YARN-2987. Fixed ClientRMService#getQueueInfo to check against queue and app ACLs. Contributed by Varun Saxena
(cherry picked from commit e2351c7ae2)
This commit is contained in:
Jian He
parent
143e48c25a
commit
cde5bfe3ec
|
|
@ -265,6 +265,9 @@ Release 2.7.0 - UNRELEASED
|
||||||
YARN-2938. Fixed new findbugs warnings in hadoop-yarn-resourcemanager and
|
YARN-2938. Fixed new findbugs warnings in hadoop-yarn-resourcemanager and
|
||||||
hadoop-yarn-applicationhistoryservice. (Varun Saxena via zjshen)
|
hadoop-yarn-applicationhistoryservice. (Varun Saxena via zjshen)
|
||||||
|
|
||||||
|
YARN-2987. Fixed ClientRMService#getQueueInfo to check against queue and
|
||||||
|
app ACLs. (Varun Saxena via jianhe)
|
||||||
|
|
||||||
Release 2.6.0 - 2014-11-18
|
Release 2.6.0 - 2014-11-18
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
|
||||||
|
|
@ -826,6 +826,14 @@ public class ClientRMService extends AbstractService implements
|
||||||
@Override
|
@Override
|
||||||
public GetQueueInfoResponse getQueueInfo(GetQueueInfoRequest request)
|
public GetQueueInfoResponse getQueueInfo(GetQueueInfoRequest request)
|
||||||
throws YarnException {
|
throws YarnException {
|
||||||
|
UserGroupInformation callerUGI;
|
||||||
|
try {
|
||||||
|
callerUGI = UserGroupInformation.getCurrentUser();
|
||||||
|
} catch (IOException ie) {
|
||||||
|
LOG.info("Error getting UGI ", ie);
|
||||||
|
throw RPCUtil.getRemoteException(ie);
|
||||||
|
}
|
||||||
|
|
||||||
GetQueueInfoResponse response =
|
GetQueueInfoResponse response =
|
||||||
recordFactory.newRecordInstance(GetQueueInfoResponse.class);
|
recordFactory.newRecordInstance(GetQueueInfoResponse.class);
|
||||||
try {
|
try {
|
||||||
|
|
@ -840,7 +848,16 @@ public class ClientRMService extends AbstractService implements
|
||||||
appReports = new ArrayList<ApplicationReport>(apps.size());
|
appReports = new ArrayList<ApplicationReport>(apps.size());
|
||||||
for (ApplicationAttemptId app : apps) {
|
for (ApplicationAttemptId app : apps) {
|
||||||
RMApp rmApp = rmContext.getRMApps().get(app.getApplicationId());
|
RMApp rmApp = rmContext.getRMApps().get(app.getApplicationId());
|
||||||
appReports.add(rmApp.createAndGetApplicationReport(null, true));
|
if (rmApp != null) {
|
||||||
|
// Check if user is allowed access to this app
|
||||||
|
if (!checkAccess(callerUGI, rmApp.getUser(),
|
||||||
|
ApplicationAccessType.VIEW_APP, rmApp)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
appReports.add(
|
||||||
|
rmApp.createAndGetApplicationReport(
|
||||||
|
callerUGI.getUserName(), true));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
queueInfo.setApplications(appReports);
|
queueInfo.setApplications(appReports);
|
||||||
|
|
|
||||||
|
|
@ -553,8 +553,17 @@ public class TestClientRMService {
|
||||||
YarnScheduler yarnScheduler = mock(YarnScheduler.class);
|
YarnScheduler yarnScheduler = mock(YarnScheduler.class);
|
||||||
RMContext rmContext = mock(RMContext.class);
|
RMContext rmContext = mock(RMContext.class);
|
||||||
mockRMContext(yarnScheduler, rmContext);
|
mockRMContext(yarnScheduler, rmContext);
|
||||||
|
|
||||||
|
ApplicationACLsManager mockAclsManager = mock(ApplicationACLsManager.class);
|
||||||
|
QueueACLsManager mockQueueACLsManager = mock(QueueACLsManager.class);
|
||||||
|
when(mockQueueACLsManager.checkAccess(any(UserGroupInformation.class),
|
||||||
|
any(QueueACL.class), anyString())).thenReturn(true);
|
||||||
|
when(mockAclsManager.checkAccess(any(UserGroupInformation.class),
|
||||||
|
any(ApplicationAccessType.class), anyString(),
|
||||||
|
any(ApplicationId.class))).thenReturn(true);
|
||||||
|
|
||||||
ClientRMService rmService = new ClientRMService(rmContext, yarnScheduler,
|
ClientRMService rmService = new ClientRMService(rmContext, yarnScheduler,
|
||||||
null, null, null, null);
|
null, mockAclsManager, mockQueueACLsManager, null);
|
||||||
GetQueueInfoRequest request = recordFactory
|
GetQueueInfoRequest request = recordFactory
|
||||||
.newRecordInstance(GetQueueInfoRequest.class);
|
.newRecordInstance(GetQueueInfoRequest.class);
|
||||||
request.setQueueName("testqueue");
|
request.setQueueName("testqueue");
|
||||||
|
|
@ -567,6 +576,26 @@ public class TestClientRMService {
|
||||||
request.setIncludeApplications(true);
|
request.setIncludeApplications(true);
|
||||||
// should not throw exception on nonexistent queue
|
// should not throw exception on nonexistent queue
|
||||||
queueInfo = rmService.getQueueInfo(request);
|
queueInfo = rmService.getQueueInfo(request);
|
||||||
|
|
||||||
|
// Case where user does not have application access
|
||||||
|
ApplicationACLsManager mockAclsManager1 =
|
||||||
|
mock(ApplicationACLsManager.class);
|
||||||
|
QueueACLsManager mockQueueACLsManager1 =
|
||||||
|
mock(QueueACLsManager.class);
|
||||||
|
when(mockQueueACLsManager1.checkAccess(any(UserGroupInformation.class),
|
||||||
|
any(QueueACL.class), anyString())).thenReturn(false);
|
||||||
|
when(mockAclsManager1.checkAccess(any(UserGroupInformation.class),
|
||||||
|
any(ApplicationAccessType.class), anyString(),
|
||||||
|
any(ApplicationId.class))).thenReturn(false);
|
||||||
|
|
||||||
|
ClientRMService rmService1 = new ClientRMService(rmContext, yarnScheduler,
|
||||||
|
null, mockAclsManager1, mockQueueACLsManager1, null);
|
||||||
|
request.setQueueName("testqueue");
|
||||||
|
request.setIncludeApplications(true);
|
||||||
|
GetQueueInfoResponse queueInfo1 = rmService1.getQueueInfo(request);
|
||||||
|
List<ApplicationReport> applications1 = queueInfo1.getQueueInfo()
|
||||||
|
.getApplications();
|
||||||
|
Assert.assertEquals(0, applications1.size());
|
||||||
}
|
}
|
||||||
|
|
||||||
private static final UserGroupInformation owner =
|
private static final UserGroupInformation owner =
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue