From a0d37fc7aea5e395f7f9b0515d866ce036b49505 Mon Sep 17 00:00:00 2001 From: Wenjun Ruan Date: Sun, 23 Oct 2022 21:54:01 +0800 Subject: [PATCH] Set tenantDir permission (#12486) --- .../common/utils/FileUtils.java | 34 ++++++++++------- .../common/utils/FileUtilsTest.java | 4 +- .../service/utils/ProcessUtils.java | 4 +- .../utils/TaskExecutionCheckerUtils.java | 38 ++++++++++++++++--- 4 files changed, 57 insertions(+), 23 deletions(-) diff --git a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java index 79990a4642..2d19f7fcf9 100644 --- a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java +++ b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java @@ -88,23 +88,29 @@ public class FileUtils { /** * directory of process execution * - * @param projectCode project code - * @param processDefineCode process definition Code + * @param tenant tenant + * @param projectCode project code + * @param processDefineCode process definition Code * @param processDefineVersion process definition version - * @param processInstanceId process instance id - * @param taskInstanceId task instance id + * @param processInstanceId process instance id + * @param taskInstanceId task instance id * @return directory of process execution */ - public static String getProcessExecDir(long projectCode, long processDefineCode, int processDefineVersion, - int processInstanceId, int taskInstanceId) { - String fileName = String.format("%s/exec/process/%d/%s/%d/%d", DATA_BASEDIR, - projectCode, processDefineCode + "_" + processDefineVersion, processInstanceId, taskInstanceId); - File file = new File(fileName); - if (!file.getParentFile().exists()) { - file.getParentFile().mkdirs(); - } - - return fileName; + public static String getProcessExecDir(String tenant, + long projectCode, + long processDefineCode, + int processDefineVersion, + int processInstanceId, + int taskInstanceId) { + return String.format( + "%s/exec/process/%s/%d/%d_%d/%d/%d", + DATA_BASEDIR, + tenant, + projectCode, + processDefineCode, + processDefineVersion, + processInstanceId, + taskInstanceId); } /** diff --git a/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/utils/FileUtilsTest.java b/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/utils/FileUtilsTest.java index 7fcfc3b31b..e8a628ff08 100644 --- a/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/utils/FileUtilsTest.java +++ b/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/utils/FileUtilsTest.java @@ -51,8 +51,8 @@ public class FileUtilsTest { @Test public void testGetProcessExecDir() { - String dir = FileUtils.getProcessExecDir(1L, 2L, 1, 3, 4); - Assertions.assertEquals("/tmp/dolphinscheduler/exec/process/1/2_1/3/4", dir); + String dir = FileUtils.getProcessExecDir("test", 1L, 2L, 1, 3, 4); + Assertions.assertEquals("/tmp/dolphinscheduler/exec/process/test/1/2_1/3/4", dir); } @Test diff --git a/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/utils/ProcessUtils.java b/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/utils/ProcessUtils.java index e324c94205..b20af9dc34 100644 --- a/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/utils/ProcessUtils.java +++ b/dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/utils/ProcessUtils.java @@ -204,7 +204,9 @@ public class ProcessUtils { if (CollectionUtils.isNotEmpty(appIds)) { if (StringUtils.isEmpty(taskExecutionContext.getExecutePath())) { taskExecutionContext - .setExecutePath(FileUtils.getProcessExecDir(taskExecutionContext.getProjectCode(), + .setExecutePath(FileUtils.getProcessExecDir( + taskExecutionContext.getTenantCode(), + taskExecutionContext.getProjectCode(), taskExecutionContext.getProcessDefineCode(), taskExecutionContext.getProcessDefineVersion(), taskExecutionContext.getProcessInstanceId(), diff --git