diff --git a/pom.xml b/pom.xml
index 20dd5766..06bf93b8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
com.qcloud.cos
hadoop-cos
- 8.1.0
+ 8.1.1
jar
Apache Hadoop Tencent Cloud COS Support
diff --git a/src/main/java/org/apache/hadoop/fs/CosFileSystem.java b/src/main/java/org/apache/hadoop/fs/CosFileSystem.java
index a7aac94c..a7887b8c 100644
--- a/src/main/java/org/apache/hadoop/fs/CosFileSystem.java
+++ b/src/main/java/org/apache/hadoop/fs/CosFileSystem.java
@@ -7,11 +7,20 @@
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.cosn.Constants;
import org.apache.hadoop.fs.permission.FsPermission;
+import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Progressable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.qcloud.chdfs.permission.RangerAccessType;
+import org.apache.hadoop.fs.auth.RangerCredentialsProvider;
+import org.apache.hadoop.fs.cosn.ranger.client.RangerQcloudObjectStorageClient;
+import org.apache.hadoop.fs.cosn.ranger.security.authorization.AccessType;
+import org.apache.hadoop.fs.cosn.ranger.security.authorization.PermissionRequest;
+import org.apache.hadoop.fs.cosn.ranger.security.authorization.PermissionResponse;
+import org.apache.hadoop.fs.cosn.ranger.security.authorization.ServiceType;
+
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URI;
@@ -46,6 +55,14 @@ public class CosFileSystem extends FileSystem {
private boolean isDefaultNativeStore;
private FileSystem actualImplFS = null;
+ private URI uri;
+ private String bucket;
+ private Path workingDir;
+ // Authorization related.
+ private UserGroupInformation userGroupInformation;
+ private boolean enableRangerPluginPermissionCheck = false;
+ public static RangerQcloudObjectStorageClient rangerQcloudObjectStorageStorageClient = null;
+
public CosFileSystem() {
}
@@ -70,7 +87,17 @@ public void initialize(URI uri, Configuration conf) throws IOException {
super.initialize(uri, conf);
setConf(conf);
+ // initialize the things authorization related.
+ UserGroupInformation.setConfiguration(conf);
+ this.userGroupInformation = UserGroupInformation.getCurrentUser();
+ this.initRangerClientImpl(conf);
+
String bucket = uri.getHost();
+ this.bucket = bucket;
+ this.uri = URI.create(uri.getScheme() + "://" + uri.getAuthority());
+ this.workingDir = new Path("/user", System.getProperty("user.name"))
+ .makeQualified(this.uri, this.getWorkingDirectory());
+
if (null == this.nativeStore) {
this.nativeStore = CosNUtils.createDefaultStore(conf);
this.nativeStore.initialize(uri, conf);
@@ -116,6 +143,7 @@ public void initialize(URI uri, Configuration conf) throws IOException {
((CosNFileSystem) this.actualImplFS).withPosixBucket(this.isPosixFSStore);
}
+
this.actualImplFS.initialize(uri, conf);
}
@@ -145,12 +173,14 @@ public Path getHomeDirectory() {
public FSDataOutputStream append(Path f, int bufferSize,
Progressable progress) throws IOException {
LOG.debug("append file [{}] in COS.", f);
+ checkPermission(f, RangerAccessType.WRITE);
return this.actualImplFS.append(f, bufferSize, progress);
}
@Override
public boolean truncate(Path f, long newLength) throws IOException {
LOG.debug("truncate file [{}] in COS.", f);
+ checkPermission(f, RangerAccessType.WRITE);
return this.actualImplFS.truncate(f, newLength);
}
@@ -161,6 +191,7 @@ public FSDataOutputStream create(Path f, FsPermission permission,
long blockSize, Progressable progress)
throws IOException {
LOG.debug("Creating a new file [{}] in COS.", f);
+ checkPermission(f, RangerAccessType.WRITE);
