org.apache.hadoop.yarn.api.records.ApplicationAccessType Java Examples

The following examples show how to use org.apache.hadoop.yarn.api.records.ApplicationAccessType. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: LogAggregationService.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
private void initApp(final ApplicationId appId, String user,
    Credentials credentials, ContainerLogsRetentionPolicy logRetentionPolicy,
    Map<ApplicationAccessType, String> appAcls,
    LogAggregationContext logAggregationContext) {
  ApplicationEvent eventResponse;
  try {
    verifyAndCreateRemoteLogDir(getConfig());
    initAppAggregator(appId, user, credentials, logRetentionPolicy, appAcls,
        logAggregationContext);
    eventResponse = new ApplicationEvent(appId,
        ApplicationEventType.APPLICATION_LOG_HANDLING_INITED);
  } catch (YarnRuntimeException e) {
    LOG.warn("Application failed to init aggregation", e);
    eventResponse = new ApplicationEvent(appId,
        ApplicationEventType.APPLICATION_LOG_HANDLING_FAILED);
  }
  this.dispatcher.getEventHandler().handle(eventResponse);
}
 
Example #2
Source File: TestLogsCLI.java    From big-c with Apache License 2.0 6 votes vote down vote up
private static void uploadEmptyContainerLogIntoRemoteDir(UserGroupInformation ugi,
    Configuration configuration, List<String> rootLogDirs, NodeId nodeId,
    ContainerId containerId, Path appDir, FileSystem fs) throws Exception {
  Path path =
      new Path(appDir, LogAggregationUtils.getNodeString(nodeId)
          + System.currentTimeMillis());
  AggregatedLogFormat.LogWriter writer =
      new AggregatedLogFormat.LogWriter(configuration, path, ugi);
  writer.writeApplicationOwner(ugi.getUserName());

  Map<ApplicationAccessType, String> appAcls =
      new HashMap<ApplicationAccessType, String>();
  appAcls.put(ApplicationAccessType.VIEW_APP, ugi.getUserName());
  writer.writeApplicationACLs(appAcls);
  DataOutputStream out = writer.getWriter().prepareAppendKey(-1);
  new AggregatedLogFormat.LogKey(containerId).write(out);
  out.close();
  out = writer.getWriter().prepareAppendValue(-1);
  new AggregatedLogFormat.LogValue(rootLogDirs, containerId,
    UserGroupInformation.getCurrentUser().getShortUserName()).write(out,
    new HashSet<File>());
  out.close();
  writer.close();
}
 
Example #3
Source File: TimelineDataManager.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Get the single timeline entity that the given user has access to. The
 * meaning of each argument has been documented with
 * {@link TimelineReader#getEntity}.
 * 
 * @see TimelineReader#getEntity
 */
public TimelineEntity getEntity(
    String entityType,
    String entityId,
    EnumSet<Field> fields,
    UserGroupInformation callerUGI) throws YarnException, IOException {
  TimelineEntity entity = null;
  entity =
      store.getEntity(entityId, entityType, fields);
  if (entity != null) {
    addDefaultDomainIdIfAbsent(entity);
    // check ACLs
    if (!timelineACLsManager.checkAccess(
        callerUGI, ApplicationAccessType.VIEW_APP, entity)) {
      entity = null;
    }
  }
  return entity;
}
 
Example #4
Source File: LogAggregationService.java    From big-c with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
private void initApp(final ApplicationId appId, String user,
    Credentials credentials, ContainerLogsRetentionPolicy logRetentionPolicy,
    Map<ApplicationAccessType, String> appAcls,
    LogAggregationContext logAggregationContext) {
  ApplicationEvent eventResponse;
  try {
    verifyAndCreateRemoteLogDir(getConfig());
    initAppAggregator(appId, user, credentials, logRetentionPolicy, appAcls,
        logAggregationContext);
    eventResponse = new ApplicationEvent(appId,
        ApplicationEventType.APPLICATION_LOG_HANDLING_INITED);
  } catch (YarnRuntimeException e) {
    LOG.warn("Application failed to init aggregation", e);
    eventResponse = new ApplicationEvent(appId,
        ApplicationEventType.APPLICATION_LOG_HANDLING_FAILED);
  }
  this.dispatcher.getEventHandler().handle(eventResponse);
}
 
