Example 21 with ApplicationACLsManager
use of org.apache.hadoop.yarn.server.security.ApplicationACLsManager in project hadoop by apache.
the class TestAppManager method setUp.
@SuppressWarnings("deprecation")
@Before
public void setUp() {
long now = System.currentTimeMillis();
rmContext = mockRMContext(1, now - 10);
rmContext.setRMTimelineCollectorManager(mock(RMTimelineCollectorManager.class));
ResourceScheduler scheduler = mockResourceScheduler();
((RMContextImpl) rmContext).setScheduler(scheduler);
Configuration conf = new Configuration();
ApplicationMasterService masterService = new ApplicationMasterService(rmContext, scheduler);
appMonitor = new TestRMAppManager(rmContext, new ClientToAMTokenSecretManagerInRM(), scheduler, masterService, new ApplicationACLsManager(conf), conf);
appId = MockApps.newAppID(1);
RecordFactory recordFactory = RecordFactoryProvider.getRecordFactory(null);
asContext = recordFactory.newRecordInstance(ApplicationSubmissionContext.class);
asContext.setApplicationId(appId);
asContext.setAMContainerSpec(mockContainerLaunchContext(recordFactory));
asContext.setResource(mockResource());
asContext.setPriority(Priority.newInstance(0));
setupDispatcher(rmContext, conf);
}
Also used :
RMTimelineCollectorManager(org.apache.hadoop.yarn.server.resourcemanager.timelineservice.RMTimelineCollectorManager)
ClientToAMTokenSecretManagerInRM(org.apache.hadoop.yarn.server.resourcemanager.security.ClientToAMTokenSecretManagerInRM)
ApplicationACLsManager(org.apache.hadoop.yarn.server.security.ApplicationACLsManager)
RecordFactory(org.apache.hadoop.yarn.factories.RecordFactory)
Configuration(org.apache.hadoop.conf.Configuration)
YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration)
ApplicationSubmissionContext(org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext)
ResourceScheduler(org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler)
Before(org.junit.Before)
Example 22 with ApplicationACLsManager
use of org.apache.hadoop.yarn.server.security.ApplicationACLsManager in project hadoop by apache.
the class TestClientRMService method getAppAclManager.
/**
* Plain application acl manager that always returns true.
* @return ApplicationACLsManager
*/
private ApplicationACLsManager getAppAclManager() {
ApplicationACLsManager aclsManager = mock(ApplicationACLsManager.class);
when(aclsManager.checkAccess(any(UserGroupInformation.class), any(ApplicationAccessType.class), any(String.class), any(ApplicationId.class))).thenReturn(true);
return aclsManager;
}
Also used :
ApplicationACLsManager(org.apache.hadoop.yarn.server.security.ApplicationACLsManager)
ApplicationAccessType(org.apache.hadoop.yarn.api.records.ApplicationAccessType)
Matchers.anyString(org.mockito.Matchers.anyString)
ApplicationId(org.apache.hadoop.yarn.api.records.ApplicationId)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 23 with ApplicationACLsManager
use of org.apache.hadoop.yarn.server.security.ApplicationACLsManager in project hadoop by apache.
the class TestClientRMService method testMoveApplicationSubmitTargetQueue.
@Test
public void testMoveApplicationSubmitTargetQueue() throws Exception {
// move the application as the owner
ApplicationId applicationId = getApplicationId(1);
UserGroupInformation aclUGI = UserGroupInformation.getCurrentUser();
QueueACLsManager queueACLsManager = getQueueAclManager("allowed_queue", QueueACL.SUBMIT_APPLICATIONS, aclUGI);
ApplicationACLsManager appAclsManager = getAppAclManager();
ClientRMService rmService = createClientRMServiceForMoveApplicationRequest(applicationId, aclUGI.getShortUserName(), appAclsManager, queueACLsManager);
// move as the owner queue in the acl
MoveApplicationAcrossQueuesRequest moveAppRequest = MoveApplicationAcrossQueuesRequest.newInstance(applicationId, "allowed_queue");
rmService.moveApplicationAcrossQueues(moveAppRequest);
// move as the owner queue not in the acl
moveAppRequest = MoveApplicationAcrossQueuesRequest.newInstance(applicationId, "not_allowed");
try {
rmService.moveApplicationAcrossQueues(moveAppRequest);
Assert.fail("The request should fail with an AccessControlException");
} catch (YarnException rex) {
Assert.assertTrue("AccessControlException is expected", rex.getCause() instanceof AccessControlException);
}
// ACL is owned by "moveuser", move is performed as a different user
aclUGI = UserGroupInformation.createUserForTesting("moveuser", new String[] {});
queueACLsManager = getQueueAclManager("move_queue", QueueACL.SUBMIT_APPLICATIONS, aclUGI);
appAclsManager = getAppAclManager();
ClientRMService rmService2 = createClientRMServiceForMoveApplicationRequest(applicationId, aclUGI.getShortUserName(), appAclsManager, queueACLsManager);
// access to the queue not OK: user not allowed in this queue
MoveApplicationAcrossQueuesRequest moveAppRequest2 = MoveApplicationAcrossQueuesRequest.newInstance(applicationId, "move_queue");
try {
rmService2.moveApplicationAcrossQueues(moveAppRequest2);
Assert.fail("The request should fail with an AccessControlException");
} catch (YarnException rex) {
Assert.assertTrue("AccessControlException is expected", rex.getCause() instanceof AccessControlException);
}
// execute the move as the acl owner
// access to the queue OK: user allowed in this queue
aclUGI.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
return rmService2.moveApplicationAcrossQueues(moveAppRequest2);
}
});
}
Also used :
AccessControlException(java.security.AccessControlException)
Matchers.anyString(org.mockito.Matchers.anyString)
YarnException(org.apache.hadoop.yarn.exceptions.YarnException)
ApplicationNotFoundException(org.apache.hadoop.yarn.exceptions.ApplicationNotFoundException)
IOException(java.io.IOException)
BrokenBarrierException(java.util.concurrent.BrokenBarrierException)
AccessControlException(java.security.AccessControlException)
YarnException(org.apache.hadoop.yarn.exceptions.YarnException)
ApplicationACLsManager(org.apache.hadoop.yarn.server.security.ApplicationACLsManager)
MoveApplicationAcrossQueuesRequest(org.apache.hadoop.yarn.api.protocolrecords.MoveApplicationAcrossQueuesRequest)
QueueACLsManager(org.apache.hadoop.yarn.server.resourcemanager.security.QueueACLsManager)
ApplicationId(org.apache.hadoop.yarn.api.records.ApplicationId)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Test(org.junit.Test)
Example 24 with ApplicationACLsManager
use of org.apache.hadoop.yarn.server.security.ApplicationACLsManager in project hadoop by apache.