return this.actualImplFS.create(f, permission, overwrite, bufferSize,
replication, blockSize, progress);
}
@@ -169,12 +200,14 @@ public FSDataOutputStream create(Path f, FsPermission permission,
@Override
public boolean delete(Path f, boolean recursive) throws IOException {
LOG.debug("Ready to delete path: {}. recursive: {}.", f, recursive);
+ checkPermission(f, RangerAccessType.DELETE);
return this.actualImplFS.delete(f, recursive);
}
@Override
public FileStatus getFileStatus(Path f) throws IOException {
LOG.debug("Get file status: {}.", f);
+ checkPermission(f, RangerAccessType.READ);
return this.actualImplFS.getFileStatus(f);
}
@@ -196,6 +229,7 @@ public URI getUri() {
@Override
public FileStatus[] listStatus(Path f) throws FileNotFoundException, IOException {
LOG.debug("list status:" + f);
+ checkPermission(f, RangerAccessType.LIST);
return this.actualImplFS.listStatus(f);
}
@@ -203,18 +237,22 @@ public FileStatus[] listStatus(Path f) throws FileNotFoundException, IOException
public boolean mkdirs(Path f, FsPermission permission)
throws IOException {
LOG.debug("mkdirs path: {}.", f);
+ checkPermission(f, RangerAccessType.WRITE);
return this.actualImplFS.mkdirs(f, permission);
}
@Override
public FSDataInputStream open(Path f, int bufferSize) throws IOException {
LOG.debug("Open file [{}] to read, buffer [{}]", f, bufferSize);
+ checkPermission(f, RangerAccessType.READ);
return this.actualImplFS.open(f, bufferSize);
}
@Override
public boolean rename(Path src, Path dst) throws IOException {
LOG.debug("Rename the source path [{}] to the dest path [{}].", src, dst);
+ checkPermission(src, RangerAccessType.DELETE);
+ checkPermission(dst, RangerAccessType.WRITE);
return this.actualImplFS.rename(src, dst);
}
@@ -228,17 +266,19 @@ public long getDefaultBlockSize() {
*/
@Override
public void setWorkingDirectory(Path newDir) {
+ this.workingDir = newDir;
this.actualImplFS.setWorkingDirectory(newDir);
}
@Override
public Path getWorkingDirectory() {
- return this.actualImplFS.getWorkingDirectory();
+ return this.workingDir;
}
@Override
public FileChecksum getFileChecksum(Path f, long length) throws IOException {
LOG.debug("call the checksum for the path: {}.", f);
+ checkPermission(f, RangerAccessType.READ);
Preconditions.checkArgument(length >= 0);
return this.actualImplFS.getFileChecksum(f, length);
}
@@ -256,6 +296,7 @@ public FileChecksum getFileChecksum(Path f, long length) throws IOException {
@Override
public void setXAttr(Path f, String name, byte[] value, EnumSet flag) throws IOException {
LOG.debug("set XAttr: {}.", f);
+ checkPermission(f, RangerAccessType.WRITE);
this.actualImplFS.setXAttr(f, name, value, flag);
}
@@ -270,6 +311,7 @@ public void setXAttr(Path f, String name, byte[] value, EnumSet fl
@Override
public byte[] getXAttr(Path f, String name) throws IOException {
LOG.debug("get XAttr: {}.", f);
+ checkPermission(f, RangerAccessType.READ);
return this.actualImplFS.getXAttr(f, name);
}
@@ -284,12 +326,14 @@ public byte[] getXAttr(Path f, String name) throws IOException {
@Override
public Map getXAttrs(Path f, List names) throws IOException {
LOG.debug("get XAttrs: {}.", f);
+ checkPermission(f, RangerAccessType.READ);
return this.actualImplFS.getXAttrs(f, names);
}
@Override
public Map getXAttrs(Path f) throws IOException {
LOG.debug("get XAttrs: {}.", f);
+ checkPermission(f, RangerAccessType.READ);
return this.actualImplFS.getXAttrs(f);
}
@@ -303,12 +347,14 @@ public Map getXAttrs(Path f) throws IOException {
