/** * Serializes the AccessControlList object */ @Override public void write(DataOutput out) throws IOException { String aclString = getAclString(); Text.writeString(out, aclString); }
/** * Serializes the AccessControlList object */ @Override public void write(DataOutput out) throws IOException { String aclString = getAclString(); Text.writeString(out, aclString); }
/** * Serializes the AccessControlList object */ @Override public void write(DataOutput out) throws IOException { String aclString = getAclString(); Text.writeString(out, aclString); }
public void setAcls(String queue, Map<QueueACL, AccessControlList> acls) { for (Map.Entry<QueueACL, AccessControlList> e : acls.entrySet()) { setAcl(queue, e.getKey(), e.getValue().getAclString()); } }
public void setAcls(String queue, Map<QueueACL, AccessControlList> acls) { for (Map.Entry<QueueACL, AccessControlList> e : acls.entrySet()) { setAcl(queue, e.getKey(), e.getValue().getAclString()); } }
/** * Serializes the AccessControlList object */ @Override public void write(DataOutput out) throws IOException { String aclString = getAclString(); Text.writeString(out, aclString); }
public void setAcls(String queue, Map<QueueACL, AccessControlList> acls) { for (Map.Entry<QueueACL, AccessControlList> e : acls.entrySet()) { setAcl(queue, e.getKey(), e.getValue().getAclString()); } }
@VisibleForTesting public void setReservationAcls(String queue, Map<ReservationACL, AccessControlList> acls) { for (Map.Entry<ReservationACL, AccessControlList> e : acls.entrySet()) { setAcl(queue, e.getKey(), e.getValue().getAclString()); } }
/** * Serializes the AccessControlList object */ @Override public void write(DataOutput out) throws IOException { String aclString = getAclString(); Text.writeString(out, aclString); }
private boolean checkKeyAccess(Map<KeyOpType, AccessControlList> keyAcl, UserGroupInformation ugi, KeyOpType opType) { AccessControlList acl = keyAcl.get(opType); if (acl == null) { // If no acl is specified for this operation, // deny access LOG.debug("No ACL available for key, denying access for {}", opType); return false; } else { if (LOG.isDebugEnabled()) { LOG.debug("Checking user [{}] for: {}: {}" + ugi.getShortUserName(), opType.toString(), acl.getAclString()); } return acl.isUserAllowed(ugi); } }
private void validateGetAclString(AccessControlList acl) { assertTrue(acl.toString().equals( new AccessControlList(acl.getAclString()).toString())); }
private void verifyServiceACLsRefresh(ServiceAuthorizationManager manager, Class<?> protocol, String aclString) { for (Class<?> protocolClass : manager.getProtocolsWithAcls()) { AccessControlList accessList = manager.getProtocolsAcls(protocolClass); if (protocolClass == protocol) { Assert.assertEquals(accessList.getAclString(), aclString); } else { Assert.assertEquals(accessList.getAclString(), "*"); } } }
private void verifyServiceACLsRefresh(ServiceAuthorizationManager manager, Class<?> protocol, String aclString) { for (Class<?> protocolClass : manager.getProtocolsWithAcls()) { AccessControlList accessList = manager.getProtocolsAcls(protocolClass); if (protocolClass == protocol) { Assert.assertEquals(accessList.getAclString(), aclString); } else { Assert.assertEquals(accessList.getAclString(), "*"); } } }
private Map<ApplicationAccessType, String> createACLs(String submitter, boolean setupACLs) { AccessControlList viewACL = new AccessControlList(""); AccessControlList modifyACL = new AccessControlList(""); if (setupACLs) { viewACL.addUser(submitter); viewACL.addUser(COMMON_USER); modifyACL.addUser(submitter); modifyACL.addUser(COMMON_USER); } Map<ApplicationAccessType, String> acls = new HashMap<ApplicationAccessType, String>(); acls.put(ApplicationAccessType.VIEW_APP, viewACL.getAclString()); acls.put(ApplicationAccessType.MODIFY_APP, modifyACL.getAclString()); return acls; } }
private Map<ApplicationAccessType, String> createACLs(String submitter, boolean setupACLs) { AccessControlList viewACL = new AccessControlList(""); AccessControlList modifyACL = new AccessControlList(""); if (setupACLs) { viewACL.addUser(submitter); viewACL.addUser(COMMON_USER); modifyACL.addUser(submitter); modifyACL.addUser(COMMON_USER); } Map<ApplicationAccessType, String> acls = new HashMap<ApplicationAccessType, String>(); acls.put(ApplicationAccessType.VIEW_APP, viewACL.getAclString()); acls.put(ApplicationAccessType.MODIFY_APP, modifyACL.getAclString()); return acls; }
private void validateGetAclString(AccessControlList acl) { assertTrue(acl.toString().equals( new AccessControlList(acl.getAclString()).toString())); }
private void validateGetAclString(AccessControlList acl) { assertTrue(acl.toString().equals( new AccessControlList(acl.getAclString()).toString())); }
private void verifyACLs(List<AppPriorityACLGroup> pGroup, String queueUser, String queueGroup, int maxPriority, int defaultPriority) { AppPriorityACLGroup group = pGroup.get(0); String aclString = queueUser + " " + queueGroup; Assert.assertEquals(aclString.trim(), group.getACLList().getAclString().trim()); Assert.assertEquals(maxPriority, group.getMaxPriority().getPriority()); Assert.assertEquals(defaultPriority, group.getDefaultPriority().getPriority()); } }
@Test public void testDefaultAcl() { ServiceAuthorizationManager serviceAuthorizationManager = new ServiceAuthorizationManager(); Configuration conf = new Configuration (); // test without setting a default acl conf.set(ACL_CONFIG, "user1 group1"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); AccessControlList acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol.class); assertEquals("user1 group1", acl.getAclString()); acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol1.class); assertEquals(AccessControlList.WILDCARD_ACL_VALUE, acl.getAclString()); // test with a default acl conf.set( CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_AUTHORIZATION_DEFAULT_ACL, "user2 group2"); serviceAuthorizationManager.refresh(conf, new TestPolicyProvider()); acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol.class); assertEquals("user1 group1", acl.getAclString()); acl = serviceAuthorizationManager.getProtocolsAcls(TestProtocol1.class); assertEquals("user2 group2", acl.getAclString()); }
@Test public void testAdminAclsWithFileSystemBasedConfigurationProvider() throws IOException, YarnException { configuration.set(YarnConfiguration.RM_CONFIGURATION_PROVIDER_CLASS, "org.apache.hadoop.yarn.FileSystemBasedConfigurationProvider"); //upload default configurations uploadDefaultConfiguration(); try { rm = new MockRM(configuration); rm.init(configuration); rm.start(); } catch(Exception ex) { fail("Should not get any exceptions"); } String aclStringBefore = rm.adminService.getAccessControlList().getAclString().trim(); YarnConfiguration yarnConf = new YarnConfiguration(); yarnConf.set(YarnConfiguration.YARN_ADMIN_ACL, "world:anyone:rwcda"); uploadConfiguration(yarnConf, "yarn-site.xml"); rm.adminService.refreshAdminAcls(RefreshAdminAclsRequest.newInstance()); String aclStringAfter = rm.adminService.getAccessControlList().getAclString().trim(); Assert.assertTrue(!aclStringAfter.equals(aclStringBefore)); Assert.assertEquals(aclStringAfter, "world:anyone:rwcda," + UserGroupInformation.getCurrentUser().getShortUserName()); }