YARN-2621. Simplify the output when the user doesn't have the access for getDomain(s). Contributed by Zhijie Shen
(cherry picked from commit 233d446be1
)
This commit is contained in:
parent
fddbf52caa
commit
caba212f12
|
@ -327,6 +327,9 @@ Release 2.6.0 - UNRELEASED
|
||||||
YARN-2312. Deprecated old ContainerId#getId API and updated MapReduce to
|
YARN-2312. Deprecated old ContainerId#getId API and updated MapReduce to
|
||||||
use ContainerId#getContainerId instead. (Tsuyoshi OZAWA via jianhe)
|
use ContainerId#getContainerId instead. (Tsuyoshi OZAWA via jianhe)
|
||||||
|
|
||||||
|
YARN-2621. Simplify the output when the user doesn't have the access for
|
||||||
|
getDomain(s). (Zhijie Shen via jianhe)
|
||||||
|
|
||||||
OPTIMIZATIONS
|
OPTIMIZATIONS
|
||||||
|
|
||||||
BUG FIXES
|
BUG FIXES
|
||||||
|
|
|
@ -361,8 +361,7 @@ public class TimelineDataManager extends AbstractService {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get a single domain of the particular ID. If callerUGI is not the owner
|
* Get a single domain of the particular ID. If callerUGI is not the owner
|
||||||
* or the admin of the domain, we need to hide the details from him, and
|
* or the admin of the domain, null will be returned.
|
||||||
* only allow him to see the ID.
|
|
||||||
*/
|
*/
|
||||||
public TimelineDomain getDomain(String domainId,
|
public TimelineDomain getDomain(String domainId,
|
||||||
UserGroupInformation callerUGI) throws YarnException, IOException {
|
UserGroupInformation callerUGI) throws YarnException, IOException {
|
||||||
|
@ -370,9 +369,6 @@ public class TimelineDataManager extends AbstractService {
|
||||||
if (domain != null) {
|
if (domain != null) {
|
||||||
if (timelineACLsManager.checkAccess(callerUGI, domain)) {
|
if (timelineACLsManager.checkAccess(callerUGI, domain)) {
|
||||||
return domain;
|
return domain;
|
||||||
} else {
|
|
||||||
hideDomainDetails(domain);
|
|
||||||
return domain;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
|
@ -380,34 +376,22 @@ public class TimelineDataManager extends AbstractService {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get all the domains that belong to the given owner. If callerUGI is not
|
* Get all the domains that belong to the given owner. If callerUGI is not
|
||||||
* the owner or the admin of the domain, we need to hide the details from
|
* the owner or the admin of the domain, empty list is going to be returned.
|
||||||
* him, and only allow him to see the ID.
|
|
||||||
*/
|
*/
|
||||||
public TimelineDomains getDomains(String owner,
|
public TimelineDomains getDomains(String owner,
|
||||||
UserGroupInformation callerUGI) throws YarnException, IOException {
|
UserGroupInformation callerUGI) throws YarnException, IOException {
|
||||||
TimelineDomains domains = store.getDomains(owner);
|
TimelineDomains domains = store.getDomains(owner);
|
||||||
boolean hasAccess = true;
|
boolean hasAccess = true;
|
||||||
boolean isChecked = false;
|
if (domains.getDomains().size() > 0) {
|
||||||
for (TimelineDomain domain : domains.getDomains()) {
|
// The owner for each domain is the same, just need to check one
|
||||||
// The owner for each domain is the same, just need to check on
|
hasAccess = timelineACLsManager.checkAccess(
|
||||||
if (!isChecked) {
|
callerUGI, domains.getDomains().get(0));
|
||||||
hasAccess = timelineACLsManager.checkAccess(callerUGI, domain);
|
|
||||||
isChecked = true;
|
|
||||||
}
|
|
||||||
if (!hasAccess) {
|
|
||||||
hideDomainDetails(domain);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
if (hasAccess) {
|
||||||
return domains;
|
return domains;
|
||||||
|
} else {
|
||||||
|
return new TimelineDomains();
|
||||||
}
|
}
|
||||||
|
|
||||||
private static void hideDomainDetails(TimelineDomain domain) {
|
|
||||||
domain.setDescription(null);
|
|
||||||
domain.setOwner(null);
|
|
||||||
domain.setReaders(null);
|
|
||||||
domain.setWriters(null);
|
|
||||||
domain.setCreatedTime(null);
|
|
||||||
domain.setModifiedTime(null);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private static boolean extendFields(EnumSet<Field> fieldEnums) {
|
private static boolean extendFields(EnumSet<Field> fieldEnums) {
|
||||||
|
|
|
@ -807,7 +807,7 @@ public class TestTimelineWebServices extends JerseyTest {
|
||||||
.get(ClientResponse.class);
|
.get(ClientResponse.class);
|
||||||
Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType());
|
Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType());
|
||||||
TimelineDomain domain = response.getEntity(TimelineDomain.class);
|
TimelineDomain domain = response.getEntity(TimelineDomain.class);
|
||||||
verifyDomain(domain, "domain_id_1", true);
|
verifyDomain(domain, "domain_id_1");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -823,7 +823,7 @@ public class TestTimelineWebServices extends JerseyTest {
|
||||||
.get(ClientResponse.class);
|
.get(ClientResponse.class);
|
||||||
Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType());
|
Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType());
|
||||||
