public java.lang.Object getFieldValue(_Fields field) { switch (field) { case ACL: return get_acl(); case REPLICATION_FACTOR: return get_replication_factor(); } throw new java.lang.IllegalStateException(); }
public void normalizeSettableBlobMeta(String key, SettableBlobMeta meta, Subject who, int opMask) { meta.set_acl(normalizeSettableACLs(key, meta.get_acl(), who, opMask)); }
@Override public void run(ClientBlobStore blobStore) throws Exception { ReadableBlobMeta meta = blobStore.getBlobMeta(key); List<AccessControl> acl = meta.get_settable().get_acl(); List<AccessControl> newAcl; if (setAcl != null && !setAcl.isEmpty()) { newAcl = setAcl; } else { newAcl = acl; } SettableBlobMeta newMeta = new SettableBlobMeta(newAcl); LOG.info("Setting ACL for {} to {}", key, generateAccessControlsInfo(newAcl)); blobStore.setBlobMeta(key, newMeta); } });
private void checkPermission(String key, Subject who, int mask) throws KeyNotFoundException, AuthorizationException { checkForBlobOrDownload(key); SettableBlobMeta meta = getStoredBlobMeta(key); _aclHandler.hasPermissions(meta.get_acl(), mask, who, key); }
/** * Client facing API to set the metadata for a blob. * * @param key blob key name. * @param meta contains ACL information. * @throws AuthorizationException * @throws KeyNotFoundException */ public final void setBlobMeta(String key, SettableBlobMeta meta) throws AuthorizationException, KeyNotFoundException { if (meta != null && meta.is_set_acl()) { BlobStoreAclHandler.validateSettableACLs(key, meta.get_acl()); } setBlobMetaToExtend(key, meta); }
/** * Client facing API to create a blob. * * @param key blob key name. * @param meta contains ACL information. * @return AtomicOutputStream returns an output stream into which data can be written. * * @throws AuthorizationException * @throws KeyAlreadyExistsException */ public final AtomicOutputStream createBlob(String key, SettableBlobMeta meta) throws AuthorizationException, KeyAlreadyExistsException { if (meta != null && meta.is_set_acl()) { BlobStoreAclHandler.validateSettableACLs(key, meta.get_acl()); } return createBlobToExtend(key, meta); }
@Override public int getBlobReplication(String key, Subject who) throws AuthorizationException, KeyNotFoundException { who = checkAndGetSubject(who); validateKey(key); SettableBlobMeta meta = getStoredBlobMeta(key); aclHandler.hasAnyPermissions(meta.get_acl(), READ | WRITE | ADMIN, who, key); try { return hbs.getBlobReplication(DATA_PREFIX + key); } catch (IOException exp) { throw new RuntimeException(exp); } }
@Override public void setBlobMeta(String key, SettableBlobMeta meta, Subject who) throws AuthorizationException, KeyNotFoundException { if (meta.get_replication_factor() <= 0) { meta.set_replication_factor((int)conf.get(Config.STORM_BLOBSTORE_REPLICATION_FACTOR)); } who = checkAndGetSubject(who); validateKey(key); aclHandler.normalizeSettableBlobMeta(key, meta, who, ADMIN); BlobStoreAclHandler.validateSettableACLs(key, meta.get_acl()); SettableBlobMeta orig = getStoredBlobMeta(key); aclHandler.hasPermissions(orig.get_acl(), ADMIN, who, key); BlobStoreFileOutputStream mOut = null; writeMetadata(key, meta); }
@Override public InputStreamWithMeta getBlob(String key, Subject who) throws AuthorizationException, KeyNotFoundException { who = checkAndGetSubject(who); validateKey(key); SettableBlobMeta meta = getStoredBlobMeta(key); aclHandler.hasPermissions(meta.get_acl(), READ, who, key); try { return new BlobStoreFileInputStream(hbs.read(DATA_PREFIX + key)); } catch (IOException e) { throw new RuntimeException(e); } }
/** * Add a new topology. * @param topoId the id of the topology * @param who who is doing it * @param topo the topology itself * @throws AuthorizationException if who is not allowed to add a topology * @throws KeyAlreadyExistsException if the topology already exists * @throws IOException on any error interacting with the blob store */ public void addTopology(final String topoId, final Subject who, final StormTopology topo) throws AuthorizationException, KeyAlreadyExistsException, IOException { final String key = ConfigUtils.masterStormCodeKey(topoId); final List<AccessControl> acl = BlobStoreAclHandler.DEFAULT; SettableBlobMeta meta = new SettableBlobMeta(acl); store.createBlob(key, Utils.serialize(topo), meta, who); topos.put(topoId, new WithAcl<>(meta.get_acl(), topo)); }
/** * Add a new topology config. * @param topoId the id of the topology * @param who who is doing it * @param topoConf the topology conf itself * @throws AuthorizationException if who is not allowed to add a topology conf * @throws KeyAlreadyExistsException if the toplogy conf already exists in the blob store * @throws IOException on any error interacting with the blob store. */ public void addTopoConf(final String topoId, final Subject who, final Map<String, Object> topoConf) throws AuthorizationException, KeyAlreadyExistsException, IOException { final String key = ConfigUtils.masterStormConfKey(topoId); final List<AccessControl> acl = BlobStoreAclHandler.DEFAULT; SettableBlobMeta meta = new SettableBlobMeta(acl); store.createBlob(key, Utils.toCompressedJsonConf(topoConf), meta, who); confs.put(topoId, new WithAcl<>(meta.get_acl(), topoConf)); }
