hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "rahul k singh (JIRA)" <j...@apache.org>
Subject [jira] Issue Comment Edited: (HADOOP-5419) Provide a way for users to find out what operations they can do on which M/R queues
Date Thu, 02 Apr 2009 08:52:12 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-5419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12694894#action_12694894
] 

rahul k singh edited comment on HADOOP-5419 at 4/2/09 1:52 AM:
---------------------------------------------------------------

Command and O/p

hadoop queue -showacls
{noformat}
Queue acls for user :  <username>
Queue Name : qu1  Operations : acl-submit-job acl-administer-jobs 
Queue Name : qu3  Operations : acl-submit-job acl-administer-jobs 
{noformat}

New interface method is introduced in JobSubmissionProtocol to fetch the Acls information.
This interface provides list of all the queue acls and operations allowed. List only consists
of queue for which user has atleast 1 acl. 

New class QueueAclsInfo is introduced to encapsulate Queue name and Queue operation data on
the client side.
{code:title=QueueAclsInfo.java}z
/**
 *  Class to encapsulate Queue ACLs for a particular
 *  user.
 * 
 */
class QueueAclsInfo implements Writable {

  private String queueName;
  private String[] operations;
  /**
   * Default constructor for QueueAclsInfo.
   * 
   */
{code}

Added new method to JobSubmissionProtocol 
{code:title=JobSubmissionProtocol.java}
/**
   * Gets the Queue ACLs for a user
   * @param userName User name
   * @return array of QueueAclsInfo object for a user.
   * @throws IOException
   */
  public QueueAclsInfo[] getQueueAclsInfo(String userName) throws IOException;
{code}

Implementation of this method is provided in QueueManager.java
{code:title=QueueManager.java}
 /**
   * Generates the array of QueueAclsInfo object. The array consists of only those queues
   * for which user has acls
   * 
   * @param username
   * @return QueueAclsInfo[]
   * @throws java.io.IOException
   */
  QueueAclsInfo[] getQueueAclsInfo(String username) throws IOException{
    if(username == null || username.equals(""))
      username = UserGroupInformation.getCurrentUGI().getUserName();
    //List of all QueueAclsInfo objects , this list is returned
    ArrayList<QueueAclsInfo> queueAclsInfolist = new ArrayList<QueueAclsInfo>();
    Iterator<String> iter = queueNames.iterator();
    QueueOperation[] operations = QueueOperation.values();    
    while(iter.hasNext()){      
      String queueName = iter.next();      
      //QueueAclsInfo object for queue queueName, this object is lazily initialized when there
is atleast one queue operation
      //supported for the current queue
      QueueAclsInfo queueAclsInfo = null;
      //Initialize operationsAllowed only if atleast 1 operation is supported for user <username>
      //for queue <queueName>
      ArrayList<String> operationsAllowed = null;
      //Check if user has access for particular operations
      for(int i = 0;i < operations.length;i++){
        AccessControlList acl = aclsMap.get(toFullPropertyName(queueName,operations[i].getAclName()));
       if(acl == null){
         //No acls for this operation
         continue;
       }else{
         boolean allowed = acl.allAllowed();
         if(allowed) { //All users granted access for this operation in queue <queueName>
           if(operationsAllowed == null) { 
             operationsAllowed = new ArrayList<String>();
           }
           operationsAllowed.add(operations[i].getAclName());           
         }else { // All users have not been granted access , check if this user <username>
is .
           if(acl.getUsers().contains(username)) {
             if(operationsAllowed == null)
               operationsAllowed = new ArrayList<String>();
             
             operationsAllowed.add(operations[i].getAclName());
           }
         }
       }
      }
      //Check if user username has acls for queue queueName
      //if not no need to create QueueAclsInfo object
      if(operationsAllowed != null) {                
        //There is atleast 1 operation supported for queue <queueName>, hence initialize
queueAclsInfo
        queueAclsInfo = new QueueAclsInfo(queueName,operationsAllowed.toArray(new String[operationsAllowed.size()]));
        queueAclsInfolist.add(queueAclsInfo);        
      }
    }
    
    return queueAclsInfolist.toArray(new QueueAclsInfo[queueAclsInfolist.size()]);
  }
}
{code}


      was (Author: rksingh):
    Command and O/p

hadoop queue -showacls
{noformat}
Queue acls for user :  <username>
Queue Name : qu1  Operations : acl-submit-job acl-administer-jobs 
Queue Name : qu3  Operations : acl-submit-job acl-administer-jobs 
{noformat}

