hadoop-mapreduce-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vino...@apache.org
Subject svn commit: r941143 - in /hadoop/mapreduce/trunk: CHANGES.txt conf/hadoop-policy.xml.template src/java/org/apache/hadoop/mapred/MapReducePolicyProvider.java src/test/mapred/org/apache/hadoop/mapred/TestAdminOperationsProtocolWithServiceAuthorization.java
Date Wed, 05 May 2010 04:19:09 GMT
Author: vinodkv
Date: Wed May  5 04:19:09 2010
New Revision: 941143

URL: http://svn.apache.org/viewvc?rev=941143&view=rev
Log:
MAPREDUCE-1611. Refresh nodes and refresh queues doesnt work with service authorization enabled.
Contributed by Amar Kamat.

Added:
    hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapred/TestAdminOperationsProtocolWithServiceAuthorization.java
Modified:
    hadoop/mapreduce/trunk/CHANGES.txt
    hadoop/mapreduce/trunk/conf/hadoop-policy.xml.template
    hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/MapReducePolicyProvider.java

Modified: hadoop/mapreduce/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/CHANGES.txt?rev=941143&r1=941142&r2=941143&view=diff
==============================================================================
--- hadoop/mapreduce/trunk/CHANGES.txt (original)
+++ hadoop/mapreduce/trunk/CHANGES.txt Wed May  5 04:19:09 2010
@@ -1558,3 +1558,6 @@ Release 0.21.0 - Unreleased
     displays wrong error message about job ACLs. (Ravi Gummadi via vinodkv)
 
     MAPREDUCE-1727. TestJobACLs fails after HADOOP-6686. (Ravi Gummadi via vinodkv)
+
+    MAPREDUCE-1611. Refresh nodes and refresh queues doesnt work with service
+    authorization enabled. (Amar Kamat via vinodkv)

Modified: hadoop/mapreduce/trunk/conf/hadoop-policy.xml.template
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/conf/hadoop-policy.xml.template?rev=941143&r1=941142&r2=941143&view=diff
==============================================================================
--- hadoop/mapreduce/trunk/conf/hadoop-policy.xml.template (original)
+++ hadoop/mapreduce/trunk/conf/hadoop-policy.xml.template Wed May  5 04:19:09 2010
@@ -94,4 +94,13 @@
     A special value of "*" means all users are allowed.</description>
   </property>
 
+  <property>
+    <name>security.admin.operations.protocol.acl</name>
+    <value>*</value>
+    <description>ACL for AdminOperationsProtocol, used by the mradmins commands
+    to refresh queues and nodes at JobTracker. The ACL is a comma-separated list of 
+    user and group names. The user and group list is separated by a blank. 
+    For e.g. "alice,bob users,wheel". A special value of "*" means all users are 
+    allowed.</description>
+  </property>
 </configuration>

Modified: hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/MapReducePolicyProvider.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/MapReducePolicyProvider.java?rev=941143&r1=941142&r2=941143&view=diff
==============================================================================
--- hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/MapReducePolicyProvider.java
(original)
+++ hadoop/mapreduce/trunk/src/java/org/apache/hadoop/mapred/MapReducePolicyProvider.java
Wed May  5 04:19:09 2010
@@ -39,6 +39,8 @@ public class MapReducePolicyProvider ext
                   RefreshAuthorizationPolicyProtocol.class),
       new Service("security.refresh.usertogroups.mappings.protocol.acl", 
                   RefreshUserToGroupMappingsProtocol.class),
+      new Service("security.admin.operations.protocol.acl", 
+                  AdminOperationsProtocol.class),
   };
   
   @Override

Added: hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapred/TestAdminOperationsProtocolWithServiceAuthorization.java
URL: http://svn.apache.org/viewvc/hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapred/TestAdminOperationsProtocolWithServiceAuthorization.java?rev=941143&view=auto
==============================================================================
--- hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapred/TestAdminOperationsProtocolWithServiceAuthorization.java
(added)
+++ hadoop/mapreduce/trunk/src/test/mapred/org/apache/hadoop/mapred/TestAdminOperationsProtocolWithServiceAuthorization.java
Wed May  5 04:19:09 2010
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.mapred;
+
+import org.apache.hadoop.mapred.tools.MRAdmin;
+import org.apache.hadoop.security.authorize.PolicyProvider;
+import org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
+
+import junit.framework.TestCase;
+
+/**
+ * Test case to check if {@link AdminOperationsProtocol#refreshNodes()} and 
+ * {@link AdminOperationsProtocol#refreshQueueAcls()} works with service-level
+ * authorization enabled i.e 'hadoop.security.authorization' set to true.
+ */
+public class TestAdminOperationsProtocolWithServiceAuthorization 
+extends TestCase {
+  public void testServiceLevelAuthorization() throws Exception {
+    MiniMRCluster mr = null;
+    try {
+      // Turn on service-level authorization
+      final JobConf conf = new JobConf();
+      conf.setClass(PolicyProvider.POLICY_PROVIDER_CONFIG, 
+                    MapReducePolicyProvider.class, PolicyProvider.class);
+      conf.setBoolean(ServiceAuthorizationManager.SERVICE_AUTHORIZATION_CONFIG, 
+                      true);
+      
+      // Start the mini mr cluster
+      mr = new MiniMRCluster(1, "file:///", 1, null, null, conf);
+
+      // Invoke MRAdmin commands
+      MRAdmin mrAdmin = new MRAdmin(mr.createJobConf());
+      assertEquals(0, mrAdmin.run(new String[] { "-refreshQueues" }));
+      assertEquals(0, mrAdmin.run(new String[] { "-refreshNodes" }));
+    } finally {
+      if (mr != null) { 
+        mr.shutdown();
+      }
+    }
+  }
+}



Mime
View raw message