org.apache.hadoop.mapreduce.JobACL Java Examples

The following examples show how to use org.apache.hadoop.mapreduce.JobACL. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TestJobAclsManager.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testClusterAdmins() {
  Map<JobACL, AccessControlList> tmpJobACLs = new HashMap<JobACL, AccessControlList>();
  Configuration conf = new Configuration();
  String jobOwner = "testuser";
  conf.set(JobACL.VIEW_JOB.getAclName(), jobOwner);
  conf.set(JobACL.MODIFY_JOB.getAclName(), jobOwner);
  conf.setBoolean(MRConfig.MR_ACLS_ENABLED, true);
  String clusterAdmin = "testuser2";
  conf.set(MRConfig.MR_ADMINS, clusterAdmin);

  JobACLsManager aclsManager = new JobACLsManager(conf);
  tmpJobACLs = aclsManager.constructJobACLs(conf);
  final Map<JobACL, AccessControlList> jobACLs = tmpJobACLs;

  UserGroupInformation callerUGI = UserGroupInformation.createUserForTesting(
      clusterAdmin, new String[] {});

  // cluster admin should have access
  boolean val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner,
      jobACLs.get(JobACL.VIEW_JOB));
  assertTrue("cluster admin should have view access", val);
  val = aclsManager.checkAccess(callerUGI, JobACL.MODIFY_JOB, jobOwner,
      jobACLs.get(JobACL.MODIFY_JOB));
  assertTrue("cluster admin should have modify access", val);
}
 
Example #2
Source File: JobACLsManager.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Construct the jobACLs from the configuration so that they can be kept in
 * the memory. If authorization is disabled on the JT, nothing is constructed
 * and an empty map is returned.
 * 
 * @return JobACL to AccessControlList map.
 */
public Map<JobACL, AccessControlList> constructJobACLs(Configuration conf) {

  Map<JobACL, AccessControlList> acls =
      new HashMap<JobACL, AccessControlList>();

  // Don't construct anything if authorization is disabled.
  if (!areACLsEnabled()) {
    return acls;
  }

  for (JobACL aclName : JobACL.values()) {
    String aclConfigName = aclName.getAclName();
    String aclConfigured = conf.get(aclConfigName);
    if (aclConfigured == null) {
      // If ACLs are not configured at all, we grant no access to anyone. So
      // jobOwner and cluster administrator _only_ can do 'stuff'
      aclConfigured = " ";
    }
    acls.put(aclName, new AccessControlList(aclConfigured));
  }
  return acls;
}
 
Example #3
Source File: MRClientService.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
@Override
public FailTaskAttemptResponse failTaskAttempt(
    FailTaskAttemptRequest request) throws IOException {
  TaskAttemptId taskAttemptId = request.getTaskAttemptId();
  UserGroupInformation callerUGI = UserGroupInformation.getCurrentUser();
  String message = "Fail task attempt " + taskAttemptId
      + " received from " + callerUGI + " at "
      + Server.getRemoteAddress();
  LOG.info(message);
  verifyAndGetAttempt(taskAttemptId, JobACL.MODIFY_JOB);
  appContext.getEventHandler().handle(
      new TaskAttemptDiagnosticsUpdateEvent(taskAttemptId, message));
  appContext.getEventHandler().handle(
      new TaskAttemptEvent(taskAttemptId, 
          TaskAttemptEventType.TA_FAILMSG));
  FailTaskAttemptResponse response = recordFactory.
    newRecordInstance(FailTaskAttemptResponse.class);
  return response;
}
 
Example #4
Source File: TestJobAclsManager.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testGroups() {
  Map<JobACL, AccessControlList> tmpJobACLs = new HashMap<JobACL, AccessControlList>();
  Configuration conf = new Configuration();
  String jobOwner = "testuser";
  conf.set(JobACL.VIEW_JOB.getAclName(), jobOwner);
  conf.setBoolean(MRConfig.MR_ACLS_ENABLED, true);
  String user = "testuser2";
  String adminGroup = "adminGroup";
  conf.set(MRConfig.MR_ADMINS, " " + adminGroup);

  JobACLsManager aclsManager = new JobACLsManager(conf);
  tmpJobACLs = aclsManager.constructJobACLs(conf);
  final Map<JobACL, AccessControlList> jobACLs = tmpJobACLs;

