Exemplo n.º 1
0
        public void DeserializeAccessControlList()
        {
            // Arrange
            PathAccessControlItem accessControlEntry = new PathAccessControlItem(
                AccessControlType.User,
                _rolePermissions,
                true,
                _entityId);

            // Act
            IList <PathAccessControlItem> list = PathAccessControlExtensions.ParseAccessControlList("default:user:entityId:rwx");

            // Assert
            Assert.AreEqual(1, list.Count);
            AssertPathAccessControlEntryEquality(accessControlEntry, list[0]);

            // Act
            list = PathAccessControlExtensions.ParseAccessControlList("default:user:entityId:rwx,default:mask::rwx");

            // Assert
            Assert.AreEqual(2, list.Count);
            AssertPathAccessControlEntryEquality(accessControlEntry, list[0]);
            AssertPathAccessControlEntryEquality(new PathAccessControlItem(
                                                     AccessControlType.Mask,
                                                     _rolePermissions,
                                                     true),
                                                 list[1]);
        }
Exemplo n.º 2
0
 public PSPathAccessControlEntry(PathAccessControlItem acl)
 {
     this.DefaultScope      = acl.DefaultScope;
     this.AccessControlType = acl.AccessControlType;
     this.EntityId          = acl.EntityId;
     this.Permissions       = acl.Permissions;
 }
Exemplo n.º 3
0
        // </Snippet_FileACL>

        #endregion

        #region Update ACL
        // ---------------------------------------------------------
        // Update directory-level ACLs
        //----------------------------------------------------------

        // <Snippet_UpdateACL>
        public async Task UpdateDirectoryACLs(DataLakeFileSystemClient fileSystemClient)
        {
            DataLakeDirectoryClient directoryClient =
                fileSystemClient.GetDirectoryClient("");

            PathAccessControl directoryAccessControl =
                await directoryClient.GetAccessControlAsync();

            List <PathAccessControlItem> accessControlListUpdate
                = (List <PathAccessControlItem>)directoryAccessControl.AccessControlList;

            int index = -1;

            foreach (var item in accessControlListUpdate)
            {
                if (item.AccessControlType == AccessControlType.Other)
                {
                    index = accessControlListUpdate.IndexOf(item);
                    break;
                }
            }

            if (index > -1)
            {
                accessControlListUpdate[index] = new PathAccessControlItem(AccessControlType.Other,
                                                                           RolePermissions.Read |
                                                                           RolePermissions.Execute);

                directoryClient.SetAccessControlList(accessControlListUpdate);
            }
        }
Exemplo n.º 4
0
        public void SerializeAccessControlList()
        {
            // Arrange
            PathAccessControlItem accessControlEntry = new PathAccessControlItem(
                AccessControlType.User,
                _rolePermissions,
                true,
                _entityId);

            // Act
            string result = PathAccessControlExtensions.ToAccessControlListString(new List <PathAccessControlItem>()
            {
                accessControlEntry
            });

            // Assert
            Assert.AreEqual("default:user:entityId:rwx", result);

            // Act
            result = PathAccessControlExtensions.ToAccessControlListString(new List <PathAccessControlItem>()
            {
                accessControlEntry,
                new PathAccessControlItem(
                    AccessControlType.Mask,
                    _rolePermissions,
                    true),
            });

            // Assert
            Assert.AreEqual("default:user:entityId:rwx,default:mask::rwx", result);
        }
Exemplo n.º 5
0
        // </Snippet_UpdateACLsRecursively>

        #endregion

        #region Remove ACL entry
        // ---------------------------------------------------------
        // Remove directory-level ACL entry
        //----------------------------------------------------------

        // <Snippet_RemoveACLEntry>
        public async Task RemoveDirectoryACLEntry
            (DataLakeFileSystemClient fileSystemClient)
        {
            DataLakeDirectoryClient directoryClient =
                fileSystemClient.GetDirectoryClient("");

            PathAccessControl directoryAccessControl =
                await directoryClient.GetAccessControlAsync();

            List <PathAccessControlItem> accessControlListUpdate
                = (List <PathAccessControlItem>)directoryAccessControl.AccessControlList;