@Override
public void removeXAttr(Path f, String name) throws IOException {
LOG.debug("remove XAttr: {}.", f);
+ checkPermission(f, RangerAccessType.WRITE);
this.actualImplFS.removeXAttr(f, name);
}
@Override
public List listXAttrs(Path f) throws IOException {
LOG.debug("list XAttrs: {}.", f);
+ checkPermission(f, RangerAccessType.READ);
return this.actualImplFS.listXAttrs(f);
}
@@ -316,7 +362,10 @@ public List listXAttrs(Path f) throws IOException {
public Token getDelegationToken(String renewer) throws IOException {
LOG.info("getDelegationToken, renewer: {}, stack: {}",
renewer, Arrays.toString(Thread.currentThread().getStackTrace()).replace(',', '\n'));
- return this.actualImplFS.getDelegationToken(renewer);
+ if (rangerQcloudObjectStorageStorageClient != null) {
+ return rangerQcloudObjectStorageStorageClient.getDelegationToken(renewer);
+ }
+ return super.getDelegationToken(renewer);
}
public NativeFileSystemStore getStore() {
@@ -355,6 +404,114 @@ public void releaseFileLock(Path f) throws IOException {
}
}
+ @Override
+ public String getCanonicalServiceName() {
+ if (rangerQcloudObjectStorageStorageClient != null) {
+ return rangerQcloudObjectStorageStorageClient.getCanonicalServiceName();
+ }
+ return null;
+ }
+
+ private void initRangerClientImpl(Configuration conf) throws IOException {
+ Class[] cosClasses = CosNUtils.loadCosProviderClasses(
+ conf,
+ CosNConfigKeys.COSN_CREDENTIALS_PROVIDER);
+
+ if (cosClasses.length == 0) {
+ this.enableRangerPluginPermissionCheck = false;
+ return;
+ }
+
+ for (Class credClass : cosClasses) {
+ if (credClass.getName().contains(RangerCredentialsProvider.class.getName())) {
+ this.enableRangerPluginPermissionCheck = true;
+ break;
+ }
+ }
+
+ if (!this.enableRangerPluginPermissionCheck) {
+ return;
+ }
+
+ Class rangerClientImplClass = conf.getClass(CosNConfigKeys.COSN_RANGER_PLUGIN_CLIENT_IMPL, null);
+ if (rangerClientImplClass == null) {
+ try {
+ rangerClientImplClass = conf.getClassByName(CosNConfigKeys.DEFAULT_COSN_RANGER_PLUGIN_CLIENT_IMPL);
+ } catch (ClassNotFoundException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ if (rangerQcloudObjectStorageStorageClient == null) {
+ synchronized (CosFileSystem.class) {
+ if (rangerQcloudObjectStorageStorageClient == null) {
+ try {
+ RangerQcloudObjectStorageClient tmpClient =
+ (RangerQcloudObjectStorageClient) rangerClientImplClass.newInstance();
+ tmpClient.init(conf);
+ rangerQcloudObjectStorageStorageClient = tmpClient;
+ } catch (Exception e) {
+ LOG.error(String.format("init %s failed", CosNConfigKeys.COSN_RANGER_PLUGIN_CLIENT_IMPL), e);
+ throw new IOException(String.format("init %s failed",
+ CosNConfigKeys.COSN_RANGER_PLUGIN_CLIENT_IMPL), e);
+ }
+ }
+ }
+ }
+
+ }
+
+ private void checkPermission(Path f, RangerAccessType rangerAccessType) throws IOException {
+ if (!this.enableRangerPluginPermissionCheck) {
+ return;
+ }
+
+ AccessType accessType = null;
+ switch (rangerAccessType) {
+ case LIST:
+ accessType = AccessType.LIST;
+ break;
+ case WRITE:
+ accessType = AccessType.WRITE;
+ break;
+ case READ:
+ accessType = AccessType.READ;
+ break;
+ case DELETE:
+ accessType = AccessType.DELETE;
+ break;
+ default:
+ throw new IOException(String.format("unknown access type %s", rangerAccessType.toString()));
+ }
+
+ Path absolutePath = makeAbsolute(f);
+ String allowKey = CosNFileSystem.pathToKey(absolutePath);
+ if (allowKey.startsWith("/")) {
+ allowKey = allowKey.substring(1);
+ }
+
