Package org.apache.hadoop.yarn.server.security

Class ApplicationACLsManager

java.lang.Object
org.apache.hadoop.yarn.server.security.ApplicationACLsManager
@Private public class ApplicationACLsManager extends Object

  • Constructor Summary

    Constructors
    Constructor
    Description
    ApplicationACLsManager()
     
    ApplicationACLsManager(org.apache.hadoop.conf.Configuration conf)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    addApplication(org.apache.hadoop.yarn.api.records.ApplicationId appId, Map<org.apache.hadoop.yarn.api.records.ApplicationAccessType,String> acls)
     
    boolean
    areACLsEnabled()
     
    boolean
    checkAccess(org.apache.hadoop.security.UserGroupInformation callerUGI, org.apache.hadoop.yarn.api.records.ApplicationAccessType applicationAccessType, String applicationOwner, org.apache.hadoop.yarn.api.records.ApplicationId applicationId)
    If authorization is enabled, checks whether the user (in the callerUGI) is authorized to perform the access specified by 'applicationAccessType' on the application by checking if the user is applicationOwner or part of application ACL for the specific access-type.
    final boolean
    isAdmin(org.apache.hadoop.security.UserGroupInformation calledUGI)
    Check if the given user in an admin.
    void
    removeApplication(org.apache.hadoop.yarn.api.records.ApplicationId appId)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • ApplicationACLsManager

      @VisibleForTesting public ApplicationACLsManager()

    • ApplicationACLsManager

      public ApplicationACLsManager(org.apache.hadoop.conf.Configuration conf)

  • Method Details

    • areACLsEnabled

      public boolean areACLsEnabled()

    • addApplication

      public void addApplication(org.apache.hadoop.yarn.api.records.ApplicationId appId, Map<org.apache.hadoop.yarn.api.records.ApplicationAccessType,String> acls)

    • removeApplication

      public void removeApplication(org.apache.hadoop.yarn.api.records.ApplicationId appId)

    • checkAccess

      public boolean checkAccess(org.apache.hadoop.security.UserGroupInformation callerUGI, org.apache.hadoop.yarn.api.records.ApplicationAccessType applicationAccessType, String applicationOwner, org.apache.hadoop.yarn.api.records.ApplicationId applicationId)
      If authorization is enabled, checks whether the user (in the callerUGI) is authorized to perform the access specified by 'applicationAccessType' on the application by checking if the user is applicationOwner or part of application ACL for the specific access-type.
      • The owner of the application can have all access-types on the application
      • For all other users/groups application-acls are checked
      Parameters:
      callerUGI - UserGroupInformation for the user.
      applicationAccessType - Application Access Type.
      applicationOwner - Application Owner.
      applicationId - ApplicationId.
      Returns:
      true if the user has permission, false otherwise.

    • isAdmin

      public final boolean isAdmin(org.apache.hadoop.security.UserGroupInformation calledUGI)
      Check if the given user in an admin.
      Parameters:
      calledUGI - UserGroupInformation for the user
      Returns:
      true if the user is an admin, false otherwise