Example #5
Source File: TestQueueMappings.java    From big-c with Apache License 2.0 6 votes vote down vote up
private void checkAppQueue(MockRM resourceManager, String user,
    String submissionQueue, String expected)
    throws Exception {
  RMApp app = resourceManager.submitApp(200, "name", user,
      new HashMap<ApplicationAccessType, String>(), false, submissionQueue, -1,
      null, "MAPREDUCE", false);
  RMAppState expectedState = expected.isEmpty() ? RMAppState.FAILED
      : RMAppState.ACCEPTED;
  resourceManager.waitForState(app.getApplicationId(), expectedState);
  // get scheduler app
  CapacityScheduler cs = (CapacityScheduler)
      resourceManager.getResourceScheduler();
  SchedulerApplication schedulerApp =
      cs.getSchedulerApplications().get(app.getApplicationId());
  String queue = "";
  if (schedulerApp != null) {
    queue = schedulerApp.getQueue().getQueueName();
  }
  Assert.assertTrue("expected " + expected + " actual " + queue,
      expected.equals(queue));
  Assert.assertEquals(expected, app.getQueue());
}
 
Example #6
Source File: ApplicationHistoryManagerOnTimelineStore.java    From big-c with Apache License 2.0 6 votes vote down vote up
private void checkAccess(ApplicationReportExt app)
        throws YarnException, IOException {
  if (app.appViewACLs != null) {
    aclsManager.addApplication(
        app.appReport.getApplicationId(), app.appViewACLs);
    try {
      if (!aclsManager.checkAccess(UserGroupInformation.getCurrentUser(),
          ApplicationAccessType.VIEW_APP, app.appReport.getUser(),
          app.appReport.getApplicationId())) {
        throw new AuthorizationException("User "
            + UserGroupInformation.getCurrentUser().getShortUserName()
            + " does not have privilage to see this application "
            + app.appReport.getApplicationId());
      }
    } finally {
      aclsManager.removeApplication(app.appReport.getApplicationId());
    }
  }
}
 
Example #7
Source File: QueueACLsTestBase.java    From big-c with Apache License 2.0 6 votes vote down vote up
private Map<ApplicationAccessType, String> createACLs(String submitter,
    boolean setupACLs) {
  AccessControlList viewACL = new AccessControlList("");
  AccessControlList modifyACL = new AccessControlList("");
  if (setupACLs) {
    viewACL.addUser(submitter);
    viewACL.addUser(COMMON_USER);
    modifyACL.addUser(submitter);
    modifyACL.addUser(COMMON_USER);
  }
  Map<ApplicationAccessType, String> acls =
      new HashMap<ApplicationAccessType, String>();
  acls.put(ApplicationAccessType.VIEW_APP, viewACL.getAclString());
  acls.put(ApplicationAccessType.MODIFY_APP, modifyACL.getAclString());
  return acls;
}
 
Example #8
Source File: QueueACLsTestBase.java    From big-c with Apache License 2.0 5 votes vote down vote up
private ApplicationId submitAppAndGetAppId(String submitter,
    String queueName, boolean setupACLs) throws Exception {

  GetNewApplicationRequest newAppRequest =
      GetNewApplicationRequest.newInstance();

  ApplicationClientProtocol submitterClient = getRMClientForUser(submitter);
  ApplicationId applicationId =
      submitterClient.getNewApplication(newAppRequest).getApplicationId();

  Resource resource = BuilderUtils.newResource(1024, 1);
  Map<ApplicationAccessType, String> acls = createACLs(submitter, setupACLs);
  ContainerLaunchContext amContainerSpec =
      ContainerLaunchContext.newInstance(null, null, null, null, null, acls);

  ApplicationSubmissionContext appSubmissionContext =
      ApplicationSubmissionContext.newInstance(applicationId,
        "applicationName", queueName, null, amContainerSpec, false, true, 1,
        resource, "applicationType");
  appSubmissionContext.setApplicationId(applicationId);
  appSubmissionContext.setQueue(queueName);

