hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/security/QueueACLsManager.java - hadoop - Git at Google

 /**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

 package org.apache.hadoop.yarn.server.resourcemanager.security;

 import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.yarn.api.records.QueueACL;
 import org.apache.hadoop.yarn.conf.YarnConfiguration;
 import org.apache.hadoop.yarn.security.YarnAuthorizationProvider;
 import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp;
 import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
 import org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.CapacityScheduler;
 import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler;
 import java.util.List;

 @SuppressWarnings("checkstyle:visibilitymodifier")
 public abstract class QueueACLsManager {

   ResourceScheduler scheduler;
   boolean isACLsEnable;
   YarnAuthorizationProvider authorizer;

   @VisibleForTesting
   public QueueACLsManager(Configuration conf) {
     this(null, new Configuration());
   }

   public QueueACLsManager(ResourceScheduler scheduler, Configuration conf) {
     this.scheduler = scheduler;
     this.isACLsEnable = conf.getBoolean(YarnConfiguration.YARN_ACL_ENABLE,
         YarnConfiguration.DEFAULT_YARN_ACL_ENABLE);
     this.authorizer = YarnAuthorizationProvider.getInstance(conf);
   }

   /**
    * Get queue acl manager corresponding to the scheduler.
    * @param scheduler the scheduler for which the queue acl manager is required
    * @param conf
    * @return {@link QueueACLsManager}
    */
   public static QueueACLsManager getQueueACLsManager(
       ResourceScheduler scheduler, Configuration conf) {
     if (scheduler instanceof CapacityScheduler) {
       return new CapacityQueueACLsManager(scheduler, conf);
     } else if (scheduler instanceof FairScheduler) {
       return new FairQueueACLsManager(scheduler, conf);
     } else {
       return new GenericQueueACLsManager(scheduler, conf);
     }
   }

   public abstract boolean checkAccess(UserGroupInformation callerUGI,
       QueueACL acl, RMApp app, String remoteAddress,
       List<String> forwardedAddresses);

   /**
    * Check access to a targetQueue in the case of a move of an application.
    * The application cannot contain the destination queue since it has not
    * been moved yet, thus need to pass it in separately.
    *
    * @param callerUGI the caller UGI
    * @param acl the acl for the Queue to check
    * @param app the application to move
    * @param remoteAddress server ip address
    * @param forwardedAddresses forwarded adresses
    * @param targetQueue the name of the queue to move the application to
    * @return true: if submission is allowed and queue exists,
    *         false: in all other cases (also non existing target queue)
    */
   public abstract boolean checkAccess(UserGroupInformation callerUGI,
       QueueACL acl, RMApp app, String remoteAddress,
       List<String> forwardedAddresses, String targetQueue);
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.hadoop.yarn.server.resourcemanager.security;

	import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting;
	import org.apache.hadoop.conf.Configuration;
	import org.apache.hadoop.security.UserGroupInformation;
	import org.apache.hadoop.yarn.api.records.QueueACL;
	import org.apache.hadoop.yarn.conf.YarnConfiguration;
	import org.apache.hadoop.yarn.security.YarnAuthorizationProvider;
	import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp;
	import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
	import org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.CapacityScheduler;
	import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler;
	import java.util.List;

	@SuppressWarnings("checkstyle:visibilitymodifier")
	public abstract class QueueACLsManager {

	ResourceScheduler scheduler;
	boolean isACLsEnable;
	YarnAuthorizationProvider authorizer;

	@VisibleForTesting
	public QueueACLsManager(Configuration conf) {
	this(null, new Configuration());
	}

	public QueueACLsManager(ResourceScheduler scheduler, Configuration conf) {
	this.scheduler = scheduler;
	this.isACLsEnable = conf.getBoolean(YarnConfiguration.YARN_ACL_ENABLE,
	YarnConfiguration.DEFAULT_YARN_ACL_ENABLE);
	this.authorizer = YarnAuthorizationProvider.getInstance(conf);
	}

	/**
	* Get queue acl manager corresponding to the scheduler.
	* @param scheduler the scheduler for which the queue acl manager is required
	* @param conf
	* @return {@link QueueACLsManager}
	*/
	public static QueueACLsManager getQueueACLsManager(
	ResourceScheduler scheduler, Configuration conf) {
	if (scheduler instanceof CapacityScheduler) {
	return new CapacityQueueACLsManager(scheduler, conf);
	} else if (scheduler instanceof FairScheduler) {
	return new FairQueueACLsManager(scheduler, conf);
	} else {
	return new GenericQueueACLsManager(scheduler, conf);
	}
	}

	public abstract boolean checkAccess(UserGroupInformation callerUGI,
	QueueACL acl, RMApp app, String remoteAddress,
	List<String> forwardedAddresses);

	/**
	* Check access to a targetQueue in the case of a move of an application.
	* The application cannot contain the destination queue since it has not
	* been moved yet, thus need to pass it in separately.
	*
	* @param callerUGI the caller UGI
	* @param acl the acl for the Queue to check
	* @param app the application to move
	* @param remoteAddress server ip address
	* @param forwardedAddresses forwarded adresses
	* @param targetQueue the name of the queue to move the application to
	* @return true: if submission is allowed and queue exists,
	* false: in all other cases (also non existing target queue)
	*/
	public abstract boolean checkAccess(UserGroupInformation callerUGI,
	QueueACL acl, RMApp app, String remoteAddress,
	List<String> forwardedAddresses, String targetQueue);
	}