Java Code Examples for org.apache.hadoop.security.authorize.AccessControlList#addUser()

The following examples show how to use org.apache.hadoop.security.authorize.AccessControlList#addUser() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: QueueACLsTestBase.java    From hadoop with Apache License 2.0 6 votes vote down vote up
private Map<ApplicationAccessType, String> createACLs(String submitter,
    boolean setupACLs) {
  AccessControlList viewACL = new AccessControlList("");
  AccessControlList modifyACL = new AccessControlList("");
  if (setupACLs) {
    viewACL.addUser(submitter);
    viewACL.addUser(COMMON_USER);
    modifyACL.addUser(submitter);
    modifyACL.addUser(COMMON_USER);
  }
  Map<ApplicationAccessType, String> acls =
      new HashMap<ApplicationAccessType, String>();
  acls.put(ApplicationAccessType.VIEW_APP, viewACL.getAclString());
  acls.put(ApplicationAccessType.MODIFY_APP, modifyACL.getAclString());
  return acls;
}
 
Example 2
Source File: QueueACLsTestBase.java    From big-c with Apache License 2.0 6 votes vote down vote up
private Map<ApplicationAccessType, String> createACLs(String submitter,
    boolean setupACLs) {
  AccessControlList viewACL = new AccessControlList("");
  AccessControlList modifyACL = new AccessControlList("");
  if (setupACLs) {
    viewACL.addUser(submitter);
    viewACL.addUser(COMMON_USER);
    modifyACL.addUser(submitter);
    modifyACL.addUser(COMMON_USER);
  }
  Map<ApplicationAccessType, String> acls =
      new HashMap<ApplicationAccessType, String>();
  acls.put(ApplicationAccessType.VIEW_APP, viewACL.getAclString());
  acls.put(ApplicationAccessType.MODIFY_APP, modifyACL.getAclString());
  return acls;
}
 
Example 3
Source File: AdminService.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private AccessControlList getAdminAclList(Configuration conf) {
  AccessControlList aclList =
      new AccessControlList(conf.get(YarnConfiguration.YARN_ADMIN_ACL,
        YarnConfiguration.DEFAULT_YARN_ADMIN_ACL));
  aclList.addUser(daemonUser.getShortUserName());
  return aclList;
}
 
Example 4
Source File: TestApplicationACLs.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private void verifyOwnerAccess() throws Exception {

    AccessControlList viewACL = new AccessControlList("");
    viewACL.addGroup(FRIENDLY_GROUP);
    AccessControlList modifyACL = new AccessControlList("");
    modifyACL.addUser(FRIEND);
    ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL);

    final GetApplicationReportRequest appReportRequest = recordFactory
        .newRecordInstance(GetApplicationReportRequest.class);
    appReportRequest.setApplicationId(applicationId);
    final KillApplicationRequest finishAppRequest = recordFactory
        .newRecordInstance(KillApplicationRequest.class);
    finishAppRequest.setApplicationId(applicationId);

    // View as owner
    rmClient.getApplicationReport(appReportRequest);

    // List apps as owner
    Assert.assertEquals("App view by owner should list the apps!!", 1,
        rmClient.getApplications(
            recordFactory.newRecordInstance(GetApplicationsRequest.class))
            .getApplicationList().size());

    // Kill app as owner
    rmClient.forceKillApplication(finishAppRequest);
    resourceManager.waitForState(applicationId, RMAppState.KILLED);
  }
 
Example 5
Source File: TestApplicationACLs.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private void verifySuperUserAccess() throws Exception {

    AccessControlList viewACL = new AccessControlList("");
    viewACL.addGroup(FRIENDLY_GROUP);
    AccessControlList modifyACL = new AccessControlList("");
    modifyACL.addUser(FRIEND);
    ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL);

    final GetApplicationReportRequest appReportRequest = recordFactory
        .newRecordInstance(GetApplicationReportRequest.class);
    appReportRequest.setApplicationId(applicationId);
    final KillApplicationRequest finishAppRequest = recordFactory
        .newRecordInstance(KillApplicationRequest.class);
    finishAppRequest.setApplicationId(applicationId);

    ApplicationClientProtocol superUserClient = getRMClientForUser(SUPER_USER);

    // View as the superUser
    superUserClient.getApplicationReport(appReportRequest);

    // List apps as superUser
    Assert.assertEquals("App view by super-user should list the apps!!", 2,
        superUserClient.getApplications(
            recordFactory.newRecordInstance(GetApplicationsRequest.class))
            .getApplicationList().size());

