public virtual void TestYarnACLsNotEnabledForDomain()
        {
            Configuration conf = new YarnConfiguration();

            conf.SetBoolean(YarnConfiguration.YarnAclEnable, false);
            TimelineACLsManager timelineACLsManager = new TimelineACLsManager(conf);
            TimelineDomain      domain = new TimelineDomain();

            domain.SetOwner("owner");
            NUnit.Framework.Assert.IsTrue("Always true when ACLs are not enabled", timelineACLsManager
                                          .CheckAccess(UserGroupInformation.CreateRemoteUser("user"), domain));
        }
Пример #2
0
        public static TimelineDomain GenerateDomain()
        {
            TimelineDomain domain = new TimelineDomain();

            domain.SetId("namesapce id");
            domain.SetDescription("domain description");
            domain.SetOwner("domain owner");
            domain.SetReaders("domain_reader");
            domain.SetWriters("domain_writer");
            domain.SetCreatedTime(0L);
            domain.SetModifiedTime(1L);
            return(domain);
        }
Пример #3
0
        private static TimelineDomain CreateTimelineDomain(string id, string description,
                                                           string owner, string readers, string writers, long createdTime, long modifiedTime
                                                           )
        {
            TimelineDomain domainToStore = new TimelineDomain();

            domainToStore.SetId(id);
            domainToStore.SetDescription(description);
            domainToStore.SetOwner(owner);
            domainToStore.SetReaders(readers);
            domainToStore.SetWriters(writers);
            domainToStore.SetCreatedTime(createdTime);
            domainToStore.SetModifiedTime(modifiedTime);
            return(domainToStore);
        }
        public virtual void TestYarnACLsEnabledForDomain()
        {
            Configuration conf = new YarnConfiguration();

            conf.SetBoolean(YarnConfiguration.YarnAclEnable, true);
            conf.Set(YarnConfiguration.YarnAdminAcl, "admin");
            TimelineACLsManager timelineACLsManager = new TimelineACLsManager(conf);
            TimelineDomain      domain = new TimelineDomain();

            domain.SetOwner("owner");
            NUnit.Framework.Assert.IsTrue("Owner should be allowed to access", timelineACLsManager
                                          .CheckAccess(UserGroupInformation.CreateRemoteUser("owner"), domain));
            NUnit.Framework.Assert.IsFalse("Other shouldn't be allowed to access", timelineACLsManager
                                           .CheckAccess(UserGroupInformation.CreateRemoteUser("other"), domain));
            NUnit.Framework.Assert.IsTrue("Admin should be allowed to access", timelineACLsManager
                                          .CheckAccess(UserGroupInformation.CreateRemoteUser("admin"), domain));
        }
Пример #5
0
        /// <exception cref="System.Exception"/>
        protected override void ServiceInit(Configuration conf)
        {
            TimelineDomain domain = store.GetDomain("DEFAULT");

            // it is okay to reuse an existing domain even if it was created by another
            // user of the timeline server before, because it allows everybody to access.
            if (domain == null)
            {
                // create a default domain, which allows everybody to access and modify
                // the entities in it.
                domain = new TimelineDomain();
                domain.SetId(DefaultDomainId);
                domain.SetDescription("System Default Domain");
                domain.SetOwner(UserGroupInformation.GetCurrentUser().GetShortUserName());
                domain.SetReaders("*");
                domain.SetWriters("*");
                store.Put(domain);
            }
            base.ServiceInit(conf);
        }
Пример #6
0
        /// <summary>Add or update an domain.</summary>
        /// <remarks>
        /// Add or update an domain. If the domain already exists, only the owner
        /// and the admin can update it.
        /// </remarks>
        /// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/>
        /// <exception cref="System.IO.IOException"/>
        public virtual void PutDomain(TimelineDomain domain, UserGroupInformation callerUGI
                                      )
        {
            TimelineDomain existingDomain = store.GetDomain(domain.GetId());

            if (existingDomain != null)
            {
                if (!timelineACLsManager.CheckAccess(callerUGI, existingDomain))
                {
                    throw new YarnException(callerUGI.GetShortUserName() + " is not allowed to override an existing domain "
                                            + existingDomain.GetId());
                }
                // Set it again in case ACLs are not enabled: The domain can be
                // modified by every body, but the owner is not changed.
                domain.SetOwner(existingDomain.GetOwner());
            }
            store.Put(domain);
            // If the domain exists already, it is likely to be in the cache.
            // We need to invalidate it.
            if (existingDomain != null)
            {
                timelineACLsManager.ReplaceIfExist(domain);
            }
        }