  UserGroupInformation callerUGI = UserGroupInformation.createUserForTesting(
   user, new String[] {adminGroup});
  // acls off so anyone should have access
  boolean val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner,
      jobACLs.get(JobACL.VIEW_JOB));
  assertTrue("user in admin group should have access", val);
}
 
Example #5
Source File: MRClientService.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
@Override
public KillTaskAttemptResponse killTaskAttempt(
    KillTaskAttemptRequest request) throws IOException {
  TaskAttemptId taskAttemptId = request.getTaskAttemptId();
  UserGroupInformation callerUGI = UserGroupInformation.getCurrentUser();
  String message = "Kill task attempt " + taskAttemptId
      + " received from " + callerUGI + " at "
      + Server.getRemoteAddress();
  LOG.info(message);
  verifyAndGetAttempt(taskAttemptId, JobACL.MODIFY_JOB);
  appContext.getEventHandler().handle(
      new TaskAttemptDiagnosticsUpdateEvent(taskAttemptId, message));
  appContext.getEventHandler().handle(
      new TaskAttemptEvent(taskAttemptId, 
          TaskAttemptEventType.TA_KILL));
  KillTaskAttemptResponse response = 
    recordFactory.newRecordInstance(KillTaskAttemptResponse.class);
  return response;
}
 
Example #6
Source File: MRClientService.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
@Override
public KillTaskResponse killTask(KillTaskRequest request) 
  throws IOException {
  TaskId taskId = request.getTaskId();
  UserGroupInformation callerUGI = UserGroupInformation.getCurrentUser();
  String message = "Kill task " + taskId + " received from " + callerUGI
      + " at " + Server.getRemoteAddress();
  LOG.info(message);
  verifyAndGetTask(taskId, JobACL.MODIFY_JOB);
  appContext.getEventHandler().handle(
      new TaskEvent(taskId, TaskEventType.T_KILL));
  KillTaskResponse response = 
    recordFactory.newRecordInstance(KillTaskResponse.class);
  return response;
}
 
Example #7
Source File: TestAppController.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 *  Test method 'job'. Should print message about error or set JobPage class for rendering
 */
@Test
public void testGetJob() {
  when(job.checkAccess(any(UserGroupInformation.class), any(JobACL.class)))
      .thenReturn(false);

  appController.job();
  verify(appController.response()).setContentType(MimeType.TEXT);
  assertEquals(
      "Access denied: User user does not have permission to view job job_01_01",
      appController.getData());
  when(job.checkAccess(any(UserGroupInformation.class), any(JobACL.class)))
      .thenReturn(true);

  appController.getProperty().remove(AMParams.JOB_ID);
  appController.job();
  assertEquals(
      "Access denied: User user does not have permission to view job job_01_01Bad Request: Missing job ID",
      appController.getData());

  appController.getProperty().put(AMParams.JOB_ID, "job_01_01");
  appController.job();
  assertEquals(JobPage.class, appController.getClazz());
}
 
Example #8
Source File: TestJobAclsManager.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Test
public void testAclsOff() {
  Map<JobACL, AccessControlList> tmpJobACLs = new HashMap<JobACL, AccessControlList>();
  Configuration conf = new Configuration();
  String jobOwner = "testuser";
  conf.set(JobACL.VIEW_JOB.getAclName(), jobOwner);
  conf.setBoolean(MRConfig.MR_ACLS_ENABLED, false);
  String noAdminUser = "testuser2";

  JobACLsManager aclsManager = new JobACLsManager(conf);
  tmpJobACLs = aclsManager.constructJobACLs(conf);
  final Map<JobACL, AccessControlList> jobACLs = tmpJobACLs;

  UserGroupInformation callerUGI = UserGroupInformation.createUserForTesting(
      noAdminUser, new String[] {});
  // acls off so anyone should have access
  boolean val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner,
      jobACLs.get(JobACL.VIEW_JOB));
  assertTrue("acls off so anyone should have access", val);
}
 
