|
@@ -41,8 +41,8 @@ public class TestPermission extends TestCase {
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
final private static Path ROOT_PATH = new Path("/data");
|
|
final private static Path ROOT_PATH = new Path("/data");
|
|
|
- final private static Path CHILD_DIR1 = new Path(ROOT_PATH, "web1");
|
|
|
|
|
- final private static Path CHILD_DIR2 = new Path(ROOT_PATH, "web2");
|
|
|
|
|
|
|
+ final private static Path CHILD_DIR1 = new Path(ROOT_PATH, "child1");
|
|
|
|
|
+ final private static Path CHILD_DIR2 = new Path(ROOT_PATH, "child2");
|
|
|
final private static Path CHILD_FILE1 = new Path(ROOT_PATH, "file1");
|
|
final private static Path CHILD_FILE1 = new Path(ROOT_PATH, "file1");
|
|
|
final private static Path CHILD_FILE2 = new Path(ROOT_PATH, "file2");
|
|
final private static Path CHILD_FILE2 = new Path(ROOT_PATH, "file2");
|
|
|
|
|
|
|
@@ -50,10 +50,9 @@ public class TestPermission extends TestCase {
|
|
|
final private static String PERMISSION_EXCEPTION_NAME =
|
|
final private static String PERMISSION_EXCEPTION_NAME =
|
|
|
AccessControlException.class.getName();
|
|
AccessControlException.class.getName();
|
|
|
|
|
|
|
|
- final private static String USER_NAME = "Who";
|
|
|
|
|
- final private static String GROUP1_NAME = "group1";
|
|
|
|
|
- final private static String GROUP2_NAME = "group2";
|
|
|
|
|
- final private static String[] GROUP_NAMES = {GROUP1_NAME, GROUP2_NAME};
|
|
|
|
|
|
|
+ final private static Random RAN = new Random();
|
|
|
|
|
+ final private static String USER_NAME = "user" + RAN.nextInt();
|
|
|
|
|
+ final private static String[] GROUP_NAMES = {"group1", "group2"};
|
|
|
|
|
|
|
|
static FsPermission checkPermission(FileSystem fs,
|
|
static FsPermission checkPermission(FileSystem fs,
|
|
|
String path, FsPermission expected) throws IOException {
|
|
String path, FsPermission expected) throws IOException {
|
|
@@ -116,67 +115,72 @@ public class TestPermission extends TestCase {
|
|
|
conf.setBoolean("dfs.permissions", true);
|
|
conf.setBoolean("dfs.permissions", true);
|
|
|
MiniDFSCluster cluster = new MiniDFSCluster(conf, 3, true, null);
|
|
MiniDFSCluster cluster = new MiniDFSCluster(conf, 3, true, null);
|
|
|
cluster.waitActive();
|
|
cluster.waitActive();
|
|
|
- FileSystem fs = FileSystem.get(conf);
|
|
|
|
|
|
|
|
|
|
try {
|
|
try {
|
|
|
|
|
+ FileSystem nnfs = FileSystem.get(conf);
|
|
|
// test permissions on files that do not exist
|
|
// test permissions on files that do not exist
|
|
|
- assertFalse(fs.exists(CHILD_FILE1));
|
|
|
|
|
|
|
+ assertFalse(nnfs.exists(CHILD_FILE1));
|
|
|
try {
|
|
try {
|
|
|
- fs.setOwner(CHILD_FILE1, "foo", "bar");
|
|
|
|
|
|
|
+ nnfs.setOwner(CHILD_FILE1, "foo", "bar");
|
|
|
assertTrue(false);
|
|
assertTrue(false);
|
|
|
}
|
|
}
|
|
|
catch(java.io.FileNotFoundException e) {
|
|
catch(java.io.FileNotFoundException e) {
|
|
|
LOG.info("GOOD: got " + e);
|
|
LOG.info("GOOD: got " + e);
|
|
|
}
|
|
}
|
|
|
try {
|
|
try {
|
|
|
- fs.setPermission(CHILD_FILE1, new FsPermission((short)0777));
|
|
|
|
|
|
|
+ nnfs.setPermission(CHILD_FILE1, new FsPermission((short)0777));
|
|
|
assertTrue(false);
|
|
assertTrue(false);
|
|
|
}
|
|
}
|
|
|
catch(java.io.FileNotFoundException e) {
|
|
catch(java.io.FileNotFoundException e) {
|
|
|
LOG.info("GOOD: got " + e);
|
|
LOG.info("GOOD: got " + e);
|
|
|
}
|
|
}
|
|
|
// following dir/file creations are legal
|
|
// following dir/file creations are legal
|
|
|
- fs.mkdirs(CHILD_DIR1);
|
|
|
|
|
- FSDataOutputStream out = fs.create(CHILD_FILE1);
|
|
|
|
|
|
|
+ nnfs.mkdirs(CHILD_DIR1);
|
|
|
|
|
+ FSDataOutputStream out = nnfs.create(CHILD_FILE1);
|
|
|
byte data[] = new byte[FILE_LEN];
|
|
