@Override public String[] getGroupsForUser(String user) throws IOException { String operation = "getGroupsForUser"; UserGroupInformation ugi; try { ugi = checkAcls(operation); } catch (YarnException e) { // The interface is from hadoop-common which does not accept YarnException throw new IOException(e); } checkRMStatus(ugi.getShortUserName(), operation, "get groups for user"); return UserGroupInformation.createRemoteUser(user).getGroupNames(); }
@Override public RefreshUserToGroupsMappingsResponse refreshUserToGroupsMappings( RefreshUserToGroupsMappingsRequest request) throws YarnException, IOException { String argName = "refreshUserToGroupsMappings"; UserGroupInformation user = checkAcls(argName); checkRMStatus(user.getShortUserName(), argName, "refresh user-groups."); refreshUserToGroupsMappings(); RMAuditLogger.logSuccess(user.getShortUserName(), argName, "AdminService"); return recordFactory.newRecordInstance( RefreshUserToGroupsMappingsResponse.class); }
@Override public RefreshSuperUserGroupsConfigurationResponse refreshSuperUserGroupsConfiguration( RefreshSuperUserGroupsConfigurationRequest request) throws YarnException, IOException { final String operation = "refreshSuperUserGroupsConfiguration"; UserGroupInformation user = checkAcls(operation); checkRMStatus(user.getShortUserName(), operation, "refresh super-user-groups."); refreshSuperUserGroupsConfiguration(); RMAuditLogger.logSuccess(user.getShortUserName(), operation, "AdminService"); return recordFactory.newRecordInstance( RefreshSuperUserGroupsConfigurationResponse.class); }
@Override public RefreshUserToGroupsMappingsResponse refreshUserToGroupsMappings( RefreshUserToGroupsMappingsRequest request) throws YarnException, IOException { final String operation = "refreshUserToGroupsMappings"; UserGroupInformation user = checkAcls(operation); checkRMStatus(user.getShortUserName(), operation, "refresh user-groups."); refreshUserToGroupsMappings(); RMAuditLogger.logSuccess(user.getShortUserName(), operation, "AdminService"); return recordFactory.newRecordInstance( RefreshUserToGroupsMappingsResponse.class); }
@Override public RefreshSuperUserGroupsConfigurationResponse refreshSuperUserGroupsConfiguration( RefreshSuperUserGroupsConfigurationRequest request) throws YarnException, IOException { String argName = "refreshSuperUserGroupsConfiguration"; UserGroupInformation user = checkAcls(argName); checkRMStatus(user.getShortUserName(), argName, "refresh super-user-groups."); refreshSuperUserGroupsConfiguration(); RMAuditLogger.logSuccess(user.getShortUserName(), argName, "AdminService"); return recordFactory.newRecordInstance( RefreshSuperUserGroupsConfigurationResponse.class); }
private RefreshAdminAclsResponse refreshAdminAcls(boolean checkRMHAState) throws YarnException, IOException { String argName = "refreshAdminAcls"; UserGroupInformation user = checkAcls(argName); if (checkRMHAState) { checkRMStatus(user.getShortUserName(), argName, "refresh Admin ACLs."); } Configuration conf = getConfiguration(new Configuration(false), YarnConfiguration.YARN_SITE_CONFIGURATION_FILE); authorizer.setAdmins(getAdminAclList(conf), UserGroupInformation .getCurrentUser()); RMAuditLogger.logSuccess(user.getShortUserName(), argName, "AdminService"); return recordFactory.newRecordInstance(RefreshAdminAclsResponse.class); }
@Override public RefreshClusterMaxPriorityResponse refreshClusterMaxPriority( RefreshClusterMaxPriorityRequest request) throws YarnException, IOException { final String operation = "refreshClusterMaxPriority"; final String msg = "refresh cluster max priority"; UserGroupInformation user = checkAcls(operation); checkRMStatus(user.getShortUserName(), operation, msg); try { refreshClusterMaxPriority(); RMAuditLogger .logSuccess(user.getShortUserName(), operation, "AdminService"); return recordFactory .newRecordInstance(RefreshClusterMaxPriorityResponse.class); } catch (YarnException e) { throw logAndWrapException(e, user.getShortUserName(), operation, msg); } }
@Override public RefreshUserToGroupsMappingsResponse refreshUserToGroupsMappings( RefreshUserToGroupsMappingsRequest request) throws YarnException, IOException { String argName = "refreshUserToGroupsMappings"; UserGroupInformation user = checkAcls(argName); checkRMStatus(user.getShortUserName(), argName, "refresh user-groups."); Groups.getUserToGroupsMappingService( getConfiguration(new Configuration(false), YarnConfiguration.CORE_SITE_CONFIGURATION_FILE)).refresh(); RMAuditLogger.logSuccess(user.getShortUserName(), argName, "AdminService"); return recordFactory.newRecordInstance( RefreshUserToGroupsMappingsResponse.class); }
