Skip to content

HDDS-12299. Merge OzoneAclConfig into OmConfig #8383

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
May 14, 2025
Merged

HDDS-12299. Merge OzoneAclConfig into OmConfig #8383

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
b0733ae
HDDS-12299. Merge OzoneAclConfig into OmConfig
adoroszlai May 3, 2025
767a237
use OmConfig from OM in integration test
adoroszlai May 3, 2025
eb31b12
update rights in OmConfig.setFrom
adoroszlai May 3, 2025
9e73ec9
store parsed list
adoroszlai May 3, 2025
2a947b2
pass OMs OmConfig to OzoneAclUtil
adoroszlai May 3, 2025
6800abd
remove static state
adoroszlai May 3, 2025
f384524
rename aclConfig variables to omConfig
adoroszlai May 3, 2025
91817e1
fix unit tests
adoroszlai May 3, 2025
233d3f3
Merge remote-tracking branch 'origin/master' into HDDS-12299
adoroszlai May 7, 2025
cbec288
Merge remote-tracking branch 'origin/master' into HDDS-12299
adoroszlai May 12, 2025
9c1efa5
avoid short-lived array
adoroszlai May 12, 2025
44d2b6a
Merge remote-tracking branch 'origin/master' into HDDS-12299
adoroszlai May 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
HDDS-12299. Merge OzoneAclConfig into OmConfig
  • Loading branch information
@adoroszlai
adoroszlai committed May 3, 2025
commit b0733ae62cabc921a8ab5860f789eb2dd873c7f9
46 changes: 46 additions & 0 deletions hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OmConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,16 @@

import com.google.common.base.Preconditions;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.apache.hadoop.hdds.conf.Config;
import org.apache.hadoop.hdds.conf.ConfigGroup;
import org.apache.hadoop.hdds.conf.ConfigTag;
import org.apache.hadoop.hdds.conf.ConfigType;
import org.apache.hadoop.hdds.conf.PostConstruct;
import org.apache.hadoop.hdds.conf.ReconfigurableConfig;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;

/**
* Ozone Manager configuration.
Expand Down Expand Up @@ -81,6 +85,25 @@ public class OmConfig extends ReconfigurableConfig {
)
private long ratisBasedFinalizationTimeout = Duration.ofSeconds(30).getSeconds();

// OM Default user/group permissions
@Config(key = "user.rights",
defaultValue = "ALL",
type = ConfigType.STRING,
tags = {ConfigTag.OM, ConfigTag.SECURITY},
description = "Default user permissions set for an object in " +
"OzoneManager."
)
private String userDefaultRights;

@Config(key = "group.rights",
defaultValue = "READ, LIST",
type = ConfigType.STRING,
tags = {ConfigTag.OM, ConfigTag.SECURITY},
description = "Default group permissions set for an object in " +
"OzoneManager."
)
private String groupDefaultRights;

public long getRatisBasedFinalizationTimeout() {
return ratisBasedFinalizationTimeout;
}
Expand Down Expand Up @@ -111,6 +134,29 @@ public void setMaxUserVolumeCount(int newValue) {
validate();
}

public IAccessAuthorizer.ACLType[] getUserDefaultRights() {
List<IAccessAuthorizer.ACLType> types = new ArrayList<>();
if (userDefaultRights == null) {
types.add(IAccessAuthorizer.ACLType.ALL);
} else {
String[] array = userDefaultRights.trim().split(",");
Arrays.stream(array).forEach(t -> types.add(IAccessAuthorizer.ACLType.valueOf(t.trim())));
}
return types.toArray(new IAccessAuthorizer.ACLType[0]);
}

public IAccessAuthorizer.ACLType[] getGroupDefaultRights() {
List<IAccessAuthorizer.ACLType> types = new ArrayList<>();
if (groupDefaultRights == null) {
types.add(IAccessAuthorizer.ACLType.READ);
types.add(IAccessAuthorizer.ACLType.LIST);
} else {
String[] array = groupDefaultRights.trim().split(",");
Arrays.stream(array).forEach(t -> types.add(IAccessAuthorizer.ACLType.valueOf(t.trim())));
}
return types.toArray(new IAccessAuthorizer.ACLType[0]);
}

