@Test public void testAclsOff() { Map<JobACL, AccessControlList> tmpJobACLs = new HashMap<JobACL, AccessControlList>(); Configuration conf = new Configuration(); String jobOwner = "testuser"; conf.set(JobACL.VIEW_JOB.getAclName(), jobOwner); conf.setBoolean(MRConfig.MR_ACLS_ENABLED, false); String noAdminUser = "testuser2"; JobACLsManager aclsManager = new JobACLsManager(conf); tmpJobACLs = aclsManager.constructJobACLs(conf); final Map<JobACL, AccessControlList> jobACLs = tmpJobACLs; UserGroupInformation callerUGI = UserGroupInformation.createUserForTesting( noAdminUser, new String[] {}); // acls off so anyone should have access boolean val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner, jobACLs.get(JobACL.VIEW_JOB)); assertTrue("acls off so anyone should have access", val); }
@Test public void testGroups() { Map<JobACL, AccessControlList> tmpJobACLs = new HashMap<JobACL, AccessControlList>(); Configuration conf = new Configuration(); String jobOwner = "testuser"; conf.set(JobACL.VIEW_JOB.getAclName(), jobOwner); conf.setBoolean(MRConfig.MR_ACLS_ENABLED, true); String user = "testuser2"; String adminGroup = "adminGroup"; conf.set(MRConfig.MR_ADMINS, " " + adminGroup); JobACLsManager aclsManager = new JobACLsManager(conf); tmpJobACLs = aclsManager.constructJobACLs(conf); final Map<JobACL, AccessControlList> jobACLs = tmpJobACLs; UserGroupInformation callerUGI = UserGroupInformation.createUserForTesting( user, new String[] {adminGroup}); // acls off so anyone should have access boolean val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner, jobACLs.get(JobACL.VIEW_JOB)); assertTrue("user in admin group should have access", val); } }
@Test public void testClusterAdmins() { Map<JobACL, AccessControlList> tmpJobACLs = new HashMap<JobACL, AccessControlList>(); Configuration conf = new Configuration(); String jobOwner = "testuser"; conf.set(JobACL.VIEW_JOB.getAclName(), jobOwner); conf.set(JobACL.MODIFY_JOB.getAclName(), jobOwner); conf.setBoolean(MRConfig.MR_ACLS_ENABLED, true); String clusterAdmin = "testuser2"; conf.set(MRConfig.MR_ADMINS, clusterAdmin); JobACLsManager aclsManager = new JobACLsManager(conf); tmpJobACLs = aclsManager.constructJobACLs(conf); final Map<JobACL, AccessControlList> jobACLs = tmpJobACLs; UserGroupInformation callerUGI = UserGroupInformation.createUserForTesting( clusterAdmin, new String[] {}); // cluster admin should have access boolean val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner, jobACLs.get(JobACL.VIEW_JOB)); assertTrue("cluster admin should have view access", val); val = aclsManager.checkAccess(callerUGI, JobACL.MODIFY_JOB, jobOwner, jobACLs.get(JobACL.MODIFY_JOB)); assertTrue("cluster admin should have modify access", val); }
@Test public void testClusterNoAdmins() { Map<JobACL, AccessControlList> tmpJobACLs = new HashMap<JobACL, AccessControlList>(); Configuration conf = new Configuration(); String jobOwner = "testuser"; conf.set(JobACL.VIEW_JOB.getAclName(), ""); conf.setBoolean(MRConfig.MR_ACLS_ENABLED, true); String noAdminUser = "testuser2"; JobACLsManager aclsManager = new JobACLsManager(conf); tmpJobACLs = aclsManager.constructJobACLs(conf); final Map<JobACL, AccessControlList> jobACLs = tmpJobACLs; UserGroupInformation callerUGI = UserGroupInformation.createUserForTesting( noAdminUser, new String[] {}); // random user should not have access boolean val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner, jobACLs.get(JobACL.VIEW_JOB)); assertFalse("random user should not have view access", val); val = aclsManager.checkAccess(callerUGI, JobACL.MODIFY_JOB, jobOwner, jobACLs.get(JobACL.MODIFY_JOB)); assertFalse("random user should not have modify access", val); callerUGI = UserGroupInformation.createUserForTesting(jobOwner, new String[] {}); // Owner should have access val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner, jobACLs.get(JobACL.VIEW_JOB)); assertTrue("owner should have view access", val); val = aclsManager.checkAccess(callerUGI, JobACL.MODIFY_JOB, jobOwner, jobACLs.get(JobACL.MODIFY_JOB)); assertTrue("owner should have modify access", val); }
this.jobACLs = aclsManager.constructJobACLs(conf);
this.jobACLs = aclsManager.constructJobACLs(conf);
this.jobACLs = aclsManager.constructJobACLs(conf);
constructJobACLs(conf).get(JobACL.VIEW_JOB);
tmpJobACLs = aclsManager.constructJobACLs(conf); final Map<JobACL, AccessControlList> jobACLs = tmpJobACLs; return new Job() {
status.setJobACLs(jobtracker.getJobACLsManager().constructJobACLs(conf));