You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-commits@hadoop.apache.org by sh...@apache.org on 2011/05/02 10:44:15 UTC
svn commit: r1098510 - in /hadoop/mapreduce/branches/MR-279: ./
mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/client/
mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/job/
m...
Author: sharad
Date: Mon May 2 08:44:15 2011
New Revision: 1098510
URL: http://svn.apache.org/viewvc?rev=1098510&view=rev
Log:
Implement Job Acls in MR Application Master.
Modified:
hadoop/mapreduce/branches/MR-279/CHANGES.txt
hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/client/MRClientService.java
hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/job/Job.java
hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/job/impl/JobImpl.java
hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/test/java/org/apache/hadoop/mapreduce/v2/app/MockJobs.java
hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/test/java/org/apache/hadoop/mapreduce/v2/app/TestRuntimeEstimators.java
hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapred/JobACLsManager.java
hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-hs/src/main/java/org/apache/hadoop/mapreduce/v2/hs/CompletedJob.java
Modified: hadoop/mapreduce/branches/MR-279/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/branches/MR-279/CHANGES.txt?rev=1098510&r1=1098509&r2=1098510&view=diff
==============================================================================
--- hadoop/mapreduce/branches/MR-279/CHANGES.txt (original)
+++ hadoop/mapreduce/branches/MR-279/CHANGES.txt Mon May 2 08:44:15 2011
@@ -3,6 +3,7 @@ Hadoop MapReduce Change Log
Trunk (unreleased changes)
MAPREDUCE-279
+ Implement Job Acls in MR Application Master. (sharad)
Implement 'delay scheduling' for better locality in CapacityScheduler and
improved high-ram applications. (acmurthy)
Modified: hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/client/MRClientService.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/client/MRClientService.java?rev=1098510&r1=1098509&r2=1098510&view=diff
==============================================================================
--- hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/client/MRClientService.java (original)
+++ hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/client/MRClientService.java Mon May 2 08:44:15 2011
@@ -18,9 +18,11 @@
package org.apache.hadoop.mapreduce.v2.app.client;
+import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.UnknownHostException;
+import java.security.AccessControlException;
import java.util.Arrays;
import java.util.Collection;
@@ -30,6 +32,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
+import org.apache.hadoop.mapreduce.JobACL;
import org.apache.hadoop.mapreduce.v2.api.MRClientProtocol;
import org.apache.hadoop.mapreduce.v2.api.protocolrecords.FailTaskAttemptRequest;
import org.apache.hadoop.mapreduce.v2.api.protocolrecords.FailTaskAttemptResponse;
@@ -168,128 +171,179 @@ public class MRClientService extends Abs
class MRClientProtocolHandler implements MRClientProtocol {
- private RecordFactory recordFactory = RecordFactoryProvider.getRecordFactory(null);
+ private RecordFactory recordFactory =
+ RecordFactoryProvider.getRecordFactory(null);
- private Job verifyAndGetJob(JobId jobID) throws YarnRemoteException {
+ private Job verifyAndGetJob(JobId jobID,
+ boolean modifyAccess) throws YarnRemoteException {
Job job = appContext.getJob(jobID);
if (job == null) {
throw RPCUtil.getRemoteException("Unknown job " + jobID);
}
+ JobACL operation = JobACL.VIEW_JOB;
+ if (modifyAccess) {
+ operation = JobACL.MODIFY_JOB;
+ }
+ checkAccess(job, operation);
return job;
}
- private Task verifyAndGetTask(TaskId taskID) throws YarnRemoteException {
- Task task = verifyAndGetJob(taskID.getJobId()).getTask(taskID);
+ private Task verifyAndGetTask(TaskId taskID,
+ boolean modifyAccess) throws YarnRemoteException {
+ Task task = verifyAndGetJob(taskID.getJobId(),
+ modifyAccess).getTask(taskID);
if (task == null) {
throw RPCUtil.getRemoteException("Unknown Task " + taskID);
}
return task;
}
- private TaskAttempt verifyAndGetAttempt(TaskAttemptId attemptID)
- throws YarnRemoteException {
- TaskAttempt attempt = verifyAndGetTask(attemptID.getTaskId()).getAttempt(attemptID);
