Example 1 with ForbiddenException
use of org.apache.hadoop.yarn.webapp.ForbiddenException in project hadoop by apache.
the class RMWebServices method validateAppTimeoutRequest.
private RMApp validateAppTimeoutRequest(HttpServletRequest hsr, String appId) {
UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
String userName = "UNKNOWN-USER";
if (callerUGI != null) {
userName = callerUGI.getUserName();
}
if (UserGroupInformation.isSecurityEnabled() && isStaticUser(callerUGI)) {
String msg = "The default static user cannot carry out this operation.";
RMAuditLogger.logFailure(userName, AuditConstants.GET_APP_TIMEOUTS, "UNKNOWN", "RMWebService", msg);
throw new ForbiddenException(msg);
}
RMApp app = null;
try {
app = getRMAppForAppId(appId);
} catch (NotFoundException e) {
RMAuditLogger.logFailure(userName, AuditConstants.GET_APP_TIMEOUTS, "UNKNOWN", "RMWebService", "Trying to get timeouts of an absent application " + appId);
throw e;
}
return app;
}
Also used :
RMApp(org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)
ForbiddenException(org.apache.hadoop.yarn.webapp.ForbiddenException)
NotFoundException(org.apache.hadoop.yarn.webapp.NotFoundException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 2 with ForbiddenException
use of org.apache.hadoop.yarn.webapp.ForbiddenException in project hadoop by apache.
the class RMWebServices method dumpSchedulerLogs.
@POST
@Path("/scheduler/logs")
@Produces({ MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8, MediaType.APPLICATION_XML + "; " + JettyUtils.UTF_8 })
public String dumpSchedulerLogs(@FormParam("time") String time, @Context HttpServletRequest hsr) throws IOException {
init();
UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
ApplicationACLsManager aclsManager = rm.getApplicationACLsManager();
if (aclsManager.areACLsEnabled()) {
if (callerUGI == null || !aclsManager.isAdmin(callerUGI)) {
String msg = "Only admins can carry out this operation.";
throw new ForbiddenException(msg);
}
}
ResourceScheduler rs = rm.getResourceScheduler();
int period = Integer.parseInt(time);
if (period <= 0) {
throw new BadRequestException("Period must be greater than 0");
}
final String logHierarchy = "org.apache.hadoop.yarn.server.resourcemanager.scheduler";
String logfile = "yarn-scheduler-debug.log";
if (rs instanceof CapacityScheduler) {
logfile = "yarn-capacity-scheduler-debug.log";
} else if (rs instanceof FairScheduler) {
logfile = "yarn-fair-scheduler-debug.log";
}
AdHocLogDumper dumper = new AdHocLogDumper(logHierarchy, logfile);
// time period is sent to us in seconds
dumper.dumpLogs("DEBUG", period * 1000);
return "Capacity scheduler logs are being created.";
}
Also used :
ApplicationACLsManager(org.apache.hadoop.yarn.server.security.ApplicationACLsManager)
ForbiddenException(org.apache.hadoop.yarn.webapp.ForbiddenException)
FairScheduler(org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler)
AdHocLogDumper(org.apache.hadoop.yarn.util.AdHocLogDumper)
BadRequestException(org.apache.hadoop.yarn.webapp.BadRequestException)
ResourceScheduler(org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler)
CapacityScheduler(org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.CapacityScheduler)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Example 3 with ForbiddenException
use of org.apache.hadoop.yarn.webapp.ForbiddenException in project hadoop by apache.
the class TimelineWebServices method postEntities.
/**
* Store the given entities into the timeline store, and return the errors
* that happen during storing.
*/
@POST
@Consumes({ MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8 })
public TimelinePutResponse postEntities(@Context HttpServletRequest req, @Context HttpServletResponse res, TimelineEntities entities) {
init(res);
UserGroupInformation callerUGI = getUser(req);
if (callerUGI == null) {
String msg = "The owner of the posted timeline entities is not set";
LOG.error(msg);
throw new ForbiddenException(msg);
}
try {
return timelineDataManager.postEntities(entities, callerUGI);
} catch (BadRequestException bre) {
throw bre;
} catch (Exception e) {
LOG.error("Error putting entities", e);
throw new WebApplicationException(e, Response.Status.INTERNAL_SERVER_ERROR);
}
}
Also used :
ForbiddenException(org.apache.hadoop.yarn.webapp.ForbiddenException)
WebApplicationException(javax.ws.rs.WebApplicationException)
BadRequestException(org.apache.hadoop.yarn.webapp.BadRequestException)
ForbiddenException(org.apache.hadoop.yarn.webapp.ForbiddenException)
YarnException(org.apache.hadoop.yarn.exceptions.YarnException)
NotFoundException(org.apache.hadoop.yarn.webapp.NotFoundException)
IOException(java.io.IOException)
WebApplicationException(javax.ws.rs.WebApplicationException)
BadRequestException(org.apache.hadoop.yarn.webapp.BadRequestException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Example 4 with ForbiddenException
use of org.apache.hadoop.yarn.webapp.ForbiddenException in project hadoop by apache.
the class TestRMWebServices method testDumpingSchedulerLogs.
@Test
public void testDumpingSchedulerLogs() throws Exception {
ResourceManager mockRM = mock(ResourceManager.class);
Configuration conf = new YarnConfiguration();
HttpServletRequest mockHsr = mock(HttpServletRequest.class);
ApplicationACLsManager aclsManager = new ApplicationACLsManager(conf);
when(mockRM.getApplicationACLsManager()).thenReturn(aclsManager);
RMWebServices webSvc = new RMWebServices(mockRM, conf, mock(HttpServletResponse.class));
// nothing should happen
webSvc.dumpSchedulerLogs("1", mockHsr);
waitforLogDump(50);
checkSchedulerLogFileAndCleanup();
conf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
conf.setStrings(YarnConfiguration.YARN_ADMIN_ACL, "admin");
aclsManager = new ApplicationACLsManager(conf);
when(mockRM.getApplicationACLsManager()).thenReturn(aclsManager);
webSvc = new RMWebServices(mockRM, conf, mock(HttpServletResponse.class));
boolean exceptionThrown = false;
try {
webSvc.dumpSchedulerLogs("1", mockHsr);
fail("Dumping logs should fail");
} catch (ForbiddenException ae) {
exceptionThrown = true;
}
assertTrue("ForbiddenException expected", exceptionThrown);
exceptionThrown = false;
when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override
public String getName() {
return "testuser";
}
});
try {
webSvc.dumpSchedulerLogs("1", mockHsr);
fail("Dumping logs should fail");
} catch (ForbiddenException ae) {
exceptionThrown = true;
}
assertTrue("ForbiddenException expected", exceptionThrown);
when(mockHsr.getUserPrincipal()).thenReturn(new Principal() {
@Override
public String getName() {
return "admin";
}
});
webSvc.dumpSchedulerLogs("1", mockHsr);
waitforLogDump(50);
checkSchedulerLogFileAndCleanup();
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ApplicationACLsManager(org.apache.hadoop.yarn.server.security.ApplicationACLsManager)
ForbiddenException(org.apache.hadoop.yarn.webapp.ForbiddenException)
Configuration(org.apache.hadoop.conf.Configuration)
YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration)
YarnConfiguration(org.apache.hadoop.yarn.conf.YarnConfiguration)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ResourceManager(org.apache.hadoop.yarn.server.resourcemanager.ResourceManager)
Principal(java.security.Principal)
Test(org.junit.Test)
Example 5 with ForbiddenException
use of org.apache.hadoop.yarn.webapp.ForbiddenException in project hadoop by apache.
the class TimelineCollectorWebService method putEntities.
/**
* Accepts writes to the collector, and returns a response. It simply routes
* the request to the app level collector. It expects an application as a
* context.
*
* @param req Servlet request.
* @param res Servlet response.
* @param async flag indicating whether its an async put or not. "true"
* indicates, its an async call. If null, its considered false.
* @param appId Application Id to which the entities to be put belong to. If
* appId is not there or it cannot be parsed, HTTP 400 will be sent back.
* @param entities timeline entities to be put.
* @return a Response with appropriate HTTP status.
*/
@PUT
@Path("/entities")
@Consumes({ MediaType.APPLICATION_JSON })
public Response putEntities(@Context HttpServletRequest req, @Context HttpServletResponse res, @QueryParam("async") String async, @QueryParam("appid") String appId, TimelineEntities entities) {
init(res);
UserGroupInformation callerUgi = getUser(req);
if (callerUgi == null) {
String msg = "The owner of the posted timeline entities is not set";
LOG.error(msg);
throw new ForbiddenException(msg);
}
// TODO how to express async posts and handle them
boolean isAsync = async != null && async.trim().equalsIgnoreCase("true");
try {
ApplicationId appID = parseApplicationId(appId);
if (appID == null) {
return Response.status(Response.Status.BAD_REQUEST).build();
}
NodeTimelineCollectorManager collectorManager = (NodeTimelineCollectorManager) context.getAttribute(NodeTimelineCollectorManager.COLLECTOR_MANAGER_ATTR_KEY);
TimelineCollector collector = collectorManager.get(appID);
if (collector == null) {
LOG.error("Application: " + appId + " is not found");
// different exception?
throw new NotFoundException();
}
collector.putEntities(processTimelineEntities(entities), callerUgi);
return Response.ok().build();
} catch (Exception e) {
LOG.error("Error putting entities", e);
throw new WebApplicationException(e, Response.Status.INTERNAL_SERVER_ERROR);
}
}
Also used :
ForbiddenException(org.apache.hadoop.yarn.webapp.ForbiddenException)
WebApplicationException(javax.ws.rs.WebApplicationException)
NotFoundException(org.apache.hadoop.yarn.webapp.NotFoundException)
ApplicationId(org.apache.hadoop.yarn.api.records.ApplicationId)
ForbiddenException(org.apache.hadoop.yarn.webapp.ForbiddenException)
NotFoundException(org.apache.hadoop.yarn.webapp.NotFoundException)
WebApplicationException(javax.ws.rs.WebApplicationException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Path(javax.ws.rs.Path)
Consumes(javax.ws.rs.Consumes)
PUT(javax.ws.rs.PUT)
Aggregations
ForbiddenException (org.apache.hadoop.yarn.webapp.ForbiddenException)6
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)5
Consumes (javax.ws.rs.Consumes)3
Path (javax.ws.rs.Path)3
Produces (javax.ws.rs.Produces)3
WebApplicationException (javax.ws.rs.WebApplicationException)3
NotFoundException (org.apache.hadoop.yarn.webapp.NotFoundException)3
IOException (java.io.IOException)2
POST (javax.ws.rs.POST)2
PUT (javax.ws.rs.PUT)2
YarnException (org.apache.hadoop.yarn.exceptions.YarnException)2
ApplicationACLsManager (org.apache.hadoop.yarn.server.security.ApplicationACLsManager)2
BadRequestException (org.apache.hadoop.yarn.webapp.BadRequestException)2
Principal (java.security.Principal)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
Configuration (org.apache.hadoop.conf.Configuration)1
ApplicationId (org.apache.hadoop.yarn.api.records.ApplicationId)1
TimelinePutResponse (org.apache.hadoop.yarn.api.records.timeline.TimelinePutResponse)1
YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)1
