Skip to content

Commit

Permalink
[Storage] Add support for sticky bit (#21528)
Browse files Browse the repository at this point in the history 
* Support for sticky bit

* delete redundant file

* Update help files

* update parameter description format

* Update help

* Fix the issue of static analysis

---------

Co-authored-by: wyunchi-ms <[email protected]>
  • Loading branch information
@yifanz0 @wyunchi-ms
yifanz0 and wyunchi-ms authored Apr 14, 2023
1 parent 21f2279 commit 56836bb
Show file tree
Hide file tree
Showing 11 changed files with 86 additions and 47 deletions.
10 changes: 6 additions & 4 deletions src/Storage/Storage.Management.Test/ScenarioTests/StorageDataPlaneTests.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -854,7 +854,9 @@ function Test-DatalakeGen2
$dir1 = New-AzDataLakeGen2Item -Context $storageContext -FileSystem $filesystemName -Path $directoryPath1 -Directory -Permission rwxrwxrwx -Umask ---rwx--- -Property @{"ContentEncoding" = "UDF8"; "CacheControl" = "READ"} -Metadata @{"tag1" = "value1"; "tag2" = "value2" }
Assert-AreEqual $dir1.Path $directoryPath1
Assert-AreEqual $dir1.Permissions.ToSymbolicPermissions() "rwx---rwx"
$dir2 = New-AzDataLakeGen2Item -Context $storageContext -FileSystem $filesystemName -Path $directoryPath2 -Directory
$dir2 = New-AzDataLakeGen2Item -Context $storageContext -FileSystem $filesystemName -Path $directoryPath2 -Directory -Permission r---wx-wT -Umask --x-wx--x
Assert-AreEqual $dir2.Path $directoryPath2
Assert-AreEqual $dir2.Permissions.ToSymbolicPermissions() "r------wT"

# Create (upload) File
$t = New-AzDataLakeGen2Item -Context $storageContext -FileSystem $filesystemName -Path $filePath1 -Source $localSrcFile -Force -AsJob
Expand All @@ -874,20 +876,20 @@ function Test-DatalakeGen2
## create ACL with 3 ACEs
$acl = New-AzDataLakeGen2ItemAclObject -AccessControlType user -Permission rw-
$acl = New-AzDataLakeGen2ItemAclObject -AccessControlType group -Permission rw- -InputObject $acl
$acl = New-AzDataLakeGen2ItemAclObject -AccessControlType other -Permission "-wx" -InputObject $acl
$acl = New-AzDataLakeGen2ItemAclObject -AccessControlType other -Permission "-wt" -InputObject $acl
##Update File with pipeline
$file1 = Get-AzDataLakeGen2Item -Context $storageContext -FileSystem $filesystemName -Path $filePath1 | Update-AzDataLakeGen2Item `
-Acl $acl `
-Property @{"ContentType" = $ContentType; "ContentMD5" = $ContentMD5} `
-Metadata @{"tag1" = "value1"; "tag2" = "value2" } `
-Permission rw-rw--wx `
-Permission rw-rw--wt `
-Owner '$superuser' `
-Group '$superuser'
$sas = New-AzDataLakeGen2SasToken -FileSystem $filesystemName -Path $filePath1 -Permission rw -Context $storageContext
$ctxsas = New-AzStorageContext -StorageAccountName $StorageAccountName -SasToken $sas
$file1 = Get-AzDataLakeGen2Item -Context $ctxsas -FileSystem $filesystemName -Path $filePath1
Assert-AreEqual $file1.Path $filePath1
Assert-AreEqual $file1.Permissions.ToSymbolicPermissions() "rw-rw--wx"
Assert-AreEqual $file1.Permissions.ToSymbolicPermissions() "rw-rw--wt"
Assert-AreEqual $file1.Properties.ContentType $ContentType
Assert-AreEqual $file1.Properties.Metadata.Count 2
Assert-AreEqual $file1.Owner '$superuser'
Expand Down
8 changes: 4 additions & 4 deletions src/Storage/Storage.Management.Test/Storage.Management.Test.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,10 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Azure.Storage.Blobs" Version="12.14.0" />
<PackageReference Include="Azure.Storage.Files.DataLake" Version="12.12.0" />
<PackageReference Include="Azure.Storage.Files.Shares" Version="12.12.0" />
<PackageReference Include="Azure.Storage.Queues" Version="12.12.0" />
<PackageReference Include="Azure.Storage.Blobs" Version="12.16.0" />
<PackageReference Include="Azure.Storage.Files.DataLake" Version="12.14.0" />
<PackageReference Include="Azure.Storage.Files.Shares" Version="12.14.0" />
<PackageReference Include="Azure.Storage.Queues" Version="12.14.0" />
</ItemGroup>