New class QueueAclsInfo is introduced to encapsulate Queue name and Queue operation data on
the client side.
{code:title=QueueAclsInfo.java}
/**
 *  Class to encapsulate Queue ACLs for a particular
 *  user.
 * 
 */
class QueueAclsInfo implements Writable {

  private String queueName;
  private String[] operations;
  /**
   * Default constructor for QueueAclsInfo.
   * 
   */
{code}

Added new method to JobSubmissionProtocol 
{code:title=JobSubmissionProtocol.java}
/**
   * Gets the Queue ACLs for a user
   * @param userName User name
   * @return array of QueueAclsInfo object for a user.
   * @throws IOException
   */
  public QueueAclsInfo[] getQueueAclsInfo(String userName) throws IOException;
{code}

Implementation of this method is provided in QueueManager.java
{code:title=QueueManager.java}
 /**
   * Generates the array of QueueAclsInfo object. The array consists of only those queues
   * for which user has acls
   * 
   * @param username
   * @return QueueAclsInfo[]
   * @throws java.io.IOException
   */
  QueueAclsInfo[] getQueueAclsInfo(String username) throws IOException{
    if(username == null || username.equals(""))
      username = UserGroupInformation.getCurrentUGI().getUserName();
    //List of all QueueAclsInfo objects , this list is returned
    ArrayList<QueueAclsInfo> queueAclsInfolist = new ArrayList<QueueAclsInfo>();
    Iterator<String> iter = queueNames.iterator();
    QueueOperation[] operations = QueueOperation.values();    
    while(iter.hasNext()){      
      String queueName = iter.next();      
      //QueueAclsInfo object for queue queueName, this object is lazily initialized when there
is atleast one queue operation
      //supported for the current queue
      QueueAclsInfo queueAclsInfo = null;
      //Initialize operationsAllowed only if atleast 1 operation is supported for user <username>
      //for queue <queueName>
      ArrayList<String> operationsAllowed = null;
      //Check if user has access for particular operations
      for(int i = 0;i < operations.length;i++){
        AccessControlList acl = aclsMap.get(toFullPropertyName(queueName,operations[i].getAclName()));
       if(acl == null){
         //No acls for this operation
         continue;
       }else{
         boolean allowed = acl.allAllowed();
         if(allowed) { //All users granted access for this operation in queue <queueName>
           if(operationsAllowed == null) { 
             operationsAllowed = new ArrayList<String>();
           }
           operationsAllowed.add(operations[i].getAclName());           
         }else { // All users have not been granted access , check if this user <username>
is .
           if(acl.getUsers().contains(username)) {
             if(operationsAllowed == null)
               operationsAllowed = new ArrayList<String>();
             
             operationsAllowed.add(operations[i].getAclName());
           }
         }
       }
      }
      //Check if user username has acls for queue queueName
      //if not no need to create QueueAclsInfo object
      if(operationsAllowed != null) {                
        //There is atleast 1 operation supported for queue <queueName>, hence initialize
queueAclsInfo
        queueAclsInfo = new QueueAclsInfo(queueName,operationsAllowed.toArray(new String[operationsAllowed.size()]));
        queueAclsInfolist.add(queueAclsInfo);        
      }
    }
    
    return queueAclsInfolist.toArray(new QueueAclsInfo[queueAclsInfolist.size()]);
  }
}
{code}

  
> Provide a way for users to find out what operations they can do on which M/R queues
> -----------------------------------------------------------------------------------
>
>                 Key: HADOOP-5419
>                 URL: https://issues.apache.org/jira/browse/HADOOP-5419
>             Project: Hadoop Core
>          Issue Type: Improvement
>          Components: mapred
>            Reporter: Hemanth Yamijala
>            Assignee: rahul k singh
>         Attachments: hadoop-5419.patch
>
>
> This issue is to provide an improvement on the existing M/R framework to let users know
which queues they have access to, and for what operations. One use case for this would that
currently there is no easy way to know if the user has access to submit jobs to a queue, until
it fails with an access control exception.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message