Java Code Examples for org.apache.hadoop.yarn.api.records.QueueACL

The following examples show how to use org.apache.hadoop.yarn.api.records.QueueACL. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop   Source File: ClientRMService.java    License: Apache License 2.0 6 votes vote down vote up
private String checkReservationACLs(String queueName, String auditConstant)
    throws YarnException {
  UserGroupInformation callerUGI;
  try {
    callerUGI = UserGroupInformation.getCurrentUser();
  } catch (IOException ie) {
    RMAuditLogger.logFailure("UNKNOWN", auditConstant, queueName,
        "ClientRMService", "Error getting UGI");
    throw RPCUtil.getRemoteException(ie);
  }
  // Check if user has access on the managed queue
  if (!queueACLsManager.checkAccess(callerUGI, QueueACL.SUBMIT_APPLICATIONS,
      queueName)) {
    RMAuditLogger.logFailure(
        callerUGI.getShortUserName(),
        auditConstant,
        "User doesn't have permissions to "
            + QueueACL.SUBMIT_APPLICATIONS.toString(), "ClientRMService",
        AuditConstants.UNAUTHORIZED_USER);
    throw RPCUtil.getRemoteException(new AccessControlException("User "
        + callerUGI.getShortUserName() + " cannot perform operation "
        + QueueACL.SUBMIT_APPLICATIONS.name() + " on queue" + queueName));
  }
  return callerUGI.getShortUserName();
}
 
Example 2
Source Project: hadoop   Source File: AllocationConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
public AllocationConfiguration(Configuration conf) {
  minQueueResources = new HashMap<String, Resource>();
  maxQueueResources = new HashMap<String, Resource>();
  queueWeights = new HashMap<String, ResourceWeights>();
  queueMaxApps = new HashMap<String, Integer>();
  userMaxApps = new HashMap<String, Integer>();
  queueMaxAMShares = new HashMap<String, Float>();
  userMaxAppsDefault = Integer.MAX_VALUE;
  queueMaxAppsDefault = Integer.MAX_VALUE;
  queueMaxAMShareDefault = 0.5f;
  queueAcls = new HashMap<String, Map<QueueACL, AccessControlList>>();
  minSharePreemptionTimeouts = new HashMap<String, Long>();
  fairSharePreemptionTimeouts = new HashMap<String, Long>();
  fairSharePreemptionThresholds = new HashMap<String, Float>();
  schedulingPolicies = new HashMap<String, SchedulingPolicy>();
  defaultSchedulingPolicy = SchedulingPolicy.DEFAULT_POLICY;
  reservableQueues = new HashSet<>();
  configuredQueues = new HashMap<FSQueueType, Set<String>>();
  for (FSQueueType queueType : FSQueueType.values()) {
    configuredQueues.put(queueType, new HashSet<String>());
  }
  placementPolicy = QueuePlacementPolicy.fromConfiguration(conf,
      configuredQueues);
}
 
Example 3
Source Project: big-c   Source File: LeafQueue.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public synchronized List<QueueUserACLInfo> 
getQueueUserAclInfo(UserGroupInformation user) {
  QueueUserACLInfo userAclInfo = 
    recordFactory.newRecordInstance(QueueUserACLInfo.class);
  List<QueueACL> operations = new ArrayList<QueueACL>();
  for (QueueACL operation : QueueACL.values()) {
    if (hasAccess(operation, user)) {
      operations.add(operation);
    }
  }

  userAclInfo.setQueueName(getQueueName());
  userAclInfo.setUserAcls(operations);
  return Collections.singletonList(userAclInfo);
}
 
Example 4
Source Project: big-c   Source File: TypeConverter.java    License: Apache License 2.0 6 votes vote down vote up
public static QueueAclsInfo[] fromYarnQueueUserAclsInfo(
    List<QueueUserACLInfo> userAcls) {
  List<QueueAclsInfo> acls = new ArrayList<QueueAclsInfo>();
  for (QueueUserACLInfo aclInfo : userAcls) {
    List<String> operations = new ArrayList<String>();
    for (QueueACL qAcl : aclInfo.getUserAcls()) {
      operations.add(qAcl.toString());
    }

    QueueAclsInfo acl =
      new QueueAclsInfo(aclInfo.getQueueName(),
          operations.toArray(new String[operations.size()]));
    acls.add(acl);
  }
  return acls.toArray(new QueueAclsInfo[acls.size()]);
}
 
Example 5
Source Project: hadoop   Source File: LeafQueue.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public synchronized List<QueueUserACLInfo> 
getQueueUserAclInfo(UserGroupInformation user) {
  QueueUserACLInfo userAclInfo = 
    recordFactory.newRecordInstance(QueueUserACLInfo.class);
  List<QueueACL> operations = new ArrayList<QueueACL>();
  for (QueueACL operation : QueueACL.values()) {
    if (hasAccess(operation, user)) {
      operations.add(operation);
    }
  }

  userAclInfo.setQueueName(getQueueName());
  userAclInfo.setUserAcls(operations);
  return Collections.singletonList(userAclInfo);
}
 
Example 6
Source Project: big-c   Source File: TestClientRMService.java    License: Apache License 2.0 6 votes vote down vote up
public ClientRMService createRMService() throws IOException {
  YarnScheduler yarnScheduler = mockYarnScheduler();
  RMContext rmContext = mock(RMContext.class);
  mockRMContext(yarnScheduler, rmContext);
  ConcurrentHashMap<ApplicationId, RMApp> apps = getRMApps(rmContext,
      yarnScheduler);
  when(rmContext.getRMApps()).thenReturn(apps);
  when(rmContext.getYarnConfiguration()).thenReturn(new Configuration());
  RMAppManager appManager = new RMAppManager(rmContext, yarnScheduler, null,
      mock(ApplicationACLsManager.class), new Configuration());
  when(rmContext.getDispatcher().getEventHandler()).thenReturn(
      new EventHandler<Event>() {
        public void handle(Event event) {
        }
      });

  ApplicationACLsManager mockAclsManager = mock(ApplicationACLsManager.class);
  QueueACLsManager mockQueueACLsManager = mock(QueueACLsManager.class);
  when(
      mockQueueACLsManager.checkAccess(any(UserGroupInformation.class),
          any(QueueACL.class), anyString())).thenReturn(true);
  return new ClientRMService(rmContext, yarnScheduler, appManager,
      mockAclsManager, mockQueueACLsManager, null);
}
 
Example 7
Source Project: big-c   Source File: TestLeafQueue.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testInheritedQueueAcls() throws IOException {
  UserGroupInformation user = UserGroupInformation.getCurrentUser();

  LeafQueue a = stubLeafQueue((LeafQueue)queues.get(A));
  LeafQueue b = stubLeafQueue((LeafQueue)queues.get(B));
  ParentQueue c = (ParentQueue)queues.get(C);
  LeafQueue c1 = stubLeafQueue((LeafQueue)queues.get(C1));

  assertFalse(root.hasAccess(QueueACL.SUBMIT_APPLICATIONS, user));
  assertTrue(a.hasAccess(QueueACL.SUBMIT_APPLICATIONS, user));
  assertTrue(b.hasAccess(QueueACL.SUBMIT_APPLICATIONS, user));
  assertFalse(c.hasAccess(QueueACL.SUBMIT_APPLICATIONS, user));
  assertFalse(c1.hasAccess(QueueACL.SUBMIT_APPLICATIONS, user));

  assertTrue(hasQueueACL(
        a.getQueueUserAclInfo(user), QueueACL.SUBMIT_APPLICATIONS));
  assertTrue(hasQueueACL(
        b.getQueueUserAclInfo(user), QueueACL.SUBMIT_APPLICATIONS));
  assertFalse(hasQueueACL(
        c.getQueueUserAclInfo(user), QueueACL.SUBMIT_APPLICATIONS));
  assertFalse(hasQueueACL(
        c1.getQueueUserAclInfo(user), QueueACL.SUBMIT_APPLICATIONS));

}
 
Example 8
Source Project: hadoop   Source File: TestLeafQueue.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testInheritedQueueAcls() throws IOException {
  UserGroupInformation user = UserGroupInformation.getCurrentUser();

