org.apache.hadoop.yarn.security.YarnAuthorizationProvider类的使用及代码示例
本文整理了Java中org.apache.hadoop.yarn.security.YarnAuthorizationProvider类的一些代码示例,展示了YarnAuthorizationProvider类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。YarnAuthorizationProvider类的具体详情如下:
包路径:org.apache.hadoop.yarn.security.YarnAuthorizationProvider
类名称:YarnAuthorizationProvider
YarnAuthorizationProvider介绍
[英]An implementation of the interface will provide authorization related information and enforce permission check. It is excepted that any of the methods defined in this interface should be non-blocking call and should not involve expensive computation as these method could be invoked in RPC.
[中]接口的实现将提供与授权相关的信息,并执行权限检查。这个接口中定义的任何方法都应该是非阻塞调用,并且不应该涉及昂贵的计算,因为这些方法可以在RPC中调用。
代码示例
代码示例来源:origin: org.apache.hadoop/hadoop-yarn-server-resourcemanager
@Override
public void init(Configuration config, RMContext context) {
this.conf = config;
this.rmContext = context;
this.authorizer = YarnAuthorizationProvider.getInstance(conf);
}代码示例来源:origin: ch.cern.hadoop/hadoop-yarn-server-resourcemanager
@Override
public boolean hasAccess(QueueACL acl, UserGroupInformation user) {
return authorizer.checkPermission(SchedulerUtils.toAccessType(acl),
queueEntity, user);
}代码示例来源:origin: org.apache.hadoop/hadoop-yarn-common
public static YarnAuthorizationProvider getInstance(Configuration conf) {
synchronized (YarnAuthorizationProvider.class) {
if (authorizer == null) {
Class<?> authorizerClass =
conf.getClass(YarnConfiguration.YARN_AUTHORIZATION_PROVIDER,
ConfiguredYarnAuthorizer.class);
authorizer =
(YarnAuthorizationProvider) ReflectionUtils.newInstance(
authorizerClass, conf);
authorizer.init(conf);
LOG.info(authorizerClass.getName() + " is instantiated.");
}
}
return authorizer;
}代码示例来源:origin: org.apache.hadoop/hadoop-yarn-server-resourcemanager
@Override
public void serviceInit(Configuration conf) throws Exception {
autoFailoverEnabled =
rm.getRMContext().isHAEnabled()
&& HAUtil.isAutomaticFailoverEnabled(conf);
masterServiceBindAddress = conf.getSocketAddr(
YarnConfiguration.RM_BIND_HOST,
YarnConfiguration.RM_ADMIN_ADDRESS,
YarnConfiguration.DEFAULT_RM_ADMIN_ADDRESS,
YarnConfiguration.DEFAULT_RM_ADMIN_PORT);
daemonUser = UserGroupInformation.getCurrentUser();
authorizer = YarnAuthorizationProvider.getInstance(conf);
authorizer.setAdmins(getAdminAclList(conf), daemonUser);
rmId = conf.get(YarnConfiguration.RM_HA_ID);
isCentralizedNodeLabelConfiguration =
YarnConfiguration.isCentralizedNodeLabelConfiguration(conf);
super.serviceInit(conf);
}代码示例来源:origin: org.apache.hadoop/hadoop-yarn-server-resourcemanager
@Override
public boolean isMutationAllowed(UserGroupInformation user,
SchedConfUpdateInfo confUpdate) {
return authorizer.isAdmin(user);
}
}代码示例来源:origin: ch.cern.hadoop/hadoop-yarn-server-resourcemanager
@VisibleForTesting
public static void setQueueAcls(YarnAuthorizationProvider authorizer,
Map<String, CSQueue> queues) throws IOException {
for (CSQueue queue : queues.values()) {
AbstractCSQueue csQueue = (AbstractCSQueue) queue;
authorizer.setPermission(csQueue.getPrivilegedEntity(),
csQueue.getACLs(), UserGroupInformation.getCurrentUser());
}
}代码示例来源:origin: ch.cern.hadoop/hadoop-yarn-server-resourcemanager
private RefreshAdminAclsResponse refreshAdminAcls(boolean checkRMHAState)
throws YarnException, IOException {
String argName = "refreshAdminAcls";