    // Kill app as the superUser
    superUserClient.forceKillApplication(finishAppRequest);
    resourceManager.waitForState(applicationId, RMAppState.KILLED);
  }
 
Example 6
Source File: TestApplicationACLs.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private void verifyFriendAccess() throws Exception {

    AccessControlList viewACL = new AccessControlList("");
    viewACL.addGroup(FRIENDLY_GROUP);
    AccessControlList modifyACL = new AccessControlList("");
    modifyACL.addUser(FRIEND);
    ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL);

    final GetApplicationReportRequest appReportRequest = recordFactory
        .newRecordInstance(GetApplicationReportRequest.class);
    appReportRequest.setApplicationId(applicationId);
    final KillApplicationRequest finishAppRequest = recordFactory
        .newRecordInstance(KillApplicationRequest.class);
    finishAppRequest.setApplicationId(applicationId);

    ApplicationClientProtocol friendClient = getRMClientForUser(FRIEND);

    // View as the friend
    friendClient.getApplicationReport(appReportRequest);

    // List apps as friend
    Assert.assertEquals("App view by a friend should list the apps!!", 3,
        friendClient.getApplications(
            recordFactory.newRecordInstance(GetApplicationsRequest.class))
            .getApplicationList().size());

    // Kill app as the friend
    friendClient.forceKillApplication(finishAppRequest);
    resourceManager.waitForState(applicationId, RMAppState.KILLED);
  }
 
Example 7
Source File: TestApplicationACLs.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private void verifyAdministerQueueUserAccess() throws Exception {
  isQueueUser = true;
  AccessControlList viewACL = new AccessControlList("");
  viewACL.addGroup(FRIENDLY_GROUP);
  AccessControlList modifyACL = new AccessControlList("");
  modifyACL.addUser(FRIEND);
  ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL);

  final GetApplicationReportRequest appReportRequest = recordFactory
      .newRecordInstance(GetApplicationReportRequest.class);
  appReportRequest.setApplicationId(applicationId);
  final KillApplicationRequest finishAppRequest = recordFactory
      .newRecordInstance(KillApplicationRequest.class);
  finishAppRequest.setApplicationId(applicationId);

  ApplicationClientProtocol administerQueueUserRmClient =
      getRMClientForUser(QUEUE_ADMIN_USER);

  // View as the administerQueueUserRmClient
  administerQueueUserRmClient.getApplicationReport(appReportRequest);

  // List apps as administerQueueUserRmClient
  Assert.assertEquals("App view by queue-admin-user should list the apps!!",
      5, administerQueueUserRmClient.getApplications(
             recordFactory.newRecordInstance(GetApplicationsRequest.class))
             .getApplicationList().size());

  // Kill app as the administerQueueUserRmClient
  administerQueueUserRmClient.forceKillApplication(finishAppRequest);
  resourceManager.waitForState(applicationId, RMAppState.KILLED);
}
 
Example 8
Source File: AdminService.java    From big-c with Apache License 2.0 5 votes vote down vote up
private AccessControlList getAdminAclList(Configuration conf) {
  AccessControlList aclList =
      new AccessControlList(conf.get(YarnConfiguration.YARN_ADMIN_ACL,
        YarnConfiguration.DEFAULT_YARN_ADMIN_ACL));
  aclList.addUser(daemonUser.getShortUserName());
  return aclList;
}
 
Example 9
Source File: TestApplicationACLs.java    From big-c with Apache License 2.0 5 votes vote down vote up
private void verifyOwnerAccess() throws Exception {

    AccessControlList viewACL = new AccessControlList("");
    viewACL.addGroup(FRIENDLY_GROUP);
    AccessControlList modifyACL = new AccessControlList("");
    modifyACL.addUser(FRIEND);
    ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL);

    final GetApplicationReportRequest appReportRequest = recordFactory
        .newRecordInstance(GetApplicationReportRequest.class);
    appReportRequest.setApplicationId(applicationId);
    final KillApplicationRequest finishAppRequest = recordFactory
        .newRecordInstance(KillApplicationRequest.class);
    finishAppRequest.setApplicationId(applicationId);

    // View as owner
    rmClient.getApplicationReport(appReportRequest);

    // List apps as owner
    Assert.assertEquals("App view by owner should list the apps!!", 1,
        rmClient.getApplications(
            recordFactory.newRecordInstance(GetApplicationsRequest.class))
            .getApplicationList().size());

    // Kill app as owner
    rmClient.forceKillApplication(finishAppRequest);
    resourceManager.waitForState(applicationId, RMAppState.KILLED);
  }
 