Example #9
Source File: TestAppController.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 *  Test method 'taskCounters'. Should print message about error or set CountersPage class for rendering
 */
@Test
public void testGetTaskCounters() {

  when(job.checkAccess(any(UserGroupInformation.class), any(JobACL.class)))
      .thenReturn(false);

  appController.taskCounters();
  verify(appController.response()).setContentType(MimeType.TEXT);
  assertEquals(
      "Access denied: User user does not have permission to view job job_01_01",
      appController.getData());

  when(job.checkAccess(any(UserGroupInformation.class), any(JobACL.class)))
      .thenReturn(true);

  appController.getProperty().remove(AMParams.TASK_ID);
  appController.taskCounters();
  assertEquals(
      "Access denied: User user does not have permission to view job job_01_01missing task ID",
      appController.getData());

  appController.getProperty().put(AMParams.TASK_ID, "task_01_01_m01_01");
  appController.taskCounters();
  assertEquals(CountersPage.class, appController.getClazz());
}
 
Example #10
Source File: TestAppController.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 *  Test method 'taskCounters'. Should print message about error or set CountersPage class for rendering
 */
@Test
public void testGetTaskCounters() {

  when(job.checkAccess(any(UserGroupInformation.class), any(JobACL.class)))
      .thenReturn(false);

  appController.taskCounters();
  verify(appController.response()).setContentType(MimeType.TEXT);
  assertEquals(
      "Access denied: User user does not have permission to view job job_01_01",
      appController.getData());

  when(job.checkAccess(any(UserGroupInformation.class), any(JobACL.class)))
      .thenReturn(true);

  appController.getProperty().remove(AMParams.TASK_ID);
  appController.taskCounters();
  assertEquals(
      "Access denied: User user does not have permission to view job job_01_01missing task ID",
      appController.getData());

  appController.getProperty().put(AMParams.TASK_ID, "task_01_01_m01_01");
  appController.taskCounters();
  assertEquals(CountersPage.class, appController.getClazz());
}
 
Example #11
Source File: MRClientService.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
public GetJobReportResponse getJobReport(GetJobReportRequest request) 
  throws IOException {
  JobId jobId = request.getJobId();
  // false is for retain compatibility
  Job job = verifyAndGetJob(jobId, JobACL.VIEW_JOB, false);
  GetJobReportResponse response = 
    recordFactory.newRecordInstance(GetJobReportResponse.class);
  if (job != null) {
    response.setJobReport(job.getReport());
  }
  else {
    response.setJobReport(null);
  }
  return response;
}
 
Example #12
Source File: MRClientService.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
public GetJobReportResponse getJobReport(GetJobReportRequest request) 
  throws IOException {
  JobId jobId = request.getJobId();
  // false is for retain compatibility
  Job job = verifyAndGetJob(jobId, JobACL.VIEW_JOB, false);
  GetJobReportResponse response = 
    recordFactory.newRecordInstance(GetJobReportResponse.class);
  if (job != null) {
    response.setJobReport(job.getReport());
  }
  else {
    response.setJobReport(null);
  }
  return response;
}
 
Example #13
Source File: JobACLsManager.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * If authorization is enabled, checks whether the user (in the callerUGI)
 * is authorized to perform the operation specified by 'jobOperation' on
 * the job by checking if the user is jobOwner or part of job ACL for the
 * specific job operation.
 * <ul>
 * <li>The owner of the job can do any operation on the job</li>
 * <li>For all other users/groups job-acls are checked</li>
 * </ul>
 * @param callerUGI
 * @param jobOperation
 * @param jobOwner
 * @param jobACL
 */
public boolean checkAccess(UserGroupInformation callerUGI,
    JobACL jobOperation, String jobOwner, AccessControlList jobACL) {

  if (LOG.isDebugEnabled()) {
    LOG.debug("checkAccess job acls, jobOwner: " + jobOwner + " jobacl: "
        + jobOperation.toString() + " user: " + callerUGI.getShortUserName());
  }
  String user = callerUGI.getShortUserName();
  if (!areACLsEnabled()) {
    return true;
  }

  // Allow Job-owner for any operation on the job
  if (isMRAdmin(callerUGI)
      || user.equals(jobOwner)
      || jobACL.isUserAllowed(callerUGI)) {
    return true;
  }

  return false;
}
 
Example #14
Source File: MRClientService.java    From big-c with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
@Override
public KillTaskResponse killTask(KillTaskRequest request) 
  throws IOException {
  TaskId taskId = request.getTaskId();
  UserGroupInformation callerUGI = UserGroupInformation.getCurrentUser();
  String message = "Kill task " + taskId + " received from " + callerUGI
      + " at " + Server.getRemoteAddress();
  LOG.info(message);
  verifyAndGetTask(taskId, JobACL.MODIFY_JOB);
  appContext.getEventHandler().handle(
      new TaskEvent(taskId, TaskEventType.T_KILL));
  KillTaskResponse response = 
    recordFactory.newRecordInstance(KillTaskResponse.class);
  return response;
}
 
