// </Snippet_UpdateACLsRecursively> #endregion #region Remove ACL entry // --------------------------------------------------------- // Remove directory-level ACL entry //---------------------------------------------------------- // <Snippet_RemoveACLEntry> public async Task RemoveDirectoryACLEntry (DataLakeFileSystemClient fileSystemClient) { DataLakeDirectoryClient directoryClient = fileSystemClient.GetDirectoryClient(""); PathAccessControl directoryAccessControl = await directoryClient.GetAccessControlAsync(); List <PathAccessControlItem> accessControlListUpdate = (List <PathAccessControlItem>)directoryAccessControl.AccessControlList; PathAccessControlItem entryToRemove = null; foreach (var item in accessControlListUpdate) { if (item.EntityId == "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx") { entryToRemove = item; break; } } if (entryToRemove != null) { accessControlListUpdate.Remove(entryToRemove); directoryClient.SetAccessControlList(accessControlListUpdate); } }
// </Snippet_FileACL> #endregion #region Update ACL // --------------------------------------------------------- // Update directory-level ACLs //---------------------------------------------------------- // <Snippet_UpdateACL> public async Task UpdateDirectoryACLs(DataLakeFileSystemClient fileSystemClient) { DataLakeDirectoryClient directoryClient = fileSystemClient.GetDirectoryClient(""); PathAccessControl directoryAccessControl = await directoryClient.GetAccessControlAsync(); List <PathAccessControlItem> accessControlListUpdate = (List <PathAccessControlItem>)directoryAccessControl.AccessControlList; int index = -1; foreach (var item in accessControlListUpdate) { if (item.AccessControlType == AccessControlType.Other) { index = accessControlListUpdate.IndexOf(item); break; } } if (index > -1) { accessControlListUpdate[index] = new PathAccessControlItem(AccessControlType.Other, RolePermissions.Read | RolePermissions.Execute); directoryClient.SetAccessControlList(accessControlListUpdate); } }
private bool ApplyACL(DataLakePathClient itemClient) { PathAccessControl pac = itemClient.GetAccessControl(true).Value; var fileACLList = pac.AccessControlList.ToList(); if (_cfg.LogVerbose) { Log?.Invoke($" - ACL before:"); fileACLList.ForEach((item) => Log?.Invoke($" - {item.ToString()}")); } bool changed = false; // new/updated permissions foreach (var newACLItem in _newACL) { var existingACLItem = fileACLList.SingleOrDefault(x => x.AccessControlType == newACLItem.AccessControlType && x.EntityId == newACLItem.EntityId && x.DefaultScope == newACLItem.DefaultScope); if (existingACLItem == null) { if (!(newACLItem.DefaultScope && itemClient is DataLakeFileClient)) { fileACLList.Add(newACLItem); changed = true; } } else { if (existingACLItem.Permissions != newACLItem.Permissions) { existingACLItem.Permissions = newACLItem.Permissions; changed = true; } } } // remove users/groups var fileACLList2 = fileACLList.Where(x => !_cfg.RemoveList.Contains(x.EntityId)).ToList(); if (fileACLList.Count() != fileACLList2.Count()) { changed = true; } // apply if (changed) { itemClient.SetAccessControlList(fileACLList2); } if (_cfg.LogVerbose) { Log?.Invoke($" - ACL after:"); fileACLList.ForEach((item) => Log?.Invoke($" - {item.ToString()}")); } return(changed); }
static async Task RemoveACLsForFile(DataLakeFileClient fileClient, AppSettings settings) { PathAccessControl fileAccessControl = await fileClient.GetAccessControlAsync(); List <PathAccessControlItem> accessControlList = RemoveACLs(fileAccessControl.AccessControlList, settings); await fileClient.SetAccessControlListAsync(accessControlList); }
static async Task ApplyACLsForFile(DataLakeFileClient fileClient, RolePermissions newACLs, AppSettings settings) { PathAccessControl fileAccessControl = await fileClient.GetAccessControlAsync(); List <PathAccessControlItem> accessControlList = UpdateACLs(fileAccessControl.AccessControlList, newACLs, settings); await fileClient.SetAccessControlListAsync(accessControlList); }
