics); when(ozoneManager.getMetadataManager()).thenReturn(omMetadataManager); auditLogger = mock(AuditLogger.class); diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/key/TestOMKeyCreateRequest.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/key/TestOMKeyCreateRequest.java index 2a763270517..78d30550e82 100644 --- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/key/TestOMKeyCreateRequest.java +++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/key/TestOMKeyCreateRequest.java @@ -58,6 +58,7 @@ import org.apache.hadoop.hdds.protocol.proto.HddsProtos.KeyValue; import org.apache.hadoop.ozone.OzoneAcl; import org.apache.hadoop.ozone.OzoneConsts; +import org.apache.hadoop.ozone.om.OmConfig; import org.apache.hadoop.ozone.om.PrefixManager; import org.apache.hadoop.ozone.om.PrefixManagerImpl; import org.apache.hadoop.ozone.om.exceptions.OMException; @@ -783,6 +784,7 @@ public void testKeyCreateWithFileSystemPathsEnabled( OzoneConfiguration configuration = getOzoneConfiguration(); configuration.setBoolean(OZONE_OM_ENABLE_FILESYSTEM_PATHS, true); when(ozoneManager.getConfiguration()).thenReturn(configuration); + when(ozoneManager.getConfig()).thenReturn(configuration.getObject(OmConfig.class)); when(ozoneManager.getEnableFileSystemPaths()).thenReturn(true); when(ozoneManager.getOzoneLockProvider()).thenReturn( new OzoneLockProvider(setKeyPathLock, true)); diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/key/TestOMKeyRequest.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/key/TestOMKeyRequest.java index dae04b2e0ed..8ddb1a23d13 100644 --- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/key/TestOMKeyRequest.java +++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/key/TestOMKeyRequest.java @@ -66,6 +66,7 @@ import org.apache.hadoop.ozone.om.OMMetadataManager; import org.apache.hadoop.ozone.om.OMMetrics; import org.apache.hadoop.ozone.om.OMPerformanceMetrics; +import org.apache.hadoop.ozone.om.OmConfig; import org.apache.hadoop.ozone.om.OmMetadataManagerImpl; import org.apache.hadoop.ozone.om.OmMetadataReader; import org.apache.hadoop.ozone.om.OmSnapshotManager; @@ -153,6 +154,7 @@ public void setup() throws Exception { when(ozoneManager.getDeletionMetrics()).thenReturn(delMetrics); when(ozoneManager.getMetadataManager()).thenReturn(omMetadataManager); when(ozoneManager.getConfiguration()).thenReturn(ozoneConfiguration); + when(ozoneManager.getConfig()).thenReturn(ozoneConfiguration.getObject(OmConfig.class)); OMLayoutVersionManager lvm = mock(OMLayoutVersionManager.class); when(lvm.isAllowed(anyString())).thenReturn(true); when(ozoneManager.getVersionManager()).thenReturn(lvm); diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/s3/multipart/TestS3MultipartRequest.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/s3/multipart/TestS3MultipartRequest.java index a2883678288..ce224d9895a 100644 --- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/s3/multipart/TestS3MultipartRequest.java +++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/s3/multipart/TestS3MultipartRequest.java @@ -40,6 +40,7 @@ import org.apache.hadoop.ozone.om.OMConfigKeys; import org.apache.hadoop.ozone.om.OMMetadataManager; import org.apache.hadoop.ozone.om.OMMetrics; +import org.apache.hadoop.ozone.om.OmConfig; import org.apache.hadoop.ozone.om.OmMetadataManagerImpl; import org.apache.hadoop.ozone.om.OmMetadataReader; import org.apache.hadoop.ozone.om.OzoneManager; @@ -110,6 +111,7 @@ public void setup() throws Exception { when(lvm.getMetadataLayoutVersion()).thenReturn(0); when(ozoneManager.getVersionManager()).thenReturn(lvm); when(ozoneManager.getConfiguration()).thenReturn(ozoneConfiguration); + when(ozoneManager.getConfig()).thenReturn(ozoneConfiguration.getObject(OmConfig.class)); } @AfterEach diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/volume/TestOMVolumeRequest.