assertEquals( firstSubQueue.getAcls().get("mapred.queue.first.acl-submit-job") .toString(), "Users [user1, user2] and members of the groups [group1, group2] are allowed"); Queue secondSubQueue = iterator.next();
assertEquals( firstSubQueue.getAcls().get("mapred.queue.first.acl-submit-job") .toString(), "Users [user1, user2] and members of the groups [group1, group2] are allowed"); Queue secondSubQueue = iterator.next();
private UserGroupInformation checkAcls(String method) throws IOException { UserGroupInformation user; try { user = UserGroupInformation.getCurrentUser(); } catch (IOException ioe) { LOG.warn("Couldn't get current user", ioe); HSAuditLogger.logFailure("UNKNOWN", method, adminAcl.toString(), HISTORY_ADMIN_SERVER, "Couldn't get current user"); throw ioe; } if (!adminAcl.isUserAllowed(user)) { LOG.warn("User " + user.getShortUserName() + " doesn't have permission" + " to call '" + method + "'"); HSAuditLogger.logFailure(user.getShortUserName(), method, adminAcl.toString(), HISTORY_ADMIN_SERVER, AuditConstants.UNAUTHORIZED_USER); throw new AccessControlException("User " + user.getShortUserName() + " doesn't have permission" + " to call '" + method + "'"); } LOG.info("HS Admin: " + method + " invoked by user " + user.getShortUserName()); return user; }
private UserGroupInformation checkAcls(String method) throws IOException { UserGroupInformation user; try { user = UserGroupInformation.getCurrentUser(); } catch (IOException ioe) { LOG.warn("Couldn't get current user", ioe); HSAuditLogger.logFailure("UNKNOWN", method, adminAcl.toString(), HISTORY_ADMIN_SERVER, "Couldn't get current user"); throw ioe; } if (!adminAcl.isUserAllowed(user)) { LOG.warn("User " + user.getShortUserName() + " doesn't have permission" + " to call '" + method + "'"); HSAuditLogger.logFailure(user.getShortUserName(), method, adminAcl.toString(), HISTORY_ADMIN_SERVER, AuditConstants.UNAUTHORIZED_USER); throw new AccessControlException("User " + user.getShortUserName() + " doesn't have permission" + " to call '" + method + "'"); } LOG.info("HS Admin: " + method + " invoked by user " + user.getShortUserName()); return user; }
private UserGroupInformation checkAcls(String method) throws IOException { UserGroupInformation user; try { user = UserGroupInformation.getCurrentUser(); } catch (IOException ioe) { LOG.warn("Couldn't get current user", ioe); HSAuditLogger.logFailure("UNKNOWN", method, adminAcl.toString(), HISTORY_ADMIN_SERVER, "Couldn't get current user"); throw ioe; } if (!adminAcl.isUserAllowed(user)) { LOG.warn("User " + user.getShortUserName() + " doesn't have permission" + " to call '" + method + "'"); HSAuditLogger.logFailure(user.getShortUserName(), method, adminAcl.toString(), HISTORY_ADMIN_SERVER, AuditConstants.UNAUTHORIZED_USER); throw new AccessControlException("User " + user.getShortUserName() + " doesn't have permission" + " to call '" + method + "'"); } LOG.info("HS Admin: " + method + " invoked by user " + user.getShortUserName()); return user; }
@Override public void refreshLoadedJobCache() throws IOException { UserGroupInformation user = checkAcls("refreshLoadedJobCache"); try { jobHistoryService.refreshLoadedJobCache(); } catch (UnsupportedOperationException e) { HSAuditLogger.logFailure(user.getShortUserName(), "refreshLoadedJobCache", adminAcl.toString(), HISTORY_ADMIN_SERVER, e.getMessage()); throw e; } HSAuditLogger.logSuccess(user.getShortUserName(), "refreshLoadedJobCache", HISTORY_ADMIN_SERVER); }
@Override public void refreshLoadedJobCache() throws IOException { UserGroupInformation user = checkAcls("refreshLoadedJobCache"); try { jobHistoryService.refreshLoadedJobCache(); } catch (UnsupportedOperationException e) { HSAuditLogger.logFailure(user.getShortUserName(), "refreshLoadedJobCache", adminAcl.toString(), HISTORY_ADMIN_SERVER, e.getMessage()); throw e; } HSAuditLogger.logSuccess(user.getShortUserName(), "refreshLoadedJobCache", HISTORY_ADMIN_SERVER); }
@Override public void refreshLoadedJobCache() throws IOException { UserGroupInformation user = checkAcls("refreshLoadedJobCache"); try { jobHistoryService.refreshLoadedJobCache(); } catch (UnsupportedOperationException e) { HSAuditLogger.logFailure(user.getShortUserName(), "refreshLoadedJobCache", adminAcl.toString(), HISTORY_ADMIN_SERVER, e.getMessage()); throw e; } HSAuditLogger.logSuccess(user.getShortUserName(), "refreshLoadedJobCache", HISTORY_ADMIN_SERVER); }
