// </Snippet_UpdateACLsRecursively>
#endregion
#region Remove ACL entry
// ---------------------------------------------------------
// Remove directory-level ACL entry
//----------------------------------------------------------
// <Snippet_RemoveACLEntry>
public async Task RemoveDirectoryACLEntry
(DataLakeFileSystemClient fileSystemClient)
{
DataLakeDirectoryClient directoryClient =
fileSystemClient.GetDirectoryClient("");
PathAccessControl directoryAccessControl =
await directoryClient.GetAccessControlAsync();
List <PathAccessControlItem> accessControlListUpdate
= (List <PathAccessControlItem>)directoryAccessControl.AccessControlList;
PathAccessControlItem entryToRemove = null;
foreach (var item in accessControlListUpdate)
{
if (item.EntityId == "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx")
{
entryToRemove = item;
break;
}
}
if (entryToRemove != null)
{
accessControlListUpdate.Remove(entryToRemove);
directoryClient.SetAccessControlList(accessControlListUpdate);
}
}
// </Snippet_FileACL>
#endregion
#region Update ACL
// ---------------------------------------------------------
// Update directory-level ACLs
//----------------------------------------------------------
// <Snippet_UpdateACL>
public async Task UpdateDirectoryACLs(DataLakeFileSystemClient fileSystemClient)
{
DataLakeDirectoryClient directoryClient =
fileSystemClient.GetDirectoryClient("");
PathAccessControl directoryAccessControl =
await directoryClient.GetAccessControlAsync();
List <PathAccessControlItem> accessControlListUpdate
= (List <PathAccessControlItem>)directoryAccessControl.AccessControlList;
int index = -1;
foreach (var item in accessControlListUpdate)
{
if (item.AccessControlType == AccessControlType.Other)
{
index = accessControlListUpdate.IndexOf(item);
break;
}
}
if (index > -1)
{
accessControlListUpdate[index] = new PathAccessControlItem(AccessControlType.Other,
RolePermissions.Read |
RolePermissions.Execute);
directoryClient.SetAccessControlList(accessControlListUpdate);
}
}
private bool ApplyACL(DataLakePathClient itemClient)
{
PathAccessControl pac = itemClient.GetAccessControl(true).Value;
var fileACLList = pac.AccessControlList.ToList();
if (_cfg.LogVerbose)
{
Log?.Invoke($" - ACL before:");
fileACLList.ForEach((item) => Log?.Invoke($" - {item.ToString()}"));
}
bool changed = false;
// new/updated permissions
foreach (var newACLItem in _newACL)
{
var existingACLItem = fileACLList.SingleOrDefault(x => x.AccessControlType == newACLItem.AccessControlType &&
x.EntityId == newACLItem.EntityId &&
x.DefaultScope == newACLItem.DefaultScope);
if (existingACLItem == null)
{
if (!(newACLItem.DefaultScope && itemClient is DataLakeFileClient))
{
fileACLList.Add(newACLItem);
changed = true;
}
}
else
{
if (existingACLItem.Permissions != newACLItem.Permissions)
{
existingACLItem.Permissions = newACLItem.Permissions;
changed = true;
}
}
}
// remove users/groups
var fileACLList2 = fileACLList.Where(x => !_cfg.RemoveList.Contains(x.EntityId)).ToList();
if (fileACLList.Count() != fileACLList2.Count())
{
changed = true;
}
// apply
if (changed)
{
itemClient.SetAccessControlList(fileACLList2);
}
if (_cfg.LogVerbose)
{
Log?.Invoke($" - ACL after:");
fileACLList.ForEach((item) => Log?.Invoke($" - {item.ToString()}"));
}
return(changed);
}
static async Task RemoveACLsForFile(DataLakeFileClient fileClient, AppSettings settings)
{
PathAccessControl fileAccessControl =
await fileClient.GetAccessControlAsync();
List <PathAccessControlItem> accessControlList = RemoveACLs(fileAccessControl.AccessControlList, settings);
await fileClient.SetAccessControlListAsync(accessControlList);
}
static async Task ApplyACLsForFile(DataLakeFileClient fileClient, RolePermissions newACLs, AppSettings settings)
{
PathAccessControl fileAccessControl =
await fileClient.GetAccessControlAsync();
List <PathAccessControlItem> accessControlList = UpdateACLs(fileAccessControl.AccessControlList, newACLs, settings);
await fileClient.SetAccessControlListAsync(accessControlList);
