public virtual void TestYarnACLsNotEnabledForDomain()
{
Configuration conf = new YarnConfiguration();
conf.SetBoolean(YarnConfiguration.YarnAclEnable, false);
TimelineACLsManager timelineACLsManager = new TimelineACLsManager(conf);
TimelineDomain domain = new TimelineDomain();
domain.SetOwner("owner");
NUnit.Framework.Assert.IsTrue("Always true when ACLs are not enabled", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("user"), domain));
}
public virtual void TestYarnACLsEnabledForDomain()
{
Configuration conf = new YarnConfiguration();
conf.SetBoolean(YarnConfiguration.YarnAclEnable, true);
conf.Set(YarnConfiguration.YarnAdminAcl, "admin");
TimelineACLsManager timelineACLsManager = new TimelineACLsManager(conf);
TimelineDomain domain = new TimelineDomain();
domain.SetOwner("owner");
NUnit.Framework.Assert.IsTrue("Owner should be allowed to access", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("owner"), domain));
NUnit.Framework.Assert.IsFalse("Other shouldn't be allowed to access", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("other"), domain));
NUnit.Framework.Assert.IsTrue("Admin should be allowed to access", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("admin"), domain));
}
public virtual void TestYarnACLsNotEnabledForEntity()
{
Configuration conf = new YarnConfiguration();
conf.SetBoolean(YarnConfiguration.YarnAclEnable, false);
TimelineACLsManager timelineACLsManager = new TimelineACLsManager(conf);
timelineACLsManager.SetTimelineStore(new TestTimelineACLsManager.TestTimelineStore
());
TimelineEntity entity = new TimelineEntity();
entity.AddPrimaryFilter(TimelineStore.SystemFilter.EntityOwner.ToString(), "owner"
);
entity.SetDomainId("domain_id_1");
NUnit.Framework.Assert.IsTrue("Always true when ACLs are not enabled", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("user"), ApplicationAccessType
.ViewApp, entity));
NUnit.Framework.Assert.IsTrue("Always true when ACLs are not enabled", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("user"), ApplicationAccessType
.ModifyApp, entity));
}
public virtual void TestCorruptedOwnerInfoForDomain()
{
Configuration conf = new YarnConfiguration();
conf.SetBoolean(YarnConfiguration.YarnAclEnable, true);
conf.Set(YarnConfiguration.YarnAdminAcl, "owner");
TimelineACLsManager timelineACLsManager = new TimelineACLsManager(conf);
TimelineDomain domain = new TimelineDomain();
try
{
timelineACLsManager.CheckAccess(UserGroupInformation.CreateRemoteUser("owner"), domain
);
NUnit.Framework.Assert.Fail("Exception is expected");
}
catch (YarnException e)
{
NUnit.Framework.Assert.IsTrue("It's not the exact expected exception", e.Message.
Contains("is corrupted."));
}
}
public virtual void TestYarnACLsEnabledForEntity()
{
Configuration conf = new YarnConfiguration();
conf.SetBoolean(YarnConfiguration.YarnAclEnable, true);
conf.Set(YarnConfiguration.YarnAdminAcl, "admin");
TimelineACLsManager timelineACLsManager = new TimelineACLsManager(conf);
timelineACLsManager.SetTimelineStore(new TestTimelineACLsManager.TestTimelineStore
());
TimelineEntity entity = new TimelineEntity();
entity.AddPrimaryFilter(TimelineStore.SystemFilter.EntityOwner.ToString(), "owner"
);
entity.SetDomainId("domain_id_1");
NUnit.Framework.Assert.IsTrue("Owner should be allowed to view", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("owner"), ApplicationAccessType
.ViewApp, entity));
NUnit.Framework.Assert.IsTrue("Reader should be allowed to view", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("reader"), ApplicationAccessType
.ViewApp, entity));
NUnit.Framework.Assert.IsFalse("Other shouldn't be allowed to view", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("other"), ApplicationAccessType
.ViewApp, entity));
NUnit.Framework.Assert.IsTrue("Admin should be allowed to view", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("admin"), ApplicationAccessType
.ViewApp, entity));
NUnit.Framework.Assert.IsTrue("Owner should be allowed to modify", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("owner"), ApplicationAccessType
.ModifyApp, entity));
NUnit.Framework.Assert.IsTrue("Writer should be allowed to modify", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("writer"), ApplicationAccessType
.ModifyApp, entity));
NUnit.Framework.Assert.IsFalse("Other shouldn't be allowed to modify", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("other"), ApplicationAccessType
.ModifyApp, entity));
NUnit.Framework.Assert.IsTrue("Admin should be allowed to modify", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("admin"), ApplicationAccessType
.ModifyApp, entity));
}
public virtual void TestCorruptedOwnerInfoForEntity()
{
Configuration conf = new YarnConfiguration();
conf.SetBoolean(YarnConfiguration.YarnAclEnable, true);
conf.Set(YarnConfiguration.YarnAdminAcl, "owner");
TimelineACLsManager timelineACLsManager = new TimelineACLsManager(conf);
timelineACLsManager.SetTimelineStore(new TestTimelineACLsManager.TestTimelineStore
());
TimelineEntity entity = new TimelineEntity();
try
{
timelineACLsManager.CheckAccess(UserGroupInformation.CreateRemoteUser("owner"), ApplicationAccessType
.ViewApp, entity);
NUnit.Framework.Assert.Fail("Exception is expected");
}
catch (YarnException e)
{
NUnit.Framework.Assert.IsTrue("It's not the exact expected exception", e.Message.
Contains("doesn't exist."));
}
}
