Example 41 with AuthorizationException
use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.
the class RMWebServices method updateReservation.
/**
* Function to update a Reservation to the RM.
*
* @param resContext provides information to construct the
* ReservationUpdateRequest
* @param hsr the servlet request
* @return Response containing the status code
* @throws AuthorizationException
* @throws IOException
* @throws InterruptedException
*/
@POST
@Path("/reservation/update")
@Produces({ MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8, MediaType.APPLICATION_XML + "; " + JettyUtils.UTF_8 })
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response updateReservation(ReservationUpdateRequestInfo resContext, @Context HttpServletRequest hsr) throws AuthorizationException, IOException, InterruptedException {
init();
UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
if (callerUGI == null) {
throw new AuthorizationException("Unable to obtain user name, " + "user not authenticated");
}
if (UserGroupInformation.isSecurityEnabled() && isStaticUser(callerUGI)) {
String msg = "The default static user cannot carry out this operation.";
return Response.status(Status.FORBIDDEN).entity(msg).build();
}
final ReservationUpdateRequest reservation = createReservationUpdateRequest(resContext);
ReservationUpdateResponseInfo resRespInfo;
try {
resRespInfo = callerUGI.doAs(new PrivilegedExceptionAction<ReservationUpdateResponseInfo>() {
@Override
public ReservationUpdateResponseInfo run() throws IOException, YarnException {
rm.getClientRMService().updateReservation(reservation);
return new ReservationUpdateResponseInfo();
}
});
} catch (UndeclaredThrowableException ue) {
if (ue.getCause() instanceof YarnException) {
throw new BadRequestException(ue.getCause().getMessage());
}
LOG.info("Update reservation request failed", ue);
throw ue;
}
return Response.status(Status.OK).entity(resRespInfo).build();
}
Also used :
ReservationUpdateRequest(org.apache.hadoop.yarn.api.protocolrecords.ReservationUpdateRequest)
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
ReservationUpdateResponseInfo(org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.ReservationUpdateResponseInfo)
UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException)
BadRequestException(org.apache.hadoop.yarn.webapp.BadRequestException)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
YarnException(org.apache.hadoop.yarn.exceptions.YarnException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Consumes(javax.ws.rs.Consumes)
Example 42 with AuthorizationException
use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.
the class RMWebServices method createKerberosUserGroupInformation.
private UserGroupInformation createKerberosUserGroupInformation(HttpServletRequest hsr) throws AuthorizationException, YarnException {
UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
if (callerUGI == null) {
String msg = "Unable to obtain user name, user not authenticated";
throw new AuthorizationException(msg);
}
String authType = hsr.getAuthType();
if (!KerberosAuthenticationHandler.TYPE.equalsIgnoreCase(authType)) {
String msg = "Delegation token operations can only be carried out on a " + "Kerberos authenticated channel. Expected auth type is " + KerberosAuthenticationHandler.TYPE + ", got type " + authType;
throw new YarnException(msg);
}
if (hsr.getAttribute(DelegationTokenAuthenticationHandler.DELEGATION_TOKEN_UGI_ATTRIBUTE) != null) {
String msg = "Delegation token operations cannot be carried out using delegation" + " token authentication.";
throw new YarnException(msg);
}
callerUGI.setAuthenticationMethod(AuthenticationMethod.KERBEROS);
return callerUGI;
}
Also used :
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
YarnException(org.apache.hadoop.yarn.exceptions.YarnException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 43 with AuthorizationException
use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.
the class ApplicationHistoryManagerOnTimelineStore method generateApplicationReport.
private ApplicationReportExt generateApplicationReport(TimelineEntity entity, ApplicationReportField field) throws YarnException, IOException {
ApplicationReportExt app = convertToApplicationReport(entity, field);
// control, we can return immediately
if (field == ApplicationReportField.USER_AND_ACLS) {
return app;
}
try {
checkAccess(app);
if (app.appReport.getCurrentApplicationAttemptId() != null) {
ApplicationAttemptReport appAttempt = getApplicationAttempt(app.appReport.getCurrentApplicationAttemptId(), false);
app.appReport.setHost(appAttempt.getHost());
app.appReport.setRpcPort(appAttempt.getRpcPort());
app.appReport.setTrackingUrl(appAttempt.getTrackingUrl());
app.appReport.setOriginalTrackingUrl(appAttempt.getOriginalTrackingUrl());
}
} catch (AuthorizationException | ApplicationAttemptNotFoundException e) {
// AuthorizationException is thrown because the user doesn't have access
if (e instanceof AuthorizationException) {
LOG.warn("Failed to authorize when generating application report for " + app.appReport.getApplicationId() + ". Use a placeholder for its latest attempt id. ", e);
} else {
// Attempt not found
LOG.info("No application attempt found for " + app.appReport.getApplicationId() + ". Use a placeholder for its latest attempt id. ", e);
}
// It's possible that the app is finished before the first attempt is created.