+ PermissionRequest permissionReq = new PermissionRequest(ServiceType.COS, accessType,
+ CosNUtils.getBucketNameWithoutAppid(this.bucket, this.getConf().get(CosNConfigKeys.COSN_APPID_KEY)),
+ allowKey, "", "");
+ boolean allowed = false;
+ PermissionResponse permission = rangerQcloudObjectStorageStorageClient.checkPermission(permissionReq);
+ if (permission != null) {
+ allowed = permission.isAllowed();
+ }
+ if (!allowed) {
+ throw new IOException(String.format("Permission denied, [key: %s], [user: %s], [operation: %s]",
+ allowKey, this.userGroupInformation.getShortUserName(), rangerAccessType.name()));
+ }
+ }
+
+ private Path makeAbsolute(Path path) {
+ if (path.isAbsolute()) {
+ return path;
+ }
+ return new Path(workingDir, path);
+ }
+
+
@Override
public void close() throws IOException {
LOG.info("begin to close cos file system");
diff --git a/src/main/java/org/apache/hadoop/fs/CosNConfigKeys.java b/src/main/java/org/apache/hadoop/fs/CosNConfigKeys.java
index 86391e14..304a18b1 100644
--- a/src/main/java/org/apache/hadoop/fs/CosNConfigKeys.java
+++ b/src/main/java/org/apache/hadoop/fs/CosNConfigKeys.java
@@ -12,7 +12,7 @@
@InterfaceStability.Unstable
public class CosNConfigKeys extends CommonConfigurationKeys {
public static final String USER_AGENT = "fs.cosn.user.agent";
- public static final String DEFAULT_USER_AGENT = "cos-hadoop-plugin-v8.1.0";
+ public static final String DEFAULT_USER_AGENT = "cos-hadoop-plugin-v8.1.1";
public static final String TENCENT_EMR_VERSION_KEY = "fs.emr.version";
diff --git a/src/main/java/org/apache/hadoop/fs/CosNFileSystem.java b/src/main/java/org/apache/hadoop/fs/CosNFileSystem.java
index bf6e2592..95463bf5 100644
--- a/src/main/java/org/apache/hadoop/fs/CosNFileSystem.java
+++ b/src/main/java/org/apache/hadoop/fs/CosNFileSystem.java
@@ -2,23 +2,15 @@
import com.google.common.base.Preconditions;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
-import com.qcloud.chdfs.permission.RangerAccessType;
import com.qcloud.cos.utils.StringUtils;
import org.apache.hadoop.HadoopIllegalArgumentException;
import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.auth.RangerCredentialsProvider;
import org.apache.hadoop.fs.cosn.BufferPool;
import org.apache.hadoop.fs.cosn.CRC32CCheckSum;
import org.apache.hadoop.fs.cosn.CRC64Checksum;
import org.apache.hadoop.fs.cosn.Unit;
-import org.apache.hadoop.fs.cosn.ranger.client.RangerQcloudObjectStorageClient;
-import org.apache.hadoop.fs.cosn.ranger.security.authorization.AccessType;
-import org.apache.hadoop.fs.cosn.ranger.security.authorization.PermissionRequest;
-import org.apache.hadoop.fs.cosn.ranger.security.authorization.PermissionResponse;
-import org.apache.hadoop.fs.cosn.ranger.security.authorization.ServiceType;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Progressable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -58,11 +50,6 @@ public class CosNFileSystem extends FileSystem {
private ExecutorService boundedIOThreadPool;
private ExecutorService boundedCopyThreadPool;
- // Authorization related.
- private UserGroupInformation userGroupInformation;
- private boolean enableRangerPluginPermissionCheck = false;
- public static RangerQcloudObjectStorageClient rangerQcloudObjectStorageStorageClient = null;
-
// todo: flink or some other case must replace with inner structure.
public CosNFileSystem() {
}
@@ -201,11 +188,6 @@ public void rejectedExecution(Runnable r,
}
}
);
-
- // initialize the things authorization related.