Example #15
Source File: MRClientService.java    From big-c with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
@Override
public KillTaskAttemptResponse killTaskAttempt(
    KillTaskAttemptRequest request) throws IOException {
  TaskAttemptId taskAttemptId = request.getTaskAttemptId();
  UserGroupInformation callerUGI = UserGroupInformation.getCurrentUser();
  String message = "Kill task attempt " + taskAttemptId
      + " received from " + callerUGI + " at "
      + Server.getRemoteAddress();
  LOG.info(message);
  verifyAndGetAttempt(taskAttemptId, JobACL.MODIFY_JOB);
  appContext.getEventHandler().handle(
      new TaskAttemptDiagnosticsUpdateEvent(taskAttemptId, message));
  appContext.getEventHandler().handle(
      new TaskAttemptEvent(taskAttemptId, 
          TaskAttemptEventType.TA_KILL));
  KillTaskAttemptResponse response = 
    recordFactory.newRecordInstance(KillTaskAttemptResponse.class);
  return response;
}
 
Example #16
Source File: JobACLsManager.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Construct the jobACLs from the configuration so that they can be kept in
 * the memory. If authorization is disabled on the JT, nothing is constructed
 * and an empty map is returned.
 * 
 * @return JobACL to AccessControlList map.
 */
public Map<JobACL, AccessControlList> constructJobACLs(Configuration conf) {

  Map<JobACL, AccessControlList> acls =
      new HashMap<JobACL, AccessControlList>();

  // Don't construct anything if authorization is disabled.
  if (!areACLsEnabled()) {
    return acls;
  }

  for (JobACL aclName : JobACL.values()) {
    String aclConfigName = aclName.getAclName();
    String aclConfigured = conf.get(aclConfigName);
    if (aclConfigured == null) {
      // If ACLs are not configured at all, we grant no access to anyone. So
      // jobOwner and cluster administrator _only_ can do 'stuff'
      aclConfigured = " ";
    }
    acls.put(aclName, new AccessControlList(aclConfigured));
  }
  return acls;
}
 
Example #17
Source File: MRClientService.java    From big-c with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
@Override
public FailTaskAttemptResponse failTaskAttempt(
    FailTaskAttemptRequest request) throws IOException {
  TaskAttemptId taskAttemptId = request.getTaskAttemptId();
  UserGroupInformation callerUGI = UserGroupInformation.getCurrentUser();
  String message = "Fail task attempt " + taskAttemptId
      + " received from " + callerUGI + " at "
      + Server.getRemoteAddress();
  LOG.info(message);
  verifyAndGetAttempt(taskAttemptId, JobACL.MODIFY_JOB);
  appContext.getEventHandler().handle(
      new TaskAttemptDiagnosticsUpdateEvent(taskAttemptId, message));
  appContext.getEventHandler().handle(
      new TaskAttemptEvent(taskAttemptId, 
          TaskAttemptEventType.TA_FAILMSG));
  FailTaskAttemptResponse response = recordFactory.
    newRecordInstance(FailTaskAttemptResponse.class);
  return response;
}
 
Example #18
Source File: CompletedJob.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public
    boolean checkAccess(UserGroupInformation callerUGI, JobACL jobOperation) {
  Map<JobACL, AccessControlList> jobACLs = jobInfo.getJobACLs();
  AccessControlList jobACL = jobACLs.get(jobOperation);
  if (jobACL == null) {
    return true;
  }
  return aclsMgr.checkAccess(callerUGI, jobOperation, 
      jobInfo.getUsername(), jobACL);
}
 
Example #19
Source File: MRClientService.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public GetTaskAttemptCompletionEventsResponse getTaskAttemptCompletionEvents(
    GetTaskAttemptCompletionEventsRequest request) 
    throws IOException {
  JobId jobId = request.getJobId();
  int fromEventId = request.getFromEventId();
  int maxEvents = request.getMaxEvents();
  Job job = verifyAndGetJob(jobId, JobACL.VIEW_JOB, true);
  
