public virtual void TestServiceAclsRefreshWithLocalConfigurationProvider()
{
configuration.SetBoolean(CommonConfigurationKeysPublic.HadoopSecurityAuthorization
, true);
ResourceManager resourceManager = null;
try
{
resourceManager = new ResourceManager();
resourceManager.Init(configuration);
resourceManager.Start();
resourceManager.adminService.RefreshServiceAcls(RefreshServiceAclsRequest.NewInstance
());
}
catch (Exception)
{
NUnit.Framework.Assert.Fail("Using localConfigurationProvider. Should not get any exception."
);
}
finally
{
if (resourceManager != null)
{
resourceManager.Stop();
}
}
}
public virtual void TestRefreshServiceAcls()
{
RefreshServiceAclsRequest request = recordFactory.NewRecordInstance <RefreshServiceAclsRequest
>();
RefreshServiceAclsResponse response = client.RefreshServiceAcls(request);
NUnit.Framework.Assert.IsNotNull(response);
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/>
private int RefreshServiceAcls()
{
// Refresh the service acls
ResourceManagerAdministrationProtocol adminProtocol = CreateAdminProtocol();
RefreshServiceAclsRequest request = recordFactory.NewRecordInstance <RefreshServiceAclsRequest
>();
adminProtocol.RefreshServiceAcls(request);
return(0);
}
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/>
/// <exception cref="System.IO.IOException"/>
public virtual RefreshServiceAclsResponse RefreshServiceAcls(RefreshServiceAclsRequest
request)
{
YarnServerResourceManagerServiceProtos.RefreshServiceAclsRequestProto requestProto
= ((RefreshServiceAclsRequestPBImpl)request).GetProto();
try
{
return(new RefreshServiceAclsResponsePBImpl(proxy.RefreshServiceAcls(null, requestProto
)));
}
catch (ServiceException e)
{
RPCUtil.UnwrapAndThrowException(e);
return(null);
}
}
/// <exception cref="Org.Apache.Hadoop.HA.ServiceFailedException"/>
private void RefreshAll()
{
try
{
RefreshQueues(RefreshQueuesRequest.NewInstance());
RefreshNodes(RefreshNodesRequest.NewInstance());
RefreshSuperUserGroupsConfiguration(RefreshSuperUserGroupsConfigurationRequest.NewInstance
());
RefreshUserToGroupsMappings(RefreshUserToGroupsMappingsRequest.NewInstance());
if (GetConfig().GetBoolean(CommonConfigurationKeysPublic.HadoopSecurityAuthorization
, false))
{
RefreshServiceAcls(RefreshServiceAclsRequest.NewInstance());
}
}
catch (Exception ex)
{
throw new ServiceFailedException(ex.Message);
}
}
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/>
/// <exception cref="System.IO.IOException"/>
public virtual RefreshServiceAclsResponse RefreshServiceAcls(RefreshServiceAclsRequest
request)
{
if (!GetConfig().GetBoolean(CommonConfigurationKeysPublic.HadoopSecurityAuthorization
, false))
{
throw RPCUtil.GetRemoteException(new IOException("Service Authorization (" + CommonConfigurationKeysPublic
.HadoopSecurityAuthorization + ") not enabled."));
}
string argName = "refreshServiceAcls";
UserGroupInformation user = CheckAcls(argName);
CheckRMStatus(user.GetShortUserName(), argName, "refresh Service ACLs.");
PolicyProvider policyProvider = RMPolicyProvider.GetInstance();
Configuration conf = GetConfiguration(new Configuration(false), YarnConfiguration
.HadoopPolicyConfigurationFile);
RefreshServiceAcls(conf, policyProvider);
rmContext.GetClientRMService().RefreshServiceAcls(conf, policyProvider);
rmContext.GetApplicationMasterService().RefreshServiceAcls(conf, policyProvider);
rmContext.GetResourceTrackerService().RefreshServiceAcls(conf, policyProvider);
RMAuditLogger.LogSuccess(user.GetShortUserName(), argName, "AdminService");
return(recordFactory.NewRecordInstance <RefreshServiceAclsResponse>());
}
public virtual void TestServiceAclsRefreshWithFileSystemBasedConfigurationProvider
()
{
configuration.SetBoolean(CommonConfigurationKeysPublic.HadoopSecurityAuthorization
, true);
configuration.Set(YarnConfiguration.RmConfigurationProviderClass, "org.apache.hadoop.yarn.FileSystemBasedConfigurationProvider"
);
ResourceManager resourceManager = null;
try
{
//upload default configurations
UploadDefaultConfiguration();
Configuration conf = new Configuration();
conf.SetBoolean(CommonConfigurationKeysPublic.HadoopSecurityAuthorization, true);
UploadConfiguration(conf, "core-site.xml");
try
{
resourceManager = new ResourceManager();
resourceManager.Init(configuration);
resourceManager.Start();
}
catch (Exception)
{
NUnit.Framework.Assert.Fail("Should not get any exceptions");
}
string aclsString = "alice,bob users,wheel";
Configuration newConf = new Configuration();
newConf.Set("security.applicationclient.protocol.acl", aclsString);
UploadConfiguration(newConf, "hadoop-policy.xml");
resourceManager.adminService.RefreshServiceAcls(RefreshServiceAclsRequest.NewInstance
());
// verify service Acls refresh for AdminService
ServiceAuthorizationManager adminServiceServiceManager = resourceManager.adminService
.GetServer().GetServiceAuthorizationManager();
VerifyServiceACLsRefresh(adminServiceServiceManager, typeof(ApplicationClientProtocolPB
), aclsString);
// verify service ACLs refresh for ClientRMService
ServiceAuthorizationManager clientRMServiceServiceManager = resourceManager.GetRMContext
().GetClientRMService().GetServer().GetServiceAuthorizationManager();
VerifyServiceACLsRefresh(clientRMServiceServiceManager, typeof(ApplicationClientProtocolPB
), aclsString);
// verify service ACLs refresh for ApplicationMasterService
ServiceAuthorizationManager appMasterService = resourceManager.GetRMContext().GetApplicationMasterService
().GetServer().GetServiceAuthorizationManager();
VerifyServiceACLsRefresh(appMasterService, typeof(ApplicationClientProtocolPB), aclsString
);
// verify service ACLs refresh for ResourceTrackerService
ServiceAuthorizationManager RTService = resourceManager.GetRMContext().GetResourceTrackerService
().GetServer().GetServiceAuthorizationManager();
VerifyServiceACLsRefresh(RTService, typeof(ApplicationClientProtocolPB), aclsString
);
}
finally
{
if (resourceManager != null)
{
resourceManager.Stop();
}
}
}