}
// If recursive is false, remove the ACL from a directory. None of the sub-directory or sub-path ACLs are updated
// If recursive is true, remove ACLs from the directory and all sub-directories and sub-paths
// When removing ACLs recursively, the ACLs on all sub-directories and sub-paths are replaced with this directory's ACL
static async Task RemoveACLsForDirectory(DataLakeDirectoryClient directoryClient, AppSettings settings, bool recursive = false)
{
PathAccessControl directoryAccessControl =
await directoryClient.GetAccessControlAsync();
List <PathAccessControlItem> accessControlList = RemoveACLs(directoryAccessControl.AccessControlList, settings);
if (recursive)
{
await directoryClient.SetAccessControlRecursiveAsync(accessControlList);
}
else
{
await directoryClient.SetAccessControlListAsync(accessControlList);
}
}
// If recursive is false, apply ACLs to a directory. None of the sub-directory or sub-path ACLs are updated
// If recursive is true, apply ACLs to the directory and all sub-directories and sub-paths
// When applying ACL recursively, the ACLs on all sub-directories and sub-paths are replaced with this directory's ACL
static async Task ApplyACLsForDirectory(DataLakeDirectoryClient directoryClient, RolePermissions newACLs, AppSettings settings, bool recursive = false)
{
PathAccessControl directoryAccessControl =
await directoryClient.GetAccessControlAsync();
List <PathAccessControlItem> accessControlList = UpdateACLs(directoryAccessControl.AccessControlList, newACLs, settings);
if (recursive)
{
await directoryClient.SetAccessControlRecursiveAsync(accessControlList);
}
else
{
await directoryClient.SetAccessControlListAsync(accessControlList);
}
}
private static void SetAclAndGetFileProperties(DataLakeFileSystemClient client)
{
DataLakeFileClient fileClient = client.GetFileClient("sample.txt");
fileClient.Create();
// Set Access Control List
IList <PathAccessControlItem> accessControlList
= PathAccessControlExtensions.ParseAccessControlList("user::rwx,group::r--,mask::rwx,other::---");
fileClient.SetAccessControlList(accessControlList);
PathAccessControl accessControlResponse = fileClient.GetAccessControl();
Console.WriteLine($"User: {accessControlResponse.Owner}");
Console.WriteLine($"Group: {accessControlResponse.Group}");
Console.WriteLine($"Permissions: {accessControlResponse.Permissions}");
}
public void SetGetAcls()
{
// Make StorageSharedKeyCredential to pass to the serviceClient
string storageAccountName = NamespaceStorageAccountName;
string storageAccountKey = NamespaceStorageAccountKey;
Uri serviceUri = NamespaceBlobUri;
StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(storageAccountName, storageAccountKey);
// Create DataLakeServiceClient using StorageSharedKeyCredentials
DataLakeServiceClient serviceClient = new DataLakeServiceClient(serviceUri, sharedKeyCredential);
// Get a reference to a filesystem named "sample-filesystem-acl" and then create it
DataLakeFileSystemClient filesystem = serviceClient.GetFileSystemClient(Randomize("sample-filesystem-acl"));
filesystem.Create();
try
{
#region Snippet:SampleSnippetDataLakeFileClient_SetAcls
// Create a DataLake file so we can set the Access Controls on the files
DataLakeFileClient fileClient = filesystem.GetFileClient(Randomize("sample-file"));
fileClient.Create();
// Set Access Control List
IList <PathAccessControlItem> accessControlList
= PathAccessControlExtensions.ParseAccessControlList("user::rwx,group::r--,mask::rwx,other::---");
fileClient.SetAccessControlList(accessControlList);
#endregion Snippet:SampleSnippetDataLakeFileClient_SetAcls
#region Snippet:SampleSnippetDataLakeFileClient_GetAcls
// Get Access Control List
PathAccessControl accessControlResponse = fileClient.GetAccessControl();
#endregion Snippet:SampleSnippetDataLakeFileClient_GetAcls
// Check Access Control permissions
Assert.AreEqual(
PathAccessControlExtensions.ToAccessControlListString(accessControlList),
PathAccessControlExtensions.ToAccessControlListString(accessControlResponse.AccessControlList.ToList()));
}
finally
{
// Clean up after the test when we're finished
filesystem.Delete();
}
}
// </Snippet_GetFileSystem>
#endregion
#region Get and set directory ACLs
// ---------------------------------------------------------
// Get and set directory-level ACLs
//----------------------------------------------------------
// <Snippet_ACLDirectory>
public async Task ManageDirectoryACLs(DataLakeFileSystemClient fileSystemClient)
{
DataLakeDirectoryClient directoryClient =
fileSystemClient.GetDirectoryClient("");
PathAccessControl directoryAccessControl =
await directoryClient.GetAccessControlAsync();
foreach (var item in directoryAccessControl.AccessControlList)
{
Console.WriteLine(item.ToString());
}
IList <PathAccessControlItem> accessControlList
= PathAccessControlExtensions.ParseAccessControlList
("user::rwx,group::r-x,other::rw-");
directoryClient.SetAccessControlList(accessControlList);
}
public void SetPermissions()
{
// Make StorageSharedKeyCredential to pass to the serviceClient
string storageAccountName = NamespaceStorageAccountName;
string storageAccountKey = NamespaceStorageAccountKey;
Uri serviceUri = NamespaceBlobUri;
StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(storageAccountName, storageAccountKey);
// Create DataLakeServiceClient using StorageSharedKeyCredentials
DataLakeServiceClient serviceClient = new DataLakeServiceClient(serviceUri, sharedKeyCredential);
// Get a reference to a filesystem named "sample-filesystem-acl" and then create it
DataLakeFileSystemClient filesystem = serviceClient.GetFileSystemClient(Randomize("sample-filesystem-per"));
filesystem.Create();
try
{
#region Snippet:SampleSnippetDataLakeFileClient_SetPermissions
// Create a DataLake file so we can set the Access Controls on the files
DataLakeFileClient fileClient = filesystem.GetFileClient(Randomize("sample-file"));
fileClient.Create();
// Set the Permissions of the file
PathPermissions pathPermissions = PathPermissions.ParseSymbolicPermissions("rwxrwxrwx");
fileClient.SetPermissions(permissions: pathPermissions);
#endregion Snippet:SampleSnippetDataLakeFileClient_SetPermissions
// Get Access Control List
PathAccessControl accessControlResponse = fileClient.GetAccessControl();
// Check Access Control permissions
Assert.AreEqual(pathPermissions.ToSymbolicPermissions(), accessControlResponse.Permissions.ToSymbolicPermissions());
Assert.AreEqual(pathPermissions.ToOctalPermissions(), accessControlResponse.Permissions.ToOctalPermissions());
}
finally
{
// Clean up after the test when we're finished
filesystem.Delete();
}
}
public async Task SetGetAclsAsync()
{
// Make StorageSharedKeyCredential to pass to the serviceClient
string storageAccountName = NamespaceStorageAccountName;
string storageAccountKey = NamespaceStorageAccountKey;
Uri serviceUri = NamespaceBlobUri;
StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(storageAccountName, storageAccountKey);
// Create DataLakeServiceClient using StorageSharedKeyCredentials
DataLakeServiceClient serviceClient = new DataLakeServiceClient(serviceUri, sharedKeyCredential);
// Get a reference to a filesystem named "sample-filesystem-aclasync" and then create it
DataLakeFileSystemClient filesystem = serviceClient.GetFileSystemClient(Randomize("sample-filesystem-acl"));
await filesystem.CreateAsync();
try
{
// Create a DataLake file so we can set the Access Controls on the files
DataLakeFileClient fileClient = filesystem.GetFileClient(Randomize("sample-file"));
await fileClient.CreateAsync();
// Set Access Control List
await fileClient.SetAccessControlAsync("user::rwx,group::r--,mask::rwx,other::---");
// Get Access Control List
PathAccessControl accessControlResponse = await fileClient.GetAccessControlAsync();
// Check Access Control permissions
Assert.AreEqual("user::rwx,group::r--,mask::rwx,other::---", accessControlResponse.Acl);
}
finally
{
// Clean up after the test when we're finished
await filesystem.DeleteAsync();
}
}