  GetTaskAttemptCompletionEventsResponse response = 
    recordFactory.newRecordInstance(GetTaskAttemptCompletionEventsResponse.class);
  response.addAllCompletionEvents(Arrays.asList(
      job.getTaskAttemptCompletionEvents(fromEventId, maxEvents)));
  return response;
}
 
Example #20
Source File: MRClientService.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public GetDiagnosticsResponse getDiagnostics(
    GetDiagnosticsRequest request) throws IOException {
  TaskAttemptId taskAttemptId = request.getTaskAttemptId();
  
  GetDiagnosticsResponse response = 
    recordFactory.newRecordInstance(GetDiagnosticsResponse.class);
  response.addAllDiagnostics(verifyAndGetAttempt(taskAttemptId,
      JobACL.VIEW_JOB).getDiagnostics());
  return response;
}
 
Example #21
Source File: JobImpl.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public boolean checkAccess(UserGroupInformation callerUGI, 
    JobACL jobOperation) {
  AccessControlList jobACL = jobACLs.get(jobOperation);
  if (jobACL == null) {
    return true;
  }
  return aclsManager.checkAccess(callerUGI, jobOperation, userName, jobACL);
}
 
Example #22
Source File: MRClientService.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public GetTaskAttemptReportResponse getTaskAttemptReport(
    GetTaskAttemptReportRequest request) throws IOException {
  TaskAttemptId taskAttemptId = request.getTaskAttemptId();
  GetTaskAttemptReportResponse response =
    recordFactory.newRecordInstance(GetTaskAttemptReportResponse.class);
  response.setTaskAttemptReport(
      verifyAndGetAttempt(taskAttemptId, JobACL.VIEW_JOB).getReport());
  return response;
}
 
Example #23
Source File: MRClientService.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public GetCountersResponse getCounters(GetCountersRequest request) 
  throws IOException {
  JobId jobId = request.getJobId();
  Job job = verifyAndGetJob(jobId, JobACL.VIEW_JOB, true);
  GetCountersResponse response =
    recordFactory.newRecordInstance(GetCountersResponse.class);
  response.setCounters(TypeConverter.toYarn(job.getAllCounters()));
  return response;
}
 
Example #24
Source File: TestJobAclsManager.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testClusterNoAdmins() {
  Map<JobACL, AccessControlList> tmpJobACLs = new HashMap<JobACL, AccessControlList>();
  Configuration conf = new Configuration();
  String jobOwner = "testuser";
  conf.set(JobACL.VIEW_JOB.getAclName(), "");
  conf.setBoolean(MRConfig.MR_ACLS_ENABLED, true);
  String noAdminUser = "testuser2";

  JobACLsManager aclsManager = new JobACLsManager(conf);
  tmpJobACLs = aclsManager.constructJobACLs(conf);
  final Map<JobACL, AccessControlList> jobACLs = tmpJobACLs;

  UserGroupInformation callerUGI = UserGroupInformation.createUserForTesting(
      noAdminUser, new String[] {});
  // random user should not have access
  boolean val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner,
      jobACLs.get(JobACL.VIEW_JOB));
  assertFalse("random user should not have view access", val);
  val = aclsManager.checkAccess(callerUGI, JobACL.MODIFY_JOB, jobOwner,
      jobACLs.get(JobACL.MODIFY_JOB));
  assertFalse("random user should not have modify access", val);

  callerUGI = UserGroupInformation.createUserForTesting(jobOwner,
      new String[] {});
  // Owner should have access
  val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner,
      jobACLs.get(JobACL.VIEW_JOB));
  assertTrue("owner should have view access", val);
  val = aclsManager.checkAccess(callerUGI, JobACL.MODIFY_JOB, jobOwner,
      jobACLs.get(JobACL.MODIFY_JOB));
  assertTrue("owner should have modify access", val);
}
 
Example #25
Source File: MRClientService.java    From big-c with Apache License 2.0 5 votes vote down vote up
private Task verifyAndGetTask(TaskId taskID, 
    JobACL accessType) throws IOException {
  Task task =
      verifyAndGetJob(taskID.getJobId(), accessType, true).getTask(taskID);
  if (task == null) {
    throw new IOException("Unknown Task " + taskID);
  }
  return task;
}
 
