hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/security/acl/OzoneNativeAuthorizer.java - hadoop - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with this
  * work for additional information regarding copyright ownership.  The ASF
  * licenses this file to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  * License for the specific language governing permissions and limitations under
  * the License.
  */
 package org.apache.hadoop.ozone.security.acl;

 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.classification.InterfaceStability;
 import org.apache.hadoop.ozone.om.BucketManager;
 import org.apache.hadoop.ozone.om.KeyManager;
 import org.apache.hadoop.ozone.om.PrefixManager;
 import org.apache.hadoop.ozone.om.VolumeManager;
 import org.apache.hadoop.ozone.om.exceptions.OMException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import java.util.Objects;

 import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.INVALID_REQUEST;

 /**
  * Public API for Ozone ACLs. Security providers providing support for Ozone
  * ACLs should implement this.
  */
 @InterfaceAudience.LimitedPrivate({"HDFS", "Yarn", "Ranger", "Hive", "HBase"})
 @InterfaceStability.Evolving
 public class OzoneNativeAuthorizer implements IAccessAuthorizer {

   private static final Logger LOG =
       LoggerFactory.getLogger(OzoneNativeAuthorizer.class);
   private VolumeManager volumeManager;
   private BucketManager bucketManager;
   private KeyManager keyManager;
   private PrefixManager prefixManager;

   public OzoneNativeAuthorizer() {
   }

   public OzoneNativeAuthorizer(VolumeManager volumeManager,
       BucketManager bucketManager, KeyManager keyManager,
       PrefixManager prefixManager) {
     this.volumeManager = volumeManager;
     this.bucketManager = bucketManager;
     this.keyManager = keyManager;
     this.prefixManager = prefixManager;
   }

   /**
    * Check access for given ozoneObject.
    *
    * @param ozObject object for which access needs to be checked.
    * @param context Context object encapsulating all user related information.
    * @return true if user has access else false.
    */
   public boolean checkAccess(IOzoneObj ozObject, RequestContext context)
       throws OMException {
     Objects.requireNonNull(ozObject);
     Objects.requireNonNull(context);
     OzoneObjInfo objInfo;

     if (ozObject instanceof OzoneObjInfo) {
       objInfo = (OzoneObjInfo) ozObject;
     } else {
       throw new OMException("Unexpected input received. OM native acls are " +
           "configured to work with OzoneObjInfo type only.", INVALID_REQUEST);
     }

     switch (objInfo.getResourceType()) {
     case VOLUME:
       LOG.trace("Checking access for volume: {}", objInfo);
       return volumeManager.checkAccess(objInfo, context);
     case BUCKET:
       LOG.trace("Checking access for bucket: {}", objInfo);
       return (bucketManager.checkAccess(objInfo, context)
           && volumeManager.checkAccess(objInfo, context));
     case KEY:
       LOG.trace("Checking access for Key: {}", objInfo);
       return (keyManager.checkAccess(objInfo, context)
           && prefixManager.checkAccess(objInfo, context)
           && bucketManager.checkAccess(objInfo, context)
           && volumeManager.checkAccess(objInfo, context));
     case PREFIX:
       LOG.trace("Checking access for Prefix: {]", objInfo);
       return (prefixManager.checkAccess(objInfo, context)
           && bucketManager.checkAccess(objInfo, context)
           && volumeManager.checkAccess(objInfo, context));
     default:
       throw new OMException("Unexpected object type:" +
           objInfo.getResourceType(), INVALID_REQUEST);
     }
   }

   public void setVolumeManager(VolumeManager volumeManager) {
     this.volumeManager = volumeManager;
   }

   public void setBucketManager(BucketManager bucketManager) {
     this.bucketManager = bucketManager;
   }

   public void setKeyManager(KeyManager keyManager) {
     this.keyManager = keyManager;
   }

   public void setPrefixManager(PrefixManager prefixManager) {
     this.prefixManager = prefixManager;
   }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with this
	* work for additional information regarding copyright ownership. The ASF
	* licenses this file to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	* License for the specific language governing permissions and limitations under
	* the License.
	*/
	package org.apache.hadoop.ozone.security.acl;

	import org.apache.hadoop.classification.InterfaceAudience;
	import org.apache.hadoop.classification.InterfaceStability;
	import org.apache.hadoop.ozone.om.BucketManager;
	import org.apache.hadoop.ozone.om.KeyManager;
	import org.apache.hadoop.ozone.om.PrefixManager;
	import org.apache.hadoop.ozone.om.VolumeManager;
	import org.apache.hadoop.ozone.om.exceptions.OMException;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	import java.util.Objects;

	import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.INVALID_REQUEST;

	/**
	* Public API for Ozone ACLs. Security providers providing support for Ozone
	* ACLs should implement this.
	*/
	@InterfaceAudience.LimitedPrivate({"HDFS", "Yarn", "Ranger", "Hive", "HBase"})
	@InterfaceStability.Evolving
	public class OzoneNativeAuthorizer implements IAccessAuthorizer {

	private static final Logger LOG =
	LoggerFactory.getLogger(OzoneNativeAuthorizer.class);
	private VolumeManager volumeManager;
	private BucketManager bucketManager;
	private KeyManager keyManager;
	private PrefixManager prefixManager;

	public OzoneNativeAuthorizer() {
	}

	public OzoneNativeAuthorizer(VolumeManager volumeManager,
	BucketManager bucketManager, KeyManager keyManager,
	PrefixManager prefixManager) {
	this.volumeManager = volumeManager;
	this.bucketManager = bucketManager;
	this.keyManager = keyManager;
	this.prefixManager = prefixManager;
	}

	/**
	* Check access for given ozoneObject.
	*
	* @param ozObject object for which access needs to be checked.
	* @param context Context object encapsulating all user related information.
	* @return true if user has access else false.
	*/
	public boolean checkAccess(IOzoneObj ozObject, RequestContext context)
	throws OMException {
	Objects.requireNonNull(ozObject);
	Objects.requireNonNull(context);
	OzoneObjInfo objInfo;

	if (ozObject instanceof OzoneObjInfo) {
	objInfo = (OzoneObjInfo) ozObject;
	} else {
	throw new OMException("Unexpected input received. OM native acls are " +
	"configured to work with OzoneObjInfo type only.", INVALID_REQUEST);
	}

	switch (objInfo.getResourceType()) {
	case VOLUME:
	LOG.trace("Checking access for volume: {}", objInfo);
	return volumeManager.checkAccess(objInfo, context);
	case BUCKET:
	LOG.trace("Checking access for bucket: {}", objInfo);
	return (bucketManager.checkAccess(objInfo, context)
	&& volumeManager.checkAccess(objInfo, context));
	case KEY:
	LOG.trace("Checking access for Key: {}", objInfo);
	return (keyManager.checkAccess(objInfo, context)
	&& prefixManager.checkAccess(objInfo, context)
	&& bucketManager.checkAccess(objInfo, context)
	&& volumeManager.checkAccess(objInfo, context));
	case PREFIX:
	LOG.trace("Checking access for Prefix: {]", objInfo);
	return (prefixManager.checkAccess(objInfo, context)
	&& bucketManager.checkAccess(objInfo, context)
	&& volumeManager.checkAccess(objInfo, context));
	default:
	throw new OMException("Unexpected object type:" +
	objInfo.getResourceType(), INVALID_REQUEST);
	}
	}

	public void setVolumeManager(VolumeManager volumeManager) {
	this.volumeManager = volumeManager;
	}

	public void setBucketManager(BucketManager bucketManager) {
	this.bucketManager = bucketManager;
	}

	public void setKeyManager(KeyManager keyManager) {
	this.keyManager = keyManager;
	}

	public void setPrefixManager(PrefixManager prefixManager) {
	this.prefixManager = prefixManager;
	}
	}