hadoop UGIResolver 源码

  • 2022-10-20
  • 浏览 (19)

haddop UGIResolver 代码

文件路径:/hadoop-tools/hadoop-fs2img/src/main/java/org/apache/hadoop/hdfs/server/namenode/UGIResolver.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.hadoop.hdfs.server.namenode;

import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.permission.AclEntry;
import org.apache.hadoop.fs.permission.AclEntryType;
import org.apache.hadoop.fs.permission.AclStatus;
import org.apache.hadoop.fs.permission.FsPermission;

/**
 * Pluggable class for mapping ownership and permissions from an external
 * store to an FSImage.
 */
@InterfaceAudience.Public
@InterfaceStability.Unstable
public abstract class UGIResolver {

  public static final int USER_STRID_OFFSET = 40;
  public static final int GROUP_STRID_OFFSET = 16;
  public static final long USER_GROUP_STRID_MASK = (1 << 24) - 1;

  /**
   * Permission is serialized as a 64-bit long. [0:24):[25:48):[48:64) (in Big
   * Endian).
   * The first and the second parts are the string ids of the user and
   * group name, and the last 16 bits are the permission bits.
   * @param owner name of owner
   * @param group name of group
   * @param permission Permission octects
   * @return FSImage encoding of permissions
   */
  protected final long buildPermissionStatus(
      String owner, String group, short permission) {

    long userId = users.get(owner);
    if (0L != ((~USER_GROUP_STRID_MASK) & userId)) {
      throw new IllegalArgumentException("UID must fit in 24 bits");
    }

    long groupId = groups.get(group);
    if (0L != ((~USER_GROUP_STRID_MASK) & groupId)) {
      throw new IllegalArgumentException("GID must fit in 24 bits");
    }
    return ((userId & USER_GROUP_STRID_MASK) << USER_STRID_OFFSET)
        | ((groupId & USER_GROUP_STRID_MASK) << GROUP_STRID_OFFSET)
        | permission;
  }

  private final Map<String, Integer> users;
  private final Map<String, Integer> groups;

  public UGIResolver() {
    this(new HashMap<String, Integer>(), new HashMap<String, Integer>());
  }

  UGIResolver(Map<String, Integer> users, Map<String, Integer> groups) {
    this.users = users;
    this.groups = groups;
  }

  public Map<Integer, String> ugiMap() {
    Map<Integer, String> ret = new HashMap<>();
    for (Map<String, Integer> m : Arrays.asList(users, groups)) {
      for (Map.Entry<String, Integer> e : m.entrySet()) {
        String s = ret.put(e.getValue(), e.getKey());
        if (s != null) {
          throw new IllegalStateException("Duplicate mapping: " +
              e.getValue() + " " + s + " " + e.getKey());
        }
      }
    }
    return ret;
  }

  public abstract void addUser(String name);

  protected void addUser(String name, int id) {
    Integer uid = users.put(name, id);
    if (uid != null) {
      throw new IllegalArgumentException("Duplicate mapping: " + name +
          " " + uid + " " + id);
    }
  }

  public abstract void addGroup(String name);

  protected void addGroup(String name, int id) {
    Integer gid = groups.put(name, id);
    if (gid != null) {
      throw new IllegalArgumentException("Duplicate mapping: " + name +
          " " + gid + " " + id);
    }
  }

  protected void resetUGInfo() {
    users.clear();
    groups.clear();
  }

  public long resolve(FileStatus s) {
    String resolvedGroup = group(s.getGroup());
    String resolvedOwner = user(s.getOwner());
    FsPermission resolvedPermission = permission(s.getPermission());
    return buildPermissionStatus(
        resolvedOwner, resolvedGroup, resolvedPermission.toShort());
  }

  private long resolve(AclStatus aclStatus) {
    String resolvedOwner = user(aclStatus.getOwner());
    String resolvedGroup = group(aclStatus.getGroup());
    FsPermission resolvedPermision = permission(aclStatus.getPermission());
    return buildPermissionStatus(
        resolvedOwner, resolvedGroup, resolvedPermision.toShort());
  }

  protected String user(String s) {
    return s;
  }

  protected String group(String s) {
    return s;
  }

  public FsPermission permission(FsPermission s) {
    return s;
  }

  /**
   * Get the serialized, local permissions for the external
   * {@link FileStatus} or {@link AclStatus}. {@code remoteAcl} is used when it
   * is not null, otherwise {@code remoteStatus} is used.
   *
   * @param remoteStatus FileStatus on remote store.
   * @param remoteAcl AclStatus on external store.
   * @return serialized, local permissions the FileStatus or AclStatus map to.
   */
  public long getPermissionsProto(FileStatus remoteStatus,
      AclStatus remoteAcl) {
    addUGI(remoteStatus, remoteAcl);
    if (remoteAcl == null) {
      return resolve(remoteStatus);
    } else {
      return resolve(remoteAcl);
    }
  }

  /**
   * Add the users and groups specified by the given {@link FileStatus} and
   * {@link AclStatus}.
   *
   * @param remoteStatus
   * @param remoteAcl
   */
  private void addUGI(FileStatus remoteStatus, AclStatus remoteAcl) {
    if (remoteAcl != null) {
      addUser(remoteAcl.getOwner());
      addGroup(remoteAcl.getGroup());
      for (AclEntry entry : remoteAcl.getEntries()) {
        // add the users and groups in this acl entry to ugi
        String name = entry.getName();
        if (name != null) {
          if (entry.getType() == AclEntryType.USER) {
            addUser(name);
          } else if (entry.getType() == AclEntryType.GROUP) {
            addGroup(name);
          }
        }
      }
    } else {
      addUser(remoteStatus.getOwner());
      addGroup(remoteStatus.getGroup());
    }
  }
}

相关信息

hadoop 源码目录

相关文章

hadoop BlockResolver 源码

hadoop FSTreeWalk 源码

hadoop FileSystemImage 源码

hadoop FixedBlockMultiReplicaResolver 源码

hadoop FixedBlockResolver 源码

hadoop FsUGIResolver 源码

hadoop ImageWriter 源码

hadoop NullBlockAliasMap 源码

hadoop SingleUGIResolver 源码

hadoop TreePath 源码

0  赞