Example 10
Source File: TestApplicationACLs.java    From big-c with Apache License 2.0 5 votes vote down vote up
private void verifySuperUserAccess() throws Exception {

    AccessControlList viewACL = new AccessControlList("");
    viewACL.addGroup(FRIENDLY_GROUP);
    AccessControlList modifyACL = new AccessControlList("");
    modifyACL.addUser(FRIEND);
    ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL);

    final GetApplicationReportRequest appReportRequest = recordFactory
        .newRecordInstance(GetApplicationReportRequest.class);
    appReportRequest.setApplicationId(applicationId);
    final KillApplicationRequest finishAppRequest = recordFactory
        .newRecordInstance(KillApplicationRequest.class);
    finishAppRequest.setApplicationId(applicationId);

    ApplicationClientProtocol superUserClient = getRMClientForUser(SUPER_USER);

    // View as the superUser
    superUserClient.getApplicationReport(appReportRequest);

    // List apps as superUser
    Assert.assertEquals("App view by super-user should list the apps!!", 2,
        superUserClient.getApplications(
            recordFactory.newRecordInstance(GetApplicationsRequest.class))
            .getApplicationList().size());

    // Kill app as the superUser
    superUserClient.forceKillApplication(finishAppRequest);
    resourceManager.waitForState(applicationId, RMAppState.KILLED);
  }
 
Example 11
Source File: TestApplicationACLs.java    From big-c with Apache License 2.0 5 votes vote down vote up
private void verifyFriendAccess() throws Exception {

    AccessControlList viewACL = new AccessControlList("");
    viewACL.addGroup(FRIENDLY_GROUP);
    AccessControlList modifyACL = new AccessControlList("");
    modifyACL.addUser(FRIEND);
    ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL);

    final GetApplicationReportRequest appReportRequest = recordFactory
        .newRecordInstance(GetApplicationReportRequest.class);
    appReportRequest.setApplicationId(applicationId);
    final KillApplicationRequest finishAppRequest = recordFactory
        .newRecordInstance(KillApplicationRequest.class);
    finishAppRequest.setApplicationId(applicationId);

    ApplicationClientProtocol friendClient = getRMClientForUser(FRIEND);

    // View as the friend
    friendClient.getApplicationReport(appReportRequest);

    // List apps as friend
    Assert.assertEquals("App view by a friend should list the apps!!", 3,
        friendClient.getApplications(
            recordFactory.newRecordInstance(GetApplicationsRequest.class))
            .getApplicationList().size());

    // Kill app as the friend
    friendClient.forceKillApplication(finishAppRequest);
    resourceManager.waitForState(applicationId, RMAppState.KILLED);
  }
 
Example 12
Source File: TestApplicationACLs.java    From big-c with Apache License 2.0 5 votes vote down vote up
private void verifyAdministerQueueUserAccess() throws Exception {
  isQueueUser = true;
  AccessControlList viewACL = new AccessControlList("");
  viewACL.addGroup(FRIENDLY_GROUP);
  AccessControlList modifyACL = new AccessControlList("");
  modifyACL.addUser(FRIEND);
  ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL);

  final GetApplicationReportRequest appReportRequest = recordFactory
      .newRecordInstance(GetApplicationReportRequest.class);
  appReportRequest.setApplicationId(applicationId);
  final KillApplicationRequest finishAppRequest = recordFactory
      .newRecordInstance(KillApplicationRequest.class);
  finishAppRequest.setApplicationId(applicationId);

  ApplicationClientProtocol administerQueueUserRmClient =
      getRMClientForUser(QUEUE_ADMIN_USER);

  // View as the administerQueueUserRmClient
  administerQueueUserRmClient.getApplicationReport(appReportRequest);

  // List apps as administerQueueUserRmClient
  Assert.assertEquals("App view by queue-admin-user should list the apps!!",
      5, administerQueueUserRmClient.getApplications(
             recordFactory.newRecordInstance(GetApplicationsRequest.class))
             .getApplicationList().size());

  // Kill app as the administerQueueUserRmClient
  administerQueueUserRmClient.forceKillApplication(finishAppRequest);
  resourceManager.waitForState(applicationId, RMAppState.KILLED);
}
 
Example 13
Source File: TestApplicationACLs.java    From hadoop with Apache License 2.0 4 votes vote down vote up
private void verifyEnemyAccess() throws Exception {