UserGroupInformation user = checkAcls(argName);
if (checkRMHAState) {
checkRMStatus(user.getShortUserName(), argName, "refresh Admin ACLs.");
}
Configuration conf =
getConfiguration(new Configuration(false),
YarnConfiguration.YARN_SITE_CONFIGURATION_FILE);
authorizer.setAdmins(getAdminAclList(conf), UserGroupInformation
.getCurrentUser());
RMAuditLogger.logSuccess(user.getShortUserName(), argName,
"AdminService");
return recordFactory.newRecordInstance(RefreshAdminAclsResponse.class);
}代码示例来源:origin: com.github.jiayuhan-it/hadoop-yarn-server-resourcemanager
@Override
public void serviceInit(Configuration conf) throws Exception {
if (rmContext.isHAEnabled()) {
autoFailoverEnabled = HAUtil.isAutomaticFailoverEnabled(conf);
if (autoFailoverEnabled) {
if (HAUtil.isAutomaticFailoverEmbedded(conf)) {
embeddedElector = createEmbeddedElectorService();
addIfService(embeddedElector);
}
}
}
masterServiceBindAddress = conf.getSocketAddr(
YarnConfiguration.RM_BIND_HOST,
YarnConfiguration.RM_ADMIN_ADDRESS,
YarnConfiguration.DEFAULT_RM_ADMIN_ADDRESS,
YarnConfiguration.DEFAULT_RM_ADMIN_PORT);
daemonUser = UserGroupInformation.getCurrentUser();
authorizer = YarnAuthorizationProvider.getInstance(conf);
authorizer.setAdmins(getAdminAclList(conf), UserGroupInformation
.getCurrentUser());
rmId = conf.get(YarnConfiguration.RM_HA_ID);
super.serviceInit(conf);
}代码示例来源:origin: com.github.jiayuhan-it/hadoop-yarn-server-resourcemanager
public boolean checkAccess(UserGroupInformation user) {
// make sure only admin can invoke
// this method
if (authorizer.isAdmin(user)) {
return true;
}
return false;
}代码示例来源:origin: com.github.jiayuhan-it/hadoop-yarn-server-resourcemanager
@VisibleForTesting
public static void setQueueAcls(YarnAuthorizationProvider authorizer,
Map<String, CSQueue> queues) throws IOException {
for (CSQueue queue : queues.values()) {
AbstractCSQueue csQueue = (AbstractCSQueue) queue;
authorizer.setPermission(csQueue.getPrivilegedEntity(),
csQueue.getACLs(), UserGroupInformation.getCurrentUser());
}
}代码示例来源:origin: com.github.jiayuhan-it/hadoop-yarn-server-resourcemanager
private RefreshAdminAclsResponse refreshAdminAcls(boolean checkRMHAState)
throws YarnException, IOException {
String argName = "refreshAdminAcls";
UserGroupInformation user = checkAcls(argName);
if (checkRMHAState) {
checkRMStatus(user.getShortUserName(), argName, "refresh Admin ACLs.");
}
Configuration conf =
getConfiguration(new Configuration(false),
YarnConfiguration.YARN_SITE_CONFIGURATION_FILE);
authorizer.setAdmins(getAdminAclList(conf), UserGroupInformation
.getCurrentUser());
RMAuditLogger.logSuccess(user.getShortUserName(), argName,
"AdminService");
return recordFactory.newRecordInstance(RefreshAdminAclsResponse.class);
}代码示例来源:origin: org.apache.hadoop/hadoop-yarn-server-resourcemanager
@Override
public void init(Configuration conf, RMContext rmContext) {
authorizer = YarnAuthorizationProvider.getInstance(conf);
}代码示例来源:origin: ch.cern.hadoop/hadoop-yarn-server-resourcemanager
@Override
public void serviceInit(Configuration conf) throws Exception {
if (rmContext.isHAEnabled()) {
autoFailoverEnabled = HAUtil.isAutomaticFailoverEnabled(conf);
if (autoFailoverEnabled) {
if (HAUtil.isAutomaticFailoverEmbedded(conf)) {
embeddedElector = createEmbeddedElectorService();
addIfService(embeddedElector);
}
}
}
