Java Code Examples for org.apache.hadoop.security.authorize.AccessControlList#addGroup()
The following examples show how to use
org.apache.hadoop.security.authorize.AccessControlList#addGroup() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestApplicationACLs.java From hadoop with Apache License 2.0 | 5 votes |
private void verifyOwnerAccess() throws Exception { AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); // View as owner rmClient.getApplicationReport(appReportRequest); // List apps as owner Assert.assertEquals("App view by owner should list the apps!!", 1, rmClient.getApplications( recordFactory.newRecordInstance(GetApplicationsRequest.class)) .getApplicationList().size()); // Kill app as owner rmClient.forceKillApplication(finishAppRequest); resourceManager.waitForState(applicationId, RMAppState.KILLED); }
Example 2
Source File: TestApplicationACLs.java From hadoop with Apache License 2.0 | 5 votes |
private void verifySuperUserAccess() throws Exception { AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); ApplicationClientProtocol superUserClient = getRMClientForUser(SUPER_USER); // View as the superUser superUserClient.getApplicationReport(appReportRequest); // List apps as superUser Assert.assertEquals("App view by super-user should list the apps!!", 2, superUserClient.getApplications( recordFactory.newRecordInstance(GetApplicationsRequest.class)) .getApplicationList().size()); // Kill app as the superUser superUserClient.forceKillApplication(finishAppRequest); resourceManager.waitForState(applicationId, RMAppState.KILLED); }
Example 3
Source File: TestApplicationACLs.java From hadoop with Apache License 2.0 | 5 votes |
private void verifyFriendAccess() throws Exception { AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); ApplicationClientProtocol friendClient = getRMClientForUser(FRIEND); // View as the friend friendClient.getApplicationReport(appReportRequest); // List apps as friend Assert.assertEquals("App view by a friend should list the apps!!", 3, friendClient.getApplications( recordFactory.newRecordInstance(GetApplicationsRequest.class)) .getApplicationList().size()); // Kill app as the friend friendClient.forceKillApplication(finishAppRequest); resourceManager.waitForState(applicationId, RMAppState.KILLED); }
Example 4
Source File: TestApplicationACLs.java From hadoop with Apache License 2.0 | 5 votes |
private void verifyAdministerQueueUserAccess() throws Exception { isQueueUser = true; AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); ApplicationClientProtocol administerQueueUserRmClient = getRMClientForUser(QUEUE_ADMIN_USER); // View as the administerQueueUserRmClient administerQueueUserRmClient.getApplicationReport(appReportRequest); // List apps as administerQueueUserRmClient Assert.assertEquals("App view by queue-admin-user should list the apps!!", 5, administerQueueUserRmClient.getApplications( recordFactory.newRecordInstance(GetApplicationsRequest.class)) .getApplicationList().size()); // Kill app as the administerQueueUserRmClient administerQueueUserRmClient.forceKillApplication(finishAppRequest); resourceManager.waitForState(applicationId, RMAppState.KILLED); }
Example 5
Source File: TestApplicationACLs.java From big-c with Apache License 2.0 | 5 votes |
private void verifyOwnerAccess() throws Exception { AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); // View as owner rmClient.getApplicationReport(appReportRequest); // List apps as owner Assert.assertEquals("App view by owner should list the apps!!", 1, rmClient.getApplications( recordFactory.newRecordInstance(GetApplicationsRequest.class)) .getApplicationList().size()); // Kill app as owner rmClient.forceKillApplication(finishAppRequest); resourceManager.waitForState(applicationId, RMAppState.KILLED); }
Example 6
Source File: TestApplicationACLs.java From big-c with Apache License 2.0 | 5 votes |
private void verifySuperUserAccess() throws Exception { AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); ApplicationClientProtocol superUserClient = getRMClientForUser(SUPER_USER); // View as the superUser superUserClient.getApplicationReport(appReportRequest); // List apps as superUser Assert.assertEquals("App view by super-user should list the apps!!", 2, superUserClient.getApplications( recordFactory.newRecordInstance(GetApplicationsRequest.class)) .getApplicationList().size()); // Kill app as the superUser superUserClient.forceKillApplication(finishAppRequest); resourceManager.waitForState(applicationId, RMAppState.KILLED); }
