Beispiel #1
0
        private TimelineACLsManager.AccessControlListExt PutDomainIntoCache(TimelineDomain
                                                                            domain)
        {
            IDictionary <ApplicationAccessType, AccessControlList> acls = new Dictionary <ApplicationAccessType
                                                                                          , AccessControlList>(2);

            acls[ApplicationAccessType.ViewApp] = new AccessControlList(StringHelper.Cjoin(domain
                                                                                           .GetReaders()));
            acls[ApplicationAccessType.ModifyApp] = new AccessControlList(StringHelper.Cjoin(
                                                                              domain.GetWriters()));
            TimelineACLsManager.AccessControlListExt aclExt = new TimelineACLsManager.AccessControlListExt
                                                                  (domain.GetOwner(), acls);
            aclExts[domain.GetId()] = aclExt;
            return(aclExt);
        }
Beispiel #2
0
        /// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/>
        /// <exception cref="System.IO.IOException"/>
        public virtual bool CheckAccess(UserGroupInformation callerUGI, ApplicationAccessType
                                        applicationAccessType, TimelineEntity entity)
        {
            if (Log.IsDebugEnabled())
            {
                Log.Debug("Verifying the access of " + (callerUGI == null ? null : callerUGI.GetShortUserName
                                                            ()) + " on the timeline entity " + new EntityIdentifier(entity.GetEntityId(), entity
                                                                                                                    .GetEntityType()));
            }
            if (!adminAclsManager.AreACLsEnabled())
            {
                return(true);
            }
            // find domain owner and acls
            TimelineACLsManager.AccessControlListExt aclExt = aclExts[entity.GetDomainId()];
            if (aclExt == null)
            {
                aclExt = LoadDomainFromTimelineStore(entity.GetDomainId());
            }
            if (aclExt == null)
            {
                throw new YarnException("Domain information of the timeline entity " + new EntityIdentifier
                                            (entity.GetEntityId(), entity.GetEntityType()) + " doesn't exist.");
            }
            string            owner     = aclExt.owner;
            AccessControlList domainACL = aclExt.acls[applicationAccessType];

            if (domainACL == null)
            {
                if (Log.IsDebugEnabled())
                {
                    Log.Debug("ACL not found for access-type " + applicationAccessType + " for domain "
                              + entity.GetDomainId() + " owned by " + owner + ". Using default [" + YarnConfiguration
                              .DefaultYarnAppAcl + "]");
                }
                domainACL = new AccessControlList(YarnConfiguration.DefaultYarnAppAcl);
            }
            if (callerUGI != null && (adminAclsManager.IsAdmin(callerUGI) || callerUGI.GetShortUserName
                                          ().Equals(owner) || domainACL.IsUserAllowed(callerUGI)))
            {
                return(true);
            }
            return(false);
        }