    AccessControlList viewACL = new AccessControlList("");
    viewACL.addGroup(FRIENDLY_GROUP);
    AccessControlList modifyACL = new AccessControlList("");
    modifyACL.addUser(FRIEND);
    ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL);

    final GetApplicationReportRequest appReportRequest = recordFactory
        .newRecordInstance(GetApplicationReportRequest.class);
    appReportRequest.setApplicationId(applicationId);
    final KillApplicationRequest finishAppRequest = recordFactory
        .newRecordInstance(KillApplicationRequest.class);
    finishAppRequest.setApplicationId(applicationId);

    ApplicationClientProtocol enemyRmClient = getRMClientForUser(ENEMY);

    // View as the enemy
    ApplicationReport appReport = enemyRmClient.getApplicationReport(
        appReportRequest).getApplicationReport();
    verifyEnemyAppReport(appReport);

    // List apps as enemy
    List<ApplicationReport> appReports = enemyRmClient
        .getApplications(recordFactory
            .newRecordInstance(GetApplicationsRequest.class))
        .getApplicationList();
    Assert.assertEquals("App view by enemy should list the apps!!", 4,
        appReports.size());
    for (ApplicationReport report : appReports) {
      verifyEnemyAppReport(report);
    }

    // Kill app as the enemy
    try {
      enemyRmClient.forceKillApplication(finishAppRequest);
      Assert.fail("App killing by the enemy should fail!!");
    } catch (YarnException e) {
      LOG.info("Got exception while killing app as the enemy", e);
      Assert
          .assertTrue(e.getMessage().contains(
              "User enemy cannot perform operation MODIFY_APP on "
                  + applicationId));
    }

    rmClient.forceKillApplication(finishAppRequest);
  }
 
Example 14
Source File: TestCapacitySchedulerQueueACLs.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
protected Configuration createConfiguration() {
  CapacitySchedulerConfiguration csConf =
      new CapacitySchedulerConfiguration();
  csConf.setQueues(CapacitySchedulerConfiguration.ROOT, new String[] {
      QUEUEA, QUEUEB });

  csConf.setCapacity(CapacitySchedulerConfiguration.ROOT + "." + QUEUEA, 50f);
  csConf.setCapacity(CapacitySchedulerConfiguration.ROOT + "." + QUEUEB, 50f);

  Map<QueueACL, AccessControlList> aclsOnQueueA =
      new HashMap<QueueACL, AccessControlList>();
  AccessControlList submitACLonQueueA = new AccessControlList(QUEUE_A_USER);
  submitACLonQueueA.addUser(COMMON_USER);
  AccessControlList adminACLonQueueA = new AccessControlList(QUEUE_A_ADMIN);
  aclsOnQueueA.put(QueueACL.SUBMIT_APPLICATIONS, submitACLonQueueA);
  aclsOnQueueA.put(QueueACL.ADMINISTER_QUEUE, adminACLonQueueA);
  csConf.setAcls(CapacitySchedulerConfiguration.ROOT + "." + QUEUEA,
    aclsOnQueueA);

  Map<QueueACL, AccessControlList> aclsOnQueueB =
      new HashMap<QueueACL, AccessControlList>();
  AccessControlList submitACLonQueueB = new AccessControlList(QUEUE_B_USER);
  submitACLonQueueB.addUser(COMMON_USER);
  AccessControlList adminACLonQueueB = new AccessControlList(QUEUE_B_ADMIN);
  aclsOnQueueB.put(QueueACL.SUBMIT_APPLICATIONS, submitACLonQueueB);
  aclsOnQueueB.put(QueueACL.ADMINISTER_QUEUE, adminACLonQueueB);
  csConf.setAcls(CapacitySchedulerConfiguration.ROOT + "." + QUEUEB,
    aclsOnQueueB);

  Map<QueueACL, AccessControlList> aclsOnRootQueue =
      new HashMap<QueueACL, AccessControlList>();
  AccessControlList submitACLonRoot = new AccessControlList("");
  AccessControlList adminACLonRoot = new AccessControlList(ROOT_ADMIN);
  aclsOnRootQueue.put(QueueACL.SUBMIT_APPLICATIONS, submitACLonRoot);
  aclsOnRootQueue.put(QueueACL.ADMINISTER_QUEUE, adminACLonRoot);
  csConf.setAcls(CapacitySchedulerConfiguration.ROOT, aclsOnRootQueue);

  csConf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
  csConf.set("yarn.resourcemanager.scheduler.class", CapacityScheduler.class.getName());

  return csConf;
}
 
Example 15
Source File: TestApplicationACLs.java    From big-c with Apache License 2.0 4 votes vote down vote up
private void verifyEnemyAccess() throws Exception {