  SubmitApplicationRequest submitRequest =
      SubmitApplicationRequest.newInstance(appSubmissionContext);
  submitterClient.submitApplication(submitRequest);
  resourceManager.waitForState(applicationId, RMAppState.ACCEPTED);
  return applicationId;
}
 
Example #9
Source File: ClientRMService.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * check if the calling user has the access to application information.
 * @param callerUGI
 * @param owner
 * @param operationPerformed
 * @param application
 * @return
 */
private boolean checkAccess(UserGroupInformation callerUGI, String owner,
    ApplicationAccessType operationPerformed,
    RMApp application) {
  return applicationsACLsManager.checkAccess(callerUGI, operationPerformed,
      owner, application.getApplicationId())
      || queueACLsManager.checkAccess(callerUGI, QueueACL.ADMINISTER_QUEUE,
          application.getQueue());
}
 
Example #10
Source File: TestYarnClient.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test(timeout = 30000)
public void testApplicationType() throws Exception {
  Logger rootLogger = LogManager.getRootLogger();
  rootLogger.setLevel(Level.DEBUG);
  MockRM rm = new MockRM();
  rm.start();
  RMApp app = rm.submitApp(2000);
  RMApp app1 =
      rm.submitApp(200, "name", "user",
        new HashMap<ApplicationAccessType, String>(), false, "default", -1,
        null, "MAPREDUCE");
  Assert.assertEquals("YARN", app.getApplicationType());
  Assert.assertEquals("MAPREDUCE", app1.getApplicationType());
  rm.stop();
}
 
Example #11
Source File: TestDelegationTokenRenewer.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test(timeout=20000)
public void testAppSubmissionWithInvalidDelegationToken() throws Exception {
  Configuration conf = new Configuration();
  conf.set(
      CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
      "kerberos");
  UserGroupInformation.setConfiguration(conf);
  MockRM rm = new MockRM(conf) {
    @Override
    protected void doSecureLogin() throws IOException {
      // Skip the login.
    }
  };
  ByteBuffer tokens = ByteBuffer.wrap("BOGUS".getBytes()); 
  ContainerLaunchContext amContainer =
      ContainerLaunchContext.newInstance(
          new HashMap<String, LocalResource>(), new HashMap<String, String>(),
          new ArrayList<String>(), new HashMap<String, ByteBuffer>(), tokens,
          new HashMap<ApplicationAccessType, String>());
  ApplicationSubmissionContext appSubContext =
      ApplicationSubmissionContext.newInstance(
          ApplicationId.newInstance(1234121, 0),
          "BOGUS", "default", Priority.UNDEFINED, amContainer, false,
          true, 1, Resource.newInstance(1024, 1), "BOGUS");
  SubmitApplicationRequest request =
      SubmitApplicationRequest.newInstance(appSubContext);
  try {
    rm.getClientRMService().submitApplication(request);
    fail("Error was excepted.");
  } catch (YarnException e) {
    Assert.assertTrue(e.getMessage().contains(
        "Bad header found in token storage"));
  }
}
 
Example #12
Source File: TaskSchedulerContextImpl.java    From tez with Apache License 2.0 5 votes vote down vote up
@Override
public void setApplicationRegistrationData(Resource maxContainerCapability,
                                           Map<ApplicationAccessType, String> appAcls,
                                           ByteBuffer clientAMSecretKey,
                                           String queueName) {
  taskSchedulerManager.setApplicationRegistrationData(schedulerId, maxContainerCapability,
      appAcls, clientAMSecretKey, queueName);
}
 
Example #13
Source File: TestClientRMService.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test
public void testGetApplicationReport() throws Exception {
  YarnScheduler yarnScheduler = mock(YarnScheduler.class);
  RMContext rmContext = mock(RMContext.class);
  mockRMContext(yarnScheduler, rmContext);

  ApplicationId appId1 = getApplicationId(1);