+ private TaskAttempt verifyAndGetAttempt(TaskAttemptId attemptID,
+ boolean modifyAccess) throws YarnRemoteException {
+ TaskAttempt attempt = verifyAndGetTask(attemptID.getTaskId(),
+ modifyAccess).getAttempt(attemptID);
if (attempt == null) {
throw RPCUtil.getRemoteException("Unknown TaskAttempt " + attemptID);
}
return attempt;
}
+ private void checkAccess(Job job, JobACL jobOperation)
+ throws YarnRemoteException {
+ if (!UserGroupInformation.isSecurityEnabled()) {
+ return;
+ }
+ UserGroupInformation callerUGI;
+ try {
+ callerUGI = UserGroupInformation.getCurrentUser();
+ } catch (IOException e) {
+ throw RPCUtil.getRemoteException(e);
+ }
+ if(!job.checkAccess(callerUGI, jobOperation)) {
+ throw RPCUtil.getRemoteException(new AccessControlException("User "
+ + callerUGI.getShortUserName() + " cannot perform operation "
+ + jobOperation.name() + " on " + job.getID()));
+ }
+ }
+
@Override
- public GetCountersResponse getCounters(GetCountersRequest request) throws YarnRemoteException {
+ public GetCountersResponse getCounters(GetCountersRequest request)
+ throws YarnRemoteException {
JobId jobId = request.getJobId();
- Job job = verifyAndGetJob(jobId);
- GetCountersResponse response = recordFactory.newRecordInstance(GetCountersResponse.class);
+ Job job = verifyAndGetJob(jobId, false);
+ GetCountersResponse response =
+ recordFactory.newRecordInstance(GetCountersResponse.class);
response.setCounters(job.getCounters());
return response;
}
@Override
- public GetJobReportResponse getJobReport(GetJobReportRequest request) throws YarnRemoteException {
+ public GetJobReportResponse getJobReport(GetJobReportRequest request)
+ throws YarnRemoteException {
JobId jobId = request.getJobId();
- Job job = verifyAndGetJob(jobId);
- GetJobReportResponse response = recordFactory.newRecordInstance(GetJobReportResponse.class);
+ Job job = verifyAndGetJob(jobId, false);
+ GetJobReportResponse response =
+ recordFactory.newRecordInstance(GetJobReportResponse.class);
response.setJobReport(job.getReport());
return response;
}
@Override
- public GetTaskAttemptReportResponse getTaskAttemptReport(GetTaskAttemptReportRequest request) throws YarnRemoteException {
+ public GetTaskAttemptReportResponse getTaskAttemptReport(
+ GetTaskAttemptReportRequest request) throws YarnRemoteException {
TaskAttemptId taskAttemptId = request.getTaskAttemptId();
- GetTaskAttemptReportResponse response = recordFactory.newRecordInstance(GetTaskAttemptReportResponse.class);
- response.setTaskAttemptReport(verifyAndGetAttempt(taskAttemptId).getReport());
+ GetTaskAttemptReportResponse response =
+ recordFactory.newRecordInstance(GetTaskAttemptReportResponse.class);
+ response.setTaskAttemptReport(
+ verifyAndGetAttempt(taskAttemptId, false).getReport());
return response;
}
@Override
- public GetTaskReportResponse getTaskReport(GetTaskReportRequest request) throws YarnRemoteException {
+ public GetTaskReportResponse getTaskReport(GetTaskReportRequest request)
+ throws YarnRemoteException {
TaskId taskId = request.getTaskId();
- GetTaskReportResponse response = recordFactory.newRecordInstance(GetTaskReportResponse.class);
- response.setTaskReport(verifyAndGetTask(taskId).getReport());
+ GetTaskReportResponse response =
+ recordFactory.newRecordInstance(GetTaskReportResponse.class);
+ response.setTaskReport(verifyAndGetTask(taskId, false).getReport());
return response;
}
@Override
- public GetTaskAttemptCompletionEventsResponse getTaskAttemptCompletionEvents(GetTaskAttemptCompletionEventsRequest request) throws YarnRemoteException {
+ public GetTaskAttemptCompletionEventsResponse getTaskAttemptCompletionEvents(
+ GetTaskAttemptCompletionEventsRequest request)
+ throws YarnRemoteException {
JobId jobId = request.getJobId();
int fromEventId = request.getFromEventId();
int maxEvents = request.getMaxEvents();
- Job job = verifyAndGetJob(jobId);
+ Job job = verifyAndGetJob(jobId, false);
- GetTaskAttemptCompletionEventsResponse response = recordFactory.newRecordInstance(GetTaskAttemptCompletionEventsResponse.class);
- response.addAllCompletionEvents(Arrays.asList(job.getTaskAttemptCompletionEvents(fromEventId, maxEvents)));
+ GetTaskAttemptCompletionEventsResponse response =
+ recordFactory.newRecordInstance(GetTaskAttemptCompletionEventsResponse.class);
