You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by vi...@apache.org on 2010/09/17 09:25:58 UTC
svn commit: r998001 - in /hadoop/common/trunk: CHANGES.txt
src/docs/src/documentation/content/xdocs/cluster_setup.xml
src/java/org/apache/hadoop/security/authorize/AccessControlList.java
Author: vinodkv
Date: Fri Sep 17 07:25:57 2010
New Revision: 998001
URL: http://svn.apache.org/viewvc?rev=998001&view=rev
Log:
HADOOP-6922. COMMON part of MAPREDUCE-1664. Makes AccessControlList a writable and updates documentation for Job ACLs. Contributed by Ravi Gummadi.
Modified:
hadoop/common/trunk/CHANGES.txt
hadoop/common/trunk/src/docs/src/documentation/content/xdocs/cluster_setup.xml
hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/AccessControlList.java
Modified: hadoop/common/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/CHANGES.txt?rev=998001&r1=998000&r2=998001&view=diff
==============================================================================
--- hadoop/common/trunk/CHANGES.txt (original)
+++ hadoop/common/trunk/CHANGES.txt Fri Sep 17 07:25:57 2010
@@ -131,6 +131,9 @@ Trunk (unreleased changes)
HADOOP-6950. Suggest that HADOOP_CLASSPATH should be preserved in
hadoop-env.sh.template. (Philip Zeyliger via Eli Collins)
+ HADOOP-6922. Make AccessControlList a writable and update documentation
+ for Job ACLs. (Ravi Gummadi via vinodkv)
+
OPTIMIZATIONS
HADOOP-6884. Add LOG.isDebugEnabled() guard for each LOG.debug(..).
Modified: hadoop/common/trunk/src/docs/src/documentation/content/xdocs/cluster_setup.xml
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/docs/src/documentation/content/xdocs/cluster_setup.xml?rev=998001&r1=998000&r2=998001&view=diff
==============================================================================
--- hadoop/common/trunk/src/docs/src/documentation/content/xdocs/cluster_setup.xml (original)
+++ hadoop/common/trunk/src/docs/src/documentation/content/xdocs/cluster_setup.xml Fri Sep 17 07:25:57 2010
@@ -271,17 +271,25 @@
If necessary, use these files to control the list of allowable
TaskTrackers.
</td>
- </tr>
- <tr>
- <td>mapreduce.cluster.job-authorization-enabled</td>
- <td>Boolean, specifying whether job ACLs are supported for
- authorizing view and modification of a job</td>
- <td>
- If <em>true</em>, job ACLs would be checked while viewing or
- modifying a job. More details are available at
- <a href ="ext:mapred-tutorial/JobAuthorization">Job Authorization</a>.
- </td>
- </tr>
+ </tr>
+ <tr>
+ <td>mapreduce.cluster.acls.enabled</td>
+ <td>Boolean, specifying whether checks for queue ACLs and job ACLs
+ are to be done for authorizing users for doing queue operations and
+ job operations.
+ </td>
+ <td>
+ If <em>true</em>, queue ACLs are checked while submitting
+ and administering jobs and job ACLs are checked for authorizing
+ view and modification of jobs. Queue ACLs are specified using the
+ configuration parameters of the form defined below under
+ mapred-queues.xml. Job ACLs are described at
+ mapred-tutorial in "Job Authorization" section.
+ For enabling this flag(mapreduce.cluster.acls.enabled), this is to be
+ set to true in mapred-site.xml on JobTracker node and on all
+ TaskTracker nodes.
+ </td>
+ </tr>
</table>
@@ -370,7 +378,7 @@
</p>
<source>
- <queues aclsEnabled="$aclsEnabled">
+ <queues>
<queue>
<name>$queue-name</name>
<state>$state</state>
@@ -509,11 +517,12 @@
</tr>
<tr>
- <td>acl-administer-job</td>
+ <td>acl-administer-jobs</td>
<td>Child element of a
<a href="#queue_tag"><em><queue></em></a> specifying the
- list of users and groups that can change the priority of a job
- or kill a job that has been submitted to the specified queue.
+ list of users and groups that can view job details, change the
+ priority of a job or kill a job that has been submitted to the
+ specified queue.
</td>
<td>Yes</td>
<td>
@@ -522,7 +531,7 @@
list of names. The two lists are separated by a blank.
Example: <em>user1,user2 group1,group2</em>.
If you wish to define only a list of groups, provide
- a blank at the beginning of the value. Note that an
+ a blank at the beginning of the value. Note that the
owner of a job can always change the priority or kill
his/her own job, irrespective of the ACLs.
</td>
Modified: hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/AccessControlList.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/AccessControlList.java?rev=998001&r1=998000&r2=998001&view=diff
==============================================================================
--- hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/AccessControlList.java (original)
+++ hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/AccessControlList.java Fri Sep 17 07:25:57 2010
@@ -27,6 +27,8 @@ import org.apache.hadoop.classification.
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.Writable;
+import org.apache.hadoop.io.WritableFactories;
+import org.apache.hadoop.io.WritableFactory;
import org.apache.hadoop.security.UserGroupInformation;
/**
@@ -35,7 +37,15 @@ import org.apache.hadoop.security.UserGr
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
@InterfaceStability.Evolving
public class AccessControlList implements Writable {
-
+
+ static { // register a ctor
+ WritableFactories.setFactory
+ (AccessControlList.class,
+ new WritableFactory() {
+ public Writable newInstance() { return new AccessControlList(); }
+ });
+ }
+
// Indicates an ACL string that represents access to all users
public static final String WILDCARD_ACL_VALUE = "*";
private static final int INITIAL_CAPACITY = 256;
@@ -46,7 +56,13 @@ public class AccessControlList implement
private Set<String> groups;
// Whether all users are granted access.
private boolean allAllowed;
-
+
+ /**
+ * This constructor exists primarily for AccessControlList to be Writable.
+ */
+ public AccessControlList() {
+ }
+
/**
* Construct a new ACL from a String representation of the same.
*