TimelineDomain domain = response.getEntity(TimelineDomain.class);
|
TimelineDomain domain = response.getEntity(TimelineDomain.class);
|
||||||
verifyDomain(domain, "domain_id_1", true);
|
verifyDomain(domain, "domain_id_1");
|
||||||
|
|
||||||
response = r.path("ws").path("v1").path("timeline")
|
response = r.path("ws").path("v1").path("timeline")
|
||||||
.path("domain").path("domain_id_1")
|
.path("domain").path("domain_id_1")
|
||||||
|
@ -831,8 +831,8 @@ public class TestTimelineWebServices extends JerseyTest {
|
||||||
.accept(MediaType.APPLICATION_JSON)
|
.accept(MediaType.APPLICATION_JSON)
|
||||||
.get(ClientResponse.class);
|
.get(ClientResponse.class);
|
||||||
Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType());
|
Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType());
|
||||||
domain = response.getEntity(TimelineDomain.class);
|
Assert.assertEquals(ClientResponse.Status.NOT_FOUND,
|
||||||
verifyDomain(domain, "domain_id_1", false);
|
response.getClientResponseStatus());
|
||||||
} finally {
|
} finally {
|
||||||
timelineACLsManager.setAdminACLsManager(oldAdminACLsManager);
|
timelineACLsManager.setAdminACLsManager(oldAdminACLsManager);
|
||||||
}
|
}
|
||||||
|
@ -851,7 +851,7 @@ public class TestTimelineWebServices extends JerseyTest {
|
||||||
Assert.assertEquals(2, domains.getDomains().size());
|
Assert.assertEquals(2, domains.getDomains().size());
|
||||||
for (int i = 0; i < domains.getDomains().size(); ++i) {
|
for (int i = 0; i < domains.getDomains().size(); ++i) {
|
||||||
verifyDomain(domains.getDomains().get(i),
|
verifyDomain(domains.getDomains().get(i),
|
||||||
i == 0 ? "domain_id_4" : "domain_id_1", true);
|
i == 0 ? "domain_id_4" : "domain_id_1");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -871,7 +871,7 @@ public class TestTimelineWebServices extends JerseyTest {
|
||||||
Assert.assertEquals(2, domains.getDomains().size());
|
Assert.assertEquals(2, domains.getDomains().size());
|
||||||
for (int i = 0; i < domains.getDomains().size(); ++i) {
|
for (int i = 0; i < domains.getDomains().size(); ++i) {
|
||||||
verifyDomain(domains.getDomains().get(i),
|
verifyDomain(domains.getDomains().get(i),
|
||||||
i == 0 ? "domain_id_4" : "domain_id_1", true);
|
i == 0 ? "domain_id_4" : "domain_id_1");
|
||||||
}
|
}
|
||||||
|
|
||||||
response = r.path("ws").path("v1").path("timeline")
|
response = r.path("ws").path("v1").path("timeline")
|
||||||
|
@ -882,11 +882,7 @@ public class TestTimelineWebServices extends JerseyTest {
|
||||||
.get(ClientResponse.class);
|
.get(ClientResponse.class);
|
||||||
Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType());
|
Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType());
|
||||||
domains = response.getEntity(TimelineDomains.class);
|
domains = response.getEntity(TimelineDomains.class);
|
||||||
Assert.assertEquals(2, domains.getDomains().size());
|
Assert.assertEquals(0, domains.getDomains().size());
|
||||||
for (int i = 0; i < domains.getDomains().size(); ++i) {
|
|
||||||
verifyDomain(domains.getDomains().get(i),
|
|
||||||
i == 0 ? "domain_id_4" : "domain_id_1", false);
|
|
||||||
}
|
|
||||||
} finally {
|
} finally {
|
||||||
timelineACLsManager.setAdminACLsManager(oldAdminACLsManager);
|
timelineACLsManager.setAdminACLsManager(oldAdminACLsManager);
|
||||||
}
|
}
|
||||||
|
@ -978,22 +974,15 @@ public class TestTimelineWebServices extends JerseyTest {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static void verifyDomain(TimelineDomain domain,
|
private static void verifyDomain(TimelineDomain domain, String domainId) {
|
||||||
String domainId, boolean hasAccess) {
|
|
||||||
Assert.assertNotNull(domain);
|
Assert.assertNotNull(domain);
|
||||||
Assert.assertEquals(domainId, domain.getId());
|
Assert.assertEquals(domainId, domain.getId());
|
||||||
// The specific values have been verified in TestMemoryTimelineStore
|
// The specific values have been verified in TestMemoryTimelineStore
|
||||||
Assert.assertTrue(hasAccess && domain.getDescription() != null ||
|
Assert.assertNotNull(domain.getDescription());
|
||||||
!hasAccess && domain.getDescription() == null);
|
Assert.assertNotNull(domain.getOwner());
|
||||||
Assert.assertTrue(hasAccess && domain.getOwner() != null ||
|
Assert.assertNotNull(domain.getReaders());
|
||||||
!hasAccess && domain.getOwner() == null);
|
Assert.assertNotNull(domain.getWriters());
|
||||||
Assert.assertTrue(hasAccess && domain.getReaders() != null ||
|
Assert.assertNotNull(domain.getCreatedTime());
|
||||||
!hasAccess && domain.getReaders() == null);
|
Assert.assertNotNull(domain.getModifiedTime());
|
||||||
Assert.assertTrue(hasAccess && domain.getWriters() != null ||
|
|
||||||
!hasAccess && domain.getWriters() == null);
|
|
||||||
Assert.assertTrue(hasAccess && domain.getCreatedTime() != null ||
|
|
||||||
!hasAccess && domain.getCreatedTime() == null);
|
|
||||||
Assert.assertTrue(hasAccess && domain.getModifiedTime() != null ||
|
|
||||||
!hasAccess && domain.getModifiedTime() == null);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue