private TimelineACLsManager.AccessControlListExt PutDomainIntoCache(TimelineDomain domain) { IDictionary <ApplicationAccessType, AccessControlList> acls = new Dictionary <ApplicationAccessType , AccessControlList>(2); acls[ApplicationAccessType.ViewApp] = new AccessControlList(StringHelper.Cjoin(domain .GetReaders())); acls[ApplicationAccessType.ModifyApp] = new AccessControlList(StringHelper.Cjoin( domain.GetWriters())); TimelineACLsManager.AccessControlListExt aclExt = new TimelineACLsManager.AccessControlListExt (domain.GetOwner(), acls); aclExts[domain.GetId()] = aclExt; return(aclExt); }
/// <exception cref="Org.Apache.Hadoop.Yarn.Exceptions.YarnException"/> /// <exception cref="System.IO.IOException"/> public virtual bool CheckAccess(UserGroupInformation callerUGI, ApplicationAccessType applicationAccessType, TimelineEntity entity) { if (Log.IsDebugEnabled()) { Log.Debug("Verifying the access of " + (callerUGI == null ? null : callerUGI.GetShortUserName ()) + " on the timeline entity " + new EntityIdentifier(entity.GetEntityId(), entity .GetEntityType())); } if (!adminAclsManager.AreACLsEnabled()) { return(true); } // find domain owner and acls TimelineACLsManager.AccessControlListExt aclExt = aclExts[entity.GetDomainId()]; if (aclExt == null) { aclExt = LoadDomainFromTimelineStore(entity.GetDomainId()); } if (aclExt == null) { throw new YarnException("Domain information of the timeline entity " + new EntityIdentifier (entity.GetEntityId(), entity.GetEntityType()) + " doesn't exist."); } string owner = aclExt.owner; AccessControlList domainACL = aclExt.acls[applicationAccessType]; if (domainACL == null) { if (Log.IsDebugEnabled()) { Log.Debug("ACL not found for access-type " + applicationAccessType + " for domain " + entity.GetDomainId() + " owned by " + owner + ". Using default [" + YarnConfiguration .DefaultYarnAppAcl + "]"); } domainACL = new AccessControlList(YarnConfiguration.DefaultYarnAppAcl); } if (callerUGI != null && (adminAclsManager.IsAdmin(callerUGI) || callerUGI.GetShortUserName ().Equals(owner) || domainACL.IsUserAllowed(callerUGI))) { return(true); } return(false); }