コード例 #1
0
  private static void bindACLProperties(final ACL acl, final Properties extensionProperties)
      throws FalconException {
    if (!SecurityUtil.isAuthorizationEnabled()) {
      return;
    }

    String aclowner = extensionProperties.getProperty(ExtensionProperties.JOB_ACL_OWNER.getName());
    if (StringUtils.isNotEmpty(aclowner)) {
      acl.setOwner(aclowner);
    } else {
      throw new FalconException(
          "ACL owner extension property cannot be null or empty when authorization is "
              + "enabled");
    }

    String aclGroup = extensionProperties.getProperty(ExtensionProperties.JOB_ACL_GROUP.getName());
    if (StringUtils.isNotEmpty(aclGroup)) {
      acl.setGroup(aclGroup);
    } else {
      throw new FalconException(
          "ACL group extension property cannot be null or empty when authorization is "
              + "enabled");
    }

    String aclPermission =
        extensionProperties.getProperty(ExtensionProperties.JOB_ACL_PERMISSION.getName());
    if (StringUtils.isNotEmpty(aclPermission)) {
      acl.setPermission(aclPermission);
    } else {
      throw new FalconException(
          "ACL permission extension property cannot be null or empty when authorization is "
              + "enabled");
    }
  }
コード例 #2
0
  /**
   * KLUDGE - Until ACL is mandated entity passed should be decorated for equals check to pass.
   * existingEntity in config store will have teh decoration and equals check fails if entity passed
   * is not decorated for checking if entity already exists.
   *
   * @param entity entity
   */
  private void decorateEntityWithACL(Entity entity) {
    if (SecurityUtil.isAuthorizationEnabled() || entity.getACL() != null) {
      return; // not necessary to decorate
    }

    final String proxyUser = CurrentUser.getUser();
    final String defaultGroupName = CurrentUser.getPrimaryGroupName();
    switch (entity.getEntityType()) {
      case CLUSTER:
        org.apache.falcon.entity.v0.cluster.ACL clusterACL =
            new org.apache.falcon.entity.v0.cluster.ACL();
        clusterACL.setOwner(proxyUser);
        clusterACL.setGroup(defaultGroupName);
        ((org.apache.falcon.entity.v0.cluster.Cluster) entity).setACL(clusterACL);
        break;

      case FEED:
        org.apache.falcon.entity.v0.feed.ACL feedACL = new org.apache.falcon.entity.v0.feed.ACL();
        feedACL.setOwner(proxyUser);
        feedACL.setGroup(defaultGroupName);
        ((org.apache.falcon.entity.v0.feed.Feed) entity).setACL(feedACL);
        break;

      case PROCESS:
        org.apache.falcon.entity.v0.process.ACL processACL =
            new org.apache.falcon.entity.v0.process.ACL();
        processACL.setOwner(proxyUser);
        processACL.setGroup(defaultGroupName);
        ((org.apache.falcon.entity.v0.process.Process) entity).setACL(processACL);
        break;

      default:
        break;
    }
  }
コード例 #3
0
  private Entity buildProcess(String name, String username, String tags, String pipelines) {
    ACL acl = new ACL();
    acl.setOwner(username);
    acl.setGroup("hdfs");
    acl.setPermission("*");

    Process process = new Process();
    process.setName(name);
    process.setACL(acl);
    if (!StringUtils.isEmpty(pipelines)) {
      process.setPipelines(pipelines);
    }
    if (!StringUtils.isEmpty(tags)) {
      process.setTags(tags);
    }
    process.setClusters(buildClusters("cluster" + name));
    return process;
  }