Example 11 with AuthorizationException
use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.
the class RMWebServices method createNewReservation.
/**
* Generates a new ReservationId which is then sent to the client.
*
* @param hsr the servlet request
* @return Response containing the app id and the maximum resource
* capabilities
* @throws AuthorizationException if the user is not authorized
* to invoke this method.
* @throws IOException if creation fails.
* @throws InterruptedException if interrupted.
*/
@POST
@Path("/reservation/new-reservation")
@Produces({ MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8, MediaType.APPLICATION_XML + "; " + JettyUtils.UTF_8 })
public Response createNewReservation(@Context HttpServletRequest hsr) throws AuthorizationException, IOException, InterruptedException {
init();
UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
if (callerUGI == null) {
throw new AuthorizationException("Unable to obtain user name, " + "user not authenticated");
}
if (UserGroupInformation.isSecurityEnabled() && isStaticUser(callerUGI)) {
String msg = "The default static user cannot carry out this operation.";
return Response.status(Status.FORBIDDEN).entity(msg).build();
}
NewReservation reservationId = createNewReservation();
return Response.status(Status.OK).entity(reservationId).build();
}
Also used :
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
NewReservation(org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.NewReservation)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Example 12 with AuthorizationException
use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.
the class RMWebServices method removeFromCluserNodeLabels.
@POST
@Path("/remove-node-labels")
@Produces({ MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8, MediaType.APPLICATION_XML + "; " + JettyUtils.UTF_8 })
public Response removeFromCluserNodeLabels(@QueryParam("labels") Set<String> oldNodeLabels, @Context HttpServletRequest hsr) throws Exception {
init();
UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
if (callerUGI == null) {
String msg = "Unable to obtain user name, user not authenticated for" + " post to .../remove-node-labels";
throw new AuthorizationException(msg);
}
if (!rm.getRMContext().getNodeLabelManager().checkAccess(callerUGI)) {
String msg = "User " + callerUGI.getShortUserName() + " not authorized" + " for post to .../remove-node-labels ";
throw new AuthorizationException(msg);
}
try {
rm.getRMContext().getNodeLabelManager().removeFromClusterNodeLabels(new HashSet<String>(oldNodeLabels));
} catch (IOException e) {
throw new BadRequestException(e);
}
return Response.status(Status.OK).build();
}
Also used :
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
BadRequestException(org.apache.hadoop.yarn.webapp.BadRequestException)
IOException(java.io.IOException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Example 13 with AuthorizationException
use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.
the class RMWebServices method updateApplicationTimeout.
@PUT
@Path("/apps/{appid}/timeout")
@Produces({ MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8, MediaType.APPLICATION_XML + "; " + JettyUtils.UTF_8 })
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response updateApplicationTimeout(AppTimeoutInfo appTimeout, @Context HttpServletRequest hsr, @PathParam("appid") String appId) throws AuthorizationException, YarnException, InterruptedException, IOException {
init();
UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
if (callerUGI == null) {
throw new AuthorizationException("Unable to obtain user name, user not authenticated");
}
if (UserGroupInformation.isSecurityEnabled() && isStaticUser(callerUGI)) {
return Response.status(Status.FORBIDDEN).entity("The default static user cannot carry out this operation.").build();
}
String userName = callerUGI.getUserName();
RMApp app = null;
try {
app = getRMAppForAppId(appId);
} catch (NotFoundException e) {
RMAuditLogger.logFailure(userName, AuditConstants.UPDATE_APP_TIMEOUTS, "UNKNOWN", "RMWebService", "Trying to update timeout of an absent application " + appId);
throw e;
}
return updateApplicationTimeouts(app, callerUGI, appTimeout);
}
Also used :
RMApp(org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
NotFoundException(org.apache.hadoop.yarn.webapp.NotFoundException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
Consumes(javax.ws.rs.Consumes)
PUT(javax.ws.rs.PUT)
Example 14 with AuthorizationException
use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.
the class RMWebServices method submitReservation.
/**
* Function to submit a Reservation to the RM.
*
* @param resContext provides information to construct the
* ReservationSubmissionRequest
* @param hsr the servlet request
* @return Response containing the status code
* @throws AuthorizationException
* @throws IOException
* @throws InterruptedException
*/
@POST
@Path("/reservation/submit")
@Produces({ MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8, MediaType.APPLICATION_XML + "; " + JettyUtils.UTF_8 })
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response submitReservation(ReservationSubmissionRequestInfo resContext, @Context HttpServletRequest hsr) throws AuthorizationException, IOException, InterruptedException {
init();
UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
if (callerUGI == null) {
throw new AuthorizationException("Unable to obtain user name, " + "user not authenticated");
}
if (UserGroupInformation.isSecurityEnabled() && isStaticUser(callerUGI)) {
String msg = "The default static user cannot carry out this operation.";
return Response.status(Status.FORBIDDEN).entity(msg).build();
}
final ReservationSubmissionRequest reservation = createReservationSubmissionRequest(resContext);
try {
callerUGI.doAs(new PrivilegedExceptionAction<ReservationSubmissionResponse>() {
@Override
public ReservationSubmissionResponse run() throws IOException, YarnException {
return rm.getClientRMService().submitReservation(reservation);
}
});
} catch (UndeclaredThrowableException ue) {
if (ue.getCause() instanceof YarnException) {
throw new BadRequestException(ue.getCause().getMessage());
}
LOG.info("Submit reservation request failed", ue);
throw ue;
}
return Response.status(Status.ACCEPTED).build();
}
Also used :
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException)
ReservationSubmissionRequest(org.apache.hadoop.yarn.api.protocolrecords.ReservationSubmissionRequest)
BadRequestException(org.apache.hadoop.yarn.webapp.BadRequestException)
IOException(java.io.IOException)
ReservationSubmissionResponse(org.apache.hadoop.yarn.api.protocolrecords.ReservationSubmissionResponse)
YarnException(org.apache.hadoop.yarn.exceptions.YarnException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Consumes(javax.ws.rs.Consumes)
Example 15 with AuthorizationException
use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.
the class ClientServiceDelegate method invoke.
private synchronized Object invoke(String method, Class argClass, Object args) throws IOException {
Method methodOb = null;
try {
methodOb = MRClientProtocol.class.getMethod(method, argClass);
} catch (SecurityException e) {
throw new YarnRuntimeException(e);
} catch (NoSuchMethodException e) {
throw new YarnRuntimeException("Method name mismatch", e);
}
maxClientRetry = this.conf.getInt(MRJobConfig.MR_CLIENT_MAX_RETRIES, MRJobConfig.DEFAULT_MR_CLIENT_MAX_RETRIES);
IOException lastException = null;
while (maxClientRetry > 0) {
MRClientProtocol MRClientProxy = null;
try {
MRClientProxy = getProxy();
return methodOb.invoke(MRClientProxy, args);
} catch (InvocationTargetException e) {
// Will not throw out YarnException anymore
LOG.debug("Failed to contact AM/History for job " + jobId + " retrying..", e.getTargetException());
// Force reconnection by setting the proxy to null.
realProxy = null;
if (e.getCause() instanceof AuthorizationException) {
throw new IOException(e.getTargetException());
}
// for its AM to be restarted.
if (!usingAMProxy.get()) {
maxClientRetry--;
}
usingAMProxy.set(false);
lastException = new IOException(e.getTargetException());
try {
Thread.sleep(100);
} catch (InterruptedException ie) {
LOG.warn("ClientServiceDelegate invoke call interrupted", ie);
throw new YarnRuntimeException(ie);
}
} catch (Exception e) {
LOG.debug("Failed to contact AM/History for job " + jobId + " Will retry..", e);
// Force reconnection by setting the proxy to null.
realProxy = null;
// RM shutdown
maxClientRetry--;
lastException = new IOException(e.getMessage());
try {
Thread.sleep(100);
} catch (InterruptedException ie) {
LOG.warn("ClientServiceDelegate invoke call interrupted", ie);
throw new YarnRuntimeException(ie);
}
}
}
throw lastException;
}
Also used :
YarnRuntimeException(org.apache.hadoop.yarn.exceptions.YarnRuntimeException)
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
Method(java.lang.reflect.Method)
IOException(java.io.IOException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
ApplicationNotFoundException(org.apache.hadoop.yarn.exceptions.ApplicationNotFoundException)
YarnException(org.apache.hadoop.yarn.exceptions.YarnException)
IOException(java.io.IOException)
YarnRuntimeException(org.apache.hadoop.yarn.exceptions.YarnRuntimeException)
MRClientProtocol(org.apache.hadoop.mapreduce.v2.api.MRClientProtocol)
Aggregations
AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)67
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)42
IOException (java.io.IOException)22
Test (org.junit.Test)21
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)14
Path (javax.ws.rs.Path)14
Produces (javax.ws.rs.Produces)14
BadRequestException (org.apache.hadoop.yarn.webapp.BadRequestException)12
YarnException (org.apache.hadoop.yarn.exceptions.YarnException)11
UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)8
Consumes (javax.ws.rs.Consumes)8
POST (javax.ws.rs.POST)8
Configuration (org.apache.hadoop.conf.Configuration)6
RemoteException (org.apache.hadoop.ipc.RemoteException)6
NotFoundException (org.apache.hadoop.yarn.webapp.NotFoundException)6
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
PUT (javax.ws.rs.PUT)4
InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)4
Token (org.apache.hadoop.security.token.Token)4
RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)4
