Return-Path: Delivered-To: apmail-hadoop-common-commits-archive@www.apache.org Received: (qmail 71933 invoked from network); 10 Aug 2010 08:12:03 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 10 Aug 2010 08:12:03 -0000 Received: (qmail 50283 invoked by uid 500); 10 Aug 2010 08:12:03 -0000 Delivered-To: apmail-hadoop-common-commits-archive@hadoop.apache.org Received: (qmail 50026 invoked by uid 500); 10 Aug 2010 08:12:00 -0000 Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-dev@hadoop.apache.org Delivered-To: mailing list common-commits@hadoop.apache.org Received: (qmail 50014 invoked by uid 99); 10 Aug 2010 08:11:59 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Aug 2010 08:11:59 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Aug 2010 08:11:58 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 1E8E023889BF; Tue, 10 Aug 2010 08:10:41 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r983877 - in /hadoop/common/trunk: CHANGES.txt src/java/org/apache/hadoop/security/authorize/AccessControlList.java src/test/core/org/apache/hadoop/security/authorize/TestAccessControlList.java Date: Tue, 10 Aug 2010 08:10:41 -0000 To: common-commits@hadoop.apache.org From: amareshwari@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20100810081041.1E8E023889BF@eris.apache.org> Author: amareshwari Date: Tue Aug 10 08:10:40 2010 New Revision: 983877 URL: http://svn.apache.org/viewvc?rev=983877&view=rev Log: HADOOP-6862. Adds api to add/remove user and group to AccessControlList. Contributed by Amareshwari Sriramadasu Modified: hadoop/common/trunk/CHANGES.txt hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/AccessControlList.java hadoop/common/trunk/src/test/core/org/apache/hadoop/security/authorize/TestAccessControlList.java Modified: hadoop/common/trunk/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/trunk/CHANGES.txt?rev=983877&r1=983876&r2=983877&view=diff ============================================================================== --- hadoop/common/trunk/CHANGES.txt (original) +++ hadoop/common/trunk/CHANGES.txt Tue Aug 10 08:10:40 2010 @@ -108,6 +108,8 @@ Trunk (unreleased changes) HADOOP-6890. Improve listFiles API introduced by HADOOP-6870. (hairong) + HADOOP-6862. Adds api to add/remove user and group to AccessControlList + (amareshwari) OPTIMIZATIONS BUG FIXES Modified: hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/AccessControlList.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/AccessControlList.java?rev=983877&r1=983876&r2=983877&view=diff ============================================================================== --- hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/AccessControlList.java (original) +++ hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/AccessControlList.java Tue Aug 10 08:10:40 2010 @@ -17,7 +17,6 @@ */ package org.apache.hadoop.security.authorize; -import java.util.Iterator; import java.util.Set; import java.util.TreeSet; @@ -54,8 +53,7 @@ public class AccessControlList { public AccessControlList(String aclString) { users = new TreeSet(); groups = new TreeSet(); - if (aclString.contains(WILDCARD_ACL_VALUE) && - aclString.trim().equals(WILDCARD_ACL_VALUE)) { + if (isWildCardACLValue(aclString)) { allAllowed = true; } else { String[] userGroupStrings = aclString.split(" ", 2); @@ -76,11 +74,80 @@ public class AccessControlList { } } + private boolean isWildCardACLValue(String aclString) { + if (aclString.contains(WILDCARD_ACL_VALUE) && + aclString.trim().equals(WILDCARD_ACL_VALUE)) { + return true; + } + return false; + } + public boolean isAllAllowed() { return allAllowed; } /** + * Add user to the names of users allowed for this service. + * + * @param user + * The user name + */ + public void addUser(String user) { + if (isWildCardACLValue(user)) { + throw new IllegalArgumentException("User " + user + " can not be added"); + } + if (!isAllAllowed()) { + users.add(user); + } + } + + /** + * Add group to the names of groups allowed for this service. + * + * @param group + * The group name + */ + public void addGroup(String group) { + if (isWildCardACLValue(group)) { + throw new IllegalArgumentException("Group " + group + " can not be added"); + } + if (!isAllAllowed()) { + groups.add(group); + } + } + + /** + * Remove user from the names of users allowed for this service. + * + * @param user + * The user name + */ + public void removeUser(String user) { + if (isWildCardACLValue(user)) { + throw new IllegalArgumentException("User " + user + " can not be removed"); + } + if (!isAllAllowed()) { + users.remove(user); + } + } + + /** + * Remove group from the names of groups allowed for this service. + * + * @param group + * The group name + */ + public void removeGroup(String group) { + if (isWildCardACLValue(group)) { + throw new IllegalArgumentException("Group " + group + + " can not be removed"); + } + if (!isAllAllowed()) { + groups.remove(group); + } + } + + /** * Get the names of users allowed for this service. * @return the set of user names. the set must not be modified. */ Modified: hadoop/common/trunk/src/test/core/org/apache/hadoop/security/authorize/TestAccessControlList.