Example 7
Source File: TestApplicationACLs.java From big-c with Apache License 2.0 | 5 votes |
private void verifyFriendAccess() throws Exception { AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); ApplicationClientProtocol friendClient = getRMClientForUser(FRIEND); // View as the friend friendClient.getApplicationReport(appReportRequest); // List apps as friend Assert.assertEquals("App view by a friend should list the apps!!", 3, friendClient.getApplications( recordFactory.newRecordInstance(GetApplicationsRequest.class)) .getApplicationList().size()); // Kill app as the friend friendClient.forceKillApplication(finishAppRequest); resourceManager.waitForState(applicationId, RMAppState.KILLED); }
Example 8
Source File: TestApplicationACLs.java From big-c with Apache License 2.0 | 5 votes |
private void verifyAdministerQueueUserAccess() throws Exception { isQueueUser = true; AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); ApplicationClientProtocol administerQueueUserRmClient = getRMClientForUser(QUEUE_ADMIN_USER); // View as the administerQueueUserRmClient administerQueueUserRmClient.getApplicationReport(appReportRequest); // List apps as administerQueueUserRmClient Assert.assertEquals("App view by queue-admin-user should list the apps!!", 5, administerQueueUserRmClient.getApplications( recordFactory.newRecordInstance(GetApplicationsRequest.class)) .getApplicationList().size()); // Kill app as the administerQueueUserRmClient administerQueueUserRmClient.forceKillApplication(finishAppRequest); resourceManager.waitForState(applicationId, RMAppState.KILLED); }
Example 9
Source File: TestApplicationACLs.java From hadoop with Apache License 2.0 | 4 votes |
@BeforeClass public static void setup() throws InterruptedException, IOException { RMStateStore store = RMStateStoreFactory.getStore(conf); conf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true); AccessControlList adminACL = new AccessControlList(""); adminACL.addGroup(SUPER_GROUP); conf.set(YarnConfiguration.YARN_ADMIN_ACL, adminACL.getAclString()); resourceManager = new MockRM(conf) { @Override protected QueueACLsManager createQueueACLsManager( ResourceScheduler scheduler, Configuration conf) { QueueACLsManager mockQueueACLsManager = mock(QueueACLsManager.class); when(mockQueueACLsManager.checkAccess(any(UserGroupInformation.class), any(QueueACL.class), anyString())).thenAnswer(new Answer() { public Object answer(InvocationOnMock invocation) { return isQueueUser; } }); return mockQueueACLsManager; } protected ClientRMService createClientRMService() { return new ClientRMService(getRMContext(), this.scheduler, this.rmAppManager, this.applicationACLsManager, this.queueACLsManager, null); }; }; new Thread() { public void run() { UserGroupInformation.createUserForTesting(ENEMY, new String[] {}); UserGroupInformation.createUserForTesting(FRIEND, new String[] { FRIENDLY_GROUP }); UserGroupInformation.createUserForTesting(SUPER_USER, new String[] { SUPER_GROUP }); resourceManager.start(); }; }.start(); int waitCount = 0; while (resourceManager.getServiceState() == STATE.INITED && waitCount++ < 60) { LOG.info("Waiting for RM to start..."); Thread.sleep(1500); } if (resourceManager.getServiceState() != STATE.STARTED) { // RM could have failed. throw new IOException( "ResourceManager failed to start. Final state is " + resourceManager.getServiceState()); } UserGroupInformation owner = UserGroupInformation .createRemoteUser(APP_OWNER); rmClient = owner.doAs(new PrivilegedExceptionAction<ApplicationClientProtocol>() { @Override public ApplicationClientProtocol run() throws Exception { return (ApplicationClientProtocol) rpc.getProxy(ApplicationClientProtocol.class, rmAddress, conf); } }); }
Example 10
Source File: TestApplicationACLs.java From hadoop with Apache License 2.0 | 4 votes |
