public java.lang.Object getFieldValue(_Fields field) { switch (field) { case SETTABLE: return get_settable(); case VERSION: return get_version(); } throw new java.lang.IllegalStateException(); }
protected static void copyBlobStoreKeys(BlobStore bsFrom, Subject whoFrom, BlobStore bsTo, Subject whoTo) throws AuthorizationException, KeyAlreadyExistsException, IOException, KeyNotFoundException { Iterable<String> lfsKeys = () -> bsFrom.listKeys(); for(String key : lfsKeys) { ReadableBlobMeta readable_meta = bsFrom.getBlobMeta(key, whoFrom); SettableBlobMeta meta = readable_meta.get_settable(); InputStream in = bsFrom.getBlob(key, whoFrom); System.out.println("COPYING BLOB " + key + " FROM " + bsFrom + " TO " + bsTo); bsTo.createBlob(key, in, meta, whoTo); System.out.println("DONE CREATING BLOB " + key); } }
@Override public void run(ClientBlobStore blobStore) throws Exception { Iterator<String> keys; boolean isArgsEmpty = (args == null || args.length == 0); if (isArgsEmpty) { keys = blobStore.listKeys(); } else { keys = Arrays.asList(args).iterator(); } while (keys.hasNext()) { String key = keys.next(); try { ReadableBlobMeta meta = blobStore.getBlobMeta(key); long version = meta.get_version(); List<AccessControl> acl = meta.get_settable().get_acl(); LOG.info("{} {} {}", key, version, generateAccessControlsInfo(acl)); } catch (AuthorizationException ae) { if (!isArgsEmpty) { LOG.error("ACCESS DENIED to key: {}", key); } } catch (KeyNotFoundException knf) { if (!isArgsEmpty) { LOG.error("{} NOT FOUND", key); } } } } });
@Override public void run(ClientBlobStore blobStore) throws Exception { ReadableBlobMeta meta = blobStore.getBlobMeta(key); List<AccessControl> acl = meta.get_settable().get_acl(); List<AccessControl> newAcl; if (setAcl != null && !setAcl.isEmpty()) { newAcl = setAcl; } else { newAcl = acl; } SettableBlobMeta newMeta = new SettableBlobMeta(newAcl); LOG.info("Setting ACL for {} to {}", key, generateAccessControlsInfo(newAcl)); blobStore.setBlobMeta(key, newMeta); } });
public static boolean canUserReadBlob(ReadableBlobMeta meta, String user, Map<String, Object> conf) { if (!ObjectReader.getBoolean(conf.get(Config.STORM_BLOBSTORE_ACL_VALIDATION_ENABLED), false)) { return true; } SettableBlobMeta settable = meta.get_settable(); for (AccessControl acl : settable.get_acl()) { if (acl.get_type().equals(AccessControlType.OTHER) && (acl.get_access() & BlobStoreAclHandler.READ) > 0) { return true; } if (acl.get_name().equals(user) && (acl.get_access() & BlobStoreAclHandler.READ) > 0) { return true; } } return false; }
/** * Update an existing topology conf. * @param topoId the id of the topology * @param who who is doing it * @param topoConf the new topology conf to save * @throws AuthorizationException if who is not allowed to update the topology conf * @throws KeyNotFoundException if the topology conf is not found in the blob store * @throws IOException on any error interacting with the blob store. */ public void updateTopoConf(final String topoId, final Subject who, final Map<String, Object> topoConf) throws AuthorizationException, KeyNotFoundException, IOException { final String key = ConfigUtils.masterStormConfKey(topoId); store.updateBlob(key, Utils.toCompressedJsonConf(topoConf), who); List<AccessControl> acl = BlobStoreAclHandler.DEFAULT; WithAcl<Map<String, Object>> old = confs.get(topoId); if (old != null) { acl = old.acl; } else { acl = store.getBlobMeta(key, who).get_settable().get_acl(); } confs.put(topoId, new WithAcl<>(acl, topoConf)); }
/** * Update an existing topology . * @param topoId the id of the topology * @param who who is doing it * @param topo the new topology to save * @throws AuthorizationException if who is not allowed to update a topology * @throws KeyNotFoundException if the topology is not found in the blob store * @throws IOException on any error interacting with the blob store */ public void updateTopology(final String topoId, final Subject who, final StormTopology topo) throws AuthorizationException, KeyNotFoundException, IOException { final String key = ConfigUtils.masterStormCodeKey(topoId); store.updateBlob(key, Utils.serialize(topo), who); List<AccessControl> acl = BlobStoreAclHandler.DEFAULT; WithAcl<StormTopology> old = topos.get(topoId); if (old != null) { acl = old.acl; } else { acl = store.getBlobMeta(key, who).get_settable().get_acl(); } topos.put(topoId, new WithAcl<>(acl, topo)); }