+ response.addAllCompletionEvents(Arrays.asList(
+ job.getTaskAttemptCompletionEvents(fromEventId, maxEvents)));
return response;
}
@Override
- public KillJobResponse killJob(KillJobRequest request) throws YarnRemoteException {
+ public KillJobResponse killJob(KillJobRequest request)
+ throws YarnRemoteException {
JobId jobId = request.getJobId();
LOG.info("Kill Job received from client " + jobId);
- verifyAndGetJob(jobId);
+ verifyAndGetJob(jobId, true);
appContext.getEventHandler().handle(
new JobEvent(jobId, JobEventType.JOB_KILL));
- KillJobResponse response = recordFactory.newRecordInstance(KillJobResponse.class);
+ KillJobResponse response =
+ recordFactory.newRecordInstance(KillJobResponse.class);
return response;
}
@Override
- public KillTaskResponse killTask(KillTaskRequest request) throws YarnRemoteException {
+ public KillTaskResponse killTask(KillTaskRequest request)
+ throws YarnRemoteException {
TaskId taskId = request.getTaskId();
LOG.info("Kill task received from client " + taskId);
- verifyAndGetTask(taskId);
+ verifyAndGetTask(taskId, true);
appContext.getEventHandler().handle(
new TaskEvent(taskId, TaskEventType.T_KILL));
- KillTaskResponse response = recordFactory.newRecordInstance(KillTaskResponse.class);
+ KillTaskResponse response =
+ recordFactory.newRecordInstance(KillTaskResponse.class);
return response;
}
@Override
- public KillTaskAttemptResponse killTaskAttempt(KillTaskAttemptRequest request) throws YarnRemoteException {
+ public KillTaskAttemptResponse killTaskAttempt(
+ KillTaskAttemptRequest request) throws YarnRemoteException {
TaskAttemptId taskAttemptId = request.getTaskAttemptId();
LOG.info("Kill task attempt received from client " + taskAttemptId);
- verifyAndGetAttempt(taskAttemptId);
+ verifyAndGetAttempt(taskAttemptId, true);
appContext.getEventHandler().handle(
new TaskAttemptEvent(taskAttemptId,
TaskAttemptEventType.TA_KILL));
- KillTaskAttemptResponse response = recordFactory.newRecordInstance(KillTaskAttemptResponse.class);
+ KillTaskAttemptResponse response =
+ recordFactory.newRecordInstance(KillTaskAttemptResponse.class);
return response;
}
@Override
- public GetDiagnosticsResponse getDiagnostics(GetDiagnosticsRequest request) throws YarnRemoteException {
+ public GetDiagnosticsResponse getDiagnostics(
+ GetDiagnosticsRequest request) throws YarnRemoteException {
TaskAttemptId taskAttemptId = request.getTaskAttemptId();
- GetDiagnosticsResponse response = recordFactory.newRecordInstance(GetDiagnosticsResponse.class);
- response.addAllDiagnostics(verifyAndGetAttempt(taskAttemptId).getDiagnostics());
+ GetDiagnosticsResponse response =
+ recordFactory.newRecordInstance(GetDiagnosticsResponse.class);
+ response.addAllDiagnostics(
+ verifyAndGetAttempt(taskAttemptId, false).getDiagnostics());
return response;
}
@Override
- public FailTaskAttemptResponse failTaskAttempt(FailTaskAttemptRequest request) throws YarnRemoteException {
+ public FailTaskAttemptResponse failTaskAttempt(
+ FailTaskAttemptRequest request) throws YarnRemoteException {
TaskAttemptId taskAttemptId = request.getTaskAttemptId();
LOG.info("Fail task attempt received from client " + taskAttemptId);
- verifyAndGetAttempt(taskAttemptId);
+ verifyAndGetAttempt(taskAttemptId, true);
appContext.getEventHandler().handle(
new TaskAttemptEvent(taskAttemptId,
TaskAttemptEventType.TA_FAILMSG));
@@ -297,13 +351,15 @@ public class MRClientService extends Abs
}
@Override
- public GetTaskReportsResponse getTaskReports(GetTaskReportsRequest request) throws YarnRemoteException {
+ public GetTaskReportsResponse getTaskReports(
+ GetTaskReportsRequest request) throws YarnRemoteException {
JobId jobId = request.getJobId();
TaskType taskType = request.getTaskType();
- GetTaskReportsResponse response = recordFactory.newRecordInstance(GetTaskReportsResponse.class);
+ GetTaskReportsResponse response =
+ recordFactory.newRecordInstance(GetTaskReportsResponse.class);
- Job job = verifyAndGetJob(jobId);
+ Job job = verifyAndGetJob(jobId, false);
LOG.info("Getting task report for " + taskType + " " + jobId);
Collection<Task> tasks = job.getTasks(taskType).values();
LOG.info("Getting task report size " + tasks.size());