  ApplicationACLsManager mockAclsManager = mock(ApplicationACLsManager.class);
  when(
      mockAclsManager.checkAccess(UserGroupInformation.getCurrentUser(),
          ApplicationAccessType.VIEW_APP, null, appId1)).thenReturn(true);

  ClientRMService rmService = new ClientRMService(rmContext, yarnScheduler,
      null, mockAclsManager, null, null);
  try {
    RecordFactory recordFactory = RecordFactoryProvider.getRecordFactory(null);
    GetApplicationReportRequest request = recordFactory
        .newRecordInstance(GetApplicationReportRequest.class);
    request.setApplicationId(appId1);
    GetApplicationReportResponse response = 
        rmService.getApplicationReport(request);
    ApplicationReport report = response.getApplicationReport();
    ApplicationResourceUsageReport usageReport = 
        report.getApplicationResourceUsageReport();
    Assert.assertEquals(10, usageReport.getMemorySeconds());
    Assert.assertEquals(3, usageReport.getVcoreSeconds());
    Assert.assertEquals(3, usageReport.getGcoreSeconds());
  } finally {
    rmService.close();
  }
}
 
Example #14
Source File: TestClientRMService.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testGetApplicationReport() throws Exception {
  YarnScheduler yarnScheduler = mock(YarnScheduler.class);
  RMContext rmContext = mock(RMContext.class);
  mockRMContext(yarnScheduler, rmContext);

  ApplicationId appId1 = getApplicationId(1);

  ApplicationACLsManager mockAclsManager = mock(ApplicationACLsManager.class);
  when(
      mockAclsManager.checkAccess(UserGroupInformation.getCurrentUser(),
          ApplicationAccessType.VIEW_APP, null, appId1)).thenReturn(true);

  ClientRMService rmService = new ClientRMService(rmContext, yarnScheduler,
      null, mockAclsManager, null, null);
  try {
    RecordFactory recordFactory = RecordFactoryProvider.getRecordFactory(null);
    GetApplicationReportRequest request = recordFactory
        .newRecordInstance(GetApplicationReportRequest.class);
    request.setApplicationId(appId1);
    GetApplicationReportResponse response = 
        rmService.getApplicationReport(request);
    ApplicationReport report = response.getApplicationReport();
    ApplicationResourceUsageReport usageReport = 
        report.getApplicationResourceUsageReport();
    Assert.assertEquals(10, usageReport.getMemorySeconds());
    Assert.assertEquals(3, usageReport.getVcoreSeconds());
  } finally {
    rmService.close();
  }
}
 
Example #15
Source File: TestApplicationACLsManager.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testCheckAccessWithNullACLS() {
  Configuration conf = new Configuration();
  conf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE,
      true);
  conf.set(YarnConfiguration.YARN_ADMIN_ACL,
      ADMIN_USER);
  ApplicationACLsManager aclManager = new ApplicationACLsManager(conf);
  UserGroupInformation appOwner = UserGroupInformation
      .createRemoteUser(APP_OWNER);
  ApplicationId appId = ApplicationId.newInstance(1, 1);
  //Application ACL is not added

  //Application Owner should have all access even if Application ACL is not added
  assertTrue(aclManager.checkAccess(appOwner, ApplicationAccessType.MODIFY_APP, 
      APP_OWNER, appId));
  assertTrue(aclManager.checkAccess(appOwner, ApplicationAccessType.VIEW_APP, 
      APP_OWNER, appId));

  //Admin should have all access
  UserGroupInformation adminUser = UserGroupInformation
      .createRemoteUser(ADMIN_USER);
  assertTrue(aclManager.checkAccess(adminUser, ApplicationAccessType.VIEW_APP, 
      APP_OWNER, appId));
  assertTrue(aclManager.checkAccess(adminUser, ApplicationAccessType.MODIFY_APP, 
      APP_OWNER, appId));

  // A regular user should Not have access
  UserGroupInformation testUser1 = UserGroupInformation
      .createRemoteUser(TESTUSER1);
  assertFalse(aclManager.checkAccess(testUser1, ApplicationAccessType.VIEW_APP, 
      APP_OWNER, appId));
  assertFalse(aclManager.checkAccess(testUser1, ApplicationAccessType.MODIFY_APP, 
      APP_OWNER, appId));
}
 
