public virtual void TestCheckAccessWithNullACLS()
{
Configuration conf = new Configuration();
conf.SetBoolean(YarnConfiguration.YarnAclEnable, true);
conf.Set(YarnConfiguration.YarnAdminAcl, AdminUser);
ApplicationACLsManager aclManager = new ApplicationACLsManager(conf);
UserGroupInformation appOwner = UserGroupInformation.CreateRemoteUser(AppOwner);
ApplicationId appId = ApplicationId.NewInstance(1, 1);
//Application ACL is not added
//Application Owner should have all access even if Application ACL is not added
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(appOwner, ApplicationAccessType
.ModifyApp, AppOwner, appId));
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(appOwner, ApplicationAccessType
.ViewApp, AppOwner, appId));
//Admin should have all access
UserGroupInformation adminUser = UserGroupInformation.CreateRemoteUser(AdminUser);
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(adminUser, ApplicationAccessType
.ViewApp, AppOwner, appId));
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(adminUser, ApplicationAccessType
.ModifyApp, AppOwner, appId));
// A regular user should Not have access
UserGroupInformation testUser1 = UserGroupInformation.CreateRemoteUser(Testuser1);
NUnit.Framework.Assert.IsFalse(aclManager.CheckAccess(testUser1, ApplicationAccessType
.ViewApp, AppOwner, appId));
NUnit.Framework.Assert.IsFalse(aclManager.CheckAccess(testUser1, ApplicationAccessType
.ModifyApp, AppOwner, appId));
}
public virtual void TestCheckAccess()
{
Configuration conf = new Configuration();
conf.SetBoolean(YarnConfiguration.YarnAclEnable, true);
conf.Set(YarnConfiguration.YarnAdminAcl, AdminUser);
ApplicationACLsManager aclManager = new ApplicationACLsManager(conf);
IDictionary <ApplicationAccessType, string> aclMap = new Dictionary <ApplicationAccessType
, string>();
aclMap[ApplicationAccessType.ViewApp] = Testuser1 + "," + Testuser3;
aclMap[ApplicationAccessType.ModifyApp] = Testuser1;
ApplicationId appId = ApplicationId.NewInstance(1, 1);
aclManager.AddApplication(appId, aclMap);
//User in ACL, should be allowed access
UserGroupInformation testUser1 = UserGroupInformation.CreateRemoteUser(Testuser1);
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(testUser1, ApplicationAccessType
.ViewApp, AppOwner, appId));
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(testUser1, ApplicationAccessType
.ModifyApp, AppOwner, appId));
//User NOT in ACL, should not be allowed access
UserGroupInformation testUser2 = UserGroupInformation.CreateRemoteUser(Testuser2);
NUnit.Framework.Assert.IsFalse(aclManager.CheckAccess(testUser2, ApplicationAccessType
.ViewApp, AppOwner, appId));
NUnit.Framework.Assert.IsFalse(aclManager.CheckAccess(testUser2, ApplicationAccessType
.ModifyApp, AppOwner, appId));
//User has View access, but not modify access
UserGroupInformation testUser3 = UserGroupInformation.CreateRemoteUser(Testuser3);
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(testUser3, ApplicationAccessType
.ViewApp, AppOwner, appId));
NUnit.Framework.Assert.IsFalse(aclManager.CheckAccess(testUser3, ApplicationAccessType
.ModifyApp, AppOwner, appId));
//Application Owner should have all access
UserGroupInformation appOwner = UserGroupInformation.CreateRemoteUser(AppOwner);
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(appOwner, ApplicationAccessType
.ViewApp, AppOwner, appId));
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(appOwner, ApplicationAccessType
.ModifyApp, AppOwner, appId));
//Admin should have all access
UserGroupInformation adminUser = UserGroupInformation.CreateRemoteUser(AdminUser);
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(adminUser, ApplicationAccessType
.ViewApp, AppOwner, appId));
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(adminUser, ApplicationAccessType
.ModifyApp, AppOwner, appId));
}
public virtual void TestCheckAccessWithPartialACLS()
{
Configuration conf = new Configuration();
conf.SetBoolean(YarnConfiguration.YarnAclEnable, true);
conf.Set(YarnConfiguration.YarnAdminAcl, AdminUser);
ApplicationACLsManager aclManager = new ApplicationACLsManager(conf);
UserGroupInformation appOwner = UserGroupInformation.CreateRemoteUser(AppOwner);
// Add only the VIEW ACLS
IDictionary <ApplicationAccessType, string> aclMap = new Dictionary <ApplicationAccessType
, string>();
aclMap[ApplicationAccessType.ViewApp] = Testuser1;
ApplicationId appId = ApplicationId.NewInstance(1, 1);
aclManager.AddApplication(appId, aclMap);
//Application Owner should have all access even if Application ACL is not added
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(appOwner, ApplicationAccessType
.ModifyApp, AppOwner, appId));
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(appOwner, ApplicationAccessType
.ViewApp, AppOwner, appId));
//Admin should have all access
UserGroupInformation adminUser = UserGroupInformation.CreateRemoteUser(AdminUser);
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(adminUser, ApplicationAccessType
.ViewApp, AppOwner, appId));
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(adminUser, ApplicationAccessType
.ModifyApp, AppOwner, appId));
// testuser1 should have view access only
UserGroupInformation testUser1 = UserGroupInformation.CreateRemoteUser(Testuser1);
NUnit.Framework.Assert.IsTrue(aclManager.CheckAccess(testUser1, ApplicationAccessType
.ViewApp, AppOwner, appId));
NUnit.Framework.Assert.IsFalse(aclManager.CheckAccess(testUser1, ApplicationAccessType
.ModifyApp, AppOwner, appId));
// A testuser2 should Not have access
UserGroupInformation testUser2 = UserGroupInformation.CreateRemoteUser(Testuser2);
NUnit.Framework.Assert.IsFalse(aclManager.CheckAccess(testUser2, ApplicationAccessType
.ViewApp, AppOwner, appId));
NUnit.Framework.Assert.IsFalse(aclManager.CheckAccess(testUser2, ApplicationAccessType
.ModifyApp, AppOwner, appId));
}
