public virtual void TestYarnACLsNotEnabledForDomain()
{
Configuration conf = new YarnConfiguration();
conf.SetBoolean(YarnConfiguration.YarnAclEnable, false);
TimelineACLsManager timelineACLsManager = new TimelineACLsManager(conf);
TimelineDomain domain = new TimelineDomain();
domain.SetOwner("owner");
NUnit.Framework.Assert.IsTrue("Always true when ACLs are not enabled", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("user"), domain));
}
public static TimelineDomain GenerateDomain()
{
TimelineDomain domain = new TimelineDomain();
domain.SetId("namesapce id");
domain.SetDescription("domain description");
domain.SetOwner("domain owner");
domain.SetReaders("domain_reader");
domain.SetWriters("domain_writer");
domain.SetCreatedTime(0L);
domain.SetModifiedTime(1L);
return(domain);
}
private static TimelineDomain CreateTimelineDomain(string id, string description,
string owner, string readers, string writers, long createdTime, long modifiedTime
)
{
TimelineDomain domainToStore = new TimelineDomain();
domainToStore.SetId(id);
domainToStore.SetDescription(description);
domainToStore.SetOwner(owner);
domainToStore.SetReaders(readers);
domainToStore.SetWriters(writers);
domainToStore.SetCreatedTime(createdTime);
domainToStore.SetModifiedTime(modifiedTime);
return(domainToStore);
}
public virtual void TestYarnACLsEnabledForDomain()
{
Configuration conf = new YarnConfiguration();
conf.SetBoolean(YarnConfiguration.YarnAclEnable, true);
conf.Set(YarnConfiguration.YarnAdminAcl, "admin");
TimelineACLsManager timelineACLsManager = new TimelineACLsManager(conf);
TimelineDomain domain = new TimelineDomain();
domain.SetOwner("owner");
NUnit.Framework.Assert.IsTrue("Owner should be allowed to access", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("owner"), domain));
NUnit.Framework.Assert.IsFalse("Other shouldn't be allowed to access", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("other"), domain));
NUnit.Framework.Assert.IsTrue("Admin should be allowed to access", timelineACLsManager
.CheckAccess(UserGroupInformation.CreateRemoteUser("admin"), domain));
}
/// <exception cref="System.Exception"/>
protected override void ServiceInit(Configuration conf)
{
TimelineDomain domain = store.GetDomain("DEFAULT");
// it is okay to reuse an existing domain even if it was created by another
// user of the timeline server before, because it allows everybody to access.
if (domain == null)
{
// create a default domain, which allows everybody to access and modify
// the entities in it.
domain = new TimelineDomain();
domain.SetId(DefaultDomainId);
domain.SetDescription("System Default Domain");
domain.SetOwner(UserGroupInformation.GetCurrentUser().GetShortUserName());
domain.SetReaders("*");
domain.SetWriters("*");
store.Put(domain);
}
base.ServiceInit(conf);
}
/// <summary>Add or update an domain.</summary>
/// <remarks>
/// Add or update an domain. If the domain already exists, only the owner
/// and the admin can update it.
/// </remarks>
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/>
/// <exception cref="System.IO.IOException"/>
public virtual void PutDomain(TimelineDomain domain, UserGroupInformation callerUGI
)
{
TimelineDomain existingDomain = store.GetDomain(domain.GetId());
if (existingDomain != null)
{
if (!timelineACLsManager.CheckAccess(callerUGI, existingDomain))
{
throw new YarnException(callerUGI.GetShortUserName() + " is not allowed to override an existing domain "
+ existingDomain.GetId());
}
// Set it again in case ACLs are not enabled: The domain can be
// modified by every body, but the owner is not changed.
domain.SetOwner(existingDomain.GetOwner());
}
store.Put(domain);
// If the domain exists already, it is likely to be in the cache.
// We need to invalidate it.
if (existingDomain != null)
{
timelineACLsManager.ReplaceIfExist(domain);
}
}