xattr api cleanup
(cherry picked from commit da59acd8ca9ab5b49b988ffca64e8cce91c5f741)
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirXAttrOp.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirXAttrOp.java
index 3223467..be3092c 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirXAttrOp.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirXAttrOp.java
@@ -137,8 +137,7 @@
final boolean isRawPath = FSDirectory.isReservedRawName(src);
final INodesInPath iip = fsd.resolvePath(pc, src, DirOp.READ);
if (fsd.isPermissionEnabled()) {
- /* To access xattr names, you need EXECUTE in the owning directory. */
- fsd.checkParentAccess(pc, iip, FsAction.EXECUTE);
+ fsd.checkPathAccess(pc, iip, FsAction.READ);
}
final List<XAttr> all = FSDirXAttrOp.getXAttrs(fsd, iip);
return XAttrPermissionFilter.
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java
index 43eeadf..b5f7573 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java
@@ -843,28 +843,37 @@
}
/*
- * Check that execute/scan access to the parent dir is sufficient to get
- * xattr names.
+ * Check that execute/scan access to the parent dir is not
+ * sufficient to get xattr names.
*/
fs.setPermission(path, new FsPermission((short) 0701));
user.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
+ try {
final FileSystem userFs = dfsCluster.getFileSystem();
userFs.listXAttrs(childDir);
- return null;
+ fail("expected AccessControlException");
+ } catch (AccessControlException ace) {
+ GenericTestUtils.assertExceptionContains("Permission denied", ace);
}
+ return null;
+ }
});
/*
* Test that xattrs in the "trusted" namespace are filtered correctly.
*/
+ // Allow the user to read child path.
+ fs.setPermission(childDir, new FsPermission((short) 0704));
fs.setXAttr(childDir, "trusted.myxattr", "1234".getBytes());
user.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
final FileSystem userFs = dfsCluster.getFileSystem();
- assertTrue(userFs.listXAttrs(childDir).size() == 1);
+ List<String> xattrs = userFs.listXAttrs(childDir);
+ assertTrue(xattrs.size() == 1);
+ assertEquals(name1, xattrs.get(0));
return null;
}
});
@@ -1109,20 +1118,48 @@
}
/*
- * Test that only user who have parent directory execute access
- * can see raw.* xattrs returned from listXAttr
+ * Test that user who have parent directory execute access
+ * can also not see raw.* xattrs returned from listXAttr
*/
- // non-raw path
- final List<String> xattrNames = userFs.listXAttrs(path);
- assertTrue(xattrNames.size() == 0);
+ try {
+ // non-raw path
+ userFs.listXAttrs(path);
+ fail("listXAttr should have thrown AccessControlException");
+ } catch (AccessControlException ace) {
+ // expected
+ }
- // raw path
- List<String> rawXattrs = userFs.listXAttrs(rawPath);
- assertTrue(rawXattrs.size() == 1);
- assertTrue(rawXattrs.get(0).equals(raw1));
+ try {
+ // raw path
+ userFs.listXAttrs(rawPath);
+ fail("listXAttr should have thrown AccessControlException");
+ } catch (AccessControlException ace) {
+ // expected
+ }
return null;
}
});
+ /*
+ Test user who have read access can list xattrs in "raw.*" namespace
+ */
+ fs.setPermission(path, new FsPermission((short) 0751));
+ final Path childDir = new Path(path, "child" + pathCount);
+ FileSystem.mkdirs(fs, childDir, FsPermission.createImmutable((short)
+ 0704));
+ final Path rawChildDir =
+ new Path("/.reserved/raw" + childDir.toString());
+ fs.setXAttr(rawChildDir, raw1, value1);
+ user.doAs(new PrivilegedExceptionAction<Object>() {
+ @Override
+ public Object run() throws Exception {
+ final FileSystem userFs = dfsCluster.getFileSystem();
+ // raw path
+ List<String> xattrs = userFs.listXAttrs(rawChildDir);
+ assertEquals(1, xattrs.size());
+ assertEquals(raw1, xattrs.get(0));
+ return null;
+ }
+ });
fs.removeXAttr(rawPath, raw1);
}