[
https://issues.apache.org/jira/browse/HADOOP-5419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12694894#action_12694894
]
rahul k singh edited comment on HADOOP-5419 at 4/2/09 1:52 AM:
---------------------------------------------------------------
Command and O/p
hadoop queue -showacls
{noformat}
Queue acls for user : <username>
Queue Name : qu1 Operations : acl-submit-job acl-administer-jobs
Queue Name : qu3 Operations : acl-submit-job acl-administer-jobs
{noformat}
New interface method is introduced in JobSubmissionProtocol to fetch the Acls
information. This interface provides list of all the queue acls and operations
allowed. List only consists of queue for which user has atleast 1 acl.
New class QueueAclsInfo is introduced to encapsulate Queue name and Queue
operation data on the client side.
{code:title=QueueAclsInfo.java}z
/**
* Class to encapsulate Queue ACLs for a particular
* user.
*
*/
class QueueAclsInfo implements Writable {
private String queueName;
private String[] operations;
/**
* Default constructor for QueueAclsInfo.
*
*/
{code}
Added new method to JobSubmissionProtocol
{code:title=JobSubmissionProtocol.java}
/**
* Gets the Queue ACLs for a user
* @param userName User name
* @return array of QueueAclsInfo object for a user.
* @throws IOException
*/
public QueueAclsInfo[] getQueueAclsInfo(String userName) throws IOException;
{code}
Implementation of this method is provided in QueueManager.java
{code:title=QueueManager.java}
/**
* Generates the array of QueueAclsInfo object. The array consists of only
those queues
* for which user has acls
*
* @param username
* @return QueueAclsInfo[]
* @throws java.io.IOException
*/
QueueAclsInfo[] getQueueAclsInfo(String username) throws IOException{
if(username == null || username.equals(""))
username = UserGroupInformation.getCurrentUGI().getUserName();
//List of all QueueAclsInfo objects , this list is returned
ArrayList<QueueAclsInfo> queueAclsInfolist = new ArrayList<QueueAclsInfo>();
Iterator<String> iter = queueNames.iterator();
QueueOperation[] operations = QueueOperation.values();
while(iter.hasNext()){
String queueName = iter.next();
//QueueAclsInfo object for queue queueName, this object is lazily
initialized when there is atleast one queue operation
//supported for the current queue
QueueAclsInfo queueAclsInfo = null;
//Initialize operationsAllowed only if atleast 1 operation is supported
for user <username>
//for queue <queueName>
ArrayList<String> operationsAllowed = null;
//Check if user has access for particular operations
for(int i = 0;i < operations.length;i++){
AccessControlList acl =
aclsMap.get(toFullPropertyName(queueName,operations[i].getAclName()));
if(acl == null){
//No acls for this operation
continue;
}else{
boolean allowed = acl.allAllowed();
if(allowed) { //All users granted access for this operation in queue
<queueName>
if(operationsAllowed == null) {
operationsAllowed = new ArrayList<String>();
}
operationsAllowed.add(operations[i].getAclName());
}else { // All users have not been granted access , check if this user
<username> is .
if(acl.getUsers().contains(username)) {
if(operationsAllowed == null)
operationsAllowed = new ArrayList<String>();
operationsAllowed.add(operations[i].getAclName());
}
}
}
}
//Check if user username has acls for queue queueName
//if not no need to create QueueAclsInfo object
if(operationsAllowed != null) {
//There is atleast 1 operation supported for queue <queueName>, hence
initialize queueAclsInfo
queueAclsInfo = new
QueueAclsInfo(queueName,operationsAllowed.toArray(new
String[operationsAllowed.size()]));
queueAclsInfolist.add(queueAclsInfo);
}
}
return queueAclsInfolist.toArray(new
QueueAclsInfo[queueAclsInfolist.size()]);
}
}
{code}
was (Author: rksingh):
Command and O/p
hadoop queue -showacls
{noformat}
Queue acls for user : <username>
Queue Name : qu1 Operations : acl-submit-job acl-administer-jobs
Queue Name : qu3 Operations : acl-submit-job acl-administer-jobs
{noformat}
New class QueueAclsInfo is introduced to encapsulate Queue name and Queue
operation data on the client side.