  LeafQueue a = stubLeafQueue((LeafQueue)queues.get(A));
  LeafQueue b = stubLeafQueue((LeafQueue)queues.get(B));
  ParentQueue c = (ParentQueue)queues.get(C);
  LeafQueue c1 = stubLeafQueue((LeafQueue)queues.get(C1));

  assertFalse(root.hasAccess(QueueACL.SUBMIT_APPLICATIONS, user));
  assertTrue(a.hasAccess(QueueACL.SUBMIT_APPLICATIONS, user));
  assertTrue(b.hasAccess(QueueACL.SUBMIT_APPLICATIONS, user));
  assertFalse(c.hasAccess(QueueACL.SUBMIT_APPLICATIONS, user));
  assertFalse(c1.hasAccess(QueueACL.SUBMIT_APPLICATIONS, user));

  assertTrue(hasQueueACL(
        a.getQueueUserAclInfo(user), QueueACL.SUBMIT_APPLICATIONS));
  assertTrue(hasQueueACL(
        b.getQueueUserAclInfo(user), QueueACL.SUBMIT_APPLICATIONS));
  assertFalse(hasQueueACL(
        c.getQueueUserAclInfo(user), QueueACL.SUBMIT_APPLICATIONS));
  assertFalse(hasQueueACL(
        c1.getQueueUserAclInfo(user), QueueACL.SUBMIT_APPLICATIONS));

}
 
Example 9
Source Project: hadoop   Source File: TypeConverter.java    License: Apache License 2.0 6 votes vote down vote up
public static QueueAclsInfo[] fromYarnQueueUserAclsInfo(
    List<QueueUserACLInfo> userAcls) {
  List<QueueAclsInfo> acls = new ArrayList<QueueAclsInfo>();
  for (QueueUserACLInfo aclInfo : userAcls) {
    List<String> operations = new ArrayList<String>();
    for (QueueACL qAcl : aclInfo.getUserAcls()) {
      operations.add(qAcl.toString());
    }

    QueueAclsInfo acl =
      new QueueAclsInfo(aclInfo.getQueueName(),
          operations.toArray(new String[operations.size()]));
    acls.add(acl);
  }
  return acls.toArray(new QueueAclsInfo[acls.size()]);
}
 
Example 10
Source Project: big-c   Source File: ClientRMService.java    License: Apache License 2.0 6 votes vote down vote up
private String checkReservationACLs(String queueName, String auditConstant)
    throws YarnException {
  UserGroupInformation callerUGI;
  try {
    callerUGI = UserGroupInformation.getCurrentUser();
  } catch (IOException ie) {
    RMAuditLogger.logFailure("UNKNOWN", auditConstant, queueName,
        "ClientRMService", "Error getting UGI");
    throw RPCUtil.getRemoteException(ie);
  }
  // Check if user has access on the managed queue
  if (!queueACLsManager.checkAccess(callerUGI, QueueACL.SUBMIT_APPLICATIONS,
      queueName)) {
    RMAuditLogger.logFailure(
        callerUGI.getShortUserName(),
        auditConstant,
        "User doesn't have permissions to "
            + QueueACL.SUBMIT_APPLICATIONS.toString(), "ClientRMService",
        AuditConstants.UNAUTHORIZED_USER);
    throw RPCUtil.getRemoteException(new AccessControlException("User "
        + callerUGI.getShortUserName() + " cannot perform operation "
        + QueueACL.SUBMIT_APPLICATIONS.name() + " on queue" + queueName));
  }
  return callerUGI.getShortUserName();
}
 
Example 11
Source Project: big-c   Source File: TestReservations.java    License: Apache License 2.0 6 votes vote down vote up
private void setupQueueConfiguration(CapacitySchedulerConfiguration conf,
    final String newRoot) {

  // Define top-level queues
  conf.setQueues(CapacitySchedulerConfiguration.ROOT,
      new String[] { newRoot });
  conf.setMaximumCapacity(CapacitySchedulerConfiguration.ROOT, 100);
  conf.setAcl(CapacitySchedulerConfiguration.ROOT,
      QueueACL.SUBMIT_APPLICATIONS, " ");

  final String Q_newRoot = CapacitySchedulerConfiguration.ROOT + "."
      + newRoot;
  conf.setQueues(Q_newRoot, new String[] { A });
  conf.setCapacity(Q_newRoot, 100);
  conf.setMaximumCapacity(Q_newRoot, 100);
  conf.setAcl(Q_newRoot, QueueACL.SUBMIT_APPLICATIONS, " ");

  final String Q_A = Q_newRoot + "." + A;
  conf.setCapacity(Q_A, 100f);
  conf.setMaximumCapacity(Q_A, 100);
  conf.setAcl(Q_A, QueueACL.SUBMIT_APPLICATIONS, "*");