Example #16
Source File: BuilderUtils.java    From big-c with Apache License 2.0 5 votes vote down vote up
public static ContainerLaunchContext newContainerLaunchContext(
    Map<String, LocalResource> localResources,
    Map<String, String> environment, List<String> commands,
    Map<String, ByteBuffer> serviceData, ByteBuffer tokens,
    Map<ApplicationAccessType, String> acls) {
  ContainerLaunchContext container = recordFactory
      .newRecordInstance(ContainerLaunchContext.class);
  container.setLocalResources(localResources);
  container.setEnvironment(environment);
  container.setCommands(commands);
  container.setServiceData(serviceData);
  container.setTokens(tokens);
  container.setApplicationACLs(acls);
  return container;
}
 
Example #17
Source File: ContainerLaunchContextPBImpl.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public void setApplicationACLs(
    final Map<ApplicationAccessType, String> appACLs) {
  if (appACLs == null)
    return;
  initApplicationACLs();
  this.applicationACLS.clear();
  this.applicationACLS.putAll(appACLs);
}
 
Example #18
Source File: TestDelegationTokenRenewer.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test(timeout=20000)
public void testAppSubmissionWithInvalidDelegationToken() throws Exception {
  Configuration conf = new Configuration();
  conf.set(
      CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION,
      "kerberos");
  UserGroupInformation.setConfiguration(conf);
  MockRM rm = new MockRM(conf) {
    @Override
    protected void doSecureLogin() throws IOException {
      // Skip the login.
    }
  };
  ByteBuffer tokens = ByteBuffer.wrap("BOGUS".getBytes()); 
  ContainerLaunchContext amContainer =
      ContainerLaunchContext.newInstance(
          new HashMap<String, LocalResource>(), new HashMap<String, String>(),
          new ArrayList<String>(), new HashMap<String, ByteBuffer>(), tokens,
          new HashMap<ApplicationAccessType, String>());
  ApplicationSubmissionContext appSubContext =
      ApplicationSubmissionContext.newInstance(
          ApplicationId.newInstance(1234121, 0),
          "BOGUS", "default", Priority.UNDEFINED, amContainer, false,
          true, 1, Resource.newInstance(1024, 1, 1), "BOGUS");
  SubmitApplicationRequest request =
      SubmitApplicationRequest.newInstance(appSubContext);
  try {
    rm.getClientRMService().submitApplication(request);
    fail("Error was excepted.");
  } catch (YarnException e) {
    Assert.assertTrue(e.getMessage().contains(
        "Bad header found in token storage"));
  }
}
 
Example #19
Source File: TestApplication.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private Container createMockedContainer(ApplicationId appId, int containerId) {
  ApplicationAttemptId appAttemptId =
      BuilderUtils.newApplicationAttemptId(appId, 1);
  ContainerId cId = BuilderUtils.newContainerId(appAttemptId, containerId);
  Container c = mock(Container.class);
  when(c.getContainerId()).thenReturn(cId);
  ContainerLaunchContext launchContext = mock(ContainerLaunchContext.class);
  when(c.getLaunchContext()).thenReturn(launchContext);
  when(launchContext.getApplicationACLs()).thenReturn(
      new HashMap<ApplicationAccessType, String>());
  return c;
}
 
Example #20
Source File: MockRM.java    From hadoop with Apache License 2.0 5 votes vote down vote up
public RMApp submitApp(int masterMemory, String name, String user,
    Map<ApplicationAccessType, String> acls, boolean unmanaged, String queue,
    int maxAppAttempts, Credentials ts, String appType,
    boolean waitForAccepted, boolean keepContainers, boolean isAppIdProvided,
    ApplicationId applicationId) throws Exception {
  return submitApp(masterMemory, name, user, acls, unmanaged, queue,
    maxAppAttempts, ts, appType, waitForAccepted, keepContainers,
    isAppIdProvided, applicationId, 0, null, true);
}
 