Modified: hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/job/Job.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/job/Job.java?rev=1098510&r1=1098509&r2=1098510&view=diff
==============================================================================
--- hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/job/Job.java (original)
+++ hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/job/Job.java Mon May 2 08:44:15 2011
@@ -21,6 +21,7 @@ package org.apache.hadoop.mapreduce.v2.a
import java.util.List;
import java.util.Map;
+import org.apache.hadoop.mapreduce.JobACL;
import org.apache.hadoop.mapreduce.v2.api.records.Counters;
import org.apache.hadoop.mapreduce.v2.api.records.JobId;
import org.apache.hadoop.mapreduce.v2.api.records.JobReport;
@@ -28,6 +29,7 @@ import org.apache.hadoop.mapreduce.v2.ap
import org.apache.hadoop.mapreduce.v2.api.records.TaskAttemptCompletionEvent;
import org.apache.hadoop.mapreduce.v2.api.records.TaskId;
import org.apache.hadoop.mapreduce.v2.api.records.TaskType;
+import org.apache.hadoop.security.UserGroupInformation;
/**
@@ -52,4 +54,6 @@ public interface Job {
TaskAttemptCompletionEvent[]
getTaskAttemptCompletionEvents(int fromEventId, int maxEvents);
+
+ boolean checkAccess(UserGroupInformation callerUGI, JobACL jobOperation);
}
Modified: hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/job/impl/JobImpl.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/job/impl/JobImpl.java?rev=1098510&r1=1098509&r2=1098510&view=diff
==============================================================================
--- hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/job/impl/JobImpl.java (original)
+++ hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/job/impl/JobImpl.java Mon May 2 08:44:15 2011
@@ -22,7 +22,6 @@ import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
-import java.util.EnumMap;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.LinkedHashMap;
@@ -40,9 +39,9 @@ import org.apache.hadoop.conf.Configurat
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.io.Text;
+import org.apache.hadoop.mapred.JobACLsManager;
import org.apache.hadoop.mapreduce.JobACL;
import org.apache.hadoop.mapreduce.JobContext;
-import org.apache.hadoop.mapreduce.MRConfig;
import org.apache.hadoop.mapreduce.MRJobConfig;
import org.apache.hadoop.mapreduce.OutputCommitter;
import org.apache.hadoop.mapreduce.OutputFormat;
@@ -127,6 +126,9 @@ public class JobImpl implements org.apac
//final fields
private final Clock clock;
+ private final JobACLsManager aclsManager;
+ private final String username;
+ private final Map<JobACL, AccessControlList> jobACLs;
private final int startCount;
private final Set<TaskId> completedTasksFromPreviousRun;
private final Lock readLock;
@@ -368,6 +370,9 @@ public class JobImpl implements org.apac
this.fsTokens = fsTokenCredentials;
this.jobTokenSecretManager = jobTokenSecretManager;
+ this.aclsManager = new JobACLsManager(conf);
+ this.username = System.getProperty("user.name");
+ this.jobACLs = aclsManager.constructJobACLs(conf);
// This "this leak" is okay because the retained pointer is in an
// instance variable.
stateMachine = stateMachineFactory.make(this);
@@ -383,6 +388,16 @@ public class JobImpl implements org.apac
}
@Override
+ public boolean checkAccess(UserGroupInformation callerUGI,
+ JobACL jobOperation) {
+ if (!UserGroupInformation.isSecurityEnabled()) {
+ return true;
+ }
+ AccessControlList jobACL = jobACLs.get(jobOperation);
+ return aclsManager.checkAccess(callerUGI, jobOperation, username, jobACL);
+ }
+
+ @Override
public Task getTask(TaskId taskID) {
readLock.lock();
try {
@@ -698,7 +713,7 @@ public class JobImpl implements org.apac
new JobSubmittedEvent(job.oldJobId,
job.conf.get(MRJobConfig.JOB_NAME, "test"),
job.conf.get(MRJobConfig.USER_NAME,"mapred"), job.startTime,
- job.remoteJobConfFile.toString(), constructJobACLs(job.conf),
+ job.remoteJobConfFile.toString(), job.jobACLs,
job.conf.get(MRJobConfig.QUEUE_NAME,"test"));
job.eventHandler.handle(new JobHistoryEvent(job.jobId, jse));
@@ -1241,25 +1256,4 @@ public class JobImpl implements org.apac
}
}
- private static Map<JobACL, AccessControlList> constructJobACLs(
- Configuration conf) {
- Map<JobACL, AccessControlList> acls =
- new EnumMap<JobACL, AccessControlList>(JobACL.class);
- // Don't construct anything if authorization is disabled.
