SLIDER-547 AM to fail fast if IPC authorization is enabled, but the ACL is empty/null
Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/c0b2f767 Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/c0b2f767 Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/c0b2f767 Branch: refs/heads/develop Commit: c0b2f7679d8f0f3863769237270a2a82bb123c9e Parents: a97af55 Author: Steve Loughran <[email protected]> Authored: Tue Oct 21 12:26:10 2014 +0100 Committer: Steve Loughran <[email protected]> Committed: Tue Oct 21 12:26:10 2014 +0100 ---------------------------------------------------------------------- .../server/appmaster/SliderAppMaster.java | 37 +++++++++++++------- 1 file changed, 25 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/c0b2f767/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java b/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java index 78584c3..0a7fe33 100644 --- a/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java +++ b/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java @@ -1304,19 +1304,32 @@ public class SliderAppMaster extends AbstractSliderLaunchedService /** * Start the slider RPC server */ - private void startSliderRPCServer() throws IOException { - SliderClusterProtocolPBImpl protobufRelay = new SliderClusterProtocolPBImpl(this); + private void startSliderRPCServer() throws IOException, BadConfigException { + + // verify that if the cluster is authed, the ACLs are set. + boolean authorization = getConfig().getBoolean( + CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, + false); + String acls = getConfig().get(SliderXmlConfKeys.KEY_PROTOCOL_ACL); + if (authorization && SliderUtils.isUnset(acls)) { + throw new BadConfigException("Application has IPC authorization enabled in " + + CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION + + " but no ACLs in " + SliderXmlConfKeys.KEY_PROTOCOL_ACL); + } + SliderClusterProtocolPBImpl protobufRelay = + new SliderClusterProtocolPBImpl(this); BlockingService blockingService = SliderClusterAPI.SliderClusterProtocolPB - .newReflectiveBlockingService( - protobufRelay); - - rpcService = new WorkflowRpcService("SliderRPC", RpcBinder.createProtobufServer( - new InetSocketAddress("0.0.0.0", 0), - getConfig(), - secretManager, - NUM_RPC_HANDLERS, - blockingService, - null)); + .newReflectiveBlockingService( + protobufRelay); + + rpcService = + new WorkflowRpcService("SliderRPC", RpcBinder.createProtobufServer( + new InetSocketAddress("0.0.0.0", 0), + getConfig(), + secretManager, + NUM_RPC_HANDLERS, + blockingService, + null)); deployChildService(rpcService); }
