public virtual void TestYarnACLsNotEnabledForDomain() { Configuration conf = new YarnConfiguration(); conf.SetBoolean(YarnConfiguration.YarnAclEnable, false); TimelineACLsManager timelineACLsManager = new TimelineACLsManager(conf); TimelineDomain domain = new TimelineDomain(); domain.SetOwner("owner"); NUnit.Framework.Assert.IsTrue("Always true when ACLs are not enabled", timelineACLsManager .CheckAccess(UserGroupInformation.CreateRemoteUser("user"), domain)); }
public static TimelineDomain GenerateDomain() { TimelineDomain domain = new TimelineDomain(); domain.SetId("namesapce id"); domain.SetDescription("domain description"); domain.SetOwner("domain owner"); domain.SetReaders("domain_reader"); domain.SetWriters("domain_writer"); domain.SetCreatedTime(0L); domain.SetModifiedTime(1L); return(domain); }
private static TimelineDomain CreateTimelineDomain(string id, string description, string owner, string readers, string writers, long createdTime, long modifiedTime ) { TimelineDomain domainToStore = new TimelineDomain(); domainToStore.SetId(id); domainToStore.SetDescription(description); domainToStore.SetOwner(owner); domainToStore.SetReaders(readers); domainToStore.SetWriters(writers); domainToStore.SetCreatedTime(createdTime); domainToStore.SetModifiedTime(modifiedTime); return(domainToStore); }
public virtual void TestYarnACLsEnabledForDomain() { Configuration conf = new YarnConfiguration(); conf.SetBoolean(YarnConfiguration.YarnAclEnable, true); conf.Set(YarnConfiguration.YarnAdminAcl, "admin"); TimelineACLsManager timelineACLsManager = new TimelineACLsManager(conf); TimelineDomain domain = new TimelineDomain(); domain.SetOwner("owner"); NUnit.Framework.Assert.IsTrue("Owner should be allowed to access", timelineACLsManager .CheckAccess(UserGroupInformation.CreateRemoteUser("owner"), domain)); NUnit.Framework.Assert.IsFalse("Other shouldn't be allowed to access", timelineACLsManager .CheckAccess(UserGroupInformation.CreateRemoteUser("other"), domain)); NUnit.Framework.Assert.IsTrue("Admin should be allowed to access", timelineACLsManager .CheckAccess(UserGroupInformation.CreateRemoteUser("admin"), domain)); }
/// <exception cref="System.Exception"/> protected override void ServiceInit(Configuration conf) { TimelineDomain domain = store.GetDomain("DEFAULT"); // it is okay to reuse an existing domain even if it was created by another // user of the timeline server before, because it allows everybody to access. if (domain == null) { // create a default domain, which allows everybody to access and modify // the entities in it. domain = new TimelineDomain(); domain.SetId(DefaultDomainId); domain.SetDescription("System Default Domain"); domain.SetOwner(UserGroupInformation.GetCurrentUser().GetShortUserName()); domain.SetReaders("*"); domain.SetWriters("*"); store.Put(domain); } base.ServiceInit(conf); }
/// <summary>Add or update an domain.</summary> /// <remarks> /// Add or update an domain. If the domain already exists, only the owner /// and the admin can update it. /// </remarks> /// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/> /// <exception cref="System.IO.IOException"/> public virtual void PutDomain(TimelineDomain domain, UserGroupInformation callerUGI ) { TimelineDomain existingDomain = store.GetDomain(domain.GetId()); if (existingDomain != null) { if (!timelineACLsManager.CheckAccess(callerUGI, existingDomain)) { throw new YarnException(callerUGI.GetShortUserName() + " is not allowed to override an existing domain " + existingDomain.GetId()); } // Set it again in case ACLs are not enabled: The domain can be // modified by every body, but the owner is not changed. domain.SetOwner(existingDomain.GetOwner()); } store.Put(domain); // If the domain exists already, it is likely to be in the cache. // We need to invalidate it. if (existingDomain != null) { timelineACLsManager.ReplaceIfExist(domain); } }