<ItemGroup>
Expand Down
4 changes: 4 additions & 0 deletions src/Storage/Storage.Management/ChangeLog.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@
- Additional information about change #1
-->
## Upcoming Release
* Added support for sticky bit
- `New-AzDataLakeGen2Item`
- `New-AzDataLakeGen2ACLObject`
- `Update-AzDataLakeGen2Item`
* Added warning messages for an upcoming cmdlet breaking change
- `New-AzStorageAccount`
- `Set-AzStorageAccount`
Expand Down
17 changes: 9 additions & 8 deletions src/Storage/Storage.Management/help/New-AzDataLakeGen2Item.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,15 +36,15 @@ This cmdlet only works if Hierarchical Namespace is enabled for the Storage acco

### Example 1: Create a directory with specified permission, Umask, properties, and metadata
```powershell
New-AzDataLakeGen2Item -FileSystem "testfilesystem" -Path "dir1/dir2/" -Directory -Permission rwxrwxrwx -Umask ---rw---- -Property @{"CacheControl" = "READ"; "ContentDisposition" = "True"} -Metadata @{"tag1" = "value1"; "tag2" = "value2" }
New-AzDataLakeGen2Item -FileSystem "testfilesystem" -Path "dir1/dir2/" -Directory -Permission rwxrwxrwT -Umask ---rw---- -Property @{"CacheControl" = "READ"; "ContentDisposition" = "True"} -Metadata @{"tag1" = "value1"; "tag2" = "value2" }
```

```output
FileSystem Name: filesystem1
FileSystem Name: filesystem1
Path IsDirectory Length LastModified Permissions Owner Group
---- ----------- ------ ------------ ----------- ----- -----
dir1/dir2 True 2020-03-23 09:15:56Z rwx---rwx $superuser $superuser
dir1/dir2 True 2020-03-23 09:15:56Z rwx---rwT $superuser $superuser
```

This command creates a directory with specified Permission, Umask, properties, and metadata
Expand All @@ -55,8 +55,9 @@ $task = New-AzDataLakeGen2Item -FileSystem "testfilesystem" -Path "dir1/dir2/fi
$task | Wait-Job
$task.Output
```

```output
FileSystem Name: filesystem1
FileSystem Name: filesystem1
Path IsDirectory Length LastModified Permissions Owner Group
---- ----------- ------ ------------ ----------- ----- -----
Expand Down Expand Up @@ -204,9 +205,9 @@ Accept wildcard characters: False
```
### -Permission
Sets POSIX access permissions for the file owner, the file owning group, and others.
Each class may be granted read, write, or execute permission.
Symbolic (rwxrw-rw-) is supported.
Sets POSIX access permissions for the file owner, the file owning group, and others. Each class may be granted read, write, or execute permission. Symbolic (rwxrw-rw-) is supported.
The sticky bit is also supported and its represented either by the letter t or T in the final character-place depending on whether the execution bit for the others category is set or unset respectively,
absence of t or T indicates sticky bit not set.
```yaml
Type: System.String
Expand Down Expand Up @@ -301,7 +302,7 @@ Accept wildcard characters: False
```
### CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
## INPUTS
Expand Down
16 changes: 10 additions & 6 deletions src/Storage/Storage.Management/help/Set-AzDataLakeGen2ItemAclObject.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ Update-AzDataLakeGen2Item -FileSystem "filesystem1" -Path "dir1/dir3" -ACL $acl
```

```output
FileSystem Name: filesystem1
FileSystem Name: filesystem1
Path IsDirectory Length LastModified Permissions Owner Group
---- ----------- ------ ------------ ----------- ----- -----
Expand All @@ -43,18 +43,20 @@ This command creates an ACL object with 3 ACL entries (use -InputObject paramete

### Example 2: Create an ACL object with 4 ACL entries, and update permission of an existing ACL entry
<!-- Skip: Output cannot be splitted from code -->