app.appReport.setDiagnostics(null);
app.appReport.setCurrentApplicationAttemptId(null);
}
if (app.appReport.getCurrentApplicationAttemptId() == null) {
app.appReport.setCurrentApplicationAttemptId(ApplicationAttemptId.newInstance(app.appReport.getApplicationId(), -1));
}
if (app.appReport.getHost() == null) {
app.appReport.setHost(UNAVAILABLE);
}
if (app.appReport.getRpcPort() < 0) {
app.appReport.setRpcPort(-1);
}
if (app.appReport.getTrackingUrl() == null) {
app.appReport.setTrackingUrl(UNAVAILABLE);
}
if (app.appReport.getOriginalTrackingUrl() == null) {
app.appReport.setOriginalTrackingUrl(UNAVAILABLE);
}
if (app.appReport.getDiagnostics() == null) {
app.appReport.setDiagnostics("");
}
return app;
}
Also used :
ApplicationAttemptReport(org.apache.hadoop.yarn.api.records.ApplicationAttemptReport)
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
ApplicationAttemptNotFoundException(org.apache.hadoop.yarn.exceptions.ApplicationAttemptNotFoundException)
Example 44 with AuthorizationException
use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.
the class TestApplicationHistoryManagerOnTimelineStore method testGetAMContainer.
@Test
public void testGetAMContainer() throws Exception {
final ApplicationAttemptId appAttemptId = ApplicationAttemptId.newInstance(ApplicationId.newInstance(0, 1), 1);
ContainerReport container;
if (callerUGI == null) {
container = historyManager.getAMContainer(appAttemptId);
} else {
try {
container = callerUGI.doAs(new PrivilegedExceptionAction<ContainerReport>() {
@Override
public ContainerReport run() throws Exception {
return historyManager.getAMContainer(appAttemptId);
}
});
if (callerUGI != null && callerUGI.getShortUserName().equals("user3")) {
// The exception is expected
Assert.fail();
}
} catch (AuthorizationException e) {
if (callerUGI != null && callerUGI.getShortUserName().equals("user3")) {
// The exception is expected
return;
}
throw e;
}
}
Assert.assertNotNull(container);
Assert.assertEquals(appAttemptId, container.getContainerId().getApplicationAttemptId());
}
Also used :
ContainerReport(org.apache.hadoop.yarn.api.records.ContainerReport)
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
ApplicationAttemptId(org.apache.hadoop.yarn.api.records.ApplicationAttemptId)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
Test(org.junit.Test)
Example 45 with AuthorizationException
use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.
the class TestApplicationHistoryManagerOnTimelineStore method testGetApplicationAttempts.
@Test
public void testGetApplicationAttempts() throws Exception {
final ApplicationId appId = ApplicationId.newInstance(0, 1);
Collection<ApplicationAttemptReport> appAttempts;
if (callerUGI == null) {
appAttempts = historyManager.getApplicationAttempts(appId).values();
} else {
try {
appAttempts = callerUGI.doAs(new PrivilegedExceptionAction<Collection<ApplicationAttemptReport>>() {
@Override
public Collection<ApplicationAttemptReport> run() throws Exception {
return historyManager.getApplicationAttempts(appId).values();
}
});
if (callerUGI != null && callerUGI.getShortUserName().equals("user3")) {
// The exception is expected
Assert.fail();
}
} catch (AuthorizationException e) {
if (callerUGI != null && callerUGI.getShortUserName().equals("user3")) {
// The exception is expected
return;
}
throw e;
}
}
Assert.assertNotNull(appAttempts);
Assert.assertEquals(SCALE, appAttempts.size());
}
Also used :
ApplicationAttemptReport(org.apache.hadoop.yarn.api.records.ApplicationAttemptReport)
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
ApplicationId(org.apache.hadoop.yarn.api.records.ApplicationId)
Test(org.junit.Test)
Aggregations
AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)67
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)42
IOException (java.io.IOException)22
Test (org.junit.Test)21
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)14
Path (javax.ws.rs.Path)14
Produces (javax.ws.rs.Produces)14
BadRequestException (org.apache.hadoop.yarn.webapp.BadRequestException)12
YarnException (org.apache.hadoop.yarn.exceptions.YarnException)11
UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)8
Consumes (javax.ws.rs.Consumes)8
POST (javax.ws.rs.POST)8
Configuration (org.apache.hadoop.conf.Configuration)6
RemoteException (org.apache.hadoop.ipc.RemoteException)6
NotFoundException (org.apache.hadoop.yarn.webapp.NotFoundException)6
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
PUT (javax.ws.rs.PUT)4
InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)4
Token (org.apache.hadoop.security.token.Token)4
RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)4
