[
https://issues.apache.org/jira/browse/HADOOP-5419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12694894#action_12694894
]
rahul k singh commented on HADOOP-5419:
---------------------------------------
Command and O/p
hadoop queue -showacls
{noformat}
Queue acls for user : <username>
Queue Name : qu1 Operations : acl-submit-job acl-administer-jobs
Queue Name : qu3 Operations : acl-submit-job acl-administer-jobs
{noformat}
New class QueueAclsInfo is introduced to encapsulate Queue name and Queue
operation data on the client side.
{code:title=QueueAclsInfo.java}
/**
* Class to encapsulate Queue ACLs for a particular
* user.
*
*/
class QueueAclsInfo implements Writable {
private String queueName;
private String[] operations;
/**
* Default constructor for QueueAclsInfo.
*
*/
{code}
Added new method to JobSubmissionProtocol
{code:title=JobSubmissionProtocol.java}
/**
* Gets the Queue ACLs for a user
* @param userName User name
* @return array of QueueAclsInfo object for a user.
* @throws IOException
*/
public QueueAclsInfo[] getQueueAclsInfo(String userName) throws IOException;
{code}
Implementation of this method is provided in QueueManager.java
{code:title=QueueManager.java}
/**
* Generates the array of QueueAclsInfo object. The array consists of only
those queues
* for which user has acls
*
* @param username
* @return QueueAclsInfo[]
* @throws java.io.IOException
*/
QueueAclsInfo[] getQueueAclsInfo(String username) throws IOException{
if(username == null || username.equals(""))
username = UserGroupInformation.getCurrentUGI().getUserName();
//List of all QueueAclsInfo objects , this list is returned
ArrayList<QueueAclsInfo> queueAclsInfolist = new ArrayList<QueueAclsInfo>();
Iterator<String> iter = queueNames.iterator();
QueueOperation[] operations = QueueOperation.values();
while(iter.hasNext()){
String queueName = iter.next();
//QueueAclsInfo object for queue queueName, this object is lazily
initialized when there is atleast one queue operation
//supported for the current queue
QueueAclsInfo queueAclsInfo = null;
//Initialize operationsAllowed only if atleast 1 operation is supported
for user <username>
//for queue <queueName>
ArrayList<String> operationsAllowed = null;
//Check if user has access for particular operations
for(int i = 0;i < operations.length;i++){
AccessControlList acl =
aclsMap.get(toFullPropertyName(queueName,operations[i].getAclName()));
if(acl == null){
//No acls for this operation
continue;
}else{
boolean allowed = acl.allAllowed();
if(allowed) { //All users granted access for this operation in queue
<queueName>
if(operationsAllowed == null) {
operationsAllowed = new ArrayList<String>();
}
operationsAllowed.add(operations[i].getAclName());
}else { // All users have not been granted access , check if this user
<username> is .
if(acl.getUsers().contains(username)) {
if(operationsAllowed == null)
operationsAllowed = new ArrayList<String>();
operationsAllowed.add(operations[i].getAclName());
}
}
}
}
//Check if user username has acls for queue queueName
//if not no need to create QueueAclsInfo object
if(operationsAllowed != null) {
//There is atleast 1 operation supported for queue <queueName>, hence
initialize queueAclsInfo
queueAclsInfo = new
QueueAclsInfo(queueName,operationsAllowed.toArray(new
String[operationsAllowed.size()]));
queueAclsInfolist.add(queueAclsInfo);
}
}
return queueAclsInfolist.toArray(new
QueueAclsInfo[queueAclsInfolist.size()]);
}
}
{code}
> Provide a way for users to find out what operations they can do on which M/R
> queues
> -----------------------------------------------------------------------------------
>
> Key: HADOOP-5419
> URL: https://issues.apache.org/jira/browse/HADOOP-5419
> Project: Hadoop Core
> Issue Type: Improvement
> Components: mapred
> Reporter: Hemanth Yamijala
> Assignee: rahul k singh
>
> This issue is to provide an improvement on the existing M/R framework to let
> users know which queues they have access to, and for what operations. One use
> case for this would that currently there is no easy way to know if the user
> has access to submit jobs to a queue, until it fails with an access control
> exception.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
