YARN-2621. Simplify the output when the user doesn't have the access for getDomain(s). Contributed by Zhijie Shen

(cherry picked from commit 233d446be1)
This commit is contained in:
Jian He 2014-10-16 16:37:21 -07:00
parent fddbf52caa
commit caba212f12
3 changed files with 28 additions and 52 deletions

View File

@ -327,6 +327,9 @@ Release 2.6.0 - UNRELEASED
YARN-2312. Deprecated old ContainerId#getId API and updated MapReduce to YARN-2312. Deprecated old ContainerId#getId API and updated MapReduce to
use ContainerId#getContainerId instead. (Tsuyoshi OZAWA via jianhe) use ContainerId#getContainerId instead. (Tsuyoshi OZAWA via jianhe)
YARN-2621. Simplify the output when the user doesn't have the access for
getDomain(s). (Zhijie Shen via jianhe)
OPTIMIZATIONS OPTIMIZATIONS
BUG FIXES BUG FIXES

View File

@ -361,8 +361,7 @@ public class TimelineDataManager extends AbstractService {
/** /**
* Get a single domain of the particular ID. If callerUGI is not the owner * Get a single domain of the particular ID. If callerUGI is not the owner
* or the admin of the domain, we need to hide the details from him, and * or the admin of the domain, null will be returned.
* only allow him to see the ID.
*/ */
public TimelineDomain getDomain(String domainId, public TimelineDomain getDomain(String domainId,
UserGroupInformation callerUGI) throws YarnException, IOException { UserGroupInformation callerUGI) throws YarnException, IOException {
@ -370,9 +369,6 @@ public class TimelineDataManager extends AbstractService {
if (domain != null) { if (domain != null) {
if (timelineACLsManager.checkAccess(callerUGI, domain)) { if (timelineACLsManager.checkAccess(callerUGI, domain)) {
return domain; return domain;
} else {
hideDomainDetails(domain);
return domain;
} }
} }
return null; return null;
@ -380,34 +376,22 @@ public class TimelineDataManager extends AbstractService {
/** /**
* Get all the domains that belong to the given owner. If callerUGI is not * Get all the domains that belong to the given owner. If callerUGI is not
* the owner or the admin of the domain, we need to hide the details from * the owner or the admin of the domain, empty list is going to be returned.
* him, and only allow him to see the ID.
*/ */
public TimelineDomains getDomains(String owner, public TimelineDomains getDomains(String owner,
UserGroupInformation callerUGI) throws YarnException, IOException { UserGroupInformation callerUGI) throws YarnException, IOException {
TimelineDomains domains = store.getDomains(owner); TimelineDomains domains = store.getDomains(owner);
boolean hasAccess = true; boolean hasAccess = true;
boolean isChecked = false; if (domains.getDomains().size() > 0) {
for (TimelineDomain domain : domains.getDomains()) { // The owner for each domain is the same, just need to check one
// The owner for each domain is the same, just need to check on hasAccess = timelineACLsManager.checkAccess(
if (!isChecked) { callerUGI, domains.getDomains().get(0));
hasAccess = timelineACLsManager.checkAccess(callerUGI, domain);
isChecked = true;
}
if (!hasAccess) {
hideDomainDetails(domain);
}
} }
if (hasAccess) {
return domains; return domains;
} else {
return new TimelineDomains();
} }
private static void hideDomainDetails(TimelineDomain domain) {
domain.setDescription(null);
domain.setOwner(null);
domain.setReaders(null);
domain.setWriters(null);
domain.setCreatedTime(null);
domain.setModifiedTime(null);
} }
private static boolean extendFields(EnumSet<Field> fieldEnums) { private static boolean extendFields(EnumSet<Field> fieldEnums) {

