/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/>
/// <exception cref="System.IO.IOException"/>
public virtual bool CheckAccess(UserGroupInformation callerUGI, TimelineDomain domain
)
{
if (Log.IsDebugEnabled())
{
Log.Debug("Verifying the access of " + (callerUGI == null ? null : callerUGI.GetShortUserName
()) + " on the timeline domain " + domain);
}
if (!adminAclsManager.AreACLsEnabled())
{
return(true);
}
string owner = domain.GetOwner();
if (owner == null || owner.Length == 0)
{
throw new YarnException("Owner information of the timeline domain " + domain.GetId
() + " is corrupted.");
}
if (callerUGI != null && (adminAclsManager.IsAdmin(callerUGI) || callerUGI.GetShortUserName
().Equals(owner)))
{
return(true);
}
return(false);
}
private TimelineACLsManager.AccessControlListExt PutDomainIntoCache(TimelineDomain
domain)
{
IDictionary <ApplicationAccessType, AccessControlList> acls = new Dictionary <ApplicationAccessType
, AccessControlList>(2);
acls[ApplicationAccessType.ViewApp] = new AccessControlList(StringHelper.Cjoin(domain
.GetReaders()));
acls[ApplicationAccessType.ModifyApp] = new AccessControlList(StringHelper.Cjoin(
domain.GetWriters()));
TimelineACLsManager.AccessControlListExt aclExt = new TimelineACLsManager.AccessControlListExt
(domain.GetOwner(), acls);
aclExts[domain.GetId()] = aclExt;
return(aclExt);
}
/// <exception cref="System.IO.IOException"/>
public virtual TimelineDomain GetDomain(string domainId)
{
TimelineDomain domain = domainsById[domainId];
if (domain == null)
{
return(null);
}
else
{
return(CreateTimelineDomain(domain.GetId(), domain.GetDescription(), domain.GetOwner
(), domain.GetReaders(), domain.GetWriters(), domain.GetCreatedTime(), domain.GetModifiedTime
()));
}
}
/// <exception cref="System.IO.IOException"/>
public virtual void Put(TimelineDomain domain)
{
TimelineDomain domainToReplace = domainsById[domain.GetId()];
long currentTimestamp = Runtime.CurrentTimeMillis();
TimelineDomain domainToStore = CreateTimelineDomain(domain.GetId(), domain.GetDescription
(), domain.GetOwner(), domain.GetReaders(), domain.GetWriters(), (domainToReplace
== null ? currentTimestamp : domainToReplace.GetCreatedTime()), currentTimestamp
);
domainsById[domainToStore.GetId()] = domainToStore;
ICollection <TimelineDomain> domainsByOneOwner = domainsByOwner[domainToStore.GetOwner
()];
if (domainsByOneOwner == null)
{
domainsByOneOwner = new HashSet <TimelineDomain>();
domainsByOwner[domainToStore.GetOwner()] = domainsByOneOwner;
}
if (domainToReplace != null)
{
domainsByOneOwner.Remove(domainToReplace);
}
domainsByOneOwner.AddItem(domainToStore);
}
/// <summary>Add or update an domain.</summary>
/// <remarks>
/// Add or update an domain. If the domain already exists, only the owner
/// and the admin can update it.
/// </remarks>
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/>
/// <exception cref="System.IO.IOException"/>
public virtual void PutDomain(TimelineDomain domain, UserGroupInformation callerUGI
)
{
TimelineDomain existingDomain = store.GetDomain(domain.GetId());
if (existingDomain != null)
{
if (!timelineACLsManager.CheckAccess(callerUGI, existingDomain))
{
throw new YarnException(callerUGI.GetShortUserName() + " is not allowed to override an existing domain "
+ existingDomain.GetId());
}
// Set it again in case ACLs are not enabled: The domain can be
// modified by every body, but the owner is not changed.
domain.SetOwner(existingDomain.GetOwner());
}
store.Put(domain);
// If the domain exists already, it is likely to be in the cache.
// We need to invalidate it.
if (existingDomain != null)
{
timelineACLsManager.ReplaceIfExist(domain);
}
}