```
PS C:\>$acl = Set-AzDataLakeGen2ItemAclObject -AccessControlType user -Permission rwx -DefaultScope
PS C:\>$acl = Set-AzDataLakeGen2ItemAclObject -AccessControlType group -Permission rw- -InputObject $acl
PS C:\>$acl = Set-AzDataLakeGen2ItemAclObject -AccessControlType other -Permission "rw-" -InputObject $acl
PS C:\>$acl = Set-AzDataLakeGen2ItemAclObject -AccessControlType other -Permission "rwt" -InputObject $acl
PS C:\>$acl = Set-AzDataLakeGen2ItemAclObject -AccessControlType user -EntityId $id -Permission rwx -InputObject $acl
PS C:\>$acl
DefaultScope AccessControlType EntityId Permissions
------------ ----------------- -------- -----------
True User rwx
False Group rw-
False Other rw-
False Other rwt
False User ********-****-****-****-************ rwx
PS C:\>$acl = Set-AzDataLakeGen2ItemAclObject -AccessControlType user -EntityId $id -Permission r-x -InputObject $acl
Expand Down Expand Up @@ -137,8 +139,10 @@ Accept wildcard characters: False
```
### -Permission
The permission field is a 3-character sequence where the first character is 'r' to grant read access, the second character is 'w' to grant write access, and the third character is 'x' to grant execute permission.
If access is not granted, the '-' character is used to denote that the permission is denied.
The permission field is a 3-character sequence where the first character is 'r' to grant read access, the second character is 'w' to grant write access, and the third character is 'x' to grant execute permission.
If access is not granted, the '-' character is used to denote that the permission is denied.
The sticky bit is also supported and its represented either by the letter t or T in the final character-place depending on whether the execution bit for the others category is set or unset respectively,
absence of t or T indicates sticky bit not set.
```yaml
Type: System.String
Expand All @@ -153,7 +157,7 @@ Accept wildcard characters: False
```
### CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
## INPUTS
Expand Down
23 changes: 12 additions & 11 deletions src/Storage/Storage.Management/help/Update-AzDataLakeGen2Item.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,24 +38,26 @@ This cmdlet only works if Hierarchical Namespace is enabled for the Storage acco
```powershell
$acl = Set-AzDataLakeGen2ItemAclObject -AccessControlType user -Permission rwx
$acl = Set-AzDataLakeGen2ItemAclObject -AccessControlType group -Permission rw- -InputObject $acl
$acl = Set-AzDataLakeGen2ItemAclObject -AccessControlType other -Permission "rw-" -InputObject $acl
$acl = Set-AzDataLakeGen2ItemAclObject -AccessControlType other -Permission "rwt" -InputObject $acl
Get-AzDataLakeGen2ChildItem -FileSystem "filesystem1" -Recurse | Update-AzDataLakeGen2Item -ACL $acl
```

```output
FileSystem Name: filesystem1
FileSystem Name: filesystem1
Path IsDirectory Length LastModified Permissions Owner Group
---- ----------- ------ ------------ ----------- ----- -----
dir1 True 2020-03-13 13:07:34Z rwxrw-rw- $superuser $superuser
dir1/file1 False 1024 2020-03-23 09:29:18Z rwxrw-rw- $superuser $superuser
dir2 True 2020-03-23 09:28:36Z rwxrw-rw- $superuser $superuser
dir1 True 2020-03-13 13:07:34Z rwxrw-rwt $superuser $superuser
dir1/file1 False 1024 2020-03-23 09:29:18Z rwxrw-rwt $superuser $superuser
dir2 True 2020-03-23 09:28:36Z rwxrw-rwt $superuser $superuser
```

This command first creates an ACL object with 3 acl entry (use -InputObject parameter to add acl entry to existing acl object), then get all items in a filesystem and update acl on the items.

### Example 2: Update all properties on a file, and show them
<!-- Skip: Output cannot be splitted from code -->


```
PS C:\> $file = Update-AzDataLakeGen2Item -FileSystem "filesystem1" -Path "dir1/file1" `
-Acl $acl `
Expand Down Expand Up @@ -143,7 +145,7 @@ Update-AzDataLakeGen2Item -FileSystem "filesystem1" -Path 'dir1/dir3/' -ACL $acl
```