@PostConstruct
public void validate() {
if (maxListSize <= 0) {
Expand Down
4 changes: 2 additions & 2 deletions hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,11 @@
import java.util.stream.Stream;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.ozone.OzoneAcl;
import org.apache.hadoop.ozone.om.OmConfig;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OzoneAclInfo;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType;
import org.apache.hadoop.ozone.security.acl.OzoneAclConfig;
import org.apache.hadoop.ozone.security.acl.RequestContext;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
Expand Down Expand Up @@ -62,7 +62,7 @@ private OzoneAclUtil() {
public static List<OzoneAcl> getDefaultAclList(UserGroupInformation ugi, OzoneConfiguration conf) {
// Get default acl rights for user and group.
if (userRights == null || groupRights == null) {
OzoneAclConfig aclConfig = conf.getObject(OzoneAclConfig.class);
OmConfig aclConfig = conf.getObject(OmConfig.class);
userRights = aclConfig.getUserDefaultRights();
groupRights = aclConfig.getGroupDefaultRights();
}
Expand Down
76 changes: 0 additions & 76 deletions hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneAclConfig.java
View file
Open in desktop

This file was deleted.

4 changes: 2 additions & 2 deletions hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,9 @@
import java.util.Arrays;
import java.util.List;
import org.apache.hadoop.ozone.OzoneAcl;
import org.apache.hadoop.ozone.om.OmConfig;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType;
import org.apache.hadoop.ozone.security.acl.OzoneAclConfig;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.jupiter.api.Test;

Expand Down Expand Up @@ -181,7 +181,7 @@ private static List<OzoneAcl> getDefaultAcls() {
ugi = UserGroupInformation.createRemoteUser("user0");
}

OzoneAclConfig aclConfig = newInstanceOf(OzoneAclConfig.class);
OmConfig aclConfig = newInstanceOf(OmConfig.class);
IAccessAuthorizer.ACLType[] userRights = aclConfig.getUserDefaultRights();
IAccessAuthorizer.ACLType[] groupRights = aclConfig.getGroupDefaultRights();

Expand Down
8 changes: 4 additions & 4 deletions ...tion-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,13 +116,13 @@
import org.apache.hadoop.ozone.client.protocol.ClientProtocol;
import org.apache.hadoop.ozone.om.OMConfigKeys;
import org.apache.hadoop.ozone.om.OMMetrics;
import org.apache.hadoop.ozone.om.OmConfig;
import org.apache.hadoop.ozone.om.TrashPolicyOzone;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.helpers.BucketLayout;
import org.apache.hadoop.ozone.om.helpers.QuotaUtil;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLIdentityType;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType;
import org.apache.hadoop.ozone.security.acl.OzoneAclConfig;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.tools.DistCp;
import org.apache.hadoop.tools.DistCpOptions;
Expand Down Expand Up @@ -1190,7 +1190,7 @@ void testSharedTmpDir() throws IOException {
// Use ClientProtocol to pass in volume ACL, ObjectStore won't do it
ClientProtocol proxy = objectStore.getClientProxy();
// Get default acl rights for user
OzoneAclConfig aclConfig = conf.getObject(OzoneAclConfig.class);
OmConfig aclConfig = conf.getObject(OmConfig.class);
ACLType[] userRights = aclConfig.getUserDefaultRights();
// Construct ACL for world access
// ACL admin owner, world read+write
Expand Down Expand Up @@ -1293,7 +1293,7 @@ void testTempMount() throws IOException {
// Use ClientProtocol to pass in volume ACL, ObjectStore won't do it
ClientProtocol proxy = objectStore.getClientProxy();
// Get default acl rights for user
OzoneAclConfig aclConfig = conf.getObject(OzoneAclConfig.class);
OmConfig aclConfig = conf.getObject(OmConfig.class);
ACLType[] userRights = aclConfig.getUserDefaultRights();
// Construct ACL for world access
OzoneAcl aclWorldAccess = OzoneAcl.of(ACLIdentityType.WORLD, "",
Expand Down Expand Up @@ -2273,7 +2273,7 @@ void testNonPrivilegedUserMkdirCreateBucket() throws IOException {
ClientProtocol proxy = objectStore.getClientProxy();

