/**
* Helper API to support YARN and MapReduce format for specifying users and groups. Format
* supports a comma-separated list of users and groups with the users and groups separated by
* whitespace. e.g. "user1,user2 group1,group2" If the value specified is "*", all users are
* allowed to do the operation.
*
* @param viewACLsStr
* @param modifyACLsStr
*/
public DAGAccessControls(String viewACLsStr, String modifyACLsStr) {
final Configuration conf = new Configuration(false);
conf.set(TezConstants.TEZ_DAG_VIEW_ACLS, (viewACLsStr != null ? viewACLsStr : ""));
conf.set(TezConstants.TEZ_DAG_MODIFY_ACLS, (modifyACLsStr != null ? modifyACLsStr : ""));
ACLConfigurationParser parser = new ACLConfigurationParser(conf, true);
this.usersWithViewACLs = new HashSet<String>();
this.usersWithModifyACLs = new HashSet<String>();
this.groupsWithViewACLs = new HashSet<String>();
this.groupsWithModifyACLs = new HashSet<String>();
Map<ACLType, Set<String>> allowedUsers = parser.getAllowedUsers();
Map<ACLType, Set<String>> allowedGroups = parser.getAllowedGroups();
if (allowedUsers.containsKey(ACLType.DAG_VIEW_ACL)) {
this.usersWithViewACLs.addAll(allowedUsers.get(ACLType.DAG_VIEW_ACL));
}
if (allowedUsers.containsKey(ACLType.DAG_MODIFY_ACL)) {
this.usersWithModifyACLs.addAll(allowedUsers.get(ACLType.DAG_MODIFY_ACL));
}
if (allowedGroups.containsKey(ACLType.DAG_VIEW_ACL)) {
this.groupsWithViewACLs.addAll(allowedGroups.get(ACLType.DAG_VIEW_ACL));
}
if (allowedGroups.containsKey(ACLType.DAG_MODIFY_ACL)) {
this.groupsWithModifyACLs.addAll(allowedGroups.get(ACLType.DAG_MODIFY_ACL));
}
}
/**
* Merge the dag acls with the AM acls in the configuration object. The config object will contain
* the updated acls.
*
* @param conf The AM config.
*/
@Private
public synchronized void mergeIntoAmAcls(Configuration conf) {
ACLConfigurationParser parser = new ACLConfigurationParser(conf, false);
parser.addAllowedGroups(
ImmutableMap.of(
ACLType.AM_VIEW_ACL, groupsWithViewACLs, ACLType.AM_MODIFY_ACL, groupsWithModifyACLs));
parser.addAllowedUsers(
ImmutableMap.of(
ACLType.AM_VIEW_ACL, usersWithViewACLs, ACLType.AM_MODIFY_ACL, usersWithModifyACLs));
Set<String> viewUsers = parser.getAllowedUsers().get(ACLType.AM_VIEW_ACL);
Set<String> viewGroups = parser.getAllowedGroups().get(ACLType.AM_VIEW_ACL);
if (viewUsers.contains(ACLManager.WILDCARD_ACL_VALUE)) {
conf.set(TezConfiguration.TEZ_AM_VIEW_ACLS, ACLManager.WILDCARD_ACL_VALUE);
} else {
String userList = ACLManager.toCommaSeparatedString(viewUsers);
String groupList = ACLManager.toCommaSeparatedString(viewGroups);
conf.set(TezConfiguration.TEZ_AM_VIEW_ACLS, userList + " " + groupList);
}
Set<String> modifyUsers = parser.getAllowedUsers().get(ACLType.AM_MODIFY_ACL);
Set<String> modifyGroups = parser.getAllowedGroups().get(ACLType.AM_MODIFY_ACL);
if (modifyUsers.contains(ACLManager.WILDCARD_ACL_VALUE)) {
conf.set(TezConfiguration.TEZ_AM_MODIFY_ACLS, ACLManager.WILDCARD_ACL_VALUE);
} else {
String userList = ACLManager.toCommaSeparatedString(modifyUsers);
String groupList = ACLManager.toCommaSeparatedString(modifyGroups);
conf.set(TezConfiguration.TEZ_AM_MODIFY_ACLS, userList + " " + groupList);
}
}