org.apache.hadoop.yarn.security.PrivilegedEntity.EntityType Java Examples

The following examples show how to use org.apache.hadoop.yarn.security.PrivilegedEntity.EntityType. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ConfiguredYarnAuthorizer.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
public boolean checkPermission(AccessType accessType,
    PrivilegedEntity target, UserGroupInformation user) {
  boolean ret = false;
  Map<AccessType, AccessControlList> acls = allAcls.get(target);
  if (acls != null) {
    AccessControlList list = acls.get(accessType);
    if (list != null) {
      ret = list.isUserAllowed(user);
    }
  }

  // recursively look up the queue to see if parent queue has the permission.
  if (target.getType() == EntityType.QUEUE && !ret) {
    String queueName = target.getName();
    if (!queueName.contains(".")) {
      return ret;
    }
    String parentQueueName = queueName.substring(0, queueName.lastIndexOf("."));
    return checkPermission(accessType, new PrivilegedEntity(target.getType(),
      parentQueueName), user);
  }
  return ret;
}
 
Example #2
Source File: AbstractCSQueue.java    From hadoop with Apache License 2.0 6 votes vote down vote up
public AbstractCSQueue(CapacitySchedulerContext cs, 
    String queueName, CSQueue parent, CSQueue old) throws IOException {
  this.labelManager = cs.getRMContext().getNodeLabelManager();
  this.parent = parent;
  this.queueName = queueName;
  this.resourceCalculator = cs.getResourceCalculator();
  
  // must be called after parent and queueName is set
  this.metrics = old != null ? old.getMetrics() :
      QueueMetrics.forQueue(getQueuePath(), parent,
          cs.getConfiguration().getEnableUserMetrics(),
          cs.getConf());

  this.csContext = cs;
  this.minimumAllocation = csContext.getMinimumResourceCapability();
  
  // initialize ResourceUsage
  queueUsage = new ResourceUsage();
  queueEntity = new PrivilegedEntity(EntityType.QUEUE, getQueuePath());
  
  // initialize QueueCapacities
  queueCapacities = new QueueCapacities(parent == null);    
}
 
Example #3
Source File: ConfiguredYarnAuthorizer.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
public boolean checkPermission(AccessType accessType,
    PrivilegedEntity target, UserGroupInformation user) {
  boolean ret = false;
  Map<AccessType, AccessControlList> acls = allAcls.get(target);
  if (acls != null) {
    AccessControlList list = acls.get(accessType);
    if (list != null) {
      ret = list.isUserAllowed(user);
    }
  }

  // recursively look up the queue to see if parent queue has the permission.
  if (target.getType() == EntityType.QUEUE && !ret) {
    String queueName = target.getName();
    if (!queueName.contains(".")) {
      return ret;
    }
    String parentQueueName = queueName.substring(0, queueName.lastIndexOf("."));
    return checkPermission(accessType, new PrivilegedEntity(target.getType(),
      parentQueueName), user);
  }
  return ret;
}
 
Example #4
Source File: AbstractCSQueue.java    From big-c with Apache License 2.0 6 votes vote down vote up
public AbstractCSQueue(CapacitySchedulerContext cs, 
    String queueName, CSQueue parent, CSQueue old) throws IOException {
  this.labelManager = cs.getRMContext().getNodeLabelManager();
  this.parent = parent;
  this.queueName = queueName;
  this.resourceCalculator = cs.getResourceCalculator();
  
  // must be called after parent and queueName is set
  this.metrics = old != null ? old.getMetrics() :
      QueueMetrics.forQueue(getQueuePath(), parent,
          cs.getConfiguration().getEnableUserMetrics(),
          cs.getConf());

  this.csContext = cs;
  this.minimumAllocation = csContext.getMinimumResourceCapability();
  
  // initialize ResourceUsage
  queueUsage = new ResourceUsage();
  queueEntity = new PrivilegedEntity(EntityType.QUEUE, getQueuePath());
  
  // initialize QueueCapacities
  queueCapacities = new QueueCapacities(parent == null);    
}
 
Example #5
Source File: RangerYarnAuthorizer.java    From ranger with Apache License 2.0 6 votes vote down vote up
private boolean isSelfOrChildOf(PrivilegedEntity queue, PrivilegedEntity parentQueue) {
	boolean ret = queue.equals(parentQueue);

	if(!ret && queue.getType() == EntityType.QUEUE) {
		String queueName       = queue.getName();
		String parentQueueName = parentQueue.getName();

		if(queueName.contains(".") && !StringUtil.isEmpty(parentQueueName)) {
			if(parentQueueName.charAt(parentQueueName.length() - 1) != '.') {
				parentQueueName += ".";
			}

			ret = queueName.startsWith(parentQueueName);
		}
	}

	return ret;
}