use of org.apache.hadoop.yarn.api.records.QueueACL in project hadoop by apache.
the class TestClientRMService method getQueueAclManager.
/**
* Generate the Queue acl.
* @param allowedQueue the queue to allow the move to
* @param queueACL the acl to check: submit app or queue admin
* @param aclUser the user to check
* @return QueueACLsManager
*/
private QueueACLsManager getQueueAclManager(String allowedQueue, QueueACL queueACL, UserGroupInformation aclUser) throws IOException {
// ACL that checks the queue is allowed
QueueACLsManager queueACLsManager = mock(QueueACLsManager.class);
when(queueACLsManager.checkAccess(any(UserGroupInformation.class), any(QueueACL.class), any(RMApp.class), any(String.class), anyListOf(String.class))).thenAnswer(new Answer<Boolean>() {
@Override
public Boolean answer(InvocationOnMock invocationOnMock) {
final UserGroupInformation user = (UserGroupInformation) invocationOnMock.getArguments()[0];
final QueueACL acl = (QueueACL) invocationOnMock.getArguments()[1];
return (queueACL.equals(acl) && aclUser.getShortUserName().equals(user.getShortUserName()));
}
});
when(queueACLsManager.checkAccess(any(UserGroupInformation.class), any(QueueACL.class), any(RMApp.class), any(String.class), anyListOf(String.class), any(String.class))).thenAnswer(new Answer<Boolean>() {
@Override
public Boolean answer(InvocationOnMock invocationOnMock) {
final UserGroupInformation user = (UserGroupInformation) invocationOnMock.getArguments()[0];
final QueueACL acl = (QueueACL) invocationOnMock.getArguments()[1];
final String queue = (String) invocationOnMock.getArguments()[5];
return (allowedQueue.equals(queue) && queueACL.equals(acl) && aclUser.getShortUserName().equals(user.getShortUserName()));
}
});
return queueACLsManager;
}
use of org.apache.hadoop.yarn.api.records.QueueACL in project hadoop by apache.
the class FSLeafQueue method getQueueUserAclInfo.
@Override
public List<QueueUserACLInfo> getQueueUserAclInfo(UserGroupInformation user) {
QueueUserACLInfo userAclInfo = recordFactory.newRecordInstance(QueueUserACLInfo.class);
List<QueueACL> operations = new ArrayList<>();
for (QueueACL operation : QueueACL.values()) {
if (hasAccess(operation, user)) {
operations.add(operation);
}
}
userAclInfo.setQueueName(getQueueName());
userAclInfo.setUserAcls(operations);
return Collections.singletonList(userAclInfo);
}
use of org.apache.hadoop.yarn.api.records.QueueACL in project hadoop by apache.
the class LeafQueue method getQueueUserAclInfo.
@Override
public List<QueueUserACLInfo> getQueueUserAclInfo(UserGroupInformation user) {
try {
readLock.lock();
QueueUserACLInfo userAclInfo = recordFactory.newRecordInstance(QueueUserACLInfo.class);
List<QueueACL> operations = new ArrayList<>();
for (QueueACL operation : QueueACL.values()) {
if (hasAccess(operation, user)) {
operations.add(operation);
}
}
userAclInfo.setQueueName(getQueueName());
userAclInfo.setUserAcls(operations);
return Collections.singletonList(userAclInfo);
} finally {
readLock.unlock();
}
}
use of org.apache.hadoop.yarn.api.records.QueueACL in project hadoop by apache.
the class TestCapacitySchedulerQueueACLs method createConfiguration.
@Override
protected Configuration createConfiguration() {
CapacitySchedulerConfiguration csConf = new CapacitySchedulerConfiguration();
csConf.setQueues(CapacitySchedulerConfiguration.ROOT, new String[] { QUEUEA, QUEUEB });
csConf.setCapacity(CapacitySchedulerConfiguration.ROOT + "." + QUEUEA, 50f);
csConf.setCapacity(CapacitySchedulerConfiguration.ROOT + "." + QUEUEB, 50f);
Map<QueueACL, AccessControlList> aclsOnQueueA = new HashMap<QueueACL, AccessControlList>();
AccessControlList submitACLonQueueA = new AccessControlList(QUEUE_A_USER);
submitACLonQueueA.addUser(COMMON_USER);
AccessControlList adminACLonQueueA = new AccessControlList(QUEUE_A_ADMIN);
aclsOnQueueA.put(QueueACL.SUBMIT_APPLICATIONS, submitACLonQueueA);
aclsOnQueueA.put(QueueACL.ADMINISTER_QUEUE, adminACLonQueueA);
csConf.setAcls(CapacitySchedulerConfiguration.ROOT + "." + QUEUEA, aclsOnQueueA);
Map<QueueACL, AccessControlList> aclsOnQueueB = new HashMap<QueueACL, AccessControlList>();
AccessControlList submitACLonQueueB = new AccessControlList(QUEUE_B_USER);
submitACLonQueueB.addUser(COMMON_USER);
AccessControlList adminACLonQueueB = new AccessControlList(QUEUE_B_ADMIN);
aclsOnQueueB.put(QueueACL.SUBMIT_APPLICATIONS, submitACLonQueueB);
aclsOnQueueB.put(QueueACL.ADMINISTER_QUEUE, adminACLonQueueB);
csConf.setAcls(CapacitySchedulerConfiguration.ROOT + "." + QUEUEB, aclsOnQueueB);
Map<QueueACL, AccessControlList> aclsOnRootQueue = new HashMap<QueueACL, AccessControlList>();
AccessControlList submitACLonRoot = new AccessControlList("");
AccessControlList adminACLonRoot = new AccessControlList(ROOT_ADMIN);
aclsOnRootQueue.put(QueueACL.SUBMIT_APPLICATIONS, submitACLonRoot);
aclsOnRootQueue.put(QueueACL.ADMINISTER_QUEUE, adminACLonRoot);
csConf.setAcls(CapacitySchedulerConfiguration.ROOT, aclsOnRootQueue);
csConf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
csConf.set(YarnConfiguration.RM_SCHEDULER, CapacityScheduler.class.getName());
return csConf;
}
use of org.apache.hadoop.yarn.api.records.QueueACL in project hadoop by apache.
the class AllocationFileLoaderService method getDefaultPermissions.
/**
* Returns the list of default permissions.
* The default permission for the root queue is everybody ("*")
* and the default permission for all other queues is nobody ("").
* The default permission list would be loaded before the permissions
* from allocation file.
* @return default permission list
*/
protected List<Permission> getDefaultPermissions() {
if (defaultPermissions == null) {
defaultPermissions = new ArrayList<>();
Map<AccessType, AccessControlList> acls = new HashMap<>();
for (QueueACL acl : QueueACL.values()) {
acls.put(SchedulerUtils.toAccessType(acl), EVERYBODY_ACL);
}
defaultPermissions.add(new Permission(new PrivilegedEntity(EntityType.QUEUE, ROOT), acls));
}
return defaultPermissions;
}
Aggregations