private void verifyEnemyAccess() throws Exception { AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); ApplicationClientProtocol enemyRmClient = getRMClientForUser(ENEMY); // View as the enemy ApplicationReport appReport = enemyRmClient.getApplicationReport( appReportRequest).getApplicationReport(); verifyEnemyAppReport(appReport); // List apps as enemy List<ApplicationReport> appReports = enemyRmClient .getApplications(recordFactory .newRecordInstance(GetApplicationsRequest.class)) .getApplicationList(); Assert.assertEquals("App view by enemy should list the apps!!", 4, appReports.size()); for (ApplicationReport report : appReports) { verifyEnemyAppReport(report); } // Kill app as the enemy try { enemyRmClient.forceKillApplication(finishAppRequest); Assert.fail("App killing by the enemy should fail!!"); } catch (YarnException e) { LOG.info("Got exception while killing app as the enemy", e); Assert .assertTrue(e.getMessage().contains( "User enemy cannot perform operation MODIFY_APP on " + applicationId)); } rmClient.forceKillApplication(finishAppRequest); }
Example 11
Source File: TestApplicationACLs.java From big-c with Apache License 2.0 | 4 votes |
@BeforeClass public static void setup() throws InterruptedException, IOException { RMStateStore store = RMStateStoreFactory.getStore(conf); conf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true); AccessControlList adminACL = new AccessControlList(""); adminACL.addGroup(SUPER_GROUP); conf.set(YarnConfiguration.YARN_ADMIN_ACL, adminACL.getAclString()); resourceManager = new MockRM(conf) { @Override protected QueueACLsManager createQueueACLsManager( ResourceScheduler scheduler, Configuration conf) { QueueACLsManager mockQueueACLsManager = mock(QueueACLsManager.class); when(mockQueueACLsManager.checkAccess(any(UserGroupInformation.class), any(QueueACL.class), anyString())).thenAnswer(new Answer() { public Object answer(InvocationOnMock invocation) { return isQueueUser; } }); return mockQueueACLsManager; } protected ClientRMService createClientRMService() { return new ClientRMService(getRMContext(), this.scheduler, this.rmAppManager, this.applicationACLsManager, this.queueACLsManager, null); }; }; new Thread() { public void run() { UserGroupInformation.createUserForTesting(ENEMY, new String[] {}); UserGroupInformation.createUserForTesting(FRIEND, new String[] { FRIENDLY_GROUP }); UserGroupInformation.createUserForTesting(SUPER_USER, new String[] { SUPER_GROUP }); resourceManager.start(); }; }.start(); int waitCount = 0; while (resourceManager.getServiceState() == STATE.INITED && waitCount++ < 60) { LOG.info("Waiting for RM to start..."); Thread.sleep(1500); } if (resourceManager.getServiceState() != STATE.STARTED) { // RM could have failed. throw new IOException( "ResourceManager failed to start. Final state is " + resourceManager.getServiceState()); } UserGroupInformation owner = UserGroupInformation .createRemoteUser(APP_OWNER); rmClient = owner.doAs(new PrivilegedExceptionAction<ApplicationClientProtocol>() { @Override public ApplicationClientProtocol run() throws Exception { return (ApplicationClientProtocol) rpc.getProxy(ApplicationClientProtocol.class, rmAddress, conf); } }); }
Example 12
Source File: TestApplicationACLs.java From big-c with Apache License 2.0 | 4 votes |
private void verifyEnemyAccess() throws Exception { AccessControlList viewACL = new AccessControlList(""); viewACL.addGroup(FRIENDLY_GROUP); AccessControlList modifyACL = new AccessControlList(""); modifyACL.addUser(FRIEND); ApplicationId applicationId = submitAppAndGetAppId(viewACL, modifyACL); final GetApplicationReportRequest appReportRequest = recordFactory .newRecordInstance(GetApplicationReportRequest.class); appReportRequest.setApplicationId(applicationId); final KillApplicationRequest finishAppRequest = recordFactory .newRecordInstance(KillApplicationRequest.class); finishAppRequest.setApplicationId(applicationId); ApplicationClientProtocol enemyRmClient = getRMClientForUser(ENEMY); // View as the enemy ApplicationReport appReport = enemyRmClient.getApplicationReport( appReportRequest).getApplicationReport(); verifyEnemyAppReport(appReport); // List apps as enemy List<ApplicationReport> appReports = enemyRmClient .getApplications(recordFactory .newRecordInstance(GetApplicationsRequest.class)) .getApplicationList(); Assert.assertEquals("App view by enemy should list the apps!!", 4, appReports.size()); for (ApplicationReport report : appReports) { verifyEnemyAppReport(report); } // Kill app as the enemy try { enemyRmClient.forceKillApplication(finishAppRequest); Assert.fail("App killing by the enemy should fail!!"); } catch (YarnException e) { LOG.info("Got exception while killing app as the enemy", e); Assert .assertTrue(e.getMessage().contains( "User enemy cannot perform operation MODIFY_APP on " + applicationId)); } rmClient.forceKillApplication(finishAppRequest); }