/// <summary>Generates the array of QueueAclsInfo object.</summary> /// <remarks> /// Generates the array of QueueAclsInfo object. /// <p> /// The array consists of only those queues for which user has acls. /// </remarks> /// <returns>QueueAclsInfo[]</returns> /// <exception cref="System.IO.IOException"/> internal virtual QueueAclsInfo[] GetQueueAcls(UserGroupInformation ugi) { lock (this) { //List of all QueueAclsInfo objects , this list is returned AList <QueueAclsInfo> queueAclsInfolist = new AList <QueueAclsInfo>(); QueueACL[] qAcls = QueueACL.Values(); foreach (string queueName in leafQueues.Keys) { QueueAclsInfo queueAclsInfo = null; AList <string> operationsAllowed = null; foreach (QueueACL qAcl in qAcls) { if (HasAccess(queueName, qAcl, ugi)) { if (operationsAllowed == null) { operationsAllowed = new AList <string>(); } operationsAllowed.AddItem(qAcl.GetAclName()); } } if (operationsAllowed != null) { //There is atleast 1 operation supported for queue <queueName> //, hence initialize queueAclsInfo queueAclsInfo = new QueueAclsInfo(queueName, Sharpen.Collections.ToArray(operationsAllowed , new string[operationsAllowed.Count])); queueAclsInfolist.AddItem(queueAclsInfo); } } return(Sharpen.Collections.ToArray(queueAclsInfolist, new QueueAclsInfo[queueAclsInfolist .Count])); } }
/// <summary> /// Return true if the given user is part of the ACL for the given /// <see cref="QueueACL"/> /// name for the given queue. /// <p> /// An operation is allowed if all users are provided access for this /// operation, or if either the user or any of the groups specified is /// provided access. /// </summary> /// <param name="queueName">Queue on which the operation needs to be performed.</param> /// <param name="qACL">The queue ACL name to be checked</param> /// <param name="ugi">The user and groups who wish to perform the operation.</param> /// <returns>true if the operation is allowed, false otherwise.</returns> public virtual bool HasAccess(string queueName, QueueACL qACL, UserGroupInformation ugi) { lock (this) { Queue q = leafQueues[queueName]; if (q == null) { Log.Info("Queue " + queueName + " is not present"); return(false); } if (q.GetChildren() != null && !q.GetChildren().IsEmpty()) { Log.Info("Cannot submit job to parent queue " + q.GetName()); return(false); } if (!AreAclsEnabled()) { return(true); } if (Log.IsDebugEnabled()) { Log.Debug("Checking access for the acl " + ToFullPropertyName(queueName, qACL.GetAclName ()) + " for user " + ugi.GetShortUserName()); } AccessControlList acl = q.GetAcls()[ToFullPropertyName(queueName, qACL.GetAclName ())]; if (acl == null) { return(false); } // Check if user is part of the ACL return(acl.IsUserAllowed(ugi)); } }
/// <summary>Parse ACLs for the queue from the configuration.</summary> private IDictionary <string, AccessControlList> GetQueueAcls(string name, Configuration conf) { Dictionary <string, AccessControlList> map = new Dictionary <string, AccessControlList >(); foreach (QueueACL qAcl in QueueACL.Values()) { string aclKey = QueueManager.ToFullPropertyName(name, qAcl.GetAclName()); map[aclKey] = new AccessControlList(conf.Get(aclKey, "*")); } return(map); }
/// <summary> /// Check if queue properties are configured in the passed in /// configuration. /// </summary> /// <remarks> /// Check if queue properties are configured in the passed in /// configuration. If yes, print out deprecation warning messages. /// </remarks> private bool DeprecatedConf(Configuration conf) { string[] queues = null; string queueNameValues = GetQueueNames(conf); if (queueNameValues == null) { return(false); } else { Log.Warn("Configuring \"" + MapredQueueNamesKey + "\" in mapred-site.xml or " + "hadoop-site.xml is deprecated and will overshadow " + QueueConfFileName + ". Remove this property and configure " + "queue hierarchy in " + QueueConfFileName); // store queues so we can check if ACLs are also configured // in the deprecated files. queues = conf.GetStrings(MapredQueueNamesKey); } // check if acls are defined if (queues != null) { foreach (string queue in queues) { foreach (QueueACL qAcl in QueueACL.Values()) { string key = QueueManager.ToFullPropertyName(queue, qAcl.GetAclName()); string aclString = conf.Get(key); if (aclString != null) { Log.Warn("Configuring queue ACLs in mapred-site.xml or " + "hadoop-site.xml is deprecated. Configure queue ACLs in " + QueueConfFileName); // even if one string is configured, it is enough for printing // the warning. so we can return from here. return(true); } } } } return(true); }
internal Operation(QueueACL qACL, JobACL jobACL) { this.qACLNeeded = qACL; this.jobACLNeeded = jobACL; }