{code:title=QueueAclsInfo.java}
/**
* Class to encapsulate Queue ACLs for a particular
* user.
*
*/
class QueueAclsInfo implements Writable {
private String queueName;
private String[] operations;
/**
* Default constructor for QueueAclsInfo.
*
*/
{code}
Added new method to JobSubmissionProtocol
{code:title=JobSubmissionProtocol.java}
/**
* Gets the Queue ACLs for a user
* @param userName User name
* @return array of QueueAclsInfo object for a user.
* @throws IOException
*/
public QueueAclsInfo[] getQueueAclsInfo(String userName) throws IOException;
{code}
Implementation of this method is provided in QueueManager.java
{code:title=QueueManager.java}
/**
* Generates the array of QueueAclsInfo object. The array consists of only
those queues
* for which user has acls
*
* @param username
* @return QueueAclsInfo[]
* @throws java.io.IOException
*/
QueueAclsInfo[] getQueueAclsInfo(String username) throws IOException{
if(username == null || username.equals(""))
username = UserGroupInformation.getCurrentUGI().getUserName();
//List of all QueueAclsInfo objects , this list is returned
ArrayList<QueueAclsInfo> queueAclsInfolist = new ArrayList<QueueAclsInfo>();
Iterator<String> iter = queueNames.iterator();
QueueOperation[] operations = QueueOperation.values();
while(iter.hasNext()){
String queueName = iter.next();
//QueueAclsInfo object for queue queueName, this object is lazily
initialized when there is atleast one queue operation
//supported for the current queue
QueueAclsInfo queueAclsInfo = null;
//Initialize operationsAllowed only if atleast 1 operation is supported
for user <username>
//for queue <queueName>
ArrayList<String> operationsAllowed = null;
//Check if user has access for particular operations
for(int i = 0;i < operations.length;i++){
AccessControlList acl =
aclsMap.get(toFullPropertyName(queueName,operations[i].getAclName()));
if(acl == null){
//No acls for this operation
continue;
}else{
boolean allowed = acl.allAllowed();
if(allowed) { //All users granted access for this operation in queue
<queueName>
if(operationsAllowed == null) {
operationsAllowed = new ArrayList<String>();
}
operationsAllowed.add(operations[i].getAclName());
}else { // All users have not been granted access , check if this user
<username> is .
if(acl.getUsers().contains(username)) {
if(operationsAllowed == null)
operationsAllowed = new ArrayList<String>();
operationsAllowed.add(operations[i].getAclName());
}
}
}
}
//Check if user username has acls for queue queueName
//if not no need to create QueueAclsInfo object
if(operationsAllowed != null) {
//There is atleast 1 operation supported for queue <queueName>, hence
initialize queueAclsInfo
queueAclsInfo = new
QueueAclsInfo(queueName,operationsAllowed.toArray(new
String[operationsAllowed.size()]));
queueAclsInfolist.add(queueAclsInfo);
}
}
return queueAclsInfolist.toArray(new
QueueAclsInfo[queueAclsInfolist.size()]);
}
}
{code}
> Provide a way for users to find out what operations they can do on which M/R
> queues
> -----------------------------------------------------------------------------------
>
> Key: HADOOP-5419
> URL: https://issues.apache.org/jira/browse/HADOOP-5419
> Project: Hadoop Core
> Issue Type: Improvement
> Components: mapred
> Reporter: Hemanth Yamijala
> Assignee: rahul k singh
> Attachments: hadoop-5419.patch
>
>
> This issue is to provide an improvement on the existing M/R framework to let
> users know which queues they have access to, and for what operations. One use
> case for this would that currently there is no easy way to know if the user
> has access to submit jobs to a queue, until it fails with an access control
> exception.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