a/dolphinscheduler-worker/src/main/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionCheckerUtils.java b/dolphinscheduler-worker/src/main/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionCheckerUtils.java index 1aea96d9d8..ff08b6d09b 100644 --- a/dolphinscheduler-worker/src/main/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionCheckerUtils.java +++ b/dolphinscheduler-worker/src/main/java/org/apache/dolphinscheduler/server/worker/utils/TaskExecutionCheckerUtils.java @@ -33,8 +33,13 @@ import org.apache.commons.lang3.SystemUtils; import org.apache.commons.lang3.tuple.Pair; import java.io.File; +import java.io.IOException; +import java.nio.file.FileSystems; import java.nio.file.Files; +import java.nio.file.Path; import java.nio.file.Paths; +import java.nio.file.attribute.UserPrincipal; +import java.nio.file.attribute.UserPrincipalLookupService; import java.util.ArrayList; import java.util.List; import java.util.Map; @@ -45,23 +50,24 @@ public class TaskExecutionCheckerUtils { public static void checkTenantExist(WorkerConfig workerConfig, TaskExecutionContext taskExecutionContext) { try { + String tenantCode = taskExecutionContext.getTenantCode(); boolean osUserExistFlag; // if Using distributed is true and Currently supported systems are linux,Should not let it // automatically // create tenants,so TenantAutoCreate has no effect if (workerConfig.isTenantDistributedUser() && SystemUtils.IS_OS_LINUX) { // use the id command to judge in linux - osUserExistFlag = OSUtils.existTenantCodeInLinux(taskExecutionContext.getTenantCode()); + osUserExistFlag = OSUtils.existTenantCodeInLinux(tenantCode); } else if (OSUtils.isSudoEnable() && workerConfig.isTenantAutoCreate()) { // if not exists this user, then create - OSUtils.createUserIfAbsent(taskExecutionContext.getTenantCode()); - osUserExistFlag = OSUtils.getUserList().contains(taskExecutionContext.getTenantCode()); + OSUtils.createUserIfAbsent(tenantCode); + osUserExistFlag = OSUtils.getUserList().contains(tenantCode); } else { - osUserExistFlag = OSUtils.getUserList().contains(taskExecutionContext.getTenantCode()); + osUserExistFlag = OSUtils.getUserList().contains(tenantCode); } if (!osUserExistFlag) { throw new TaskException( - String.format("TenantCode: %s doesn't exist", taskExecutionContext.getTenantCode())); + String.format("TenantCode: %s doesn't exist", tenantCode)); } } catch (TaskException ex) { throw ex; @@ -75,13 +81,14 @@ public class TaskExecutionCheckerUtils { try { // local execute path String execLocalPath = FileUtils.getProcessExecDir( + taskExecutionContext.getTenantCode(), taskExecutionContext.getProjectCode(), taskExecutionContext.getProcessDefineCode(), taskExecutionContext.getProcessDefineVersion(), taskExecutionContext.getProcessInstanceId(), taskExecutionContext.getTaskInstanceId()); taskExecutionContext.setExecutePath(execLocalPath); - FileUtils.createWorkDirIfAbsent(execLocalPath); + createDirectoryWithOwner(Paths.get(execLocalPath), taskExecutionContext.getTenantCode()); } catch (Throwable ex) { throw new TaskException("Cannot create process execute dir", ex); } @@ -131,4 +138,23 @@ public class TaskExecutionCheckerUtils { } } } + + private static void createDirectoryWithOwner(Path filePath, String tenant) { + if (Files.exists(filePath)) { + return; + } + try { + Files.createDirectories(filePath); + if (!OSUtils.isSudoEnable()) { + // we need to open sudo, then we can change the owner. + return; + } + UserPrincipalLookupService userPrincipalLookupService = + FileSystems.getDefault().getUserPrincipalLookupService(); + UserPrincipal tenantPrincipal = userPrincipalLookupService.lookupPrincipalByName(tenant); + Files.setOwner(filePath, tenantPrincipal); + } catch (IOException e) { + throw new TaskException("Set tenant directory permission failed, tenant: " + tenant, e); + } + } }