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/test/core/org/apache/hadoop/security/authorize/TestAccessControlList.java?rev=983877&r1=983876&r2=983877&view=diff ============================================================================== --- hadoop/common/trunk/src/test/core/org/apache/hadoop/security/authorize/TestAccessControlList.java (original) +++ hadoop/common/trunk/src/test/core/org/apache/hadoop/security/authorize/TestAccessControlList.java Tue Aug 10 08:10:40 2010 @@ -93,6 +93,138 @@ public class TestAccessControlList exten } /** + * Test addUser/Group and removeUser/Group api. + */ + public void testAddRemoveAPI() { + AccessControlList acl; + Set users; + Set groups; + acl = new AccessControlList(""); + assertEquals(0, acl.getUsers().size()); + assertEquals(0, acl.getGroups().size()); + assertEquals("", acl.toString()); + + acl.addUser("drwho"); + users = acl.getUsers(); + assertEquals(users.size(), 1); + assertEquals(users.iterator().next(), "drwho"); + assertEquals("drwho", acl.toString()); + + acl.addGroup("tardis"); + groups = acl.getGroups(); + assertEquals(groups.size(), 1); + assertEquals(groups.iterator().next(), "tardis"); + assertEquals("drwho tardis", acl.toString()); + + acl.addUser("joe"); + acl.addGroup("users"); + users = acl.getUsers(); + assertEquals(users.size(), 2); + Iterator iter = users.iterator(); + assertEquals(iter.next(), "drwho"); + assertEquals(iter.next(), "joe"); + groups = acl.getGroups(); + assertEquals(groups.size(), 2); + iter = groups.iterator(); + assertEquals(iter.next(), "tardis"); + assertEquals(iter.next(), "users"); + assertEquals("drwho,joe tardis,users", acl.toString()); + + acl.removeUser("joe"); + acl.removeGroup("users"); + users = acl.getUsers(); + assertEquals(users.size(), 1); + assertFalse(users.contains("joe")); + groups = acl.getGroups(); + assertEquals(groups.size(), 1); + assertFalse(groups.contains("users")); + assertEquals("drwho tardis", acl.toString()); + + acl.removeGroup("tardis"); + groups = acl.getGroups(); + assertEquals(0, groups.size()); + assertFalse(groups.contains("tardis")); + assertEquals("drwho", acl.toString()); + + acl.removeUser("drwho"); + assertEquals(0, users.size()); + assertFalse(users.contains("drwho")); + assertEquals(0, acl.getGroups().size()); + assertEquals(0, acl.getUsers().size()); + assertEquals("", acl.toString()); + } + + /** + * Tests adding/removing wild card as the user/group. + */ + public void testAddRemoveWildCard() { + AccessControlList acl = new AccessControlList("drwho tardis"); + + Throwable th = null; + try { + acl.addUser(" * "); + } catch (Throwable t) { + th = t; + } + assertNotNull(th); + assertTrue(th instanceof IllegalArgumentException); + + th = null; + try { + acl.addGroup(" * "); + } catch (Throwable t) { + th = t; + } + assertNotNull(th); + assertTrue(th instanceof IllegalArgumentException); + th = null; + try { + acl.removeUser(" * "); + } catch (Throwable t) { + th = t; + } + assertNotNull(th); + assertTrue(th instanceof IllegalArgumentException); + th = null; + try { + acl.removeGroup(" * "); + } catch (Throwable t) { + th = t; + } + assertNotNull(th); + assertTrue(th instanceof IllegalArgumentException); + } + + /** + * Tests adding user/group to an wild card acl. + */ + public void testAddRemoveToWildCardACL() { + AccessControlList acl = new AccessControlList(" * "); + assertTrue(acl.isAllAllowed()); + + UserGroupInformation drwho = + UserGroupInformation.createUserForTesting("drwho@APACHE.ORG", + new String[] { "aliens" }); + UserGroupInformation drwho2 = + UserGroupInformation.createUserForTesting("drwho2@APACHE.ORG", + new String[] { "tardis" }); + + acl.addUser("drwho"); + assertTrue(acl.isAllAllowed()); + assertFalse(acl.toString().contains("drwho")); + acl.addGroup("tardis"); + assertTrue(acl.isAllAllowed()); + assertFalse(acl.toString().contains("tardis")); + + acl.removeUser("drwho"); + assertTrue(acl.isAllAllowed()); + assertUserAllowed(drwho, acl); + acl.removeGroup("tardis"); + assertTrue(acl.isAllAllowed()); + assertUserAllowed(drwho2, acl); + } + + /** * Verify the method isUserAllowed() */ public void testIsUserAllowed() {