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/volume/TestOMVolumeRequest.java index 80b3d26f339..9a4b4e76c6d 100644 --- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/volume/TestOMVolumeRequest.java +++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/request/volume/TestOMVolumeRequest.java @@ -31,6 +31,7 @@ import org.apache.hadoop.ozone.om.OMConfigKeys; import org.apache.hadoop.ozone.om.OMMetadataManager; import org.apache.hadoop.ozone.om.OMMetrics; +import org.apache.hadoop.ozone.om.OmConfig; import org.apache.hadoop.ozone.om.OmMetadataManagerImpl; import org.apache.hadoop.ozone.om.OzoneManager; import org.apache.hadoop.ozone.om.upgrade.OMLayoutVersionManager; @@ -75,6 +76,7 @@ public void setup() throws Exception { when(ozoneManager.getAuditLogger()).thenReturn(auditLogger); doNothing().when(auditLogger).logWrite(any(AuditMessage.class)); when(ozoneManager.getConfiguration()).thenReturn(ozoneConfiguration); + when(ozoneManager.getConfig()).thenReturn(ozoneConfiguration.getObject(OmConfig.class)); } @AfterEach From 9c1efa5a6a34b037c066dbf804833c628f29ec48 Mon Sep 17 00:00:00 2001 From: "Doroszlai, Attila" Date: Mon, 12 May 2025 14:38:47 +0200 Subject: [PATCH 9/9] avoid short-lived array --- .../org/apache/hadoop/ozone/OzoneAcl.java | 7 +++- .../org/apache/hadoop/ozone/om/OmConfig.java | 39 +++++++++++-------- .../hadoop/ozone/om/helpers/OzoneAclUtil.java | 6 +-- .../ozone/security/acl/IAccessAuthorizer.java | 12 +++--- .../ozone/om/helpers/TestOzoneAclUtil.java | 7 +--- .../AbstractRootedOzoneFileSystemTest.java | 11 ++---- .../ozone/client/rpc/OzoneRpcClientTests.java | 6 +-- .../ozone/om/TestRecursiveAclWithFSO.java | 15 ++++--- 8 files changed, 52 insertions(+), 51 deletions(-) diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java index 57ba7b3df69..414a217d5a5 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java @@ -33,6 +33,7 @@ import java.util.EnumSet; import java.util.List; import java.util.Objects; +import java.util.Set; import java.util.function.Function; import java.util.function.IntFunction; import java.util.function.Supplier; @@ -81,7 +82,7 @@ public static OzoneAcl of(ACLIdentityType type, String name, AclScope scope, ACL return new OzoneAcl(type, name, scope, toInt(acls)); } - public static OzoneAcl of(ACLIdentityType type, String name, AclScope scope, EnumSet acls) { + public static OzoneAcl of(ACLIdentityType type, String name, AclScope scope, Set acls) { return new OzoneAcl(type, name, scope, toInt(acls)); } @@ -321,6 +322,10 @@ public List getAclList() { return getAclList(aclBits, Function.identity()); } + public Set getAclSet() { + return Collections.unmodifiableSet(EnumSet.copyOf(getAclList())); + } + private static List getAclList(int aclBits, Function converter) { if (aclBits == 0) { return Collections.emptyList(); diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java index e36b6ab5282..2c3e94c9116 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java @@ -19,10 +19,9 @@ import com.google.common.base.Preconditions; import java.time.Duration; -import java.util.Arrays; import java.util.Collections; -import java.util.List; -import java.util.function.Supplier; +import java.util.EnumSet; +import java.util.Set; import org.apache.hadoop.hdds.conf.Config; import org.apache.hadoop.hdds.conf.ConfigGroup; import org.apache.hadoop.hdds.conf.ConfigTag; @@ -30,7 +29,6 @@ import org.apache.hadoop.hdds.conf.PostConstruct; import org.apache.hadoop.hdds.conf.ReconfigurableConfig; import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType; -import org.apache.ratis.util.MemoizedSupplier; /** * Ozone Manager configuration. @@ -96,8 +94,7 @@ public class OmConfig extends ReconfigurableConfig { "OzoneManager." ) private String userDefaultRights; - private final Supplier> userDefaultRightList = - MemoizedSupplier.valueOf(this::getUserDefaultRightList); + private Set userDefaultRightSet; @Config(key = "group.rights", defaultValue = "READ, LIST", @@ -107,8 +104,7 @@ public class OmConfig extends