org.apache.hadoop.fs.s3a.auth

Class RoleModel

java.lang.Object

org.apache.hadoop.fs.s3a.auth.RoleModel

@InterfaceAudience.LimitedPrivate(value="Tests")
 @InterfaceStability.Unstable
public class RoleModel
extends Object

Jackson Role Model for Role Properties, for API clients and tests. Doesn't have complete coverage of the entire AWS IAM policy model; don't expect to be able to parse everything. It can generate simple models.

See Also:

Example S3 Policies

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	RoleModel.Effects Effect options.
static class	RoleModel.Policy A policy is one or more statements.
static class	RoleModel.RoleElt Any element in a role.
static class	RoleModel.Statement A single statement.

Field Summary

Fields

Modifier and Type	Field and Description
static String	BUCKET_RESOURCE_F
static String	VERSION

Constructor Summary

Constructors

Constructor and Description
RoleModel()

Method Summary

Modifier and Type	Method and Description
static String[]	directory(org.apache.hadoop.fs.Path path) Given a directory path, return the S3 resource to it.
static RoleModel.Effects	effect(boolean allowed) Map a bool to an effect.
static String	newSid() Statement ID factory.
static String	pathToKey(org.apache.hadoop.fs.Path path) Variant of S3AFileSystem.pathToKey(Path) which doesn't care about working directories, so can be static and stateless.
static RoleModel.Policy	policy(List<RoleModel.Statement> statements) From a set of statements, create a policy.
static RoleModel.Policy	policy(RoleModel.Statement... statements) From a set of statements, create a policy.
static String	resource(org.apache.hadoop.fs.Path path, boolean isDirectory, boolean addWildcard) Given a path, return the S3 resource to it.
static String	resource(String bucket, String key, boolean addWildcard) Create a resource.
static RoleModel.Statement	statement(boolean allow, org.apache.hadoop.fs.Path path, boolean isDirectory, boolean wildcards, Collection<String> actions) Create a statement.
static RoleModel.Statement	statement(boolean allow, org.apache.hadoop.fs.Path path, boolean isDirectory, boolean wildcards, String... actions) Create a statement.
static RoleModel.Statement	statement(boolean allow, String scope, Collection<String> actions) Create a statement.
static RoleModel.Statement	statement(boolean allow, String scope, String... actions) Create a statement.
String	toJson(RoleModel.Policy policy)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

VERSION

public static final String VERSION

See Also:

Constant Field Values

BUCKET_RESOURCE_F

public static final String BUCKET_RESOURCE_F

See Also:

Constant Field Values

Constructor Detail

RoleModel

public RoleModel()

Method Detail

toJson

public String toJson(RoleModel.Policy policy)
              throws com.fasterxml.jackson.core.JsonProcessingException

Throws:

com.fasterxml.jackson.core.JsonProcessingException

newSid

public static String newSid()

Statement ID factory.

Returns:

a statement ID unique for this JVM's life.

effect

public static RoleModel.Effects effect(boolean allowed)

Map a bool to an effect.

Parameters:

allowed - is the statement to allow actions?

Returns:

the appropriate effect.

resource

public static String resource(String bucket,
                              String key,
                              boolean addWildcard)

Create a resource.

Parameters:

bucket - bucket

key - key

addWildcard - add a * to the tail of the key?

Returns:

a resource for a statement.

resource

public static String resource(org.apache.hadoop.fs.Path path,
                              boolean isDirectory,
                              boolean addWildcard)

Given a path, return the S3 resource to it. If isDirectory is true, a "/" is added to the path. This is critical when adding wildcard permissions under a directory, and also needed when locking down dir-as-file and dir-as-directory-marker access.

Parameters:

path - a path

isDirectory - is this a directory?

addWildcard - add a * to the tail of the key?

Returns:

a resource for a statement.

directory

public static String[] directory(org.apache.hadoop.fs.Path path)

Given a directory path, return the S3 resource to it.

Parameters:

path - a path

Returns:

a resource for a statement.

pathToKey

public static String pathToKey(org.apache.hadoop.fs.Path path)

Variant of S3AFileSystem.pathToKey(Path) which doesn't care about working directories, so can be static and stateless.

Parameters:

path - path to map

Returns:

key or ""

statement

public static RoleModel.Statement statement(boolean allow,
                                            String scope,
                                            String... actions)

Create a statement.

Parameters:

allow - allow or deny

scope - scope

actions - actions

Returns:

the formatted json statement

statement

public static RoleModel.Statement statement(boolean allow,
                                            String scope,
                                            Collection<String> actions)

Create a statement.

Parameters:

allow - allow or deny

scope - scope

actions - actions

Returns:

the formatted json statement

statement

public static RoleModel.Statement statement(boolean allow,
                                            org.apache.hadoop.fs.Path path,
                                            boolean isDirectory,
                                            boolean wildcards,
                                            String... actions)

Create a statement. If isDirectory is true, a "/" is added to the path. This is critical when adding wildcard permissions under a directory, and also needed when locking down dir-as-file and dir-as-directory-marker access.

Parameters:

allow - allow or deny

path - path

isDirectory - is this a directory?

wildcards - add a * to the tail of the key?

actions - action

Returns:

the formatted json statement

statement

public static RoleModel.Statement statement(boolean allow,
                                            org.apache.hadoop.fs.Path path,
                                            boolean isDirectory,
                                            boolean wildcards,
                                            Collection<String> actions)

Create a statement. If isDirectory is true, a "/" is added to the path. This is critical when adding wildcard permissions under a directory, and also needed when locking down dir-as-file and dir-as-directory-marker access.

Parameters:

allow - allow or deny

path - path

isDirectory - is this a directory?

wildcards - add a * to the tail of the key?

actions - action

Returns:

the formatted json statement

policy

public static RoleModel.Policy policy(RoleModel.Statement... statements)

From a set of statements, create a policy.

Parameters:

statements - statements

Returns:

the policy

policy

public static RoleModel.Policy policy(List<RoleModel.Statement> statements)

From a set of statements, create a policy.

Parameters:

statements - statements

Returns:

the policy