// If recursive is false, remove the ACL from a directory. None of the sub-directory or sub-path ACLs are updated // If recursive is true, remove ACLs from the directory and all sub-directories and sub-paths // When removing ACLs recursively, the ACLs on all sub-directories and sub-paths are replaced with this directory's ACL static async Task RemoveACLsForDirectory(DataLakeDirectoryClient directoryClient, AppSettings settings, bool recursive = false) { PathAccessControl directoryAccessControl = await directoryClient.GetAccessControlAsync(); List <PathAccessControlItem> accessControlList = RemoveACLs(directoryAccessControl.AccessControlList, settings); if (recursive) { await directoryClient.SetAccessControlRecursiveAsync(accessControlList); } else { await directoryClient.SetAccessControlListAsync(accessControlList); } }
// If recursive is false, apply ACLs to a directory. None of the sub-directory or sub-path ACLs are updated // If recursive is true, apply ACLs to the directory and all sub-directories and sub-paths // When applying ACL recursively, the ACLs on all sub-directories and sub-paths are replaced with this directory's ACL static async Task ApplyACLsForDirectory(DataLakeDirectoryClient directoryClient, RolePermissions newACLs, AppSettings settings, bool recursive = false) { PathAccessControl directoryAccessControl = await directoryClient.GetAccessControlAsync(); List <PathAccessControlItem> accessControlList = UpdateACLs(directoryAccessControl.AccessControlList, newACLs, settings); if (recursive) { await directoryClient.SetAccessControlRecursiveAsync(accessControlList); } else { await directoryClient.SetAccessControlListAsync(accessControlList); } }
private static void SetAclAndGetFileProperties(DataLakeFileSystemClient client) { DataLakeFileClient fileClient = client.GetFileClient("sample.txt"); fileClient.Create(); // Set Access Control List IList <PathAccessControlItem> accessControlList = PathAccessControlExtensions.ParseAccessControlList("user::rwx,group::r--,mask::rwx,other::---"); fileClient.SetAccessControlList(accessControlList); PathAccessControl accessControlResponse = fileClient.GetAccessControl(); Console.WriteLine($"User: {accessControlResponse.Owner}"); Console.WriteLine($"Group: {accessControlResponse.Group}"); Console.WriteLine($"Permissions: {accessControlResponse.Permissions}"); }
public void SetGetAcls() { // Make StorageSharedKeyCredential to pass to the serviceClient string storageAccountName = NamespaceStorageAccountName; string storageAccountKey = NamespaceStorageAccountKey; Uri serviceUri = NamespaceBlobUri; StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(storageAccountName, storageAccountKey); // Create DataLakeServiceClient using StorageSharedKeyCredentials DataLakeServiceClient serviceClient = new DataLakeServiceClient(serviceUri, sharedKeyCredential); // Get a reference to a filesystem named "sample-filesystem-acl" and then create it DataLakeFileSystemClient filesystem = serviceClient.GetFileSystemClient(Randomize("sample-filesystem-acl")); filesystem.Create(); try { #region Snippet:SampleSnippetDataLakeFileClient_SetAcls // Create a DataLake file so we can set the Access Controls on the files DataLakeFileClient fileClient = filesystem.GetFileClient(Randomize("sample-file")); fileClient.Create(); // Set Access Control List IList <PathAccessControlItem> accessControlList = PathAccessControlExtensions.ParseAccessControlList("user::rwx,group::r--,mask::rwx,other::---"); fileClient.SetAccessControlList(accessControlList); #endregion Snippet:SampleSnippetDataLakeFileClient_SetAcls #region Snippet:SampleSnippetDataLakeFileClient_GetAcls // Get Access Control List PathAccessControl accessControlResponse = fileClient.GetAccessControl(); #endregion Snippet:SampleSnippetDataLakeFileClient_GetAcls // Check Access Control permissions Assert.AreEqual( PathAccessControlExtensions.ToAccessControlListString(accessControlList), PathAccessControlExtensions.ToAccessControlListString(accessControlResponse.AccessControlList.ToList())); } finally { // Clean up after the test when we're finished filesystem.Delete(); } }