// Get default acl rights for user
OzoneAclConfig aclConfig = conf.getObject(OzoneAclConfig.class);
OmConfig aclConfig = conf.getObject(OmConfig.class);
ACLType[] userRights = aclConfig.getUserDefaultRights();
// Construct ACL for world access
OzoneAcl aclWorldAccess = OzoneAcl.of(ACLIdentityType.WORLD, "",
Expand Down
4 changes: 2 additions & 2 deletions ...ntegration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/OzoneRpcClientTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,7 @@
import org.apache.hadoop.ozone.container.keyvalue.KeyValueContainerData;
import org.apache.hadoop.ozone.container.keyvalue.helpers.BlockUtils;
import org.apache.hadoop.ozone.om.OMMetadataManager;
import org.apache.hadoop.ozone.om.OmConfig;
import org.apache.hadoop.ozone.om.OmFailoverProxyUtil;
import org.apache.hadoop.ozone.om.OzoneManager;
import org.apache.hadoop.ozone.om.ResolvedBucket;
Expand All @@ -187,7 +188,6 @@
import org.apache.hadoop.ozone.om.ratis.OzoneManagerStateMachine;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType;
import org.apache.hadoop.ozone.security.acl.OzoneAclConfig;
import org.apache.hadoop.ozone.security.acl.OzoneObj;
import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
import org.apache.hadoop.security.UserGroupInformation;
Expand Down Expand Up @@ -4108,7 +4108,7 @@ private List<OzoneAcl> getAclList(OzoneConfiguration conf)
List<OzoneAcl> listOfAcls = new ArrayList<>();
//User ACL
UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
OzoneAclConfig aclConfig = conf.getObject(OzoneAclConfig.class);
OmConfig aclConfig = conf.getObject(OmConfig.class);
ACLType[] userRights = aclConfig.getUserDefaultRights();
ACLType[] groupRights = aclConfig.getGroupDefaultRights();

Expand Down
5 changes: 2 additions & 3 deletions ...ne/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestRecursiveAclWithFSO.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@
import org.apache.hadoop.ozone.client.OzoneVolume;
import org.apache.hadoop.ozone.client.protocol.ClientProtocol;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.security.acl.OzoneAclConfig;
import org.apache.hadoop.ozone.security.acl.OzoneObj;
import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
import org.apache.hadoop.security.UserGroupInformation;
Expand Down Expand Up @@ -213,7 +212,7 @@ public void testKeyDefaultACL() throws Exception {
List<OzoneAcl> acls = objectStore.getAcl(obj);
assertEquals(3, acls.size());
assertEquals(AclTests.ADMIN_UGI.getShortUserName(), acls.get(0).getName());
OzoneAclConfig aclConfig = cluster().getConf().getObject(OzoneAclConfig.class);
OmConfig aclConfig = cluster().getConf().getObject(OmConfig.class);
assertArrayEquals(aclConfig.getUserDefaultRights(), acls.get(0).getAclList().toArray());
assertEquals(AclTests.ADMIN_UGI.getPrimaryGroupName(), acls.get(1).getName());
assertArrayEquals(aclConfig.getGroupDefaultRights(), acls.get(1).getAclList().toArray());
Expand All @@ -239,7 +238,7 @@ public void testKeyDefaultACL() throws Exception {
List<OzoneAcl> acls = objectStore.getAcl(obj);
assertEquals(2, acls.size());
assertEquals(user3.getShortUserName(), acls.get(0).getName());
OzoneAclConfig aclConfig = cluster().getConf().getObject(OzoneAclConfig.class);
OmConfig aclConfig = cluster().getConf().getObject(OmConfig.class);
assertArrayEquals(aclConfig.getUserDefaultRights(), acls.get(0).getAclList().toArray());
assertEquals(user3.getPrimaryGroupName(), acls.get(1).getName());
assertArrayEquals(aclConfig.getGroupDefaultRights(), acls.get(1).getAclList().toArray());
Expand Down