}
 
Example 12
Source Project: hadoop   Source File: QueueUserACLInfoPBImpl.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void setUserAcls(List<QueueACL> userAclsList) {
  if (userAclsList == null) {
    builder.clearUserAcls();
  }
  this.userAclsList = userAclsList;
}
 
Example 13
Source Project: hadoop   Source File: QueueUserACLInfoPBImpl.java    License: Apache License 2.0 5 votes vote down vote up
private void initLocalQueueUserAclsList() {
  if (this.userAclsList != null) {
    return;
  }
  QueueUserACLInfoProtoOrBuilder p = viaProto ? proto : builder;
  List<QueueACLProto> list = p.getUserAclsList();
  userAclsList = new ArrayList<QueueACL>();

  for (QueueACLProto a : list) {
    userAclsList.add(convertFromProtoFormat(a));
  }
}
 
Example 14
Source Project: hadoop   Source File: QueueUserACLInfoPBImpl.java    License: Apache License 2.0 5 votes vote down vote up
private void addQueueACLsToProto() {
  maybeInitBuilder();
  builder.clearUserAcls();
  if (userAclsList == null)
    return;
  Iterable<QueueACLProto> iterable = new Iterable<QueueACLProto>() {
    @Override
    public Iterator<QueueACLProto> iterator() {
      return new Iterator<QueueACLProto>() {

        Iterator<QueueACL> iter = userAclsList.iterator();

        @Override
        public boolean hasNext() {
          return iter.hasNext();
        }

        @Override
        public QueueACLProto next() {
          return convertToProtoFormat(iter.next());
        }

        @Override
        public void remove() {
          throw new UnsupportedOperationException();

        }
      };

    }
  };
  builder.addAllUserAcls(iterable);
}
 
Example 15
Source Project: hadoop   Source File: QueueACLsManager.java    License: Apache License 2.0 5 votes vote down vote up
public boolean checkAccess(UserGroupInformation callerUGI,
    QueueACL acl, String queueName) {
  if (!isACLsEnable) {
    return true;
  }
  return scheduler.checkAccess(callerUGI, acl, queueName);
}
 
Example 16
Source Project: hadoop   Source File: RMWebServices.java    License: Apache License 2.0 5 votes vote down vote up
protected Boolean hasAccess(RMApp app, HttpServletRequest hsr) {
  // Check for the authorization.
  UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
  if (callerUGI != null
      && !(this.rm.getApplicationACLsManager().checkAccess(callerUGI,
            ApplicationAccessType.VIEW_APP, app.getUser(),
            app.getApplicationId()) ||
          this.rm.getQueueACLsManager().checkAccess(callerUGI,
            QueueACL.ADMINISTER_QUEUE, app.getQueue()))) {
    return false;
  }
  return true;
}
 
Example 17
Source Project: hadoop   Source File: ClientRMService.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * check if the calling user has the access to application information.
 * @param callerUGI
 * @param owner
 * @param operationPerformed
 * @param application
 * @return
 */
private boolean checkAccess(UserGroupInformation callerUGI, String owner,
    ApplicationAccessType operationPerformed,
    RMApp application) {
  return applicationsACLsManager.checkAccess(callerUGI, operationPerformed,
      owner, application.getApplicationId())
      || queueACLsManager.checkAccess(callerUGI, QueueACL.ADMINISTER_QUEUE,
          application.getQueue());
}
 
Example 18
Source Project: hadoop   Source File: FifoScheduler.java    License: Apache License 2.0 5 votes vote down vote up
public Map<QueueACL, AccessControlList> getQueueAcls() {
  Map<QueueACL, AccessControlList> acls =
    new HashMap<QueueACL, AccessControlList>();
  for (QueueACL acl : QueueACL.values()) {
    acls.put(acl, new AccessControlList("*"));
  }
  return acls;
}
 