```output
FileSystem Name: filesystem1
FileSystem Name: filesystem1
Path IsDirectory Length LastModified Permissions Owner Group
---- ----------- ------ ------------ ----------- ----- -----
Expand Down Expand Up @@ -294,10 +296,9 @@ Accept wildcard characters: False
```
### -Permission
Sets POSIX access permissions for the file owner, the file owning group, and others.
Each class may be granted read, write, or execute permission.
Symbolic (rwxrw-rw-) is supported.
Invalid in conjunction with Acl.
Sets POSIX access permissions for the file owner, the file owning group, and others. Each class may be granted read, write, or execute permission. Symbolic (rwxrw-rw-) is supported.
The sticky bit is also supported and its represented either by the letter t or T in the final character-place depending on whether the execution bit for the others category is set or unset respectively,
absence of t or T indicates sticky bit not set.Invalid in conjunction with ACL.
```yaml
Type: System.String
Expand Down Expand Up @@ -360,7 +361,7 @@ Accept wildcard characters: False
```
### CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
## INPUTS
Expand Down
7 changes: 4 additions & 3 deletions src/Storage/Storage/DatalakeGen2/Cmdlet/NewAzDataLakeGen2ACLObject.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,9 @@ public class SetAzDataLakeGen2ItemAclObjectCommand : AzureDataCmdlet
IgnoreCase = true)]
public AccessControlType AccessControlType;

[Parameter(Mandatory = true, HelpMessage = "The permission field is a 3-character sequence where the first character is 'r' to grant read access, the second character is 'w' to grant write access, and the third character is 'x' to grant execute permission. If access is not granted, the '-' character is used to denote that the permission is denied.")]
[ValidatePattern("[r-][w-][x-]")]
[Parameter(Mandatory = true, HelpMessage = "The permission field is a 3-character sequence where the first character is 'r' to grant read access, the second character is 'w' to grant write access, and the third character is 'x' to grant execute permission. If access is not granted, the '-' character is used to denote that the permission is denied. " +
"The sticky bit is also supported and its represented either by the letter t or T in the final character-place depending on whether the execution bit for the others category is set or unset respectively, absence of t or T indicates sticky bit not set.")]
[ValidatePattern("[r-][w-][xtT-]")]
public string Permission { get; set; }

[Parameter(Mandatory = false, HelpMessage = "If input the PSPathAccessControlEntry[] object, will add the new ACL entry as a new element of the input PSPathAccessControlEntry[] object. If an ACL entry when same AccessControlType, EntityId, DefaultScope exist, will update permission of it.")]
Expand Down Expand Up @@ -80,7 +81,7 @@ public override void ExecuteCmdlet()
psacls.Remove(entryToRemove);
}

PSPathAccessControlEntry psacl = new PSPathAccessControlEntry(this.AccessControlType, PathAccessControlExtensions.ParseSymbolicRolePermissions(this.Permission), this.DefaultScope, this.EntityId);
PSPathAccessControlEntry psacl = new PSPathAccessControlEntry(this.AccessControlType, PathAccessControlExtensions.ParseSymbolicRolePermissions(this.Permission, true), this.DefaultScope, this.EntityId);
psacls.Add(psacl);

WriteObject(psacls.ToArray(), true);
Expand Down
32 changes: 27 additions & 5 deletions src/Storage/Storage/DatalakeGen2/Cmdlet/NewAzDataLakeGen2Item.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,9 +83,10 @@ public string Source
[ValidatePattern("([r-][w-][x-]){3}")]
public string Umask { get; set; }

[Parameter(Mandatory = false, HelpMessage = "Sets POSIX access permissions for the file owner, the file owning group, and others. Each class may be granted read, write, or execute permission. Symbolic (rwxrw-rw-) is supported. ")]
[Parameter(Mandatory = false, HelpMessage = "Sets POSIX access permissions for the file owner, the file owning group, and others. Each class may be granted read, write, or execute permission. Symbolic (rwxrw-rw-) is supported. " +
"The sticky bit is also supported and its represented either by the letter t or T in the final character-place depending on whether the execution bit for the others category is set or unset respectively, absence of t or T indicates sticky bit not set.")]
[ValidateNotNullOrEmpty]
[ValidatePattern("([r-][w-][x-]){3}")]
[ValidatePattern("([r-][w-][x-]){2}([r-][w-][xtT-])")]
public string Permission { get; set; }


Expand Down Expand Up @@ -384,13 +385,34 @@ protected void SetBlobPermissionWithUMask(CloudBlockBlob blob, string permission
string blobPermission = string.Empty;
for (int i = 0; i < permission.Length; i++)
{
if (umask[i] != '-')
if (Char.ToLower(permission[i]) == 't')
{
blobPermission += '-';
if (permission[i] == 'T')
{
blobPermission += permission[i];
}
else
{
if (umask[i] == '-')
{
blobPermission += 't';
}
else
{
blobPermission += 'T';
}
}
}
else
{
blobPermission += permission[i];
if (umask[i] != '-')
{
blobPermission += '-';
}
else
{
blobPermission += permission[i];
}
}
}

Expand Down
Loading

0 comments on commit 56836bb

Please sign in to comment.