    AccessControlList viewACL = new AccessControlList("");
    viewACL.addGroup(FRIENDLY_GROUP);
    AccessControlList modifyACL = new AccessControlList("");
    modifyACL.addUser(FRIEND);
    ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL);

    final GetApplicationReportRequest appReportRequest = recordFactory
        .newRecordInstance(GetApplicationReportRequest.class);
    appReportRequest.setApplicationId(applicationId);
    final KillApplicationRequest finishAppRequest = recordFactory
        .newRecordInstance(KillApplicationRequest.class);
    finishAppRequest.setApplicationId(applicationId);

    ApplicationClientProtocol enemyRmClient = getRMClientForUser(ENEMY);

    // View as the enemy
    ApplicationReport appReport = enemyRmClient.getApplicationReport(
        appReportRequest).getApplicationReport();
    verifyEnemyAppReport(appReport);

    // List apps as enemy
    List<ApplicationReport> appReports = enemyRmClient
        .getApplications(recordFactory
            .newRecordInstance(GetApplicationsRequest.class))
        .getApplicationList();
    Assert.assertEquals("App view by enemy should list the apps!!", 4,
        appReports.size());
    for (ApplicationReport report : appReports) {
      verifyEnemyAppReport(report);
    }

    // Kill app as the enemy
    try {
      enemyRmClient.forceKillApplication(finishAppRequest);
      Assert.fail("App killing by the enemy should fail!!");
    } catch (YarnException e) {
      LOG.info("Got exception while killing app as the enemy", e);
      Assert
          .assertTrue(e.getMessage().contains(
              "User enemy cannot perform operation MODIFY_APP on "
                  + applicationId));
    }

    rmClient.forceKillApplication(finishAppRequest);
  }
 
Example 16
Source File: TestCapacitySchedulerQueueACLs.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
protected Configuration createConfiguration() {
  CapacitySchedulerConfiguration csConf =
      new CapacitySchedulerConfiguration();
  csConf.setQueues(CapacitySchedulerConfiguration.ROOT, new String[] {
      QUEUEA, QUEUEB });

  csConf.setCapacity(CapacitySchedulerConfiguration.ROOT + "." + QUEUEA, 50f);
  csConf.setCapacity(CapacitySchedulerConfiguration.ROOT + "." + QUEUEB, 50f);

  Map<QueueACL, AccessControlList> aclsOnQueueA =
      new HashMap<QueueACL, AccessControlList>();
  AccessControlList submitACLonQueueA = new AccessControlList(QUEUE_A_USER);
  submitACLonQueueA.addUser(COMMON_USER);
  AccessControlList adminACLonQueueA = new AccessControlList(QUEUE_A_ADMIN);
  aclsOnQueueA.put(QueueACL.SUBMIT_APPLICATIONS, submitACLonQueueA);
  aclsOnQueueA.put(QueueACL.ADMINISTER_QUEUE, adminACLonQueueA);
  csConf.setAcls(CapacitySchedulerConfiguration.ROOT + "." + QUEUEA,
    aclsOnQueueA);

  Map<QueueACL, AccessControlList> aclsOnQueueB =
      new HashMap<QueueACL, AccessControlList>();
  AccessControlList submitACLonQueueB = new AccessControlList(QUEUE_B_USER);
  submitACLonQueueB.addUser(COMMON_USER);
  AccessControlList adminACLonQueueB = new AccessControlList(QUEUE_B_ADMIN);
  aclsOnQueueB.put(QueueACL.SUBMIT_APPLICATIONS, submitACLonQueueB);
  aclsOnQueueB.put(QueueACL.ADMINISTER_QUEUE, adminACLonQueueB);
  csConf.setAcls(CapacitySchedulerConfiguration.ROOT + "." + QUEUEB,
    aclsOnQueueB);

  Map<QueueACL, AccessControlList> aclsOnRootQueue =
      new HashMap<QueueACL, AccessControlList>();
  AccessControlList submitACLonRoot = new AccessControlList("");
  AccessControlList adminACLonRoot = new AccessControlList(ROOT_ADMIN);
  aclsOnRootQueue.put(QueueACL.SUBMIT_APPLICATIONS, submitACLonRoot);
  aclsOnRootQueue.put(QueueACL.ADMINISTER_QUEUE, adminACLonRoot);
  csConf.setAcls(CapacitySchedulerConfiguration.ROOT, aclsOnRootQueue);

  csConf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
  csConf.set("yarn.resourcemanager.scheduler.class", CapacityScheduler.class.getName());

  return csConf;
}