You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-commits@hadoop.apache.org by vi...@apache.org on 2010/05/05 06:19:09 UTC
svn commit: r941143 - in /hadoop/mapreduce/trunk: CHANGES.txt
conf/hadoop-policy.xml.template
src/java/org/apache/hadoop/mapred/MapReducePolicyProvider.java
src/test/mapred/org/apache/hadoop/mapred/TestAdminOperationsProtocolWithServiceAuthorization.java
Author: vinodkv
Date: Wed May 5 04:19:09 2010
New Revision: 941143
URL: http://svn.apache.org/viewvc?rev=941143&view=rev
Log:
MAPREDUCE-1611. Refresh nodes and refresh queues doesnt work with service authorization enabled. Contributed by Amar Kamat.
Added:
hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapred/TestAdminOperationsProtocolWithServiceAuthorization.java
Modified:
hadoop/mapreduce/trunk/CHANGES.txt
hadoop/mapreduce/trunk/conf/hadoop-policy.xml.template
hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/MapReducePolicyProvider.java
Modified: hadoop/mapreduce/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/CHANGES.txt?rev=941143&r1=941142&r2=941143&view=diff
==============================================================================
--- hadoop/mapreduce/trunk/CHANGES.txt (original)
+++ hadoop/mapreduce/trunk/CHANGES.txt Wed May 5 04:19:09 2010
@@ -1558,3 +1558,6 @@ Release 0.21.0 - Unreleased
displays wrong error message about job ACLs. (Ravi Gummadi via vinodkv)
MAPREDUCE-1727. TestJobACLs fails after HADOOP-6686. (Ravi Gummadi via vinodkv)
+
+ MAPREDUCE-1611. Refresh nodes and refresh queues doesnt work with service
+ authorization enabled. (Amar Kamat via vinodkv)
Modified: hadoop/mapreduce/trunk/conf/hadoop-policy.xml.template
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/conf/hadoop-policy.xml.template?rev=941143&r1=941142&r2=941143&view=diff
==============================================================================
--- hadoop/mapreduce/trunk/conf/hadoop-policy.xml.template (original)
+++ hadoop/mapreduce/trunk/conf/hadoop-policy.xml.template Wed May 5 04:19:09 2010
@@ -94,4 +94,13 @@
A special value of "*" means all users are allowed.</description>
</property>
+ <property>
+ <name>security.admin.operations.protocol.acl</name>
+ <value>*</value>
+ <description>ACL for AdminOperationsProtocol, used by the mradmins commands
+ to refresh queues and nodes at JobTracker. The ACL is a comma-separated list of
+ user and group names. The user and group list is separated by a blank.
+ For e.g. "alice,bob users,wheel". A special value of "*" means all users are
+ allowed.</description>
+ </property>
</configuration>
Modified: hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/MapReducePolicyProvider.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/MapReducePolicyProvider.java?rev=941143&r1=941142&r2=941143&view=diff
==============================================================================
--- hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/MapReducePolicyProvider.java (original)
+++ hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/MapReducePolicyProvider.java Wed May 5 04:19:09 2010
@@ -39,6 +39,8 @@ public class MapReducePolicyProvider ext
RefreshAuthorizationPolicyProtocol.class),
new Service("security.refresh.usertogroups.mappings.protocol.acl",
RefreshUserToGroupMappingsProtocol.class),
+ new Service("security.admin.operations.protocol.acl",
+ AdminOperationsProtocol.class),
};
@Override
Added: hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapred/TestAdminOperationsProtocolWithServiceAuthorization.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapred/TestAdminOperationsProtocolWithServiceAuthorization.java?rev=941143&view=auto
==============================================================================
--- hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapred/TestAdminOperationsProtocolWithServiceAuthorization.java (added)
+++ hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapred/TestAdminOperationsProtocolWithServiceAuthorization.java Wed May 5 04:19:09 2010
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.mapred;
+
+import org.apache.hadoop.mapred.tools.MRAdmin;
+import org.apache.hadoop.security.authorize.PolicyProvider;
+import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
+
+import junit.framework.TestCase;
+
+/**
+ * Test case to check if {@link AdminOperationsProtocol#refreshNodes()} and
+ * {@link AdminOperationsProtocol#refreshQueueAcls()} works with service-level
+ * authorization enabled i.e 'hadoop.security.authorization' set to true.
+ */
+public class TestAdminOperationsProtocolWithServiceAuthorization
+extends TestCase {
+ public void testServiceLevelAuthorization() throws Exception {
+ MiniMRCluster mr = null;
+ try {
+ // Turn on service-level authorization
+ final JobConf conf = new JobConf();
+ conf.setClass(PolicyProvider.POLICY_PROVIDER_CONFIG,
+ MapReducePolicyProvider.class, PolicyProvider.class);
+ conf.setBoolean(ServiceAuthorizationManager.SERVICE_AUTHORIZATION_CONFIG,
+ true);
+
+ // Start the mini mr cluster
+ mr = new MiniMRCluster(1, "file:///", 1, null, null, conf);
+
+ // Invoke MRAdmin commands
+ MRAdmin mrAdmin = new MRAdmin(mr.createJobConf());
+ assertEquals(0, mrAdmin.run(new String[] { "-refreshQueues" }));
+ assertEquals(0, mrAdmin.run(new String[] { "-refreshNodes" }));
+ } finally {
+ if (mr != null) {
+ mr.shutdown();
+ }
+ }
+ }
+}