ReconfigurableConfig { "OzoneManager." ) private String groupDefaultRights; - private final Supplier> groupDefaultRightList = - MemoizedSupplier.valueOf(this::getGroupDefaultRightList); + private Set groupDefaultRightSet; public long getRatisBasedFinalizationTimeout() { return ratisBasedFinalizationTimeout; @@ -140,23 +136,29 @@ public void setMaxUserVolumeCount(int newValue) { validate(); } - public ACLType[] getUserDefaultRights() { - return userDefaultRightList.get().toArray(new ACLType[0]); + public Set getUserDefaultRights() { + if (userDefaultRightSet == null) { + userDefaultRightSet = getUserDefaultRightSet(); + } + return userDefaultRightSet; } - private List getUserDefaultRightList() { + private Set getUserDefaultRightSet() { return userDefaultRights == null - ? Collections.singletonList(ACLType.ALL) + ? Collections.singleton(ACLType.ALL) : ACLType.parseList(userDefaultRights); } - public ACLType[] getGroupDefaultRights() { - return groupDefaultRightList.get().toArray(new ACLType[0]); + public Set getGroupDefaultRights() { + if (groupDefaultRightSet == null) { + groupDefaultRightSet = getGroupDefaultRightSet(); + } + return groupDefaultRightSet; } - private List getGroupDefaultRightList() { + private Set getGroupDefaultRightSet() { return groupDefaultRights == null - ? Collections.unmodifiableList(Arrays.asList(ACLType.READ, ACLType.LIST)) + ? Collections.unmodifiableSet(EnumSet.of(ACLType.READ, ACLType.LIST)) : ACLType.parseList(groupDefaultRights); } @@ -168,6 +170,9 @@ public void validate() { Preconditions.checkArgument(this.maxUserVolumeCount > 0, Keys.USER_MAX_VOLUME + " value should be greater than zero"); + + userDefaultRightSet = getUserDefaultRightSet(); + groupDefaultRightSet = getGroupDefaultRightSet(); } public OmConfig copy() { @@ -182,6 +187,8 @@ public void setFrom(OmConfig other) { maxUserVolumeCount = other.maxUserVolumeCount; userDefaultRights = other.userDefaultRights; groupDefaultRights = other.groupDefaultRights; + + validate(); } /** diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java index 09d5c375299..d89f9282b7f 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java @@ -57,14 +57,12 @@ private OzoneAclUtil() { * */ public static List getDefaultAclList(UserGroupInformation ugi, OmConfig conf) { // Get default acl rights for user and group. - ACLType[] userRights = conf.getUserDefaultRights(); - ACLType[] groupRights = conf.getGroupDefaultRights(); List listOfAcls = new ArrayList<>(); // User ACL. - listOfAcls.add(OzoneAcl.of(USER, ugi.getShortUserName(), ACCESS, userRights)); + listOfAcls.add(OzoneAcl.of(USER, ugi.getShortUserName(), ACCESS, conf.getUserDefaultRights())); try { String groupName = ugi.getPrimaryGroupName(); - listOfAcls.add(OzoneAcl.of(GROUP, groupName, ACCESS, groupRights)); + listOfAcls.add(OzoneAcl.of(GROUP, groupName, ACCESS, conf.getGroupDefaultRights())); } catch (IOException e) { // do nothing, since user has the permission, user can add ACL for selected groups later. LOG.warn("Failed to get primary group from user {}", ugi); diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/IAccessAuthorizer.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/IAccessAuthorizer.java index f030d22b258..f1218a9aa08 100644 --- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/IAccessAuthorizer.java +++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/IAccessAuthorizer.java @@ -17,13 +17,13 @@ package org.apache.hadoop.ozone.security.acl; -import static java.util.stream.Collectors.toList; - import java.util.Arrays; import java.util.BitSet; import java.util.Collections; -import java.util.List; +import java.util.EnumSet; import java.util.Objects; +import java.util.Set; +import java.util.stream.Collectors; import org.apache.hadoop.hdds.annotation.InterfaceAudience; import org.apache.hadoop.hdds.annotation.InterfaceStability; import org.apache.hadoop.ozone.OzoneConsts; @@ -166,13 +166,13 @@ public static String getAclString(ACLType acl) { } } - public static List parseList(String conf) { + public static Set parseList(String conf) { String[] array = Objects.requireNonNull(conf, "conf == null") .trim() .split(","); - return Collections.unmodifiableList(Arrays.stream(array) + return Collections.unmodifiableSet(Arrays.stream(array) .map(each -> ACLType.valueOf(each.trim())) - .collect(toList())); + .collect(Collectors.toCollection(() -> EnumSet.noneOf(ACLType.class)))); } } diff --git a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java index 02534c74cb4..20265874969 100644 --- a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java +++ b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java @@ -33,7 +33,6 @@ import java.util.List; import org.apache.hadoop.ozone.OzoneAcl; import org.apache.hadoop.ozone.om.OmConfig; -import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer; import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType; import org.apache.hadoop.security.UserGroupInformation; import org.junit.jupiter.api.Test; @@ -182,15 +181,13 @@ private static List getDefaultAcls() { } OmConfig omConfig = newInstanceOf(OmConfig.class); - IAccessAuthorizer.ACLType[] userRights = omConfig.getUserDefaultRights(); - IAccessAuthorizer.ACLType[] groupRights = omConfig.getGroupDefaultRights(); OzoneAclUtil.addAcl(ozoneAcls, OzoneAcl.of(USER, - ugi.getUserName(), ACCESS, userRights)); + ugi.getUserName(), ACCESS, omConfig.getUserDefaultRights())); //Group ACLs of the User List userGroups = Arrays.asList(ugi.getGroupNames()); userGroups.stream().forEach((group) -> OzoneAclUtil.addAcl(ozoneAcls, - OzoneAcl.of(GROUP, group, ACCESS, groupRights))); + OzoneAcl.of(GROUP, group, ACCESS, omConfig.getGroupDefaultRights()))); return ozoneAcls; } diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java index ac96e3ca83c..b56c8589561 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java @@ -1191,7 +1191,6 @@ void testSharedTmpDir() throws IOException { ClientProtocol proxy = objectStore.getClientProxy(); // Get default acl rights for user OmConfig omConfig = cluster.getOzoneManager().getConfig(); - ACLType[] userRights = omConfig.getUserDefaultRights(); // Construct ACL for world access // ACL admin owner, world read+write EnumSet aclRights = EnumSet.of(READ, WRITE); @@ -1202,7 +1201,7 @@ void testSharedTmpDir() throws IOException { .setAdmin("admin") .setOwner("admin") .addAcl(OzoneAcl.of(ACLIdentityType.WORLD, "", ACCESS, aclRights)) - .addAcl(OzoneAcl.of(ACLIdentityType.USER, "admin", ACCESS, userRights)) + .addAcl(OzoneAcl.of(ACLIdentityType.USER, "admin", ACCESS, omConfig.getUserDefaultRights())) .setQuotaInNamespace(1000) .setQuotaInBytes(Long.MAX_VALUE).build(); // Sanity check @@ -1237,7 +1236,7 @@ void testSharedTmpDir() throws IOException { BucketArgs bucketArgs = new BucketArgs.Builder() .setOwner("admin") .addAcl(OzoneAcl.of(ACLIdentityType.WORLD, "", ACCESS, READ, WRITE, LIST)) - .addAcl(OzoneAcl.of(ACLIdentityType.USER, "admin", ACCESS, userRights)) + .addAcl(OzoneAcl.of(ACLIdentityType.USER, "admin", ACCESS, omConfig.getUserDefaultRights())) .setQuotaInNamespace(1000) .setQuotaInBytes(Long.MAX_VALUE).build(); @@ -1294,10 +1293,9 @@ void testTempMount() throws IOException { ClientProtocol proxy = objectStore.getClientProxy(); // Get default acl rights for user OmConfig omConfig = cluster.getOzoneManager().getConfig(); - ACLType[] userRights = omConfig.getUserDefaultRights(); // Construct ACL for world access OzoneAcl aclWorldAccess = OzoneAcl.of(ACLIdentityType.WORLD, "", - ACCESS, userRights); + ACCESS, omConfig.getUserDefaultRights()); // Construct VolumeArgs VolumeArgs volumeArgs = VolumeArgs.newBuilder() .addAcl(aclWorldAccess) @@ -2274,10 +2272,9 @@ void testNonPrivilegedUserMkdirCreateBucket() throws IOException { // Get default acl rights for user OmConfig omConfig = cluster.getOzoneManager().getConfig(); - ACLType[] userRights = omConfig.getUserDefaultRights(); // Construct ACL for world access OzoneAcl aclWorldAccess = OzoneAcl.of(ACLIdentityType.WORLD, "", - ACCESS, userRights); + ACCESS, omConfig.getUserDefaultRights()); // Construct VolumeArgs, set ACL to world access VolumeArgs volumeArgs = VolumeArgs.newBuilder() .addAcl(aclWorldAccess) diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/OzoneRpcClientTests.