public void DeserializeAccessControlList() { // Arrange PathAccessControlItem accessControlEntry = new PathAccessControlItem( AccessControlType.User, _rolePermissions, true, _entityId); // Act IList <PathAccessControlItem> list = PathAccessControlExtensions.ParseAccessControlList("default:user:entityId:rwx"); // Assert Assert.AreEqual(1, list.Count); AssertPathAccessControlEntryEquality(accessControlEntry, list[0]); // Act list = PathAccessControlExtensions.ParseAccessControlList("default:user:entityId:rwx,default:mask::rwx"); // Assert Assert.AreEqual(2, list.Count); AssertPathAccessControlEntryEquality(accessControlEntry, list[0]); AssertPathAccessControlEntryEquality(new PathAccessControlItem( AccessControlType.Mask, _rolePermissions, true), list[1]); }
public PSPathAccessControlEntry(PathAccessControlItem acl) { this.DefaultScope = acl.DefaultScope; this.AccessControlType = acl.AccessControlType; this.EntityId = acl.EntityId; this.Permissions = acl.Permissions; }
// </Snippet_FileACL> #endregion #region Update ACL // --------------------------------------------------------- // Update directory-level ACLs //---------------------------------------------------------- // <Snippet_UpdateACL> public async Task UpdateDirectoryACLs(DataLakeFileSystemClient fileSystemClient) { DataLakeDirectoryClient directoryClient = fileSystemClient.GetDirectoryClient(""); PathAccessControl directoryAccessControl = await directoryClient.GetAccessControlAsync(); List <PathAccessControlItem> accessControlListUpdate = (List <PathAccessControlItem>)directoryAccessControl.AccessControlList; int index = -1; foreach (var item in accessControlListUpdate) { if (item.AccessControlType == AccessControlType.Other) { index = accessControlListUpdate.IndexOf(item); break; } } if (index > -1) { accessControlListUpdate[index] = new PathAccessControlItem(AccessControlType.Other, RolePermissions.Read | RolePermissions.Execute); directoryClient.SetAccessControlList(accessControlListUpdate); } }
public void SerializeAccessControlList() { // Arrange PathAccessControlItem accessControlEntry = new PathAccessControlItem( AccessControlType.User, _rolePermissions, true, _entityId); // Act string result = PathAccessControlExtensions.ToAccessControlListString(new List <PathAccessControlItem>() { accessControlEntry }); // Assert Assert.AreEqual("default:user:entityId:rwx", result); // Act result = PathAccessControlExtensions.ToAccessControlListString(new List <PathAccessControlItem>() { accessControlEntry, new PathAccessControlItem( AccessControlType.Mask, _rolePermissions, true), }); // Assert Assert.AreEqual("default:user:entityId:rwx,default:mask::rwx", result); }
// </Snippet_UpdateACLsRecursively> #endregion #region Remove ACL entry // --------------------------------------------------------- // Remove directory-level ACL entry //---------------------------------------------------------- // <Snippet_RemoveACLEntry> public async Task RemoveDirectoryACLEntry (DataLakeFileSystemClient fileSystemClient) { DataLakeDirectoryClient directoryClient = fileSystemClient.GetDirectoryClient(""); PathAccessControl directoryAccessControl = await directoryClient.GetAccessControlAsync(); List <PathAccessControlItem> accessControlListUpdate = (List <PathAccessControlItem>)directoryAccessControl.AccessControlList; PathAccessControlItem entryToRemove = null; foreach (var item in accessControlListUpdate) { if (item.EntityId == "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx") { entryToRemove = item; break; } } if (entryToRemove != null) { accessControlListUpdate.Remove(entryToRemove); directoryClient.SetAccessControlList(accessControlListUpdate); } }
public void AssertPathAccessControlItemEquality(PathAccessControlItem expected, PathAccessControlItem actual) { Assert.AreEqual(expected.DefaultScope, actual.DefaultScope); Assert.AreEqual(expected.AccessControlType, actual.AccessControlType); Assert.AreEqual(expected.EntityId, actual.EntityId); Assert.AreEqual(expected.Permissions, actual.Permissions); }
public void AssertAccessControlListEquality( IList <PathAccessControlItem> expected, IList <PathAccessControlItem> actual) { Assert.AreEqual(expected.Count, actual.Count); foreach (PathAccessControlItem expectedItem in expected) { PathAccessControlItem actualItem = actual.Where( r => r.AccessControlType == expectedItem.AccessControlType).FirstOrDefault(); if (actualItem == null) { Assert.Fail("AccessControlItem not found"); } AssertPathAccessControlItemEquality(expectedItem, actualItem); } }
public void Parse_Invalid() { Assert.AreEqual(null, PathAccessControlItem.Parse(null)); TestHelper.AssertExpectedException( () => PathAccessControlItem.Parse("a:b"), new ArgumentException("s should have 3 or 4 parts delimited by colons. Value is \"a:b\"")); TestHelper.AssertExpectedException( () => PathAccessControlItem.Parse("a:b:c:d:e"), new ArgumentException("s should have 3 or 4 parts delimited by colons. Value is \"a:b:c:d:e\"")); TestHelper.AssertExpectedException( () => PathAccessControlItem.Parse("a:b:c:d"), new ArgumentException("If s is 4 parts, the first must be \"default\". Value is \"a:b:c:d\"")); }
public PermsApply(Config cfg, Action <string> log = null) { _cfg = cfg; Log = log; if (_cfg.ACL == null) { _cfg.ACL = new string[0]; } if (_cfg.RemoveList == null) { _cfg.RemoveList = new string[0]; } if (_cfg.ExitAfter == -1) { _cfg.ExitAfter = null; } _newACL = _cfg.ACL.Select(x => PathAccessControlItem.Parse(x)).ToList(); }
public void Parse() { AssertPathAccessControlEntryEquality( new PathAccessControlItem( AccessControlType.Mask, _rolePermissions), PathAccessControlItem.Parse("mask::rwx")); AssertPathAccessControlEntryEquality( new PathAccessControlItem( AccessControlType.Mask, _rolePermissions, true), PathAccessControlItem.Parse("default:mask::rwx")); AssertPathAccessControlEntryEquality( new PathAccessControlItem( AccessControlType.User, _rolePermissions, true, _entityId), PathAccessControlItem.Parse("default:user:entityId:rwx")); }
static List <PathAccessControlItem> UpdateACLs(IEnumerable <PathAccessControlItem> existingACLs, RolePermissions newPermissionsForManagedIdentity, AppSettings settings) { // Either add an ACL for the search identity if it doesn't exist, // or update it if it exists // To learn more please visit https://docs.microsoft.com/azure/storage/blobs/data-lake-storage-acl-dotnet#update-acls List <PathAccessControlItem> accessControlList = existingACLs.ToList(); PathAccessControlItem managedIdentityAcl = accessControlList.FirstOrDefault( accessControlItem => accessControlItem.AccessControlType == AccessControlType.User && accessControlItem.EntityId == settings.SearchManagedIdentityID); if (managedIdentityAcl == null) { managedIdentityAcl = new PathAccessControlItem( accessControlType: AccessControlType.User, permissions: RolePermissions.Execute | RolePermissions.Read, entityId: settings.SearchManagedIdentityID); accessControlList.Add(managedIdentityAcl); } else { managedIdentityAcl.Permissions = RolePermissions.Execute | RolePermissions.Read; } return(accessControlList); }