/// <exception cref="System.Exception"/>
private void VerifyAdministerQueueUserAccess()
{
isQueueUser = true;
AccessControlList viewACL = new AccessControlList(string.Empty);
viewACL.AddGroup(FriendlyGroup);
AccessControlList modifyACL = new AccessControlList(string.Empty);
modifyACL.AddUser(Friend);
ApplicationId applicationId = SubmitAppAndGetAppId(viewACL, modifyACL);
GetApplicationReportRequest appReportRequest = recordFactory.NewRecordInstance <GetApplicationReportRequest
>();
appReportRequest.SetApplicationId(applicationId);
KillApplicationRequest finishAppRequest = recordFactory.NewRecordInstance <KillApplicationRequest
>();
finishAppRequest.SetApplicationId(applicationId);
ApplicationClientProtocol administerQueueUserRmClient = GetRMClientForUser(QueueAdminUser
);
// View as the administerQueueUserRmClient
administerQueueUserRmClient.GetApplicationReport(appReportRequest);
// List apps as administerQueueUserRmClient
NUnit.Framework.Assert.AreEqual("App view by queue-admin-user should list the apps!!"
, 5, administerQueueUserRmClient.GetApplications(recordFactory.NewRecordInstance
<GetApplicationsRequest>()).GetApplicationList().Count);
// Kill app as the administerQueueUserRmClient
administerQueueUserRmClient.ForceKillApplication(finishAppRequest);
resourceManager.WaitForState(applicationId, RMAppState.Killed);
}
/// <exception cref="System.Exception"/>
private void VerifyOwnerAccess()
{
AccessControlList viewACL = new AccessControlList(string.Empty);
viewACL.AddGroup(FriendlyGroup);
AccessControlList modifyACL = new AccessControlList(string.Empty);
modifyACL.AddUser(Friend);
ApplicationId applicationId = SubmitAppAndGetAppId(viewACL, modifyACL);
GetApplicationReportRequest appReportRequest = recordFactory.NewRecordInstance <GetApplicationReportRequest
>();
appReportRequest.SetApplicationId(applicationId);
KillApplicationRequest finishAppRequest = recordFactory.NewRecordInstance <KillApplicationRequest
>();
finishAppRequest.SetApplicationId(applicationId);
// View as owner
rmClient.GetApplicationReport(appReportRequest);
// List apps as owner
NUnit.Framework.Assert.AreEqual("App view by owner should list the apps!!", 1, rmClient
.GetApplications(recordFactory.NewRecordInstance <GetApplicationsRequest>()).GetApplicationList
().Count);
// Kill app as owner
rmClient.ForceKillApplication(finishAppRequest);
resourceManager.WaitForState(applicationId, RMAppState.Killed);
}
private AccessControlList GetAdminAclList(Configuration conf)
{
AccessControlList aclList = new AccessControlList(conf.Get(YarnConfiguration.YarnAdminAcl
, YarnConfiguration.DefaultYarnAdminAcl));
aclList.AddUser(daemonUser.GetShortUserName());
return(aclList);
}
private IDictionary <ApplicationAccessType, string> CreateACLs(string submitter, bool
setupACLs)
{
AccessControlList viewACL = new AccessControlList(string.Empty);
AccessControlList modifyACL = new AccessControlList(string.Empty);
if (setupACLs)
{
viewACL.AddUser(submitter);
viewACL.AddUser(CommonUser);
modifyACL.AddUser(submitter);
modifyACL.AddUser(CommonUser);
}
IDictionary <ApplicationAccessType, string> acls = new Dictionary <ApplicationAccessType
, string>();
acls[ApplicationAccessType.ViewApp] = viewACL.GetAclString();
acls[ApplicationAccessType.ModifyApp] = modifyACL.GetAclString();
return(acls);
}
/// <exception cref="System.Exception"/>
private void VerifyEnemyAccess()
{
AccessControlList viewACL = new AccessControlList(string.Empty);
viewACL.AddGroup(FriendlyGroup);
AccessControlList modifyACL = new AccessControlList(string.Empty);
modifyACL.AddUser(Friend);
ApplicationId applicationId = SubmitAppAndGetAppId(viewACL, modifyACL);
GetApplicationReportRequest appReportRequest = recordFactory.NewRecordInstance <GetApplicationReportRequest
>();
appReportRequest.SetApplicationId(applicationId);