- UserGroupInformation.setConfiguration(conf);
- this.userGroupInformation = UserGroupInformation.getCurrentUser();
- this.initRangerClientImpl(conf);
}
@Override
@@ -235,8 +217,6 @@ public FSDataOutputStream append(Path f, int bufferSize,
throw new UnsupportedOperationException("Not supported currently");
}
- checkPermission(f, RangerAccessType.WRITE);
-
FileStatus fileStatus = this.getFileStatus(f);
if (fileStatus.isDirectory()) {
throw new FileAlreadyExistsException(f + " is a directory.");
@@ -257,8 +237,6 @@ public boolean truncate(Path f, long newLength) throws IOException {
throw new UnsupportedOperationException("Not supported currently.");
}
- checkPermission(f, RangerAccessType.WRITE);
-
FileStatus fileStatus = this.getFileStatus(f);
if (fileStatus.isDirectory()) {
throw new FileNotFoundException(f + " is a directory.");
@@ -302,8 +280,6 @@ public FSDataOutputStream create(Path f, FsPermission permission,
int bufferSize, short replication,
long blockSize, Progressable progress)
throws IOException {
- checkPermission(f, RangerAccessType.WRITE);
-
// preconditions
try {
FileStatus targetFileStatus = this.getFileStatus(f);
@@ -346,8 +322,6 @@ private boolean rejectRootDirectoryDelete(boolean isEmptyDir,
@Override
public boolean delete(Path f, boolean recursive) throws IOException {
- checkPermission(f, RangerAccessType.DELETE);
-
FileStatus status;
try {
status = getFileStatus(f);
@@ -447,8 +421,6 @@ private void internalAutoRecursiveDelete(String key) throws IOException {
@Override
public FileStatus getFileStatus(Path f) throws IOException {
- checkPermission(f, RangerAccessType.READ);
-
Path absolutePath = makeAbsolute(f);
String key = pathToKey(absolutePath);
@@ -502,8 +474,6 @@ public FileStatus getFileStatus(Path f) throws IOException {
@Override
public FileStatus[] listStatus(Path f) throws IOException {
- checkPermission(f, RangerAccessType.LIST);
-
Path absolutePath = makeAbsolute(f);
String key = pathToKey(absolutePath);
int listMaxLength = CosNFileSystem.BUCKET_LIST_LIMIT;
@@ -611,8 +581,6 @@ private void validatePath(Path path) throws IOException {
// blew is the target
@Override
public boolean mkdirs(Path f, FsPermission permission) throws IOException {
- checkPermission(f, RangerAccessType.WRITE);
-
try {
FileStatus fileStatus = getFileStatus(f);
if (fileStatus.isDirectory()) {
@@ -704,8 +672,6 @@ public boolean mkDirAutoRecursively(Path f, FsPermission permission)
@Override
public FSDataInputStream open(Path f, int bufferSize) throws IOException {
- checkPermission(f, RangerAccessType.READ);
-
FileStatus fileStatus = getFileStatus(f); // will throw if the file doesn't
// exist
if (fileStatus.isDirectory()) {
@@ -722,9 +688,6 @@ public FSDataInputStream open(Path f, int bufferSize) throws IOException {
@Override
public boolean rename(Path src, Path dst) throws IOException {
- checkPermission(src, RangerAccessType.DELETE);
- checkPermission(dst, RangerAccessType.WRITE);
-
// Renaming the root directory is not allowed
if (src.isRoot()) {
LOG.debug("Cannot rename the root directory of a filesystem.");
@@ -936,20 +899,10 @@ public Path getWorkingDirectory() {
return workingDir;
}
- @Override
- public String getCanonicalServiceName() {
- if (rangerQcloudObjectStorageStorageClient != null) {
- return rangerQcloudObjectStorageStorageClient.getCanonicalServiceName();
- }
- return null;
- }
-
@Override
public FileChecksum getFileChecksum(Path f, long length) throws IOException {
Preconditions.checkArgument(length >= 0);
- checkPermission(f, RangerAccessType.READ);
-
if (this.getConf().getBoolean(CosNConfigKeys.CRC64_CHECKSUM_ENABLED,
CosNConfigKeys.DEFAULT_CRC64_CHECKSUM_ENABLED)) {
Path absolutePath = makeAbsolute(f);
@@ -989,8 +942,6 @@ public FileChecksum getFileChecksum(Path f, long length) throws IOException {
*/
@Override
public void setXAttr(Path f, String name, byte[] value, EnumSet flag) throws IOException {
- checkPermission(f, RangerAccessType.WRITE);
-
// First, determine whether the length of the name and value exceeds the limit.