remoteBlobStore.setClient(conf, client); try (InputStreamWithMeta in = remoteBlobStore.getBlob(key)) { blobStore.createBlob(key, in, rbm.get_settable(), getNimbusSubject());
/** * Read a topology. * @param topoId the id of the topology to read * @param who who to read it as * @return the deserialized topology. * @throws IOException on any error while reading the blob. * @throws AuthorizationException if who is not allowed to read the blob * @throws KeyNotFoundException if the blob could not be found */ public StormTopology readTopology(final String topoId, final Subject who) throws KeyNotFoundException, AuthorizationException, IOException { final String key = ConfigUtils.masterStormCodeKey(topoId); WithAcl<StormTopology> cached = topos.get(topoId); if (cached == null) { //We need to read a new one StormTopology topo = Utils.deserialize(store.readBlob(key, who), StormTopology.class); ReadableBlobMeta meta = store.getBlobMeta(key, who); cached = new WithAcl<>(meta.get_settable().get_acl(), topo); WithAcl<StormTopology> previous = topos.putIfAbsent(topoId, cached); if (previous != null) { cached = previous; } } else { //Check if the user is allowed to read this aclHandler.hasPermissions(cached.acl, READ, who, key); } return cached.data; }
/** * Read a topology conf. * @param topoId the id of the topology to read the conf for * @param who who to read it as * @return the deserialized config. * @throws IOException on any error while reading the blob. * @throws AuthorizationException if who is not allowed to read the blob * @throws KeyNotFoundException if the blob could not be found */ public Map<String, Object> readTopoConf(final String topoId, final Subject who) throws KeyNotFoundException, AuthorizationException, IOException { final String key = ConfigUtils.masterStormConfKey(topoId); WithAcl<Map<String, Object>> cached = confs.get(topoId); if (cached == null) { //We need to read a new one Map<String, Object> topoConf = Utils.fromCompressedJsonConf(store.readBlob(key, who)); ReadableBlobMeta meta = store.getBlobMeta(key, who); cached = new WithAcl<>(meta.get_settable().get_acl(), topoConf); WithAcl<Map<String, Object>> previous = confs.putIfAbsent(topoId, cached); if (previous != null) { cached = previous; } } else { //Check if the user is allowed to read this aclHandler.hasPermissions(cached.acl, READ, who, key); } return cached.data; }
private void validatedBlobAcls(String testKey) throws KeyNotFoundException, AuthorizationException { ReadableBlobMeta blobMeta = client.getBlobMeta(testKey); Assert.assertNotNull("The blob" + testKey + "does not have any readable blobMeta.", blobMeta); SettableBlobMeta settableBlob = blobMeta.get_settable(); Assert.assertNotNull("The blob" + testKey + "does not have any settable blobMeta.", settableBlob); }
public Object getFieldValue(_Fields field) { switch (field) { case SETTABLE: return get_settable(); case VERSION: return get_version(); } throw new IllegalStateException(); }
public static boolean canUserReadBlob(ReadableBlobMeta meta, String user) { SettableBlobMeta settable = meta.get_settable(); for (AccessControl acl : settable.get_acl()) { if (acl.get_type().equals(AccessControlType.OTHER) && (acl.get_access() & BlobStoreAclHandler.READ) > 0) { return true; } if (acl.get_name().equals(user) && (acl.get_access() & BlobStoreAclHandler.READ) > 0) { return true; } } return false; }
remoteBlobStore.setClient(conf, client); in = remoteBlobStore.getBlob(key); blobStore.createBlob(key, in, rbm.get_settable(), getNimbusSubject());