'DataLake Storage account ACL commands are not working as expected
Below is the part of pipeline where I am trying to update the ACL as per the user input paramater values.
for the tasks setting default and access policies steps , i have the issue.
Here my requirement is that, we have many existing big filesystems which are already assigned with some default and access ACL policies. Now we need to timely update the exising permission of the acl for the securityprinciple or need to add new security principle, which wont affect the existing acl.
So what I read from docs, if we have to set a permission for subdirectory called s3 and its contents, we have to give execute permission for each of the users for the path itself. eg: storageaccount/fs/s1/s2/s3.
when I tried update-recursive command, its working for me , but most of the times its getting timed out as the directories are large and the access is granting recursively.
So I tried for anothr ways of updating the permissions only for the path mentioned, for example, for each users i am inputting, and i require rwx permission inside s3 subdirectory,
- first it should set access & default "execute permission for those users tranceive to the location . eg: storageaccount/fs/s1/s2/s3
- then set the input permission given (rwx) for the given users for the s3 subdirectory alone and it wont change any existing ACL aywhere.
When I tried set --permission command , i couldnt make the task successfull for updating the permissions.
- stage: Create_ACL
displayName: 'Create the Given ACL'
variables:
- name: directory
value: ${{ parameters.subdirectory }}
jobs:
- deployment: Create_ACL
environment: myenv
displayName: "Creating ACL"
strategy:
runOnce:
deploy:
steps:
- ${{ each user in parameters.userslist }}:
- task: AzureCLI@2
displayName: 'setting Default ACL for Execution permission for ${{ user }}'
inputs:
azureSubscription: 'mysubs'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
acl=default:user:${{ user }}:--x
az storage fs access set --permission=$acl -p / -f ${{parameters.fsname}} --account-name ${{parameters.storagename}} --auth-mode login
- task: AzureCLI@2
displayName: 'setting Access ACL for Execution permission for ${{ user }}'
inputs:
azureSubscription: 'mysubs'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
acl=user:${{ user }}:--x
az storage fs access set --permission=$acl -p / -f ${{parameters.fsname}} --account-name ${{parameters.storagename}} --auth-mode login
- task: AzureCLI@2
displayName: 'setting Default permission for the given fs or Subdirectory for user ${{ user }}'
inputs:
azureSubscription: 'mysubs'
scriptType: 'bash'
scriptLocation: 'inlineScript'
${{ if ne(parameters.subdirectory, ' ') }}:
inlineScript: |
acl=default:user:${{ user }}:${{parameters.permission}}
az storage fs access update-recursive --acl=$acl -p $(directory) -f ${{parameters.fsname}} --account-name ${{parameters.storagename}} --auth-mode login
${{ if eq(parameters.subdirectory, ' ') }}:
inlineScript: |
acl=default:user:${{ user }}:${{parameters.permission}}
az storage fs access update-recursive --acl=$acl -p / -f ${{parameters.fsname}} --account-name ${{parameters.storagename}} --auth-mode login
- task: AzureCLI@2
displayName: 'setting Access permission for the given fs or Subdirectory for user ${{ user }}'
inputs:
azureSubscription: 'mysubs'
scriptType: 'bash'
scriptLocation: 'inlineScript'
${{ if ne(parameters.subdirectory, ' ') }}:
inlineScript: |
acl=user:${{ user }}:${{parameters.permission}}
az storage fs access update-recursive --acl=$acl -p $(directory) -f ${{parameters.fsname}} --account-name ${{parameters.storagename}} --auth-mode login
${{ if eq(parameters.subdirectory, ' ') }}:
inlineScript: |
acl=user:${{ user }}:${{parameters.permission}}
az storage fs access update-recursive --acl=$acl -p / -f ${{parameters.fsname}} --account-name ${{parameters.storagename}} --auth-mode login
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|