if (name.getBytes(METADATA_ENCODING).length + value.length > MAX_XATTR_SIZE) {
throw new HadoopIllegalArgumentException(String.format("The maximum combined size of " +
@@ -1025,8 +976,6 @@ public void setXAttr(Path f, String name, byte[] value, EnumSet fl
*/
@Override
public byte[] getXAttr(Path f, String name) throws IOException {
- checkPermission(f, RangerAccessType.READ);
-
Path absolutePath = makeAbsolute(f);
String key = pathToKey(absolutePath);
FileMetadata fileMetadata = nativeStore.retrieveMetadata(key);
@@ -1051,10 +1000,8 @@ public byte[] getXAttr(Path f, String name) throws IOException {
*/
@Override
public Map getXAttrs(Path f, List names) throws IOException {
- checkPermission(f, RangerAccessType.READ);
Path absolutePath = makeAbsolute(f);
-
String key = pathToKey(absolutePath);
FileMetadata fileMetadata = nativeStore.retrieveMetadata(key);
if (null == fileMetadata) {
@@ -1076,10 +1023,8 @@ public Map getXAttrs(Path f, List names) throws IOExcept
@Override
public Map getXAttrs(Path f) throws IOException {
- checkPermission(f, RangerAccessType.READ);
Path absolutePath = makeAbsolute(f);
-
String key = pathToKey(absolutePath);
FileMetadata fileMetadata = nativeStore.retrieveMetadata(key);
if (null == fileMetadata) {
@@ -1098,8 +1043,6 @@ public Map getXAttrs(Path f) throws IOException {
*/
@Override
public void removeXAttr(Path f, String name) throws IOException {
- checkPermission(f, RangerAccessType.WRITE);
-
Path absolutPath = makeAbsolute(f);
String key = pathToKey(absolutPath);
FileMetadata fileMetadata = nativeStore.retrieveMetadata(key);
@@ -1122,8 +1065,6 @@ public void removeXAttr(Path f, String name) throws IOException {
@Override
public List listXAttrs(Path f) throws IOException {
- checkPermission(f, RangerAccessType.READ);
-
Path absolutePath = makeAbsolute(f);
String key = pathToKey(absolutePath);
FileMetadata fileMetadata = nativeStore.retrieveMetadata(key);
@@ -1134,16 +1075,6 @@ public List listXAttrs(Path f) throws IOException {
return new ArrayList<>(fileMetadata.getUserAttributes().keySet());
}
- @Override
- public Token getDelegationToken(String renewer) throws IOException {
- LOG.info("getDelegationToken, renewer: {}, stack: {}",
- renewer, Arrays.toString(Thread.currentThread().getStackTrace()).replace(',', '\n'));
- if (rangerQcloudObjectStorageStorageClient != null) {
- return rangerQcloudObjectStorageStorageClient.getDelegationToken(renewer);
- }
- return super.getDelegationToken(renewer);
- }
-
@Override
public void close() throws IOException {
try {
@@ -1229,98 +1160,6 @@ private String getOwnerInfo(boolean getOwnerId) {
return ownerInfoId;
}
- private void initRangerClientImpl(Configuration conf) throws IOException {
- Class[] cosClasses = CosNUtils.loadCosProviderClasses(
- conf,
- CosNConfigKeys.COSN_CREDENTIALS_PROVIDER);
-
- if (cosClasses.length == 0) {
- this.enableRangerPluginPermissionCheck = false;
- return;
- }
-
- for (Class credClass : cosClasses) {
- if (credClass.getName().contains(RangerCredentialsProvider.class.getName())) {
- this.enableRangerPluginPermissionCheck = true;
- break;
- }
- }
-
- if (!this.enableRangerPluginPermissionCheck) {
