You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@storm.apache.org by bo...@apache.org on 2015/01/06 23:02:37 UTC
[2/7] storm git commit: [STORM-410] Add groups support to log-viewer
[STORM-410] Add groups support to log-viewer
Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/f3e3aa82
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/f3e3aa82
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/f3e3aa82
Branch: refs/heads/master
Commit: f3e3aa82e567d4c9c8a70ceb854cfe55c57f4639
Parents: f8bce22
Author: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Authored: Tue Nov 18 09:30:54 2014 -0600
Committer: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Committed: Thu Nov 20 09:41:42 2014 -0600
----------------------------------------------------------------------
.../src/clj/backtype/storm/daemon/logviewer.clj | 27 +++++++++++++++-----
.../clj/backtype/storm/daemon/supervisor.clj | 4 +++
storm-core/src/jvm/backtype/storm/Config.java | 12 ++++-----
.../test/clj/backtype/storm/logviewer_test.clj | 15 +++++++----
.../test/clj/backtype/storm/supervisor_test.clj | 4 ++-
5 files changed, 43 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/storm/blob/f3e3aa82/storm-core/src/clj/backtype/storm/daemon/logviewer.clj
----------------------------------------------------------------------
diff --git a/storm-core/src/clj/backtype/storm/daemon/logviewer.clj b/storm-core/src/clj/backtype/storm/daemon/logviewer.clj
index 0745d5d..978d975 100644
--- a/storm-core/src/clj/backtype/storm/daemon/logviewer.clj
+++ b/storm-core/src/clj/backtype/storm/daemon/logviewer.clj
@@ -15,7 +15,7 @@
;; limitations under the License.
(ns backtype.storm.daemon.logviewer
(:use compojure.core)
- (:use [clojure.set :only [difference]])
+ (:use [clojure.set :only [difference intersection]])
(:use [clojure.string :only [blank?]])
(:use [hiccup core page-helpers])
(:use [backtype.storm config util log timer])
@@ -175,19 +175,32 @@
(recur)))))
(.toString output)))))
-(defn get-log-user-whitelist [fname]
+(defn get-log-user-group-whitelist [fname]
(let [wl-file (get-log-metadata-file fname)
- m (clojure-from-yaml-file wl-file)]
- (if-let [whitelist (.get m LOGS-USERS)] whitelist [])))
+ m (clojure-from-yaml-file wl-file)
+ user-wl (.get m LOGS-USERS)
+ user-wl (if user-wl user-wl [])
+ group-wl (.get m LOGS-GROUPS)
+ group-wl (if group-wl group-wl [])]
+ [user-wl group-wl]))
+
+(def igroup-mapper (AuthUtils/GetGroupMappingServiceProviderPlugin *STORM-CONF*))
+(defn user-groups
+ [user]
+ (if (blank? user) [] (.getGroups igroup-mapper user)))
(defn authorized-log-user? [user fname conf]
(if (or (blank? user) (blank? fname))
nil
- (let [whitelist (get-log-user-whitelist fname)
+ (let [groups (user-groups fname)
+ [user-wl group-wl] (get-log-user-group-whitelist fname)
logs-users (concat (conf LOGS-USERS)
(conf NIMBUS-ADMINS)
- whitelist)]
- (some #(= % user) logs-users))))
+ user-wl)
+ logs-groups (concat (conf LOGS-GROUPS)
+ group-wl)]
+ (or (some #(= % user) logs-users)
+ (< 0 (.size (intersection (set groups) (set group-wl))))))))
(defn log-root-dir
"Given an appender name, as configured, get the parent directory of the appender's log file.
http://git-wip-us.apache.org/repos/asf/storm/blob/f3e3aa82/storm-core/src/clj/backtype/storm/daemon/supervisor.clj
----------------------------------------------------------------------
diff --git a/storm-core/src/clj/backtype/storm/daemon/supervisor.clj b/storm-core/src/clj/backtype/storm/daemon/supervisor.clj
index d82fd12..8a5c039 100644
--- a/storm-core/src/clj/backtype/storm/daemon/supervisor.clj
+++ b/storm-core/src/clj/backtype/storm/daemon/supervisor.clj
@@ -563,6 +563,10 @@
(defn write-log-metadata! [storm-conf user worker-id storm-id port conf]
(let [data {TOPOLOGY-SUBMITTER-USER user
"worker-id" worker-id
+ LOGS-GROUPS (sort (distinct (remove nil?
+ (concat
+ (storm-conf LOGS-GROUPS)
+ (storm-conf TOPOLOGY-GROUPS)))))
LOGS-USERS (sort (distinct (remove nil?