byte data[] = new byte[FILE_LEN];
|
|
|
- Random r = new Random();
|
|
|
|
|
- r.nextBytes(data);
|
|
|
|
|
|
|
+ RAN.nextBytes(data);
|
|
|
out.write(data);
|
|
out.write(data);
|
|
|
out.close();
|
|
out.close();
|
|
|
- fs.setPermission(CHILD_FILE1, new FsPermission((short)0700));
|
|
|
|
|
|
|
+ nnfs.setPermission(CHILD_FILE1, new FsPermission((short)0700));
|
|
|
|
|
|
|
|
// following read is legal
|
|
// following read is legal
|
|
|
byte dataIn[] = new byte[FILE_LEN];
|
|
byte dataIn[] = new byte[FILE_LEN];
|
|
|
- FSDataInputStream fin = fs.open(CHILD_FILE1);
|
|
|
|
|
- fin.read(dataIn);
|
|
|
|
|
|
|
+ FSDataInputStream fin = nnfs.open(CHILD_FILE1);
|
|
|
|
|
+ int bytesRead = fin.read(dataIn);
|
|
|
|
|
+ assertTrue(bytesRead == FILE_LEN);
|
|
|
for(int i=0; i<FILE_LEN; i++) {
|
|
for(int i=0; i<FILE_LEN; i++) {
|
|
|
assertEquals(data[i], dataIn[i]);
|
|
assertEquals(data[i], dataIn[i]);
|
|
|
}
|
|
}
|
|
|
- fs.close();
|
|
|
|
|
|
|
|
|
|
|
|
+ ////////////////////////////////////////////////////////////////
|
|
|
// test illegal file/dir creation
|
|
// test illegal file/dir creation
|
|
|
UnixUserGroupInformation userGroupInfo = new UnixUserGroupInformation(
|
|
UnixUserGroupInformation userGroupInfo = new UnixUserGroupInformation(
|
|
|
USER_NAME, GROUP_NAMES );
|
|
USER_NAME, GROUP_NAMES );
|
|
|
- conf.set(UnixUserGroupInformation.UGI_PROPERTY_NAME,
|
|
|
|
|
- userGroupInfo.toString());
|
|
|
|
|
- fs = FileSystem.get(conf);
|
|
|
|
|
|
|
+ UnixUserGroupInformation.saveToConf(conf,
|
|
|
|
|
+ UnixUserGroupInformation.UGI_PROPERTY_NAME, userGroupInfo);
|
|
|
|
|
+ FileSystem userfs = FileSystem.get(conf);
|
|
|
|
|
|
|
|
// make sure mkdir of a existing directory that is not owned by
|
|
// make sure mkdir of a existing directory that is not owned by
|
|
|
// this user does not throw an exception.
|
|
// this user does not throw an exception.
|
|
|
- fs.mkdirs(CHILD_DIR1);
|
|
|
|
|
|
|
+ userfs.mkdirs(CHILD_DIR1);
|
|
|
|
|
|
|
|
// illegal mkdir
|
|
// illegal mkdir
|
|
|
- assertTrue(!canMkdirs(fs, CHILD_DIR2));
|
|
|
|
|
|
|
+ assertTrue(!canMkdirs(userfs, CHILD_DIR2));
|
|
|
|
|
|
|
|
// illegal file creation
|
|
// illegal file creation
|
|
|
- assertTrue(!canCreate(fs, CHILD_FILE2));
|
|
|
|
|
|
|
+ assertTrue(!canCreate(userfs, CHILD_FILE2));
|
|
|
|
|
|
|
|
// illegal file open
|
|
// illegal file open
|
|
|
- assertTrue(!canOpen(fs, CHILD_FILE1));
|
|
|
|
|
- }
|
|
|
|
|
- finally {
|
|
|
|
|
- try{fs.close();} catch(Exception e) {}
|
|
|
|
|
- try{cluster.shutdown();} catch(Exception e) {}
|
|
|
|
|
|
|
+ assertTrue(!canOpen(userfs, CHILD_FILE1));
|
|
|
|
|
+
|
|
|
|
|
+ nnfs.setPermission(ROOT_PATH, new FsPermission((short)0755));
|
|
|
|
|
+ nnfs.setPermission(CHILD_DIR1, new FsPermission((short)0777));
|
|
|
|
|
+ nnfs.setPermission(new Path("/"), new FsPermission((short)0777));
|
|
|
|
|
+ final Path RENAME_PATH = new Path("/foo/bar");
|
|
|
|
|
+ userfs.mkdirs(RENAME_PATH);
|
|
|
|
|
+ assertTrue(canRename(userfs, RENAME_PATH, CHILD_DIR1));
|
|
|
|
|
+ } finally {
|
|
|
|
|
+ if(cluster != null) cluster.shutdown();
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -209,4 +213,15 @@ public class TestPermission extends TestCase {
|
|
|
return false;
|
|
return false;
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
+
|
|
|
|
|
+ static boolean canRename(FileSystem fs, Path src, Path dst
|
|
|
|
|
+ ) throws IOException {
|
|
|
|
|
+ try {
|
|
|
|
|
+ fs.rename(src, dst);
|
|
|
|
|
+ return true;
|
|
|
|
|
+ } catch(RemoteException e) {
|
|
|
|
|
+ assertEquals(PERMISSION_EXCEPTION_NAME, e.getClassName());
|
|
|
|
|
+ return false;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
Mukund Madhugiri