Пример #1
0
  /**
   * Merge the dag acls with the AM acls in the configuration object. The config object will contain
   * the updated acls.
   *
   * @param conf The AM config.
   */
  @Private
  public synchronized void mergeIntoAmAcls(Configuration conf) {
    ACLConfigurationParser parser = new ACLConfigurationParser(conf, false);
    parser.addAllowedGroups(
        ImmutableMap.of(
            ACLType.AM_VIEW_ACL, groupsWithViewACLs, ACLType.AM_MODIFY_ACL, groupsWithModifyACLs));
    parser.addAllowedUsers(
        ImmutableMap.of(
            ACLType.AM_VIEW_ACL, usersWithViewACLs, ACLType.AM_MODIFY_ACL, usersWithModifyACLs));

    Set<String> viewUsers = parser.getAllowedUsers().get(ACLType.AM_VIEW_ACL);
    Set<String> viewGroups = parser.getAllowedGroups().get(ACLType.AM_VIEW_ACL);
    if (viewUsers.contains(ACLManager.WILDCARD_ACL_VALUE)) {
      conf.set(TezConfiguration.TEZ_AM_VIEW_ACLS, ACLManager.WILDCARD_ACL_VALUE);
    } else {
      String userList = ACLManager.toCommaSeparatedString(viewUsers);
      String groupList = ACLManager.toCommaSeparatedString(viewGroups);
      conf.set(TezConfiguration.TEZ_AM_VIEW_ACLS, userList + " " + groupList);
    }

    Set<String> modifyUsers = parser.getAllowedUsers().get(ACLType.AM_MODIFY_ACL);
    Set<String> modifyGroups = parser.getAllowedGroups().get(ACLType.AM_MODIFY_ACL);
    if (modifyUsers.contains(ACLManager.WILDCARD_ACL_VALUE)) {
      conf.set(TezConfiguration.TEZ_AM_MODIFY_ACLS, ACLManager.WILDCARD_ACL_VALUE);
    } else {
      String userList = ACLManager.toCommaSeparatedString(modifyUsers);
      String groupList = ACLManager.toCommaSeparatedString(modifyGroups);
      conf.set(TezConfiguration.TEZ_AM_MODIFY_ACLS, userList + " " + groupList);
    }
  }
Пример #2
0
  /**
   * Helper API to support YARN and MapReduce format for specifying users and groups. Format
   * supports a comma-separated list of users and groups with the users and groups separated by
   * whitespace. e.g. "user1,user2 group1,group2" If the value specified is "*", all users are
   * allowed to do the operation.
   *
   * @param viewACLsStr
   * @param modifyACLsStr
   */
  public DAGAccessControls(String viewACLsStr, String modifyACLsStr) {
    final Configuration conf = new Configuration(false);
    conf.set(TezConstants.TEZ_DAG_VIEW_ACLS, (viewACLsStr != null ? viewACLsStr : ""));
    conf.set(TezConstants.TEZ_DAG_MODIFY_ACLS, (modifyACLsStr != null ? modifyACLsStr : ""));
    ACLConfigurationParser parser = new ACLConfigurationParser(conf, true);

    this.usersWithViewACLs = new HashSet<String>();
    this.usersWithModifyACLs = new HashSet<String>();
    this.groupsWithViewACLs = new HashSet<String>();
    this.groupsWithModifyACLs = new HashSet<String>();

    Map<ACLType, Set<String>> allowedUsers = parser.getAllowedUsers();
    Map<ACLType, Set<String>> allowedGroups = parser.getAllowedGroups();

    if (allowedUsers.containsKey(ACLType.DAG_VIEW_ACL)) {
      this.usersWithViewACLs.addAll(allowedUsers.get(ACLType.DAG_VIEW_ACL));
    }
    if (allowedUsers.containsKey(ACLType.DAG_MODIFY_ACL)) {
      this.usersWithModifyACLs.addAll(allowedUsers.get(ACLType.DAG_MODIFY_ACL));
    }
    if (allowedGroups.containsKey(ACLType.DAG_VIEW_ACL)) {
      this.groupsWithViewACLs.addAll(allowedGroups.get(ACLType.DAG_VIEW_ACL));
    }
    if (allowedGroups.containsKey(ACLType.DAG_MODIFY_ACL)) {
      this.groupsWithModifyACLs.addAll(allowedGroups.get(ACLType.DAG_MODIFY_ACL));
    }
  }