Example #26
Source File: HistoryClientService.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private void checkAccess(Job job, JobACL jobOperation)
    throws IOException {

  UserGroupInformation callerUGI;
  callerUGI = UserGroupInformation.getCurrentUser();

  if (!job.checkAccess(callerUGI, jobOperation)) {
    throw new IOException(new AccessControlException("User "
        + callerUGI.getShortUserName() + " cannot perform operation "
        + jobOperation.name() + " on " + job.getID()));
  }
}
 
Example #27
Source File: HsWebServices.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private boolean hasAccess(Job job, HttpServletRequest request) {
  String remoteUser = request.getRemoteUser();
  if (remoteUser != null) {
    return job.checkAccess(UserGroupInformation.createRemoteUser(remoteUser),
        JobACL.VIEW_JOB);
  }
  return true;
}
 
Example #28
Source File: JobSubmittedEvent.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/** Get the acls configured for the job **/
public Map<JobACL, AccessControlList> getJobAcls() {
  Map<JobACL, AccessControlList> jobAcls =
      new HashMap<JobACL, AccessControlList>();
  for (JobACL jobACL : JobACL.values()) {
    Utf8 jobACLsUtf8 = new Utf8(jobACL.getAclName());
    if (datum.acls.containsKey(jobACLsUtf8)) {
      jobAcls.put(jobACL, new AccessControlList(datum.acls.get(
          jobACLsUtf8).toString()));
    }
  }
  return jobAcls;
}
 
Example #29
Source File: JobSubmittedEvent.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
   * Create an event to record job submission
   * @param id The job Id of the job
   * @param jobName Name of the job
   * @param userName Name of the user who submitted the job
   * @param submitTime Time of submission
   * @param jobConfPath Path of the Job Configuration file
   * @param jobACLs The configured acls for the job.
   * @param jobQueueName The job-queue to which this job was submitted to
   * @param workflowId The Id of the workflow
   * @param workflowName The name of the workflow
   * @param workflowNodeName The node name of the workflow
   * @param workflowAdjacencies The adjacencies of the workflow
   * @param workflowTags Comma-separated tags for the workflow
   */
  public JobSubmittedEvent(JobID id, String jobName, String userName,
      long submitTime, String jobConfPath,
      Map<JobACL, AccessControlList> jobACLs, String jobQueueName,
      String workflowId, String workflowName, String workflowNodeName,
      String workflowAdjacencies, String workflowTags) {
  datum.jobid = new Utf8(id.toString());
  datum.jobName = new Utf8(jobName);
  datum.userName = new Utf8(userName);
  datum.submitTime = submitTime;
  datum.jobConfPath = new Utf8(jobConfPath);
  Map<CharSequence, CharSequence> jobAcls = new HashMap<CharSequence, CharSequence>();
  for (Entry<JobACL, AccessControlList> entry : jobACLs.entrySet()) {
    jobAcls.put(new Utf8(entry.getKey().getAclName()), new Utf8(
        entry.getValue().getAclString()));
  }
  datum.acls = jobAcls;
  if (jobQueueName != null) {
    datum.jobQueueName = new Utf8(jobQueueName);
  }
  if (workflowId != null) {
    datum.workflowId = new Utf8(workflowId);
  }
  if (workflowName != null) {
    datum.workflowName = new Utf8(workflowName);
  }
  if (workflowNodeName != null) {
    datum.workflowNodeName = new Utf8(workflowNodeName);
  }
  if (workflowAdjacencies != null) {
    datum.workflowAdjacencies = new Utf8(workflowAdjacencies);
  }
  if (workflowTags != null) {
    datum.workflowTags = new Utf8(workflowTags);
  }
}
 
Example #30
Source File: AppController.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * check for job access.
 * @param job the job that is being accessed
 * @return True if the requesting user has permission to view the job
 */
boolean checkAccess(Job job) {
  String remoteUser = request().getRemoteUser();
  UserGroupInformation callerUGI = null;
  if (remoteUser != null) {
    callerUGI = UserGroupInformation.createRemoteUser(remoteUser);
  }
  if (callerUGI != null && !job.checkAccess(callerUGI, JobACL.VIEW_JOB)) {
    return false;
  }
  return true;
}