View File

@ -807,7 +807,7 @@ public class TestTimelineWebServices extends JerseyTest {
.get(ClientResponse.class); .get(ClientResponse.class);
Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType()); Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType());
TimelineDomain domain = response.getEntity(TimelineDomain.class); TimelineDomain domain = response.getEntity(TimelineDomain.class);
verifyDomain(domain, "domain_id_1", true); verifyDomain(domain, "domain_id_1");
} }
@Test @Test
@ -823,7 +823,7 @@ public class TestTimelineWebServices extends JerseyTest {
.get(ClientResponse.class); .get(ClientResponse.class);
Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType()); Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType());
TimelineDomain domain = response.getEntity(TimelineDomain.class); TimelineDomain domain = response.getEntity(TimelineDomain.class);
verifyDomain(domain, "domain_id_1", true); verifyDomain(domain, "domain_id_1");
response = r.path("ws").path("v1").path("timeline") response = r.path("ws").path("v1").path("timeline")
.path("domain").path("domain_id_1") .path("domain").path("domain_id_1")
@ -831,8 +831,8 @@ public class TestTimelineWebServices extends JerseyTest {
.accept(MediaType.APPLICATION_JSON) .accept(MediaType.APPLICATION_JSON)
.get(ClientResponse.class); .get(ClientResponse.class);
Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType()); Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType());
domain = response.getEntity(TimelineDomain.class); Assert.assertEquals(ClientResponse.Status.NOT_FOUND,
verifyDomain(domain, "domain_id_1", false); response.getClientResponseStatus());
} finally { } finally {
timelineACLsManager.setAdminACLsManager(oldAdminACLsManager); timelineACLsManager.setAdminACLsManager(oldAdminACLsManager);
} }
@ -851,7 +851,7 @@ public class TestTimelineWebServices extends JerseyTest {
Assert.assertEquals(2, domains.getDomains().size()); Assert.assertEquals(2, domains.getDomains().size());
for (int i = 0; i < domains.getDomains().size(); ++i) { for (int i = 0; i < domains.getDomains().size(); ++i) {
verifyDomain(domains.getDomains().get(i), verifyDomain(domains.getDomains().get(i),
i == 0 ? "domain_id_4" : "domain_id_1", true); i == 0 ? "domain_id_4" : "domain_id_1");
} }
} }
@ -871,7 +871,7 @@ public class TestTimelineWebServices extends JerseyTest {
Assert.assertEquals(2, domains.getDomains().size()); Assert.assertEquals(2, domains.getDomains().size());
for (int i = 0; i < domains.getDomains().size(); ++i) { for (int i = 0; i < domains.getDomains().size(); ++i) {
verifyDomain(domains.getDomains().get(i), verifyDomain(domains.getDomains().get(i),
i == 0 ? "domain_id_4" : "domain_id_1", true); i == 0 ? "domain_id_4" : "domain_id_1");
} }
response = r.path("ws").path("v1").path("timeline") response = r.path("ws").path("v1").path("timeline")
@ -882,11 +882,7 @@ public class TestTimelineWebServices extends JerseyTest {
.get(ClientResponse.class); .get(ClientResponse.class);
Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType()); Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType());
domains = response.getEntity(TimelineDomains.class); domains = response.getEntity(TimelineDomains.class);
Assert.assertEquals(2, domains.getDomains().size()); Assert.assertEquals(0, domains.getDomains().size());
for (int i = 0; i < domains.getDomains().size(); ++i) {
verifyDomain(domains.getDomains().get(i),
i == 0 ? "domain_id_4" : "domain_id_1", false);
}
} finally { } finally {
timelineACLsManager.setAdminACLsManager(oldAdminACLsManager); timelineACLsManager.setAdminACLsManager(oldAdminACLsManager);
} }
@ -978,22 +974,15 @@ public class TestTimelineWebServices extends JerseyTest {
} }
} }
private static void verifyDomain(TimelineDomain domain, private static void verifyDomain(TimelineDomain domain, String domainId) {
String domainId, boolean hasAccess) {
Assert.assertNotNull(domain); Assert.assertNotNull(domain);
Assert.assertEquals(domainId, domain.getId()); Assert.assertEquals(domainId, domain.getId());
// The specific values have been verified in TestMemoryTimelineStore // The specific values have been verified in TestMemoryTimelineStore
Assert.assertTrue(hasAccess && domain.getDescription() != null || Assert.assertNotNull(domain.getDescription());
!hasAccess && domain.getDescription() == null); Assert.assertNotNull(domain.getOwner());
Assert.assertTrue(hasAccess && domain.getOwner() != null || Assert.assertNotNull(domain.getReaders());
!hasAccess && domain.getOwner() == null); Assert.assertNotNull(domain.getWriters());
Assert.assertTrue(hasAccess && domain.getReaders() != null || Assert.assertNotNull(domain.getCreatedTime());
!hasAccess && domain.getReaders() == null); Assert.assertNotNull(domain.getModifiedTime());
Assert.assertTrue(hasAccess && domain.getWriters() != null ||
!hasAccess && domain.getWriters() == null);
Assert.assertTrue(hasAccess && domain.getCreatedTime() != null ||
!hasAccess && domain.getCreatedTime() == null);
Assert.assertTrue(hasAccess && domain.getModifiedTime() != null ||
!hasAccess && domain.getModifiedTime() == null);
} }
} }