Example 19
Source Project: big-c   Source File: CapacityScheduler.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public synchronized boolean checkAccess(UserGroupInformation callerUGI,
    QueueACL acl, String queueName) {
  CSQueue queue = getQueue(queueName);
  if (queue == null) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("ACL not found for queue access-type " + acl
          + " for queue " + queueName);
    }
    return false;
  }
  return queue.hasAccess(acl, callerUGI);
}
 
Example 20
Source Project: big-c   Source File: ProtocolHATestBase.java    License: Apache License 2.0 5 votes vote down vote up
public List<QueueUserACLInfo> createFakeQueueUserACLInfoList() {
  List<QueueACL> queueACL = new ArrayList<QueueACL>();
  queueACL.add(QueueACL.SUBMIT_APPLICATIONS);
  QueueUserACLInfo info = QueueUserACLInfo.newInstance("root", queueACL);
  List<QueueUserACLInfo> infos = new ArrayList<QueueUserACLInfo>();
  infos.add(info);
  return infos;
}
 
Example 21
Source Project: hadoop   Source File: FSLeafQueue.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public List<QueueUserACLInfo> getQueueUserAclInfo(UserGroupInformation user) {
  QueueUserACLInfo userAclInfo =
    recordFactory.newRecordInstance(QueueUserACLInfo.class);
  List<QueueACL> operations = new ArrayList<QueueACL>();
  for (QueueACL operation : QueueACL.values()) {
    if (hasAccess(operation, user)) {
      operations.add(operation);
    }
  }

  userAclInfo.setQueueName(getQueueName());
  userAclInfo.setUserAcls(operations);
  return Collections.singletonList(userAclInfo);
}
 
Example 22
Source Project: hadoop   Source File: FairScheduler.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public synchronized boolean checkAccess(UserGroupInformation callerUGI,
    QueueACL acl, String queueName) {
  FSQueue queue = getQueueManager().getQueue(queueName);
  if (queue == null) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("ACL not found for queue access-type " + acl
          + " for queue " + queueName);
    }
    return false;
  }
  return queue.hasAccess(acl, callerUGI);
}
 
Example 23
Source Project: hadoop   Source File: AllocationConfiguration.java    License: Apache License 2.0 5 votes vote down vote up
public AllocationConfiguration(Map<String, Resource> minQueueResources,
    Map<String, Resource> maxQueueResources,
    Map<String, Integer> queueMaxApps, Map<String, Integer> userMaxApps,
    Map<String, ResourceWeights> queueWeights,
    Map<String, Float> queueMaxAMShares, int userMaxAppsDefault,
    int queueMaxAppsDefault, float queueMaxAMShareDefault,
    Map<String, SchedulingPolicy> schedulingPolicies,
    SchedulingPolicy defaultSchedulingPolicy,
    Map<String, Long> minSharePreemptionTimeouts,
    Map<String, Long> fairSharePreemptionTimeouts,
    Map<String, Float> fairSharePreemptionThresholds,
    Map<String, Map<QueueACL, AccessControlList>> queueAcls,
    QueuePlacementPolicy placementPolicy,
    Map<FSQueueType, Set<String>> configuredQueues,
    ReservationQueueConfiguration globalReservationQueueConfig,
    Set<String> reservableQueues) {
  this.minQueueResources = minQueueResources;
  this.maxQueueResources = maxQueueResources;
  this.queueMaxApps = queueMaxApps;
  this.userMaxApps = userMaxApps;
  this.queueMaxAMShares = queueMaxAMShares;
  this.queueWeights = queueWeights;
  this.userMaxAppsDefault = userMaxAppsDefault;
  this.queueMaxAppsDefault = queueMaxAppsDefault;
  this.queueMaxAMShareDefault = queueMaxAMShareDefault;
  this.defaultSchedulingPolicy = defaultSchedulingPolicy;
  this.schedulingPolicies = schedulingPolicies;
  this.minSharePreemptionTimeouts = minSharePreemptionTimeouts;
  this.fairSharePreemptionTimeouts = fairSharePreemptionTimeouts;
  this.fairSharePreemptionThresholds = fairSharePreemptionThresholds;
  this.queueAcls = queueAcls;
  this.reservableQueues = reservableQueues;
  this.globalReservationQueueConfig = globalReservationQueueConfig;
  this.placementPolicy = placementPolicy;
  this.configuredQueues = configuredQueues;
}
 