Example #21
Source File: TestAppManager.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private static ContainerLaunchContext mockContainerLaunchContext(
    RecordFactory recordFactory) {
  ContainerLaunchContext amContainer = recordFactory.newRecordInstance(
      ContainerLaunchContext.class);
  amContainer.setApplicationACLs(new HashMap<ApplicationAccessType, String>());;
  return amContainer;
}
 
Example #22
Source File: TestAggregatedLogsBlock.java    From big-c with Apache License 2.0 5 votes vote down vote up
private void writeLog(Configuration configuration, String user)
    throws Exception {
  ApplicationId appId =  ApplicationIdPBImpl.newInstance(0, 1);
  ApplicationAttemptId appAttemptId =  ApplicationAttemptIdPBImpl.newInstance(appId, 1);
  ContainerId containerId = ContainerIdPBImpl.newContainerId(appAttemptId, 1);

  String path = "target/logs/" + user
      + "/logs/application_0_0001/localhost_1234";
  File f = new File(path);
  if (!f.getParentFile().exists()) {
   assertTrue(f.getParentFile().mkdirs());
  }
  List<String> rootLogDirs = Arrays.asList("target/logs/logs");
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();

  AggregatedLogFormat.LogWriter writer = new AggregatedLogFormat.LogWriter(
      configuration, new Path(path), ugi);
  writer.writeApplicationOwner(ugi.getUserName());

  Map<ApplicationAccessType, String> appAcls = new HashMap<ApplicationAccessType, String>();
  appAcls.put(ApplicationAccessType.VIEW_APP, ugi.getUserName());
  writer.writeApplicationACLs(appAcls);

  writer.append(new AggregatedLogFormat.LogKey("container_0_0001_01_000001"),
      new AggregatedLogFormat.LogValue(rootLogDirs, containerId,UserGroupInformation.getCurrentUser().getShortUserName()));
  writer.close();
}
 
Example #23
Source File: ClientRMService.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Override
public GetApplicationAttemptsResponse getApplicationAttempts(
    GetApplicationAttemptsRequest request) throws YarnException, IOException {
  ApplicationId appId = request.getApplicationId();
  UserGroupInformation callerUGI;
  try {
    callerUGI = UserGroupInformation.getCurrentUser();
  } catch (IOException ie) {
    LOG.info("Error getting UGI ", ie);
    throw RPCUtil.getRemoteException(ie);
  }
  RMApp application = this.rmContext.getRMApps().get(appId);
  if (application == null) {
    // If the RM doesn't have the application, throw
    // ApplicationNotFoundException and let client to handle.
    throw new ApplicationNotFoundException("Application with id '" + appId
        + "' doesn't exist in RM.");
  }
  boolean allowAccess = checkAccess(callerUGI, application.getUser(),
      ApplicationAccessType.VIEW_APP, application);
  GetApplicationAttemptsResponse response = null;
  if (allowAccess) {
    Map<ApplicationAttemptId, RMAppAttempt> attempts = application
        .getAppAttempts();
    List<ApplicationAttemptReport> listAttempts = 
      new ArrayList<ApplicationAttemptReport>();
    Iterator<Map.Entry<ApplicationAttemptId, RMAppAttempt>> iter = attempts
        .entrySet().iterator();
    while (iter.hasNext()) {
      listAttempts.add(iter.next().getValue()
          .createApplicationAttemptReport());
    }
    response = GetApplicationAttemptsResponse.newInstance(listAttempts);
  } else {
    throw new YarnException("User " + callerUGI.getShortUserName()
        + " does not have privilage to see this aplication " + appId);
  }
  return response;
}
 
Example #24
Source File: ApplicationInitEvent.java    From big-c with Apache License 2.0 5 votes vote down vote up
public ApplicationInitEvent(ApplicationId appId,
    Map<ApplicationAccessType, String> acls,
    LogAggregationContext logAggregationContext) {
  super(appId, ApplicationEventType.INIT_APPLICATION);
  this.applicationACLs = acls;
  this.logAggregationContext = logAggregationContext;
}
 
