You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ji...@apache.org on 2014/12/31 02:15:51 UTC
hadoop git commit: YARN-2987. Fixed ClientRMService#getQueueInfo to
check against queue and app ACLs. Contributed by Varun Saxena
Repository: hadoop
Updated Branches:
refs/heads/trunk b7442bf92 -> e2351c7ae
YARN-2987. Fixed ClientRMService#getQueueInfo to check against queue and app ACLs. Contributed by Varun Saxena
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/e2351c7a
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/e2351c7a
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/e2351c7a
Branch: refs/heads/trunk
Commit: e2351c7ae24cea9b217af4174512d279c55e8efd
Parents: b7442bf
Author: Jian He <ji...@apache.org>
Authored: Tue Dec 30 17:15:37 2014 -0800
Committer: Jian He <ji...@apache.org>
Committed: Tue Dec 30 17:15:37 2014 -0800
----------------------------------------------------------------------
hadoop-yarn-project/CHANGES.txt | 3 ++
.../server/resourcemanager/ClientRMService.java | 19 +++++++++++-
.../resourcemanager/TestClientRMService.java | 31 +++++++++++++++++++-
3 files changed, 51 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/e2351c7a/hadoop-yarn-project/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt
index 0ebf8a3..f2115e1 100644
--- a/hadoop-yarn-project/CHANGES.txt
+++ b/hadoop-yarn-project/CHANGES.txt
@@ -297,6 +297,9 @@ Release 2.7.0 - UNRELEASED
YARN-2938. Fixed new findbugs warnings in hadoop-yarn-resourcemanager and
hadoop-yarn-applicationhistoryservice. (Varun Saxena via zjshen)
+ YARN-2987. Fixed ClientRMService#getQueueInfo to check against queue and
+ app ACLs. (Varun Saxena via jianhe)
+
Release 2.6.0 - 2014-11-18
INCOMPATIBLE CHANGES
http://git-wip-us.apache.org/repos/asf/hadoop/blob/e2351c7a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java
index bee6bf8..0c37eb9 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java
@@ -827,6 +827,14 @@ public class ClientRMService extends AbstractService implements
@Override
public GetQueueInfoResponse getQueueInfo(GetQueueInfoRequest request)
throws YarnException {
+ UserGroupInformation callerUGI;
+ try {
+ callerUGI = UserGroupInformation.getCurrentUser();
+ } catch (IOException ie) {
+ LOG.info("Error getting UGI ", ie);
+ throw RPCUtil.getRemoteException(ie);
+ }
+
GetQueueInfoResponse response =
recordFactory.newRecordInstance(GetQueueInfoResponse.class);
try {
@@ -841,7 +849,16 @@ public class ClientRMService extends AbstractService implements
appReports = new ArrayList<ApplicationReport>(apps.size());
for (ApplicationAttemptId app : apps) {
RMApp rmApp = rmContext.getRMApps().get(app.getApplicationId());
- appReports.add(rmApp.createAndGetApplicationReport(null, true));
+ if (rmApp != null) {
+ // Check if user is allowed access to this app
+ if (!checkAccess(callerUGI, rmApp.getUser(),
+ ApplicationAccessType.VIEW_APP, rmApp)) {
+ continue;
+ }
+ appReports.add(
+ rmApp.createAndGetApplicationReport(
+ callerUGI.getUserName(), true));
+ }
}
}
queueInfo.setApplications(appReports);
http://git-wip-us.apache.org/repos/asf/hadoop/blob/e2351c7a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestClientRMService.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestClientRMService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestClientRMService.java
index a344e9a..a684346 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestClientRMService.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestClientRMService.java
@@ -553,8 +553,17 @@ public class TestClientRMService {
YarnScheduler yarnScheduler = mock(YarnScheduler.class);
RMContext rmContext = mock(RMContext.class);
mockRMContext(yarnScheduler, rmContext);
+
+ ApplicationACLsManager mockAclsManager = mock(ApplicationACLsManager.class);
+ QueueACLsManager mockQueueACLsManager = mock(QueueACLsManager.class);
+ when(mockQueueACLsManager.checkAccess(any(UserGroupInformation.class),
+ any(QueueACL.class), anyString())).thenReturn(true);
+ when(mockAclsManager.checkAccess(any(UserGroupInformation.class),
+ any(ApplicationAccessType.class), anyString(),
+ any(ApplicationId.class))).thenReturn(true);
+
ClientRMService rmService = new ClientRMService(rmContext, yarnScheduler,
- null, null, null, null);
+ null, mockAclsManager, mockQueueACLsManager, null);
GetQueueInfoRequest request = recordFactory
.newRecordInstance(GetQueueInfoRequest.class);
request.setQueueName("testqueue");
@@ -567,6 +576,26 @@ public class TestClientRMService {
request.setIncludeApplications(true);
// should not throw exception on nonexistent queue
queueInfo = rmService.getQueueInfo(request);
+
+ // Case where user does not have application access
+ ApplicationACLsManager mockAclsManager1 =
+ mock(ApplicationACLsManager.class);
+ QueueACLsManager mockQueueACLsManager1 =
+ mock(QueueACLsManager.class);
+ when(mockQueueACLsManager1.checkAccess(any(UserGroupInformation.class),
+ any(QueueACL.class), anyString())).thenReturn(false);
+ when(mockAclsManager1.checkAccess(any(UserGroupInformation.class),
+ any(ApplicationAccessType.class), anyString(),
+ any(ApplicationId.class))).thenReturn(false);
+
+ ClientRMService rmService1 = new ClientRMService(rmContext, yarnScheduler,
+ null, mockAclsManager1, mockQueueACLsManager1, null);
+ request.setQueueName("testqueue");
+ request.setIncludeApplications(true);
+ GetQueueInfoResponse queueInfo1 = rmService1.getQueueInfo(request);
+ List<ApplicationReport> applications1 = queueInfo1.getQueueInfo()
+ .getApplications();
+ Assert.assertEquals(0, applications1.size());
}
private static final UserGroupInformation owner =