Example 24
Source Project: hadoop   Source File: AllocationConfiguration.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Get the ACLs associated with this queue. If a given ACL is not explicitly
 * configured, include the default value for that ACL.  The default for the
 * root queue is everybody ("*") and the default for all other queues is
 * nobody ("")
 */
public AccessControlList getQueueAcl(String queue, QueueACL operation) {
  Map<QueueACL, AccessControlList> queueAcls = this.queueAcls.get(queue);
  if (queueAcls != null) {
    AccessControlList operationAcl = queueAcls.get(operation);
    if (operationAcl != null) {
      return operationAcl;
    }
  }
  return (queue.equals("root")) ? EVERYBODY_ACL : NOBODY_ACL;
}
 
Example 25
Source Project: hadoop   Source File: AllocationConfiguration.java    License: Apache License 2.0 5 votes vote down vote up
public boolean hasAccess(String queueName, QueueACL acl,
    UserGroupInformation user) {
  int lastPeriodIndex = queueName.length();
  while (lastPeriodIndex != -1) {
    String queue = queueName.substring(0, lastPeriodIndex);
    if (getQueueAcl(queue, acl).isUserAllowed(user)) {
      return true;
    }

    lastPeriodIndex = queueName.lastIndexOf('.', lastPeriodIndex - 1);
  }
  
  return false;
}
 
Example 26
Source Project: hadoop   Source File: FSParentQueue.java    License: Apache License 2.0 5 votes vote down vote up
private synchronized QueueUserACLInfo getUserAclInfo(
    UserGroupInformation user) {
  QueueUserACLInfo userAclInfo = 
    recordFactory.newRecordInstance(QueueUserACLInfo.class);
  List<QueueACL> operations = new ArrayList<QueueACL>();
  for (QueueACL operation : QueueACL.values()) {
    if (hasAccess(operation, user)) {
      operations.add(operation);
    } 
  }

  userAclInfo.setQueueName(getQueueName());
  userAclInfo.setUserAcls(operations);
  return userAclInfo;
}
 
Example 27
Source Project: hadoop   Source File: ParentQueue.java    License: Apache License 2.0 5 votes vote down vote up
private synchronized QueueUserACLInfo getUserAclInfo(
    UserGroupInformation user) {
  QueueUserACLInfo userAclInfo = 
    recordFactory.newRecordInstance(QueueUserACLInfo.class);
  List<QueueACL> operations = new ArrayList<QueueACL>();
  for (QueueACL operation : QueueACL.values()) {
    if (hasAccess(operation, user)) {
      operations.add(operation);
    } 
  }

  userAclInfo.setQueueName(getQueueName());
  userAclInfo.setUserAcls(operations);
  return userAclInfo;
}
 
Example 28
Source Project: big-c   Source File: TestParentQueue.java    License: Apache License 2.0 5 votes vote down vote up
public boolean hasQueueACL(List<QueueUserACLInfo> aclInfos, QueueACL acl, String qName) {
  for (QueueUserACLInfo aclInfo : aclInfos) {
    if (aclInfo.getQueueName().equals(qName)) {
      if (aclInfo.getUserAcls().contains(acl)) {
        return true;
      }
    }
  }    
  return false;
}
 
Example 29
Source Project: hadoop   Source File: CapacitySchedulerConfiguration.java    License: Apache License 2.0 5 votes vote down vote up
public AccessControlList getAcl(String queue, QueueACL acl) {
  String queuePrefix = getQueuePrefix(queue);
  // The root queue defaults to all access if not defined
  // Sub queues inherit access if not defined
  String defaultAcl = queue.equals(ROOT) ? ALL_ACL : NONE_ACL;
  String aclString = get(queuePrefix + getAclKey(acl), defaultAcl);
  return new AccessControlList(aclString);
}
 
Example 30
Source Project: hadoop   Source File: CapacityScheduler.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public synchronized boolean checkAccess(UserGroupInformation callerUGI,
    QueueACL acl, String queueName) {
  CSQueue queue = getQueue(queueName);
  if (queue == null) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("ACL not found for queue access-type " + acl
          + " for queue " + queueName);
    }
    return false;
  }
  return queue.hasAccess(acl, callerUGI);
}