Search in sources :

Example 6 with QueueACL

use of org.apache.hadoop.yarn.api.records.QueueACL in project hadoop by apache.

the class TestClientRMService method getQueueAclManager.

/**
   * Generate the Queue acl.
   * @param allowedQueue the queue to allow the move to
   * @param queueACL the acl to check: submit app or queue admin
   * @param aclUser the user to check
   * @return QueueACLsManager
   */
private QueueACLsManager getQueueAclManager(String allowedQueue, QueueACL queueACL, UserGroupInformation aclUser) throws IOException {
    // ACL that checks the queue is allowed
    QueueACLsManager queueACLsManager = mock(QueueACLsManager.class);
    when(queueACLsManager.checkAccess(any(UserGroupInformation.class), any(QueueACL.class), any(RMApp.class), any(String.class), anyListOf(String.class))).thenAnswer(new Answer<Boolean>() {

        @Override
        public Boolean answer(InvocationOnMock invocationOnMock) {
            final UserGroupInformation user = (UserGroupInformation) invocationOnMock.getArguments()[0];
            final QueueACL acl = (QueueACL) invocationOnMock.getArguments()[1];
            return (queueACL.equals(acl) && aclUser.getShortUserName().equals(user.getShortUserName()));
        }
    });
    when(queueACLsManager.checkAccess(any(UserGroupInformation.class), any(QueueACL.class), any(RMApp.class), any(String.class), anyListOf(String.class), any(String.class))).thenAnswer(new Answer<Boolean>() {

        @Override
        public Boolean answer(InvocationOnMock invocationOnMock) {
            final UserGroupInformation user = (UserGroupInformation) invocationOnMock.getArguments()[0];
            final QueueACL acl = (QueueACL) invocationOnMock.getArguments()[1];
            final String queue = (String) invocationOnMock.getArguments()[5];
            return (allowedQueue.equals(queue) && queueACL.equals(acl) && aclUser.getShortUserName().equals(user.getShortUserName()));
        }
    });
    return queueACLsManager;
}
Also used : RMApp(org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp) InvocationOnMock(org.mockito.invocation.InvocationOnMock) QueueACLsManager(org.apache.hadoop.yarn.server.resourcemanager.security.QueueACLsManager) QueueACL(org.apache.hadoop.yarn.api.records.QueueACL) Matchers.anyString(org.mockito.Matchers.anyString) Matchers.anyBoolean(org.mockito.Matchers.anyBoolean) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 7 with QueueACL

use of org.apache.hadoop.yarn.api.records.QueueACL in project hadoop by apache.

the class FSLeafQueue method getQueueUserAclInfo.

@Override
public List<QueueUserACLInfo> getQueueUserAclInfo(UserGroupInformation user) {
    QueueUserACLInfo userAclInfo = recordFactory.newRecordInstance(QueueUserACLInfo.class);
    List<QueueACL> operations = new ArrayList<>();
    for (QueueACL operation : QueueACL.values()) {
        if (hasAccess(operation, user)) {
            operations.add(operation);
        }
    }
    userAclInfo.setQueueName(getQueueName());
    userAclInfo.setUserAcls(operations);
    return Collections.singletonList(userAclInfo);
}
Also used : ArrayList(java.util.ArrayList) QueueACL(org.apache.hadoop.yarn.api.records.QueueACL) QueueUserACLInfo(org.apache.hadoop.yarn.api.records.QueueUserACLInfo)

Example 8 with QueueACL

use of org.apache.hadoop.yarn.api.records.QueueACL in project hadoop by apache.

the class LeafQueue method getQueueUserAclInfo.

@Override
public List<QueueUserACLInfo> getQueueUserAclInfo(UserGroupInformation user) {
    try {
        readLock.lock();
        QueueUserACLInfo userAclInfo = recordFactory.newRecordInstance(QueueUserACLInfo.class);
        List<QueueACL> operations = new ArrayList<>();
        for (QueueACL operation : QueueACL.values()) {
            if (hasAccess(operation, user)) {
                operations.add(operation);
            }
        }
        userAclInfo.setQueueName(getQueueName());
        userAclInfo.setUserAcls(operations);
        return Collections.singletonList(userAclInfo);
    } finally {
        readLock.unlock();
    }
}
Also used : QueueACL(org.apache.hadoop.yarn.api.records.QueueACL) QueueUserACLInfo(org.apache.hadoop.yarn.api.records.QueueUserACLInfo)

Example 9 with QueueACL

use of org.apache.hadoop.yarn.api.records.QueueACL in project hadoop by apache.

the class TestCapacitySchedulerQueueACLs method createConfiguration.

@Override
protected Configuration createConfiguration() {
    CapacitySchedulerConfiguration csConf = new CapacitySchedulerConfiguration();
    csConf.setQueues(CapacitySchedulerConfiguration.ROOT, new String[] { QUEUEA, QUEUEB });
    csConf.setCapacity(CapacitySchedulerConfiguration.ROOT + "." + QUEUEA, 50f);
    csConf.setCapacity(CapacitySchedulerConfiguration.ROOT + "." + QUEUEB, 50f);
    Map<QueueACL, AccessControlList> aclsOnQueueA = new HashMap<QueueACL, AccessControlList>();
    AccessControlList submitACLonQueueA = new AccessControlList(QUEUE_A_USER);
    submitACLonQueueA.addUser(COMMON_USER);
    AccessControlList adminACLonQueueA = new AccessControlList(QUEUE_A_ADMIN);
    aclsOnQueueA.put(QueueACL.SUBMIT_APPLICATIONS, submitACLonQueueA);
    aclsOnQueueA.put(QueueACL.ADMINISTER_QUEUE, adminACLonQueueA);
    csConf.setAcls(CapacitySchedulerConfiguration.ROOT + "." + QUEUEA, aclsOnQueueA);
    Map<QueueACL, AccessControlList> aclsOnQueueB = new HashMap<QueueACL, AccessControlList>();
    AccessControlList submitACLonQueueB = new AccessControlList(QUEUE_B_USER);
    submitACLonQueueB.addUser(COMMON_USER);
    AccessControlList adminACLonQueueB = new AccessControlList(QUEUE_B_ADMIN);
    aclsOnQueueB.put(QueueACL.SUBMIT_APPLICATIONS, submitACLonQueueB);
    aclsOnQueueB.put(QueueACL.ADMINISTER_QUEUE, adminACLonQueueB);
    csConf.setAcls(CapacitySchedulerConfiguration.ROOT + "." + QUEUEB, aclsOnQueueB);
    Map<QueueACL, AccessControlList> aclsOnRootQueue = new HashMap<QueueACL, AccessControlList>();
    AccessControlList submitACLonRoot = new AccessControlList("");
    AccessControlList adminACLonRoot = new AccessControlList(ROOT_ADMIN);
    aclsOnRootQueue.put(QueueACL.SUBMIT_APPLICATIONS, submitACLonRoot);
    aclsOnRootQueue.put(QueueACL.ADMINISTER_QUEUE, adminACLonRoot);
    csConf.setAcls(CapacitySchedulerConfiguration.ROOT, aclsOnRootQueue);
    csConf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
    csConf.set(YarnConfiguration.RM_SCHEDULER, CapacityScheduler.class.getName());
    return csConf;
}
Also used : AccessControlList(org.apache.hadoop.security.authorize.AccessControlList) HashMap(java.util.HashMap) QueueACL(org.apache.hadoop.yarn.api.records.QueueACL)

Example 10 with QueueACL

use of org.apache.hadoop.yarn.api.records.QueueACL in project hadoop by apache.

the class AllocationFileLoaderService method getDefaultPermissions.

/**
   * Returns the list of default permissions.
   * The default permission for the root queue is everybody ("*")
   * and the default permission for all other queues is nobody ("").
   * The default permission list would be loaded before the permissions
   * from allocation file.
   * @return default permission list
   */
protected List<Permission> getDefaultPermissions() {
    if (defaultPermissions == null) {
        defaultPermissions = new ArrayList<>();
        Map<AccessType, AccessControlList> acls = new HashMap<>();
        for (QueueACL acl : QueueACL.values()) {
            acls.put(SchedulerUtils.toAccessType(acl), EVERYBODY_ACL);
        }
        defaultPermissions.add(new Permission(new PrivilegedEntity(EntityType.QUEUE, ROOT), acls));
    }
    return defaultPermissions;
}
Also used : AccessControlList(org.apache.hadoop.security.authorize.AccessControlList) HashMap(java.util.HashMap) QueueACL(org.apache.hadoop.yarn.api.records.QueueACL) Permission(org.apache.hadoop.yarn.security.Permission) PrivilegedEntity(org.apache.hadoop.yarn.security.PrivilegedEntity) AccessType(org.apache.hadoop.yarn.security.AccessType)

Aggregations

QueueACL (org.apache.hadoop.yarn.api.records.QueueACL)12 QueueUserACLInfo (org.apache.hadoop.yarn.api.records.QueueUserACLInfo)7 ArrayList (java.util.ArrayList)6 HashMap (java.util.HashMap)6 Resource (org.apache.hadoop.yarn.api.records.Resource)4 ByteBuffer (java.nio.ByteBuffer)3 FileStatus (org.apache.hadoop.fs.FileStatus)3 FileSystem (org.apache.hadoop.fs.FileSystem)3 Path (org.apache.hadoop.fs.Path)3 DataOutputBuffer (org.apache.hadoop.io.DataOutputBuffer)3 Credentials (org.apache.hadoop.security.Credentials)3 AccessControlList (org.apache.hadoop.security.authorize.AccessControlList)3 Token (org.apache.hadoop.security.token.Token)3 ApplicationSubmissionContext (org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext)3 ContainerLaunchContext (org.apache.hadoop.yarn.api.records.ContainerLaunchContext)3 LocalResource (org.apache.hadoop.yarn.api.records.LocalResource)3 Priority (org.apache.hadoop.yarn.api.records.Priority)3 YarnClusterMetrics (org.apache.hadoop.yarn.api.records.YarnClusterMetrics)3 YarnClientApplication (org.apache.hadoop.yarn.client.api.YarnClientApplication)3 IOException (java.io.IOException)2