private RefreshAdminAclsResponse refreshAdminAcls(boolean checkRMHAState) throws YarnException, IOException { String argName = "refreshAdminAcls"; UserGroupInformation user = checkAcls(argName); if (checkRMHAState) { checkRMStatus(user.getShortUserName(), argName, "refresh Admin ACLs."); } Configuration conf = getConfiguration(new Configuration(false), YarnConfiguration.YARN_SITE_CONFIGURATION_FILE); authorizer.setAdmins(getAdminAclList(conf), UserGroupInformation .getCurrentUser()); RMAuditLogger.logSuccess(user.getShortUserName(), argName, "AdminService"); return recordFactory.newRecordInstance(RefreshAdminAclsResponse.class); }
private RefreshAdminAclsResponse refreshAdminAcls(boolean checkRMHAState) throws YarnException, IOException { final String operation = "refreshAdminAcls"; UserGroupInformation user = checkAcls(operation); if (checkRMHAState) { checkRMStatus(user.getShortUserName(), operation, "refresh Admin ACLs."); } Configuration conf = getConfiguration(new Configuration(false), YarnConfiguration.YARN_SITE_CONFIGURATION_FILE); authorizer.setAdmins(getAdminAclList(conf), daemonUser); RMAuditLogger.logSuccess(user.getShortUserName(), operation, "AdminService"); return recordFactory.newRecordInstance(RefreshAdminAclsResponse.class); }
@Override public RefreshQueuesResponse refreshQueues(RefreshQueuesRequest request) throws YarnException, StandbyException { String argName = "refreshQueues"; final String msg = "refresh queues."; UserGroupInformation user = checkAcls(argName); checkRMStatus(user.getShortUserName(), argName, msg); RefreshQueuesResponse response = recordFactory.newRecordInstance(RefreshQueuesResponse.class); try { refreshQueues(); RMAuditLogger.logSuccess(user.getShortUserName(), argName, "AdminService"); return response; } catch (IOException ioe) { throw logAndWrapException(ioe, user.getShortUserName(), argName, msg); } }
@Override public RefreshSuperUserGroupsConfigurationResponse refreshSuperUserGroupsConfiguration( RefreshSuperUserGroupsConfigurationRequest request) throws YarnException, IOException { String argName = "refreshSuperUserGroupsConfiguration"; UserGroupInformation user = checkAcls(argName); checkRMStatus(user.getShortUserName(), argName, "refresh super-user-groups."); // Accept hadoop common configs in core-site.xml as well as RM specific // configurations in yarn-site.xml Configuration conf = getConfiguration(new Configuration(false), YarnConfiguration.CORE_SITE_CONFIGURATION_FILE, YarnConfiguration.YARN_SITE_CONFIGURATION_FILE); RMServerUtils.processRMProxyUsersConf(conf); ProxyUsers.refreshSuperUserGroupsConfiguration(conf); RMAuditLogger.logSuccess(user.getShortUserName(), argName, "AdminService"); return recordFactory.newRecordInstance( RefreshSuperUserGroupsConfigurationResponse.class); }
@Override public RefreshNodesResponse refreshNodes(RefreshNodesRequest request) throws YarnException, StandbyException { String argName = "refreshNodes"; final String msg = "refresh nodes."; UserGroupInformation user = checkAcls("refreshNodes"); checkRMStatus(user.getShortUserName(), argName, msg); try { Configuration conf = getConfiguration(new Configuration(false), YarnConfiguration.YARN_SITE_CONFIGURATION_FILE); rmContext.getNodesListManager().refreshNodes(conf); RMAuditLogger.logSuccess(user.getShortUserName(), argName, "AdminService"); return recordFactory.newRecordInstance(RefreshNodesResponse.class); } catch (IOException ioe) { throw logAndWrapException(ioe, user.getShortUserName(), argName, msg); } }
@VisibleForTesting void refreshAll() throws ServiceFailedException { try { checkAcls("refreshAll"); refreshQueues(); refreshNodes(); refreshSuperUserGroupsConfiguration(); refreshUserToGroupsMappings(); if (getConfig().getBoolean( CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, false)) { refreshServiceAcls(); } } catch (Exception ex) { throw new ServiceFailedException(ex.getMessage()); } }