public static boolean canUserReadBlob(ReadableBlobMeta meta, String user, Map<String, Object> conf) { if (!ObjectReader.getBoolean(conf.get(Config.STORM_BLOBSTORE_ACL_VALIDATION_ENABLED), false)) { return true; } SettableBlobMeta settable = meta.get_settable(); for (AccessControl acl : settable.get_acl()) { if (acl.get_type().equals(AccessControlType.OTHER) && (acl.get_access() & BlobStoreAclHandler.READ) > 0) { return true; } if (acl.get_name().equals(user) && (acl.get_access() & BlobStoreAclHandler.READ) > 0) { return true; } } return false; }
@Override public void deleteBlob(String key, Subject who) throws AuthorizationException, KeyNotFoundException { who = checkAndGetSubject(who); validateKey(key); SettableBlobMeta meta = getStoredBlobMeta(key); aclHandler.hasPermissions(meta.get_acl(), WRITE, who, key); try { hbs.deleteKey(DATA_PREFIX + key); hbs.deleteKey(META_PREFIX + key); } catch (IOException e) { throw new RuntimeException(e); } }
/** * Update an existing topology . * @param topoId the id of the topology * @param who who is doing it * @param topo the new topology to save * @throws AuthorizationException if who is not allowed to update a topology * @throws KeyNotFoundException if the topology is not found in the blob store * @throws IOException on any error interacting with the blob store */ public void updateTopology(final String topoId, final Subject who, final StormTopology topo) throws AuthorizationException, KeyNotFoundException, IOException { final String key = ConfigUtils.masterStormCodeKey(topoId); store.updateBlob(key, Utils.serialize(topo), who); List<AccessControl> acl = BlobStoreAclHandler.DEFAULT; WithAcl<StormTopology> old = topos.get(topoId); if (old != null) { acl = old.acl; } else { acl = store.getBlobMeta(key, who).get_settable().get_acl(); } topos.put(topoId, new WithAcl<>(acl, topo)); }
@Override public int updateBlobReplication(String key, int replication, Subject who) throws AuthorizationException, KeyNotFoundException { who = checkAndGetSubject(who); validateKey(key); SettableBlobMeta meta = getStoredBlobMeta(key); meta.set_replication_factor(replication); aclHandler.hasAnyPermissions(meta.get_acl(), WRITE | ADMIN, who, key); try { writeMetadata(key, meta); return hbs.updateBlobReplication(DATA_PREFIX + key, replication); } catch (IOException exp) { throw new RuntimeException(exp); } }
@Override public InputStreamWithMeta getBlob(String key, Subject who) throws AuthorizationException, KeyNotFoundException { validateKey(key); if (!checkForBlobOrDownload(key)) { checkForBlobUpdate(key); } SettableBlobMeta meta = getStoredBlobMeta(key); _aclHandler.hasPermissions(meta.get_acl(), READ, who, key); try { return new BlobStoreFileInputStream(fbs.read(DATA_PREFIX + key)); } catch (IOException e) { throw new RuntimeException(e); } }
@Override public AtomicOutputStream updateBlob(String key, Subject who) throws AuthorizationException, KeyNotFoundException { who = checkAndGetSubject(who); SettableBlobMeta meta = getStoredBlobMeta(key); validateKey(key); aclHandler.hasPermissions(meta.get_acl(), WRITE, who, key); try { BlobStoreFile dataFile = hbs.write(DATA_PREFIX + key, false); dataFile.setMetadata(meta); return new BlobStoreFileOutputStream(dataFile); } catch (IOException e) { throw new RuntimeException(e); } }
@Override public int getBlobReplication(String key, Subject who) throws Exception { int replicationCount = 0; validateKey(key); SettableBlobMeta meta = getStoredBlobMeta(key); _aclHandler.hasPermissions(meta.get_acl(), READ, who, key); if (zkClient.checkExists().forPath(BLOBSTORE_SUBTREE + key) == null) { return 0; } try { replicationCount = zkClient.getChildren().forPath(BLOBSTORE_SUBTREE + key).size(); } catch (KeeperException.NoNodeException e) { //Race with delete //If it is not here the replication is 0 } return replicationCount; }
@Override public ReadableBlobMeta getBlobMeta(String key, Subject who) throws AuthorizationException, KeyNotFoundException { who = checkAndGetSubject(who); validateKey(key); SettableBlobMeta meta = getStoredBlobMeta(key); aclHandler.validateUserCanReadMeta(meta.get_acl(), who, key); ReadableBlobMeta rbm = new ReadableBlobMeta(); rbm.set_settable(meta); try { BlobStoreFile pf = hbs.read(DATA_PREFIX + key); rbm.set_version(pf.getModTime()); } catch (IOException e) { throw new RuntimeException(e); } return rbm; }
@Override public ReadableBlobMeta getBlobMeta(String key, Subject who) throws AuthorizationException, KeyNotFoundException { validateKey(key); if (!checkForBlobOrDownload(key)) { checkForBlobUpdate(key); } SettableBlobMeta meta = getStoredBlobMeta(key); _aclHandler.validateUserCanReadMeta(meta.get_acl(), who, key); ReadableBlobMeta rbm = new ReadableBlobMeta(); rbm.set_settable(meta); try { LocalFsBlobStoreFile pf = fbs.read(DATA_PREFIX + key); rbm.set_version(pf.getModTime()); } catch (IOException e) { throw new RuntimeException(e); } return rbm; }