Example #25
Source File: ACLManager.java    From Bats with Apache License 2.0 5 votes vote down vote up
public static void setupUserACLs(ContainerLaunchContext launchContext, String userName, Configuration conf) throws IOException
{
  logger.debug("Setup login acls {}", userName);
  if (areACLsRequired(conf)) {
    logger.debug("Configuring ACLs for {}", userName);
    Map<ApplicationAccessType, String> acls = Maps.newHashMap();
    acls.put(ApplicationAccessType.VIEW_APP, userName);
    acls.put(ApplicationAccessType.MODIFY_APP, userName);
    launchContext.setApplicationACLs(acls);
  }
}
 
Example #26
Source File: TaskSchedulerContextImplWrapper.java    From tez with Apache License 2.0 5 votes vote down vote up
public SetApplicationRegistrationDataCallable(TaskSchedulerContext app,
    Resource maxContainerCapability,
    Map<ApplicationAccessType, String> appAcls,
    ByteBuffer key,
    String queueName) {
  super(app);
  this.maxContainerCapability = maxContainerCapability;
  this.appAcls = appAcls;
  this.key = key;
  this.queueName = queueName;
}
 
Example #27
Source File: ContainerLaunchContextInfo.java    From hadoop with Apache License 2.0 5 votes vote down vote up
public ContainerLaunchContextInfo() {
  local_resources = new HashMap<String, LocalResourceInfo>();
  environment = new HashMap<String, String>();
  commands = new ArrayList<String>();
  servicedata = new HashMap<String, String>();
  credentials = new CredentialsInfo();
  acls = new HashMap<ApplicationAccessType, String>();
}
 
Example #28
Source File: RMWebServices.java    From hadoop with Apache License 2.0 5 votes vote down vote up
protected Boolean hasAccess(RMApp app, HttpServletRequest hsr) {
  // Check for the authorization.
  UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
  if (callerUGI != null
      && !(this.rm.getApplicationACLsManager().checkAccess(callerUGI,
            ApplicationAccessType.VIEW_APP, app.getUser(),
            app.getApplicationId()) ||
          this.rm.getQueueACLsManager().checkAccess(callerUGI,
            QueueACL.ADMINISTER_QUEUE, app.getQueue()))) {
    return false;
  }
  return true;
}
 
Example #29
Source File: TestYarnClient.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test(timeout = 30000)
public void testApplicationTypeLimit() throws Exception {
  Logger rootLogger = LogManager.getRootLogger();
  rootLogger.setLevel(Level.DEBUG);
  MockRM rm = new MockRM();
  rm.start();
  RMApp app1 =
      rm.submitApp(200, "name", "user",
        new HashMap<ApplicationAccessType, String>(), false, "default", -1,
        null, "MAPREDUCE-LENGTH-IS-20");
  Assert.assertEquals("MAPREDUCE-LENGTH-IS-", app1.getApplicationType());
  rm.stop();
}
 
Example #30
Source File: ClientRMService.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * It gives response which includes application report if the application
 * present otherwise throws ApplicationNotFoundException.
 */
@Override
public GetApplicationReportResponse getApplicationReport(
    GetApplicationReportRequest request) throws YarnException {
  ApplicationId applicationId = request.getApplicationId();

  UserGroupInformation callerUGI;
  try {
    callerUGI = UserGroupInformation.getCurrentUser();
  } catch (IOException ie) {
    LOG.info("Error getting UGI ", ie);
    throw RPCUtil.getRemoteException(ie);
  }

  RMApp application = this.rmContext.getRMApps().get(applicationId);
  if (application == null) {
    // If the RM doesn't have the application, throw
    // ApplicationNotFoundException and let client to handle.
    throw new ApplicationNotFoundException("Application with id '"
        + applicationId + "' doesn't exist in RM.");
  }

  boolean allowAccess = checkAccess(callerUGI, application.getUser(),
      ApplicationAccessType.VIEW_APP, application);
  ApplicationReport report =
      application.createAndGetApplicationReport(callerUGI.getUserName(),
          allowAccess);

  GetApplicationReportResponse response = recordFactory
      .newRecordInstance(GetApplicationReportResponse.class);
  response.setApplicationReport(report);
  return response;
}