- if (!conf.getBoolean(MRConfig.MR_ACLS_ENABLED, false)) {
- return acls;
- }
- for (JobACL aclName : JobACL.values()) {
- String aclConfigName = aclName.getAclName();
- String aclConfigured = conf.get(aclConfigName);
- if (aclConfigured == null) {
- // If ACLs are not configured at all, we grant no access to anyone. So
- // jobOwner and superuser/supergroup _only_ can do 'stuff'
- aclConfigured = " ";
- }
- acls.put(aclName, new AccessControlList(aclConfigured));
- }
- return acls;
- }
-
}
Modified: hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/test/java/org/apache/hadoop/mapreduce/v2/app/MockJobs.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/test/java/org/apache/hadoop/mapreduce/v2/app/MockJobs.java?rev=1098510&r1=1098509&r2=1098510&view=diff
==============================================================================
--- hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/test/java/org/apache/hadoop/mapreduce/v2/app/MockJobs.java (original)
+++ hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/test/java/org/apache/hadoop/mapreduce/v2/app/MockJobs.java Mon May 2 08:44:15 2011
@@ -26,6 +26,7 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.hadoop.mapreduce.FileSystemCounter;
+import org.apache.hadoop.mapreduce.JobACL;
import org.apache.hadoop.mapreduce.JobCounter;
import org.apache.hadoop.mapreduce.TaskCounter;
import org.apache.hadoop.mapreduce.v2.api.records.Counters;
@@ -46,6 +47,7 @@ import org.apache.hadoop.mapreduce.v2.ap
import org.apache.hadoop.mapreduce.v2.app.job.Task;
import org.apache.hadoop.mapreduce.v2.app.job.TaskAttempt;
import org.apache.hadoop.mapreduce.v2.app.job.impl.JobImpl;
+import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.MockApps;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.apache.hadoop.yarn.api.records.ContainerId;
@@ -436,6 +438,12 @@ public class MockJobs extends MockApps {
public List<String> getDiagnostics() {
throw new UnsupportedOperationException("Not supported yet.");
}
+
+ @Override
+ public boolean checkAccess(UserGroupInformation callerUGI,
+ JobACL jobOperation) {
+ return true;
+ }
};
}
}
Modified: hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/test/java/org/apache/hadoop/mapreduce/v2/app/TestRuntimeEstimators.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/test/java/org/apache/hadoop/mapreduce/v2/app/TestRuntimeEstimators.java?rev=1098510&r1=1098509&r2=1098510&view=diff
==============================================================================
--- hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/test/java/org/apache/hadoop/mapreduce/v2/app/TestRuntimeEstimators.java (original)
+++ hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-app/src/test/java/org/apache/hadoop/mapreduce/v2/app/TestRuntimeEstimators.java Mon May 2 08:44:15 2011
@@ -32,6 +32,7 @@ import java.util.concurrent.ConcurrentLi
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicLong;
import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.mapreduce.JobACL;
import org.apache.hadoop.mapreduce.v2.api.records.Counters;
import org.apache.hadoop.mapreduce.v2.api.records.JobId;
import org.apache.hadoop.mapreduce.v2.api.records.JobReport;
@@ -57,6 +58,7 @@ import org.apache.hadoop.mapreduce.v2.ap
import org.apache.hadoop.mapreduce.v2.app.speculate.Speculator;
import org.apache.hadoop.mapreduce.v2.app.speculate.SpeculatorEvent;
import org.apache.hadoop.mapreduce.v2.app.speculate.TaskRuntimeEstimator;
+import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.Clock;
import org.apache.hadoop.yarn.SystemClock;
import org.apache.hadoop.yarn.api.records.ApplicationId;
@@ -474,6 +476,12 @@ public class TestRuntimeEstimators {
public boolean isUber() {
return false;
}
+
+ @Override
+ public boolean checkAccess(UserGroupInformation callerUGI,
+ JobACL jobOperation) {
+ return true;
+ }
}
/*
Modified: hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapred/JobACLsManager.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapred/JobACLsManager.java?rev=1098510&r1=1098509&r2=1098510&view=diff
==============================================================================
--- hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapred/JobACLsManager.java (original)
+++ hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapred/JobACLsManager.java Mon May 2 08:44:15 2011
@@ -21,6 +21,7 @@ import java.util.HashMap;
import java.util.Map;
import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.mapreduce.JobACL;
import org.apache.hadoop.mapreduce.MRConfig;
import org.apache.hadoop.security.AccessControlException;
@@ -30,9 +31,9 @@ import org.apache.hadoop.security.author
@InterfaceAudience.Private
public class JobACLsManager {
- JobConf conf;
+ Configuration conf;
- public JobACLsManager(JobConf conf) {
+ public JobACLsManager(Configuration conf) {
this.conf = conf;
}
@@ -47,7 +48,7 @@ public class JobACLsManager {
*
* @return JobACL to AccessControlList map.
*/
- Map<JobACL, AccessControlList> constructJobACLs(JobConf conf) {
+ public Map<JobACL, AccessControlList> constructJobACLs(Configuration conf) {
Map<JobACL, AccessControlList> acls =
new HashMap<JobACL, AccessControlList>();
Modified: hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-hs/src/main/java/org/apache/hadoop/mapreduce/v2/hs/CompletedJob.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-hs/src/main/java/org/apache/hadoop/mapreduce/v2/hs/CompletedJob.java?rev=1098510&r1=1098509&r2=1098510&view=diff
==============================================================================
--- hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-hs/src/main/java/org/apache/hadoop/mapreduce/v2/hs/CompletedJob.java (original)
+++ hadoop/mapreduce/branches/MR-279/mr-client/hadoop-mapreduce-client-hs/src/main/java/org/apache/hadoop/mapreduce/v2/hs/CompletedJob.java Mon May 2 08:44:15 2011
@@ -30,13 +30,13 @@ import org.apache.hadoop.conf.Configurat
import org.apache.hadoop.fs.FSDataInputStream;
import org.apache.hadoop.fs.FileContext;
import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.mapred.JobACLsManager;
+import org.apache.hadoop.mapreduce.JobACL;
import org.apache.hadoop.mapreduce.MRJobConfig;
import org.apache.hadoop.mapreduce.TypeConverter;
-import org.apache.hadoop.mapreduce.jobhistory.JobHistoryEventHandler;
import org.apache.hadoop.mapreduce.jobhistory.JobHistoryParser;
import org.apache.hadoop.mapreduce.jobhistory.JobHistoryParser.JobInfo;
import org.apache.hadoop.mapreduce.jobhistory.JobHistoryParser.TaskInfo;
-import org.apache.hadoop.mapreduce.v2.YarnMRJobConfig;
import org.apache.hadoop.mapreduce.v2.api.records.Counters;
import org.apache.hadoop.mapreduce.v2.api.records.JobId;
import org.apache.hadoop.mapreduce.v2.api.records.JobReport;
@@ -46,8 +46,9 @@ import org.apache.hadoop.mapreduce.v2.ap
import org.apache.hadoop.mapreduce.v2.api.records.TaskType;
import org.apache.hadoop.mapreduce.v2.app.job.Task;
import org.apache.hadoop.mapreduce.v2.util.JobHistoryUtils;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.authorize.AccessControlList;
import org.apache.hadoop.yarn.YarnException;
-import org.apache.hadoop.yarn.conf.YARNApplicationConstants;
import org.apache.hadoop.yarn.factory.providers.RecordFactoryProvider;
@@ -246,4 +247,16 @@ public class CompletedJob implements org
return reduceTasks;
}
}
+
+ @Override
+ public boolean checkAccess(UserGroupInformation callerUGI, JobACL jobOperation) {
+ if (!UserGroupInformation.isSecurityEnabled()) {
+ return true;
+ }
+ Map<JobACL, AccessControlList> jobACLs = jobInfo.getJobACLs();
+ AccessControlList jobACL = jobACLs.get(jobOperation);
+ JobACLsManager aclsMgr = new JobACLsManager(conf);
+ return aclsMgr.checkAccess(callerUGI, jobOperation,
+ jobInfo.getUsername(), jobACL);
+ }
}