Beispiel #1
0
 /// <summary>Generates the array of QueueAclsInfo object.</summary>
 /// <remarks>
 /// Generates the array of QueueAclsInfo object.
 /// <p>
 /// The array consists of only those queues for which user has acls.
 /// </remarks>
 /// <returns>QueueAclsInfo[]</returns>
 /// <exception cref="System.IO.IOException"/>
 internal virtual QueueAclsInfo[] GetQueueAcls(UserGroupInformation ugi)
 {
     lock (this)
     {
         //List of all QueueAclsInfo objects , this list is returned
         AList <QueueAclsInfo> queueAclsInfolist = new AList <QueueAclsInfo>();
         QueueACL[]            qAcls             = QueueACL.Values();
         foreach (string queueName in leafQueues.Keys)
         {
             QueueAclsInfo  queueAclsInfo     = null;
             AList <string> operationsAllowed = null;
             foreach (QueueACL qAcl in qAcls)
             {
                 if (HasAccess(queueName, qAcl, ugi))
                 {
                     if (operationsAllowed == null)
                     {
                         operationsAllowed = new AList <string>();
                     }
                     operationsAllowed.AddItem(qAcl.GetAclName());
                 }
             }
             if (operationsAllowed != null)
             {
                 //There is atleast 1 operation supported for queue <queueName>
                 //, hence initialize queueAclsInfo
                 queueAclsInfo = new QueueAclsInfo(queueName, Sharpen.Collections.ToArray(operationsAllowed
                                                                                          , new string[operationsAllowed.Count]));
                 queueAclsInfolist.AddItem(queueAclsInfo);
             }
         }
         return(Sharpen.Collections.ToArray(queueAclsInfolist, new QueueAclsInfo[queueAclsInfolist
                                                                                 .Count]));
     }
 }
Beispiel #2
0
 /// <summary>
 /// Return true if the given user is part of the ACL for the given
 /// <see cref="QueueACL"/>
 /// name for the given queue.
 /// <p>
 /// An operation is allowed if all users are provided access for this
 /// operation, or if either the user or any of the groups specified is
 /// provided access.
 /// </summary>
 /// <param name="queueName">Queue on which the operation needs to be performed.</param>
 /// <param name="qACL">The queue ACL name to be checked</param>
 /// <param name="ugi">The user and groups who wish to perform the operation.</param>
 /// <returns>true     if the operation is allowed, false otherwise.</returns>
 public virtual bool HasAccess(string queueName, QueueACL qACL, UserGroupInformation
                               ugi)
 {
     lock (this)
     {
         Queue q = leafQueues[queueName];
         if (q == null)
         {
             Log.Info("Queue " + queueName + " is not present");
             return(false);
         }
         if (q.GetChildren() != null && !q.GetChildren().IsEmpty())
         {
             Log.Info("Cannot submit job to parent queue " + q.GetName());
             return(false);
         }
         if (!AreAclsEnabled())
         {
             return(true);
         }
         if (Log.IsDebugEnabled())
         {
             Log.Debug("Checking access for the acl " + ToFullPropertyName(queueName, qACL.GetAclName
                                                                               ()) + " for user " + ugi.GetShortUserName());
         }
         AccessControlList acl = q.GetAcls()[ToFullPropertyName(queueName, qACL.GetAclName
                                                                    ())];
         if (acl == null)
         {
             return(false);
         }
         // Check if user is part of the ACL
         return(acl.IsUserAllowed(ugi));
     }
 }
        /// <summary>Parse ACLs for the queue from the configuration.</summary>
        private IDictionary <string, AccessControlList> GetQueueAcls(string name, Configuration
                                                                     conf)
        {
            Dictionary <string, AccessControlList> map = new Dictionary <string, AccessControlList
                                                                         >();

            foreach (QueueACL qAcl in QueueACL.Values())
            {
                string aclKey = QueueManager.ToFullPropertyName(name, qAcl.GetAclName());
                map[aclKey] = new AccessControlList(conf.Get(aclKey, "*"));
            }
            return(map);
        }
        /// <summary>
        /// Check if queue properties are configured in the passed in
        /// configuration.
        /// </summary>
        /// <remarks>
        /// Check if queue properties are configured in the passed in
        /// configuration. If yes, print out deprecation warning messages.
        /// </remarks>
        private bool DeprecatedConf(Configuration conf)
        {
            string[] queues          = null;
            string   queueNameValues = GetQueueNames(conf);

            if (queueNameValues == null)
            {
                return(false);
            }
            else
            {
                Log.Warn("Configuring \"" + MapredQueueNamesKey + "\" in mapred-site.xml or " + "hadoop-site.xml is deprecated and will overshadow "
                         + QueueConfFileName + ". Remove this property and configure " + "queue hierarchy in "
                         + QueueConfFileName);
                // store queues so we can check if ACLs are also configured
                // in the deprecated files.
                queues = conf.GetStrings(MapredQueueNamesKey);
            }
            // check if acls are defined
            if (queues != null)
            {
                foreach (string queue in queues)
                {
                    foreach (QueueACL qAcl in QueueACL.Values())
                    {
                        string key       = QueueManager.ToFullPropertyName(queue, qAcl.GetAclName());
                        string aclString = conf.Get(key);
                        if (aclString != null)
                        {
                            Log.Warn("Configuring queue ACLs in mapred-site.xml or " + "hadoop-site.xml is deprecated. Configure queue ACLs in "
                                     + QueueConfFileName);
                            // even if one string is configured, it is enough for printing
                            // the warning. so we can return from here.
                            return(true);
                        }
                    }
                }
            }
            return(true);
        }
Beispiel #5
0
 internal Operation(QueueACL qACL, JobACL jobACL)
 {
     this.qACLNeeded   = qACL;
     this.jobACLNeeded = jobACL;
 }