// </Snippet_GetFileSystem> #endregion #region Get and set directory ACLs // --------------------------------------------------------- // Get and set directory-level ACLs //---------------------------------------------------------- // <Snippet_ACLDirectory> public async Task ManageDirectoryACLs(DataLakeFileSystemClient fileSystemClient) { DataLakeDirectoryClient directoryClient = fileSystemClient.GetDirectoryClient(""); PathAccessControl directoryAccessControl = await directoryClient.GetAccessControlAsync(); foreach (var item in directoryAccessControl.AccessControlList) { Console.WriteLine(item.ToString()); } IList <PathAccessControlItem> accessControlList = PathAccessControlExtensions.ParseAccessControlList ("user::rwx,group::r-x,other::rw-"); directoryClient.SetAccessControlList(accessControlList); }
public void SetPermissions() { // Make StorageSharedKeyCredential to pass to the serviceClient string storageAccountName = NamespaceStorageAccountName; string storageAccountKey = NamespaceStorageAccountKey; Uri serviceUri = NamespaceBlobUri; StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(storageAccountName, storageAccountKey); // Create DataLakeServiceClient using StorageSharedKeyCredentials DataLakeServiceClient serviceClient = new DataLakeServiceClient(serviceUri, sharedKeyCredential); // Get a reference to a filesystem named "sample-filesystem-acl" and then create it DataLakeFileSystemClient filesystem = serviceClient.GetFileSystemClient(Randomize("sample-filesystem-per")); filesystem.Create(); try { #region Snippet:SampleSnippetDataLakeFileClient_SetPermissions // Create a DataLake file so we can set the Access Controls on the files DataLakeFileClient fileClient = filesystem.GetFileClient(Randomize("sample-file")); fileClient.Create(); // Set the Permissions of the file PathPermissions pathPermissions = PathPermissions.ParseSymbolicPermissions("rwxrwxrwx"); fileClient.SetPermissions(permissions: pathPermissions); #endregion Snippet:SampleSnippetDataLakeFileClient_SetPermissions // Get Access Control List PathAccessControl accessControlResponse = fileClient.GetAccessControl(); // Check Access Control permissions Assert.AreEqual(pathPermissions.ToSymbolicPermissions(), accessControlResponse.Permissions.ToSymbolicPermissions()); Assert.AreEqual(pathPermissions.ToOctalPermissions(), accessControlResponse.Permissions.ToOctalPermissions()); } finally { // Clean up after the test when we're finished filesystem.Delete(); } }
public async Task SetGetAclsAsync() { // Make StorageSharedKeyCredential to pass to the serviceClient string storageAccountName = NamespaceStorageAccountName; string storageAccountKey = NamespaceStorageAccountKey; Uri serviceUri = NamespaceBlobUri; StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(storageAccountName, storageAccountKey); // Create DataLakeServiceClient using StorageSharedKeyCredentials DataLakeServiceClient serviceClient = new DataLakeServiceClient(serviceUri, sharedKeyCredential); // Get a reference to a filesystem named "sample-filesystem-aclasync" and then create it DataLakeFileSystemClient filesystem = serviceClient.GetFileSystemClient(Randomize("sample-filesystem-acl")); await filesystem.CreateAsync(); try { // Create a DataLake file so we can set the Access Controls on the files DataLakeFileClient fileClient = filesystem.GetFileClient(Randomize("sample-file")); await fileClient.CreateAsync(); // Set Access Control List await fileClient.SetAccessControlAsync("user::rwx,group::r--,mask::rwx,other::---"); // Get Access Control List PathAccessControl accessControlResponse = await fileClient.GetAccessControlAsync(); // Check Access Control permissions Assert.AreEqual("user::rwx,group::r--,mask::rwx,other::---", accessControlResponse.Acl); } finally { // Clean up after the test when we're finished await filesystem.DeleteAsync(); } }