| /** |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package org.apache.hadoop.mapred; |
| |
| import java.io.IOException; |
| import java.security.PrivilegedExceptionAction; |
| |
| import javax.security.auth.login.LoginException; |
| |
| import org.apache.hadoop.security.UserGroupInformation; |
| |
| public class TestQueueManagerForJobKillAndNonDefaultQueue extends TestQueueManager { |
| |
| public void testDisabledACLForNonDefaultQueue() |
| throws IOException, InterruptedException { |
| try { |
| // allow everyone in default queue |
| JobConf conf = setupConf(QueueManager.toFullPropertyName |
| ("default", submitAcl), "*"); |
| // setup a different queue |
| conf.set("mapred.queue.names", "default,q1"); |
| // setup a different acl for this queue. |
| conf.set(QueueManager.toFullPropertyName |
| ("q1", submitAcl), "dummy-user"); |
| // verify job submission to other queue fails. |
| verifyJobSubmission(conf, false, "user1,group1", "q1"); |
| } finally { |
| tearDownCluster(); |
| } |
| } |
| |
| public void testEnabledACLForNonDefaultQueue() |
| throws IOException, LoginException, InterruptedException { |
| try { |
| UserGroupInformation ugi = createNecessaryUsers(); |
| String[] groups = ugi.getGroupNames(); |
| String userName = ugi.getShortUserName(); |
| // allow everyone in default queue |
| JobConf conf = setupConf(QueueManager.toFullPropertyName |
| ("default", submitAcl), "*"); |
| // setup a different queue |
| conf.set("mapred.queue.names", "default,q2"); |
| // setup a different acl for this queue. |
| conf.set(QueueManager.toFullPropertyName |
| ("q2", submitAcl), userName); |
| // verify job submission to other queue fails. |
| verifyJobSubmission(conf, true, |
| userName + "," + groups[groups.length-1], "q2"); |
| } finally { |
| tearDownCluster(); |
| } |
| } |
| |
| public void testAllEnabledACLForJobKill() |
| throws IOException, InterruptedException { |
| try { |
| UserGroupInformation ugi = createNecessaryUsers(); |
| // create other user who will try to kill the job of ugi. |
| final UserGroupInformation otherUGI = UserGroupInformation. |
| createUserForTesting("user1", new String [] {"group1"}); |
| |
| ugi.doAs(new PrivilegedExceptionAction<Object>() { |
| |
| @Override |
| public Object run() throws Exception { |
| JobConf conf = setupConf(QueueManager.toFullPropertyName |
| ("default", adminAcl), "*"); |
| verifyJobKill(otherUGI, conf, true); |
| return null; |
| } |
| }); |
| } finally { |
| tearDownCluster(); |
| } |
| } |
| |
| public void testAllDisabledACLForJobKill() |
| throws IOException, InterruptedException { |
| try { |
| // Create a fake superuser for all processes to execute within |
| final UserGroupInformation ugi = createNecessaryUsers(); |
| |
| // create other users who will try to kill the job of ugi. |
| final UserGroupInformation otherUGI1 = UserGroupInformation. |
| createUserForTesting("user1", new String [] {"group1"}); |
| final UserGroupInformation otherUGI2 = UserGroupInformation. |
| createUserForTesting("user2", new String [] {"group2"}); |
| |
| ugi.doAs(new PrivilegedExceptionAction<Object>() { |
| |
| @Override |
| public Object run() throws Exception { |
| // No queue admins |
| JobConf conf = setupConf(QueueManager.toFullPropertyName |
| ("default", adminAcl), " "); |
| // Run job as ugi and try to kill job as user1, who |
| // (obviously) should not be able to kill the job. |
| verifyJobKill(otherUGI1, conf, false); |
| verifyJobKill(otherUGI2, conf, false); |
| |
| // Check if cluster administrator can kill job |
| conf.set(JobConf.MR_ADMINS, "user1 group2"); |
| tearDownCluster(); |
| verifyJobKill(otherUGI1, conf, true); |
| verifyJobKill(otherUGI2, conf, true); |
| |
| // Check if MROwner(user who started |
| // the mapreduce cluster) can kill job |
| verifyJobKill(ugi, conf, true); |
| |
| return null; |
| } |
| }); |
| } finally { |
| tearDownCluster(); |
| } |
| } |
| |
| |
| } |