public void testAclString() { AccessControlList acl; acl = new AccessControlList("*"); assertTrue(acl.toString().equals("All users are allowed")); validateGetAclString(acl); acl = new AccessControlList(" "); assertTrue(acl.toString().equals("No users are allowed")); acl = new AccessControlList("user1,user2"); assertTrue(acl.toString().equals("Users [user1, user2] are allowed")); validateGetAclString(acl); acl = new AccessControlList("user1,user2 ");// with space assertTrue(acl.toString().equals("Users [user1, user2] are allowed")); validateGetAclString(acl); acl = new AccessControlList(" group1,group2"); assertTrue(acl.toString().equals( "Members of the groups [group1, group2] are allowed")); validateGetAclString(acl); acl = new AccessControlList("user1,user2 group1,group2"); assertTrue(acl.toString().equals( "Users [user1, user2] and " + "members of the groups [group1, group2] are allowed")); validateGetAclString(acl); }
/** * Rereads the config to get hosts and exclude list file names. * Rereads the files to update the hosts and exclude lists. */ public synchronized void refreshNodes() throws IOException { String user = UserGroupInformation.getCurrentUser().getShortUserName(); // check access if (!aclsManager.isMRAdmin(UserGroupInformation.getCurrentUser())) { AuditLogger.logFailure(user, Constants.REFRESH_NODES, aclsManager.getAdminsAcl().toString(), Constants.JOBTRACKER, Constants.UNAUTHORIZED_USER); throw new AccessControlException(user + " is not authorized to refresh nodes."); } AuditLogger.logSuccess(user, Constants.REFRESH_NODES, Constants.JOBTRACKER); // call the actual api refreshHosts(); }
/** * Nicely print the Job-ACLs * @param tracker * @param jobAcls * @param out * @throws IOException */ static void printJobACLs(JobTracker tracker, Map<JobACL, AccessControlList> jobAcls, JspWriter out) throws IOException { if (tracker.areACLsEnabled()) { // Display job-view-acls and job-modify-acls configured for this job out.print("<b>Job-ACLs:</b><br>"); for (JobACL aclName : JobACL.values()) { String aclConfigName = aclName.getAclName(); AccessControlList aclConfigured = jobAcls.get(aclName); if (aclConfigured != null) { String aclStr = aclConfigured.toString(); out.print(" " + aclConfigName + ": " + HtmlQuoting.quoteHtmlChars(aclStr) + "<br>"); } } } else { out.print("<b>Job-ACLs: " + new AccessControlList("*").toString() + "</b><br>"); } } }
conf.get(JobACL.VIEW_JOB.getAclName(), " ")); assertTrue("VIEW_JOB ACL is not properly logged to history file.", acl.toString().equals( jobInfo.getJobACLs().get(JobACL.VIEW_JOB).toString())); acl = new AccessControlList( conf.get(JobACL.MODIFY_JOB.getAclName(), " ")); assertTrue("MODIFY_JOB ACL is not properly logged to history file.", acl.toString().equals( jobInfo.getJobACLs().get(JobACL.MODIFY_JOB).toString()));
@Test public void testAclString() { AccessControlList acl; acl = new AccessControlList("*"); assertTrue(acl.toString().equals("All users are allowed")); validateGetAclString(acl); acl = new AccessControlList(" "); assertTrue(acl.toString().equals("No users are allowed")); acl = new AccessControlList("user1,user2"); assertTrue(acl.toString().equals("Users [user1, user2] are allowed")); validateGetAclString(acl); acl = new AccessControlList("user1,user2 ");// with space assertTrue(acl.toString().equals("Users [user1, user2] are allowed")); validateGetAclString(acl); acl = new AccessControlList(" group1,group2"); assertTrue(acl.toString().equals( "Members of the groups [group1, group2] are allowed")); validateGetAclString(acl); acl = new AccessControlList("user1,user2 group1,group2"); assertTrue(acl.toString().equals( "Users [user1, user2] and " + "members of the groups [group1, group2] are allowed")); validateGetAclString(acl); }
@Test public void testAclString() { AccessControlList acl; acl = new AccessControlList("*"); assertTrue(acl.toString().equals("All users are allowed")); validateGetAclString(acl); acl = new AccessControlList(" "); assertTrue(acl.toString().equals("No users are allowed")); acl = new AccessControlList("user1,user2"); assertTrue(acl.toString().equals("Users [user1, user2] are allowed")); validateGetAclString(acl); acl = new AccessControlList("user1,user2 ");// with space assertTrue(acl.toString().equals("Users [user1, user2] are allowed")); validateGetAclString(acl); acl = new AccessControlList(" group1,group2"); assertTrue(acl.toString().equals( "Members of the groups [group1, group2] are allowed")); validateGetAclString(acl); acl = new AccessControlList("user1,user2 group1,group2"); assertTrue(acl.toString().equals( "Users [user1, user2] and " + "members of the groups [group1, group2] are allowed")); validateGetAclString(acl); }