KillApplicationRequest finishAppRequest = recordFactory.NewRecordInstance <KillApplicationRequest
>();
finishAppRequest.SetApplicationId(applicationId);
ApplicationClientProtocol enemyRmClient = GetRMClientForUser(Enemy);
// View as the enemy
ApplicationReport appReport = enemyRmClient.GetApplicationReport(appReportRequest
).GetApplicationReport();
VerifyEnemyAppReport(appReport);
// List apps as enemy
IList <ApplicationReport> appReports = enemyRmClient.GetApplications(recordFactory
.NewRecordInstance <GetApplicationsRequest>()).GetApplicationList();
NUnit.Framework.Assert.AreEqual("App view by enemy should list the apps!!", 4, appReports
.Count);
foreach (ApplicationReport report in appReports)
{
VerifyEnemyAppReport(report);
}
// Kill app as the enemy
try
{
enemyRmClient.ForceKillApplication(finishAppRequest);
NUnit.Framework.Assert.Fail("App killing by the enemy should fail!!");
}
catch (YarnException e)
{
Log.Info("Got exception while killing app as the enemy", e);
NUnit.Framework.Assert.IsTrue(e.Message.Contains("User enemy cannot perform operation MODIFY_APP on "
+ applicationId));
}
rmClient.ForceKillApplication(finishAppRequest);
}
/// <summary>Constructs and initializes this AdminACLsManager</summary>
/// <param name="conf">configuration for this object to use</param>
public AdminACLsManager(Configuration conf)
{
this.adminAcl = new AccessControlList(conf.Get(YarnConfiguration.YarnAdminAcl, YarnConfiguration
.DefaultYarnAdminAcl));
try
{
owner = UserGroupInformation.GetCurrentUser();
adminAcl.AddUser(owner.GetShortUserName());
}
catch (IOException e)
{
Log.Warn("Could not add current user to admin:" + e);
throw new YarnRuntimeException(e);
}
aclsEnabled = conf.GetBoolean(YarnConfiguration.YarnAclEnable, YarnConfiguration.
DefaultYarnAclEnable);
}
protected internal override Configuration CreateConfiguration()
{
CapacitySchedulerConfiguration csConf = new CapacitySchedulerConfiguration();
csConf.SetQueues(CapacitySchedulerConfiguration.Root, new string[] { Queuea, Queueb });
csConf.SetCapacity(CapacitySchedulerConfiguration.Root + "." + Queuea, 50f);
csConf.SetCapacity(CapacitySchedulerConfiguration.Root + "." + Queueb, 50f);
IDictionary <QueueACL, AccessControlList> aclsOnQueueA = new Dictionary <QueueACL,
AccessControlList>();
AccessControlList submitACLonQueueA = new AccessControlList(QueueAUser);
submitACLonQueueA.AddUser(CommonUser);
AccessControlList adminACLonQueueA = new AccessControlList(QueueAAdmin);
aclsOnQueueA[QueueACL.SubmitApplications] = submitACLonQueueA;
aclsOnQueueA[QueueACL.AdministerQueue] = adminACLonQueueA;
csConf.SetAcls(CapacitySchedulerConfiguration.Root + "." + Queuea, aclsOnQueueA);
IDictionary <QueueACL, AccessControlList> aclsOnQueueB = new Dictionary <QueueACL,
AccessControlList>();
AccessControlList submitACLonQueueB = new AccessControlList(QueueBUser);
submitACLonQueueB.AddUser(CommonUser);
AccessControlList adminACLonQueueB = new AccessControlList(QueueBAdmin);
aclsOnQueueB[QueueACL.SubmitApplications] = submitACLonQueueB;
aclsOnQueueB[QueueACL.AdministerQueue] = adminACLonQueueB;
csConf.SetAcls(CapacitySchedulerConfiguration.Root + "." + Queueb, aclsOnQueueB);
IDictionary <QueueACL, AccessControlList> aclsOnRootQueue = new Dictionary <QueueACL
, AccessControlList>();
AccessControlList submitACLonRoot = new AccessControlList(string.Empty);
AccessControlList adminACLonRoot = new AccessControlList(RootAdmin);
aclsOnRootQueue[QueueACL.SubmitApplications] = submitACLonRoot;
aclsOnRootQueue[QueueACL.AdministerQueue] = adminACLonRoot;
csConf.SetAcls(CapacitySchedulerConfiguration.Root, aclsOnRootQueue);
csConf.SetBoolean(YarnConfiguration.YarnAclEnable, true);
csConf.Set("yarn.resourcemanager.scheduler.class", typeof(CapacityScheduler).FullName
);
return(csConf);
}