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/OzoneRpcClientTests.java index a9020c55383..dbe01d94eb2 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/OzoneRpcClientTests.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/OzoneRpcClientTests.java @@ -4109,12 +4109,10 @@ private List getAclList(OzoneConfiguration conf) //User ACL UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); OmConfig omConfig = conf.getObject(OmConfig.class); - ACLType[] userRights = omConfig.getUserDefaultRights(); - ACLType[] groupRights = omConfig.getGroupDefaultRights(); - listOfAcls.add(OzoneAcl.of(USER, ugi.getShortUserName(), ACCESS, userRights)); + listOfAcls.add(OzoneAcl.of(USER, ugi.getShortUserName(), ACCESS, omConfig.getUserDefaultRights())); //Group ACL of the User - listOfAcls.add(OzoneAcl.of(GROUP, ugi.getPrimaryGroupName(), ACCESS, groupRights)); + listOfAcls.add(OzoneAcl.of(GROUP, ugi.getPrimaryGroupName(), ACCESS, omConfig.getGroupDefaultRights())); return listOfAcls; } diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java index e314749e972..1f652cd1220 100644 --- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java +++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java @@ -19,7 +19,6 @@ import static org.apache.hadoop.ozone.TestDataUtil.createKey; import static org.apache.hadoop.ozone.security.acl.OzoneObj.StoreType.OZONE; -import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -213,11 +212,11 @@ public void testKeyDefaultACL() throws Exception { assertEquals(3, acls.size()); assertEquals(AclTests.ADMIN_UGI.getShortUserName(), acls.get(0).getName()); OmConfig omConfig = cluster().getOzoneManager().getConfig(); - assertArrayEquals(omConfig.getUserDefaultRights(), acls.get(0).getAclList().toArray()); + assertEquals(omConfig.getUserDefaultRights(), acls.get(0).getAclSet()); assertEquals(AclTests.ADMIN_UGI.getPrimaryGroupName(), acls.get(1).getName()); - assertArrayEquals(omConfig.getGroupDefaultRights(), acls.get(1).getAclList().toArray()); + assertEquals(omConfig.getGroupDefaultRights(), acls.get(1).getAclSet()); assertEquals("WORLD", acls.get(2).getName()); - assertArrayEquals(omConfig.getUserDefaultRights(), acls.get(2).getAclList().toArray()); + assertEquals(omConfig.getUserDefaultRights(), acls.get(2).getAclSet()); } // set LoginUser as user3 @@ -239,9 +238,9 @@ public void testKeyDefaultACL() throws Exception { assertEquals(2, acls.size()); assertEquals(user3.getShortUserName(), acls.get(0).getName()); OmConfig omConfig = cluster().getOzoneManager().getConfig(); - assertArrayEquals(omConfig.getUserDefaultRights(), acls.get(0).getAclList().toArray()); + assertEquals(omConfig.getUserDefaultRights(), acls.get(0).getAclSet()); assertEquals(user3.getPrimaryGroupName(), acls.get(1).getName()); - assertArrayEquals(omConfig.getGroupDefaultRights(), acls.get(1).getAclList().toArray()); + assertEquals(omConfig.getGroupDefaultRights(), acls.get(1).getAclSet()); // verify key default ACLs int length = 10; @@ -255,9 +254,9 @@ public void testKeyDefaultACL() throws Exception { acls = objectStore.getAcl(obj); assertEquals(2, acls.size()); assertEquals(user3.getShortUserName(), acls.get(0).getName()); - assertArrayEquals(omConfig.getUserDefaultRights(), acls.get(0).getAclList().toArray()); + assertEquals(omConfig.getUserDefaultRights(), acls.get(0).getAclSet()); assertEquals(user3.getPrimaryGroupName(), acls.get(1).getName()); - assertArrayEquals(omConfig.getGroupDefaultRights(), acls.get(1).getAclList().toArray()); + assertEquals(omConfig.getGroupDefaultRights(), acls.get(1).getAclSet()); } }