            PathAccessControlItem entryToRemove = null;

            foreach (var item in accessControlListUpdate)
            {
                if (item.EntityId == "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx")
                {
                    entryToRemove = item;
                    break;
                }
            }

            if (entryToRemove != null)
            {
                accessControlListUpdate.Remove(entryToRemove);
                directoryClient.SetAccessControlList(accessControlListUpdate);
            }
        }
 public void AssertPathAccessControlItemEquality(PathAccessControlItem expected, PathAccessControlItem actual)
 {
     Assert.AreEqual(expected.DefaultScope, actual.DefaultScope);
     Assert.AreEqual(expected.AccessControlType, actual.AccessControlType);
     Assert.AreEqual(expected.EntityId, actual.EntityId);
     Assert.AreEqual(expected.Permissions, actual.Permissions);
 }
 public void AssertAccessControlListEquality(
     IList <PathAccessControlItem> expected,
     IList <PathAccessControlItem> actual)
 {
     Assert.AreEqual(expected.Count, actual.Count);
     foreach (PathAccessControlItem expectedItem in expected)
     {
         PathAccessControlItem actualItem = actual.Where(
             r => r.AccessControlType == expectedItem.AccessControlType).FirstOrDefault();
         if (actualItem == null)
         {
             Assert.Fail("AccessControlItem not found");
         }
         AssertPathAccessControlItemEquality(expectedItem, actualItem);
     }
 }
        public void Parse_Invalid()
        {
            Assert.AreEqual(null, PathAccessControlItem.Parse(null));

            TestHelper.AssertExpectedException(
                () => PathAccessControlItem.Parse("a:b"),
                new ArgumentException("s should have 3 or 4 parts delimited by colons.  Value is \"a:b\""));

            TestHelper.AssertExpectedException(
                () => PathAccessControlItem.Parse("a:b:c:d:e"),
                new ArgumentException("s should have 3 or 4 parts delimited by colons.  Value is \"a:b:c:d:e\""));

            TestHelper.AssertExpectedException(
                () => PathAccessControlItem.Parse("a:b:c:d"),
                new ArgumentException("If s is 4 parts, the first must be \"default\".  Value is \"a:b:c:d\""));
        }
Exemplo n.º 9
0
        public PermsApply(Config cfg, Action <string> log = null)
        {
            _cfg = cfg;
            Log  = log;

            if (_cfg.ACL == null)
            {
                _cfg.ACL = new string[0];
            }
            if (_cfg.RemoveList == null)
            {
                _cfg.RemoveList = new string[0];
            }
            if (_cfg.ExitAfter == -1)
            {
                _cfg.ExitAfter = null;
            }

            _newACL = _cfg.ACL.Select(x => PathAccessControlItem.Parse(x)).ToList();
        }
        public void Parse()
        {
            AssertPathAccessControlEntryEquality(
                new PathAccessControlItem(
                    AccessControlType.Mask,
                    _rolePermissions),
                PathAccessControlItem.Parse("mask::rwx"));

            AssertPathAccessControlEntryEquality(
                new PathAccessControlItem(
                    AccessControlType.Mask,
                    _rolePermissions,
                    true),
                PathAccessControlItem.Parse("default:mask::rwx"));

            AssertPathAccessControlEntryEquality(
                new PathAccessControlItem(
                    AccessControlType.User,
                    _rolePermissions,
                    true,
                    _entityId),
                PathAccessControlItem.Parse("default:user:entityId:rwx"));
        }
        static List <PathAccessControlItem> UpdateACLs(IEnumerable <PathAccessControlItem> existingACLs, RolePermissions newPermissionsForManagedIdentity, AppSettings settings)
        {
            // Either add an ACL for the search identity if it doesn't exist,
            // or update it if it exists
            // To learn more please visit https://docs.microsoft.com/azure/storage/blobs/data-lake-storage-acl-dotnet#update-acls
            List <PathAccessControlItem> accessControlList  = existingACLs.ToList();
            PathAccessControlItem        managedIdentityAcl = accessControlList.FirstOrDefault(
                accessControlItem => accessControlItem.AccessControlType == AccessControlType.User && accessControlItem.EntityId == settings.SearchManagedIdentityID);

            if (managedIdentityAcl == null)
            {
                managedIdentityAcl = new PathAccessControlItem(
                    accessControlType: AccessControlType.User,
                    permissions: RolePermissions.Execute | RolePermissions.Read,
                    entityId: settings.SearchManagedIdentityID);
                accessControlList.Add(managedIdentityAcl);
            }
            else
            {
                managedIdentityAcl.Permissions = RolePermissions.Execute | RolePermissions.Read;
            }

            return(accessControlList);
        }