Skip to content

Instantly share code, notes, and snippets.

@GeorgeJahad

GeorgeJahad/snapshotAclAcceptanceTest.md Secret

Created January 25, 2023 01:08
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save GeorgeJahad/09fba88dfc79fb03590deae3df679e73 to your computer and use it in GitHub Desktop.
Save GeorgeJahad/09fba88dfc79fb03590deae3df679e73 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
snapshotAclAcceptanceTest.md 

# init bucket
kinit -kt /etc/security/keytabs/om.keytab om/om@EXAMPLE.COM
ozone sh volume create testgbj2
ozone sh bucket create testgbj2/bucket1
ozone sh key put testgbj2/bucket1/k1 LICENSE.txt
ozone sh key put testgbj2/bucket1/k1 k1.orig
ozone sh snapshot create testgbj2/bucket1 snapshot1


# create a snapshot with acls  added

echo acls
ozone sh volume addacl -a user:testuser2/scm@EXAMPLE.COM:a testgbj2
ozone sh bucket addacl -a user:testuser2/scm@EXAMPLE.COM:a testgbj2/bucket1
ozone sh key addacl -a user:testuser2/scm@EXAMPLE.COM:a testgbj2/bucket1/k1
ozone sh snapshot create testgbj2/bucket1 snapshot2


# now try to read each snapshot

kdestroy
kinit -kt /etc/security/keytabs/testuser2.keytab testuser2/scm@EXAMPLE.COM
echo read should fail
ozone sh key get testgbj2/bucket1/.snapshot/snapshot1/k1 k1.second

#snapshot2 read succeeds because of the acls

echo read should succeed
rm -f k1.third
ozone sh key get testgbj2/bucket1/.snapshot/snapshot2/k1 k1.third
ls -l k1.third
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment