Examples with ReservationsACLsManager org.apache.hadoop.yarn.server.resourcemanager.security.ReservationsACLsManager used on opensource projects

Example 1 with ReservationsACLsManager

use of org.apache.hadoop.yarn.server.resourcemanager.security.ReservationsACLsManager in project hadoop by apache.

the class ClientRMService method checkReservationACLs.

private String checkReservationACLs(String queueName, String auditConstant, ReservationId reservationId) throws YarnException, IOException {
    UserGroupInformation callerUGI;
    try {
        callerUGI = UserGroupInformation.getCurrentUser();
    } catch (IOException ie) {
        RMAuditLogger.logFailure("UNKNOWN", auditConstant, queueName, "ClientRMService", "Error getting UGI");
        throw RPCUtil.getRemoteException(ie);
    }
    if (reservationSystem == null) {
        return callerUGI.getShortUserName();
    }
    ReservationsACLsManager manager = reservationSystem.getReservationsACLsManager();
    ReservationACL reservationACL = getReservationACLFromAuditConstant(auditConstant);
    if (manager == null) {
        return callerUGI.getShortUserName();
    }
    String reservationCreatorName = "";
    ReservationAllocation reservation;
    // Get the user associated with the reservation.
    Plan plan = reservationSystem.getPlan(queueName);
    if (reservationId != null && plan != null) {
        reservation = plan.getReservationById(reservationId);
        if (reservation != null) {
            reservationCreatorName = reservation.getUser();
        }
    }
    // access will be given.
    if (reservationCreatorName != null && !reservationCreatorName.isEmpty() && reservationCreatorName.equals(callerUGI.getUserName())) {
        return callerUGI.getShortUserName();
    }
    // Check if the user has access to the specific ACL
    if (manager.checkAccess(callerUGI, reservationACL, queueName)) {
        return callerUGI.getShortUserName();
    }
    // If the user has Administer ACL then access is granted
    if (manager.checkAccess(callerUGI, ReservationACL.ADMINISTER_RESERVATIONS, queueName)) {
        return callerUGI.getShortUserName();
    }
    handleNoAccess(callerUGI.getShortUserName(), queueName, auditConstant, reservationACL.toString(), reservationACL.name());
    throw new IllegalStateException();
}

Example 2 with ReservationsACLsManager

use of org.apache.hadoop.yarn.server.resourcemanager.security.ReservationsACLsManager in project hadoop by apache.

the class AbstractReservationSystem method initialize.

private void initialize(Configuration conf) throws YarnException {
    LOG.info("Initializing Reservation system");
    this.conf = conf;
    scheduler = rmContext.getScheduler();
    // Get the plan step size
    planStepSize = conf.getTimeDuration(YarnConfiguration.RM_RESERVATION_SYSTEM_PLAN_FOLLOWER_TIME_STEP, YarnConfiguration.DEFAULT_RM_RESERVATION_SYSTEM_PLAN_FOLLOWER_TIME_STEP, TimeUnit.MILLISECONDS);
    if (planStepSize < 0) {
        planStepSize = YarnConfiguration.DEFAULT_RM_RESERVATION_SYSTEM_PLAN_FOLLOWER_TIME_STEP;
    }
    // Create a plan corresponding to every reservable queue
    Set<String> planQueueNames = scheduler.getPlanQueues();
    for (String planQueueName : planQueueNames) {
        Plan plan = initializePlan(planQueueName);
        plans.put(planQueueName, plan);
    }
    isRecoveryEnabled = conf.getBoolean(YarnConfiguration.RECOVERY_ENABLED, YarnConfiguration.DEFAULT_RM_RECOVERY_ENABLED);
    if (conf.getBoolean(YarnConfiguration.YARN_RESERVATION_ACL_ENABLE, YarnConfiguration.DEFAULT_YARN_RESERVATION_ACL_ENABLE) && conf.getBoolean(YarnConfiguration.YARN_ACL_ENABLE, YarnConfiguration.DEFAULT_YARN_ACL_ENABLE)) {
        reservationsACLsManager = new ReservationsACLsManager(scheduler, conf);
    }
}