the class TestClientRMService method testNonExistingQueue.
@Test(expected = YarnException.class)
public void testNonExistingQueue() throws Exception {
ApplicationId applicationId = getApplicationId(1);
UserGroupInformation aclUGI = UserGroupInformation.getCurrentUser();
QueueACLsManager queueAclsManager = getQueueAclManager();
ApplicationACLsManager appAclsManager = getAppAclManager();
ClientRMService rmService = createClientRMServiceForMoveApplicationRequest(applicationId, aclUGI.getShortUserName(), appAclsManager, queueAclsManager);
MoveApplicationAcrossQueuesRequest moveAppRequest = MoveApplicationAcrossQueuesRequest.newInstance(applicationId, "unknown_queue");
rmService.moveApplicationAcrossQueues(moveAppRequest);
}
Also used :
ApplicationACLsManager(org.apache.hadoop.yarn.server.security.ApplicationACLsManager)
MoveApplicationAcrossQueuesRequest(org.apache.hadoop.yarn.api.protocolrecords.MoveApplicationAcrossQueuesRequest)
QueueACLsManager(org.apache.hadoop.yarn.server.resourcemanager.security.QueueACLsManager)
ApplicationId(org.apache.hadoop.yarn.api.records.ApplicationId)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Test(org.junit.Test)
Example 25 with ApplicationACLsManager
use of org.apache.hadoop.yarn.server.security.ApplicationACLsManager in project hadoop by apache.
the class TestApplicationHistoryClientService method setup.
@BeforeClass
public static void setup() throws Exception {
Configuration conf = new YarnConfiguration();
TimelineStore store = TestApplicationHistoryManagerOnTimelineStore.createStore(MAX_APPS);
TimelineACLsManager aclsManager = new TimelineACLsManager(conf);
aclsManager.setTimelineStore(store);
dataManager = new TimelineDataManager(store, aclsManager);
dataManager.init(conf);
ApplicationACLsManager appAclsManager = new ApplicationACLsManager(conf);
ApplicationHistoryManagerOnTimelineStore historyManager = new ApplicationHistoryManagerOnTimelineStore(dataManager, appAclsManager);
historyManager.init(conf);
historyManager.start();
clientService = new ApplicationHistoryClientService(historyManager);
}
Also used :
TimelineDataManager(org.apache.hadoop.yarn.server.timeline.TimelineDataManager)
ApplicationACLsManager(org.apache.hadoop.yarn.server.security.ApplicationACLsManager)
YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration)
Configuration(org.apache.hadoop.conf.Configuration)
YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration)
TimelineStore(org.apache.hadoop.yarn.server.timeline.TimelineStore)
TimelineACLsManager(org.apache.hadoop.yarn.server.timeline.security.TimelineACLsManager)
BeforeClass(org.junit.BeforeClass)
Aggregations
ApplicationACLsManager (org.apache.hadoop.yarn.server.security.ApplicationACLsManager)35
YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)22
Test (org.junit.Test)21
Configuration (org.apache.hadoop.conf.Configuration)18
ApplicationId (org.apache.hadoop.yarn.api.records.ApplicationId)16
NMContext (org.apache.hadoop.yarn.server.nodemanager.NodeManager.NMContext)11
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)10
QueueACLsManager (org.apache.hadoop.yarn.server.resourcemanager.security.QueueACLsManager)7
Matchers.anyString (org.mockito.Matchers.anyString)7
NMNullStateStoreService (org.apache.hadoop.yarn.server.nodemanager.recovery.NMNullStateStoreService)6
NMContainerTokenSecretManager (org.apache.hadoop.yarn.server.nodemanager.security.NMContainerTokenSecretManager)6
NMTokenSecretManagerInNM (org.apache.hadoop.yarn.server.nodemanager.security.NMTokenSecretManagerInNM)6
IOException (java.io.IOException)5
ContainerLaunchContext (org.apache.hadoop.yarn.api.records.ContainerLaunchContext)5
YarnScheduler (org.apache.hadoop.yarn.server.resourcemanager.scheduler.YarnScheduler)5
ContainerId (org.apache.hadoop.yarn.api.records.ContainerId)4
QueueACL (org.apache.hadoop.yarn.api.records.QueueACL)4
Dispatcher (org.apache.hadoop.yarn.event.Dispatcher)4
RecordFactory (org.apache.hadoop.yarn.factories.RecordFactory)4
LocalDirsHandlerService (org.apache.hadoop.yarn.server.nodemanager.LocalDirsHandlerService)4