@Override public ReplaceLabelsOnNodeResponse replaceLabelsOnNode( ReplaceLabelsOnNodeRequest request) throws YarnException, IOException { String argName = "replaceLabelsOnNode"; final String msg = "set node to labels."; UserGroupInformation user = checkAcls(argName); checkRMStatus(user.getShortUserName(), argName, msg); ReplaceLabelsOnNodeResponse response = recordFactory.newRecordInstance(ReplaceLabelsOnNodeResponse.class); try { rmContext.getNodeLabelManager().replaceLabelsOnNode( request.getNodeToLabels()); RMAuditLogger .logSuccess(user.getShortUserName(), argName, "AdminService"); return response; } catch (IOException ioe) { throw logAndWrapException(ioe, user.getShortUserName(), argName, msg); } }
@Override public AddToClusterNodeLabelsResponse addToClusterNodeLabels(AddToClusterNodeLabelsRequest request) throws YarnException, IOException { String argName = "addToClusterNodeLabels"; final String msg = "add labels."; UserGroupInformation user = checkAcls(argName); checkRMStatus(user.getShortUserName(), argName, msg); AddToClusterNodeLabelsResponse response = recordFactory.newRecordInstance(AddToClusterNodeLabelsResponse.class); try { rmContext.getNodeLabelManager().addToCluserNodeLabels(request.getNodeLabels()); RMAuditLogger .logSuccess(user.getShortUserName(), argName, "AdminService"); return response; } catch (IOException ioe) { throw logAndWrapException(ioe, user.getShortUserName(), argName, msg); } }
@Override public AddToClusterNodeLabelsResponse addToClusterNodeLabels(AddToClusterNodeLabelsRequest request) throws YarnException, IOException { String argName = "addToClusterNodeLabels"; final String msg = "add labels."; UserGroupInformation user = checkAcls(argName); checkRMStatus(user.getShortUserName(), argName, msg); AddToClusterNodeLabelsResponse response = recordFactory.newRecordInstance(AddToClusterNodeLabelsResponse.class); try { rmContext.getNodeLabelManager().addToCluserNodeLabels(request.getNodeLabels()); RMAuditLogger .logSuccess(user.getShortUserName(), argName, "AdminService"); return response; } catch (IOException ioe) { throw logAndWrapException(ioe, user.getShortUserName(), argName, msg); } }
@Override public RemoveFromClusterNodeLabelsResponse removeFromClusterNodeLabels( RemoveFromClusterNodeLabelsRequest request) throws YarnException, IOException { String argName = "removeFromClusterNodeLabels"; final String msg = "remove labels."; UserGroupInformation user = checkAcls(argName); checkRMStatus(user.getShortUserName(), argName, msg); RemoveFromClusterNodeLabelsResponse response = recordFactory.newRecordInstance(RemoveFromClusterNodeLabelsResponse.class); try { rmContext.getNodeLabelManager().removeFromClusterNodeLabels(request.getNodeLabels()); RMAuditLogger .logSuccess(user.getShortUserName(), argName, "AdminService"); return response; } catch (IOException ioe) { throw logAndWrapException(ioe, user.getShortUserName(), argName, msg); } }
@Override public CheckForDecommissioningNodesResponse checkForDecommissioningNodes( CheckForDecommissioningNodesRequest checkForDecommissioningNodesRequest) throws IOException, YarnException { final String operation = "checkForDecommissioningNodes"; final String msg = "check for decommissioning nodes."; UserGroupInformation user = checkAcls("checkForDecommissioningNodes"); checkRMStatus(user.getShortUserName(), operation, msg); Set<NodeId> decommissioningNodes = rm.getRMContext().getNodesListManager() .checkForDecommissioningNodes(); RMAuditLogger.logSuccess(user.getShortUserName(), operation, "AdminService"); CheckForDecommissioningNodesResponse response = recordFactory .newRecordInstance(CheckForDecommissioningNodesResponse.class); response.setDecommissioningNodes(decommissioningNodes); return response; }
@Override public AddToClusterNodeLabelsResponse addToClusterNodeLabels(AddToClusterNodeLabelsRequest request) throws YarnException, IOException { final String operation = "addToClusterNodeLabels"; final String msg = "add labels."; UserGroupInformation user = checkAcls(operation); checkRMStatus(user.getShortUserName(), operation, msg); AddToClusterNodeLabelsResponse response = recordFactory.newRecordInstance(AddToClusterNodeLabelsResponse.class); try { rm.getRMContext().getNodeLabelManager() .addToCluserNodeLabels(request.getNodeLabels()); RMAuditLogger.logSuccess(user.getShortUserName(), operation, "AdminService"); return response; } catch (IOException ioe) { throw logAndWrapException(ioe, user.getShortUserName(), operation, msg); } }