masterServiceBindAddress = conf.getSocketAddr(
YarnConfiguration.RM_BIND_HOST,
YarnConfiguration.RM_ADMIN_ADDRESS,
YarnConfiguration.DEFAULT_RM_ADMIN_ADDRESS,
YarnConfiguration.DEFAULT_RM_ADMIN_PORT);
daemonUser = UserGroupInformation.getCurrentUser();
authorizer = YarnAuthorizationProvider.getInstance(conf);
authorizer.setAdmins(getAdminAclList(conf), UserGroupInformation
.getCurrentUser());
rmId = conf.get(YarnConfiguration.RM_HA_ID);
super.serviceInit(conf);
}代码示例来源:origin: org.apache.hadoop/hadoop-yarn-server-resourcemanager
public boolean checkAccess(UserGroupInformation user) {
// make sure only admin can invoke
// this method
if (authorizer.isAdmin(user)) {
return true;
}
return false;
}代码示例来源:origin: com.github.jiayuhan-it/hadoop-yarn-server-resourcemanager
@Override
public boolean hasAccess(QueueACL acl, UserGroupInformation user) {
return authorizer.checkPermission(SchedulerUtils.toAccessType(acl),
queueEntity, user);
}代码示例来源:origin: org.apache.hadoop/hadoop-yarn-server-resourcemanager
private void setQueueAcls(
Map<String, Map<AccessType, AccessControlList>> queueAcls)
throws IOException {
authorizer.setPermission(allocsLoader.getDefaultPermissions(),
UserGroupInformation.getCurrentUser());
List<Permission> permissions = new ArrayList<>();
for (Entry<String, Map<AccessType, AccessControlList>> queueAcl : queueAcls
.entrySet()) {
permissions.add(new Permission(new PrivilegedEntity(EntityType.QUEUE,
queueAcl.getKey()), queueAcl.getValue()));
}
authorizer.setPermission(permissions,
UserGroupInformation.getCurrentUser());
}代码示例来源:origin: org.apache.hadoop/hadoop-yarn-server-resourcemanager
private RefreshAdminAclsResponse refreshAdminAcls(boolean checkRMHAState)
throws YarnException, IOException {
final String operation = "refreshAdminAcls";
UserGroupInformation user = checkAcls(operation);
if (checkRMHAState) {
checkRMStatus(user.getShortUserName(), operation, "refresh Admin ACLs.");
}
Configuration conf =
getConfiguration(new Configuration(false),
YarnConfiguration.YARN_SITE_CONFIGURATION_FILE);
authorizer.setAdmins(getAdminAclList(conf), daemonUser);
RMAuditLogger.logSuccess(user.getShortUserName(), operation,
"AdminService");
return recordFactory.newRecordInstance(RefreshAdminAclsResponse.class);
}代码示例来源:origin: com.github.jiayuhan-it/hadoop-yarn-common
public static YarnAuthorizationProvider getInstance(Configuration conf) {
synchronized (YarnAuthorizationProvider.class) {
if (authorizer == null) {
Class<?> authorizerClass =
conf.getClass(YarnConfiguration.YARN_AUTHORIZATION_PROVIDER,
ConfiguredYarnAuthorizer.class);
authorizer =
(YarnAuthorizationProvider) ReflectionUtils.newInstance(
authorizerClass, conf);
authorizer.init(conf);
LOG.info(authorizerClass.getName() + " is instiantiated.");
}
}
return authorizer;
}代码示例来源:origin: org.apache.hadoop/hadoop-yarn-server-resourcemanager
public QueueACLsManager(ResourceScheduler scheduler, Configuration conf) {
this.scheduler = scheduler;
this.isACLsEnable = conf.getBoolean(YarnConfiguration.YARN_ACL_ENABLE,
YarnConfiguration.DEFAULT_YARN_ACL_ENABLE);
this.authorizer = YarnAuthorizationProvider.getInstance(conf);
}代码示例来源:origin: ch.cern.hadoop/hadoop-yarn-server-resourcemanager
public boolean checkAccess(UserGroupInformation user) {
// make sure only admin can invoke
// this method
if (authorizer.isAdmin(user)) {
return true;
}
return false;
}内容来源于网络,如有侵权,请联系作者删除!
