ACLsManager(Configuration conf, JobACLsManager jobACLsManager, QueueManager queueManager) throws IOException { mrOwner = UserGroupInformation.getCurrentUser(); adminAcl = new AccessControlList(conf.get(MRConfig.MR_ADMINS, " ")); adminAcl.addUser(mrOwner.getShortUserName()); String deprecatedSuperGroup = conf.get(MRConfig.MR_SUPERGROUP); if (deprecatedSuperGroup != null) { LOG.warn(MRConfig.MR_SUPERGROUP + " is deprecated. Use " + MRConfig.MR_ADMINS + " instead"); adminAcl.addGroup(deprecatedSuperGroup); } aclsEnabled = conf.getBoolean(MRConfig.MR_ACLS_ENABLED, false); this.jobACLsManager = jobACLsManager; this.queueManager = queueManager; }
conf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true); AccessControlList adminACL = new AccessControlList(""); adminACL.addGroup(SUPER_GROUP); conf.set(YarnConfiguration.YARN_ADMIN_ACL, adminACL.getAclString()); resourceManager = new MockRM(conf) {
/** * Tests adding user/group to an wild card acl. */ public void testAddRemoveToWildCardACL() { AccessControlList acl = new AccessControlList(" * "); assertTrue(acl.isAllAllowed()); UserGroupInformation drwho = UserGroupInformation.createUserForTesting("drwho@APACHE.ORG", new String[] { "aliens" }); UserGroupInformation drwho2 = UserGroupInformation.createUserForTesting("drwho2@APACHE.ORG", new String[] { "tardis" }); acl.addUser("drwho"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("drwho")); acl.addGroup("tardis"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("tardis")); acl.removeUser("drwho"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho, acl); acl.removeGroup("tardis"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho2, acl); }
acl.addGroup(" * "); } catch (Throwable t) { th = t;
private void verifyOwnerAccess() throws Exception { AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); // View as owner rmClient.getApplicationReport(appReportRequest); // List apps as owner Assert.assertEquals("App view by owner should list the apps!!", 1, rmClient.getApplications( recordFactory.newRecordInstance(GetApplicationsRequest.class)) .getApplicationList().size()); // Kill app as owner rmClient.forceKillApplication(finishAppRequest); resourceManager.waitForState(applicationId, RMAppState.KILLED); }
private void verifyOwnerAccess() throws Exception { AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); // View as owner rmClient.getApplicationReport(appReportRequest); // List apps as owner Assert.assertEquals("App view by owner should list the apps!!", 1, rmClient.getApplications( recordFactory.newRecordInstance(GetApplicationsRequest.class)) .getApplicationList().size()); // Kill app as owner rmClient.forceKillApplication(finishAppRequest); resourceManager.waitForState(applicationId, RMAppState.KILLED); }
private void verifyFriendAccess() throws Exception { AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); ApplicationClientProtocol friendClient = getRMClientForUser(FRIEND); // View as the friend friendClient.getApplicationReport(appReportRequest); // List apps as friend Assert.assertEquals("App view by a friend should list the apps!!", 3, friendClient.getApplications( recordFactory.newRecordInstance(GetApplicationsRequest.class)) .getApplicationList().size()); // Kill app as the friend friendClient.forceKillApplication(finishAppRequest); resourceManager.waitForState(applicationId, RMAppState.KILLED); }
private void verifySuperUserAccess() throws Exception { AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); ApplicationClientProtocol superUserClient = getRMClientForUser(SUPER_USER); // View as the superUser superUserClient.getApplicationReport(appReportRequest); // List apps as superUser Assert.assertEquals("App view by super-user should list the apps!!", 2, superUserClient.getApplications( recordFactory.newRecordInstance(GetApplicationsRequest.class)) .getApplicationList().size()); // Kill app as the superUser superUserClient.forceKillApplication(finishAppRequest); resourceManager.waitForState(applicationId, RMAppState.KILLED); }
private void verifyFriendAccess() throws Exception { AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); ApplicationClientProtocol friendClient = getRMClientForUser(FRIEND); // View as the friend friendClient.getApplicationReport(appReportRequest); // List apps as friend Assert.assertEquals("App view by a friend should list the apps!!", 3, friendClient.getApplications( recordFactory.newRecordInstance(GetApplicationsRequest.class)) .getApplicationList().size()); // Kill app as the friend friendClient.forceKillApplication(finishAppRequest); resourceManager.waitForState(applicationId, RMAppState.KILLED); }
private void verifySuperUserAccess() throws Exception { AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); ApplicationClientProtocol superUserClient = getRMClientForUser(SUPER_USER); // View as the superUser superUserClient.getApplicationReport(appReportRequest); // List apps as superUser Assert.assertEquals("App view by super-user should list the apps!!", 2, superUserClient.getApplications( recordFactory.newRecordInstance(GetApplicationsRequest.class)) .getApplicationList().size()); // Kill app as the superUser superUserClient.forceKillApplication(finishAppRequest); resourceManager.waitForState(applicationId, RMAppState.KILLED); }
private void verifyEnemyAccess() throws Exception { viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND);
private void verifyAdministerQueueUserAccess() throws Exception { isQueueUser = true; AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND);
private void verifyEnemyAccess() throws Exception { viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND);
private void verifyAdministerQueueUserAccess() throws Exception { isQueueUser = true; AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND);
/** * Tests adding user/group to an wild card acl. */ @Test public void testAddRemoveToWildCardACL() { AccessControlList acl = new AccessControlList(" * "); assertTrue(acl.isAllAllowed()); UserGroupInformation drwho = UserGroupInformation.createUserForTesting("drwho@APACHE.ORG", new String[] { "aliens" }); UserGroupInformation drwho2 = UserGroupInformation.createUserForTesting("drwho2@APACHE.ORG", new String[] { "tardis" }); acl.addUser("drwho"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("drwho")); acl.addGroup("tardis"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("tardis")); acl.removeUser("drwho"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho, acl); acl.removeGroup("tardis"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho2, acl); }
/** * Tests adding user/group to an wild card acl. */ @Test public void testAddRemoveToWildCardACL() { AccessControlList acl = new AccessControlList(" * "); assertTrue(acl.isAllAllowed()); UserGroupInformation drwho = UserGroupInformation.createUserForTesting("drwho@APACHE.ORG", new String[] { "aliens" }); UserGroupInformation drwho2 = UserGroupInformation.createUserForTesting("drwho2@APACHE.ORG", new String[] { "tardis" }); acl.addUser("drwho"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("drwho")); acl.addGroup("tardis"); assertTrue(acl.isAllAllowed()); assertFalse(acl.getAclString().contains("tardis")); acl.removeUser("drwho"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho, acl); acl.removeGroup("tardis"); assertTrue(acl.isAllAllowed()); assertUserAllowed(drwho2, acl); }
acl.addGroup(" * "); } catch (Throwable t) { th = t;
acl.addGroup(" * "); } catch (Throwable t) { th = t;