(concat
(storm-conf LOGS-USERS)
http://git-wip-us.apache.org/repos/asf/storm/blob/f3e3aa82/storm-core/src/jvm/backtype/storm/Config.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/backtype/storm/Config.java b/storm-core/src/jvm/backtype/storm/Config.java
index 48e1822..78e2a30 100644
--- a/storm-core/src/jvm/backtype/storm/Config.java
+++ b/storm-core/src/jvm/backtype/storm/Config.java
@@ -491,6 +491,12 @@ public class Config extends HashMap<String, Object> {
public static final Object LOGS_USERS_SCHEMA = ConfigValidation.StringsValidator;
/**
+ * A list of groups allowed to view logs via the Log Viewer
+ */
+ public static final String LOGS_GROUPS = "logs.groups";
+ public static final Object LOGS_GROUPS_SCHEMA = ConfigValidation.StringsValidator;
+
+ /**
* Appender name used by log viewer to determine log directory.
*/
public static final String LOGVIEWER_APPENDER_NAME = "logviewer.appender.name";
@@ -521,12 +527,6 @@ public class Config extends HashMap<String, Object> {
public static final Object UI_HEADER_BUFFER_BYTES_SCHEMA = Number.class;
/**
- * A list of users allowed to view topologies via the UI
- */
- public static final String UI_USERS = "ui.users";
- public static final Object UI_USERS_SCHEMA = ConfigValidation.StringsValidator;
-
- /**
* List of DRPC servers so that the DRPCSpout knows who to talk to.
*/
public static final String DRPC_SERVERS = "drpc.servers";
http://git-wip-us.apache.org/repos/asf/storm/blob/f3e3aa82/storm-core/test/clj/backtype/storm/logviewer_test.clj
----------------------------------------------------------------------
diff --git a/storm-core/test/clj/backtype/storm/logviewer_test.clj b/storm-core/test/clj/backtype/storm/logviewer_test.clj
index 37e63b9..93f22e6 100644
--- a/storm-core/test/clj/backtype/storm/logviewer_test.clj
+++ b/storm-core/test/clj/backtype/storm/logviewer_test.clj
@@ -165,23 +165,28 @@
(deftest test-authorized-log-user
(testing "allow cluster admin"
(let [conf {NIMBUS-ADMINS ["alice"]}]
- (stubbing [logviewer/get-log-user-whitelist []]
+ (stubbing [logviewer/get-log-user-group-whitelist [[] []]]
(is (logviewer/authorized-log-user? "alice" "non-blank-fname" conf)))))
(testing "ignore any cluster-set topology.users"
(let [conf {TOPOLOGY-USERS ["alice"]}]
- (stubbing [logviewer/get-log-user-whitelist []]
+ (stubbing [logviewer/get-log-user-group-whitelist [[] []]]
(is (not (logviewer/authorized-log-user? "alice" "non-blank-fname" conf))))))
(testing "allow cluster logs user"
(let [conf {LOGS-USERS ["alice"]}]
- (stubbing [logviewer/get-log-user-whitelist []]
+ (stubbing [logviewer/get-log-user-group-whitelist [[] []]]
(is (logviewer/authorized-log-user? "alice" "non-blank-fname" conf)))))
(testing "allow whitelisted topology user"
- (stubbing [logviewer/get-log-user-whitelist ["alice"]]
+ (stubbing [logviewer/get-log-user-group-whitelist [["alice"] []]]
+ (is (logviewer/authorized-log-user? "alice" "non-blank-fname" {}))))
+
+ (testing "allow whitelisted topology group"
+ (stubbing [logviewer/get-log-user-group-whitelist [[] ["alice-group"]]
+ logviewer/user-groups ["alice-group"]]
(is (logviewer/authorized-log-user? "alice" "non-blank-fname" {}))))
(testing "disallow user not in nimbus admin, topo user, logs user, or whitelist"
- (stubbing [logviewer/get-log-user-whitelist []]
+ (stubbing [logviewer/get-log-user-group-whitelist [[] []]]
(is (not (logviewer/authorized-log-user? "alice" "non-blank-fname" {}))))))
http://git-wip-us.apache.org/repos/asf/storm/blob/f3e3aa82/storm-core/test/clj/backtype/storm/supervisor_test.clj
----------------------------------------------------------------------
diff --git a/storm-core/test/clj/backtype/storm/supervisor_test.clj b/storm-core/test/clj/backtype/storm/supervisor_test.clj
index a3594a3..0785475 100644
--- a/storm-core/test/clj/backtype/storm/supervisor_test.clj
+++ b/storm-core/test/clj/backtype/storm/supervisor_test.clj
@@ -494,12 +494,14 @@
exp-storm-id "0123456789"
exp-port 4242
exp-logs-users ["bob" "charlie" "daryl"]
+ exp-logs-groups []
storm-conf {TOPOLOGY-SUBMITTER-USER "alice"
TOPOLOGY-USERS ["charlie" "bob"]
LOGS-USERS ["daryl"]}
exp-data {TOPOLOGY-SUBMITTER-USER exp-owner
"worker-id" exp-worker-id
- LOGS-USERS exp-logs-users}
+ LOGS-USERS exp-logs-users
+ LOGS-GROUPS exp-logs-groups}
conf {}]
(mocking [supervisor/write-log-metadata-to-yaml-file!]
(supervisor/write-log-metadata! storm-conf exp-owner exp-worker-id