/// <exception cref="System.IO.IOException"/> private Org.Apache.Hadoop.Mapreduce.V2.App.Job.Job VerifyAndGetJob(JobId jobID, JobACL accessType, bool exceptionThrow) { Org.Apache.Hadoop.Mapreduce.V2.App.Job.Job job = this._enclosing.appContext.GetJob (jobID); if (job == null && exceptionThrow) { throw new IOException("Unknown Job " + jobID); } UserGroupInformation ugi = UserGroupInformation.GetCurrentUser(); if (job != null && !job.CheckAccess(ugi, accessType)) { throw new AccessControlException("User " + ugi.GetShortUserName() + " cannot perform operation " + accessType.ToString() + " on " + jobID); } return(job); }
/// <summary> /// If authorization is enabled, checks whether the user (in the callerUGI) /// is authorized to perform the operation specified by 'jobOperation' on /// the job by checking if the user is jobOwner or part of job ACL for the /// specific job operation. /// </summary> /// <remarks> /// If authorization is enabled, checks whether the user (in the callerUGI) /// is authorized to perform the operation specified by 'jobOperation' on /// the job by checking if the user is jobOwner or part of job ACL for the /// specific job operation. /// <ul> /// <li>The owner of the job can do any operation on the job</li> /// <li>For all other users/groups job-acls are checked</li> /// </ul> /// </remarks> /// <param name="callerUGI"/> /// <param name="jobOperation"/> /// <param name="jobOwner"/> /// <param name="jobACL"/> public virtual bool CheckAccess(UserGroupInformation callerUGI, JobACL jobOperation , string jobOwner, AccessControlList jobACL) { if (Log.IsDebugEnabled()) { Log.Debug("checkAccess job acls, jobOwner: " + jobOwner + " jobacl: " + jobOperation .ToString() + " user: " + callerUGI.GetShortUserName()); } string user = callerUGI.GetShortUserName(); if (!AreACLsEnabled()) { return(true); } // Allow Job-owner for any operation on the job if (IsMRAdmin(callerUGI) || user.Equals(jobOwner) || jobACL.IsUserAllowed(callerUGI )) { return(true); } return(false); }
/// <exception cref="System.IO.IOException"/> private void CheckAccess(Org.Apache.Hadoop.Mapreduce.V2.App.Job.Job job, JobACL jobOperation ) { UserGroupInformation callerUGI; callerUGI = UserGroupInformation.GetCurrentUser(); if (!job.CheckAccess(callerUGI, jobOperation)) { throw new IOException(new AccessControlException("User " + callerUGI.GetShortUserName () + " cannot perform operation " + jobOperation.ToString() + " on " + job.GetID ())); } }