- return;
- }
-
- Class rangerClientImplClass = conf.getClass(CosNConfigKeys.COSN_RANGER_PLUGIN_CLIENT_IMPL, null);
- if (rangerClientImplClass == null) {
- try {
- rangerClientImplClass = conf.getClassByName(CosNConfigKeys.DEFAULT_COSN_RANGER_PLUGIN_CLIENT_IMPL);
- } catch (ClassNotFoundException e) {
- throw new RuntimeException(e);
- }
- }
-
- if (rangerQcloudObjectStorageStorageClient == null) {
- synchronized (CosFileSystem.class) {
- if (rangerQcloudObjectStorageStorageClient == null) {
- try {
- RangerQcloudObjectStorageClient tmpClient =
- (RangerQcloudObjectStorageClient) rangerClientImplClass.newInstance();
- tmpClient.init(conf);
- rangerQcloudObjectStorageStorageClient = tmpClient;
- } catch (Exception e) {
- LOG.error(String.format("init %s failed", CosNConfigKeys.COSN_RANGER_PLUGIN_CLIENT_IMPL), e);
- throw new IOException(String.format("init %s failed",
- CosNConfigKeys.COSN_RANGER_PLUGIN_CLIENT_IMPL), e);
- }
- }
- }
- }
-
- }
-
- private void checkPermission(Path f, RangerAccessType rangerAccessType) throws IOException {
- if (!this.enableRangerPluginPermissionCheck) {
- return;
- }
-
- AccessType accessType = null;
- switch (rangerAccessType) {
- case LIST:
- accessType = AccessType.LIST;
- break;
- case WRITE:
- accessType = AccessType.WRITE;
- break;
- case READ:
- accessType = AccessType.READ;
- break;
- case DELETE:
- accessType = AccessType.DELETE;
- break;
- default:
- throw new IOException(String.format("unknown access type %s", rangerAccessType.toString()));
- }
-
- Path absolutePath = makeAbsolute(f);
- String allowKey = CosNFileSystem.pathToKey(absolutePath);
- if (allowKey.startsWith("/")) {
- allowKey = allowKey.substring(1);
- }
-
- PermissionRequest permissionReq = new PermissionRequest(ServiceType.COS, accessType,
- CosNUtils.getBucketNameWithoutAppid(this.bucket, this.getConf().get(CosNConfigKeys.COSN_APPID_KEY)),
- allowKey, "", "");
- boolean allowed = false;
- PermissionResponse permission = rangerQcloudObjectStorageStorageClient.checkPermission(permissionReq);
- if (permission != null) {
- allowed = permission.isAllowed();
- }
- if (!allowed) {
- throw new IOException(String.format("Permission denied, [key: %s], [user: %s], [operation: %s]",
- allowKey, this.userGroupInformation.getShortUserName(), rangerAccessType.name()));
- }
- }
-
private Path makeAbsolute(Path path) {
if (path.isAbsolute()) {
return path;
diff --git a/src/main/java/org/apache/hadoop/fs/auth/RangerCredentialsProvider.java b/src/main/java/org/apache/hadoop/fs/auth/RangerCredentialsProvider.java
index dccb19a5..19a2f442 100644
--- a/src/main/java/org/apache/hadoop/fs/auth/RangerCredentialsProvider.java
+++ b/src/main/java/org/apache/hadoop/fs/auth/RangerCredentialsProvider.java
@@ -76,7 +76,7 @@ private boolean needSyncFetchNewCredentials() {
private COSCredentials fetchNewCredentials() {
try {
- GetSTSResponse stsResp = CosNFileSystem.rangerQcloudObjectStorageStorageClient.getSTS(bucketRegion,
+ GetSTSResponse stsResp = CosFileSystem.rangerQcloudObjectStorageStorageClient.getSTS(bucketRegion,
bucketNameWithoutAppid);
COSCredentials cosCredentials = null;