SLIDER-557 ACL checks are stopping CI builds
Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/3abc54fe Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/3abc54fe Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/3abc54fe Branch: refs/heads/feature/SLIDER-460-stderr Commit: 3abc54fe51163d2110455901f4a67c3f6d080645 Parents: 6be4bfa Author: Steve Loughran <ste...@apache.org> Authored: Wed Oct 22 21:43:03 2014 +0100 Committer: Steve Loughran <ste...@apache.org> Committed: Wed Oct 22 21:43:03 2014 +0100 ---------------------------------------------------------------------- .../server/appmaster/SliderAppMaster.java | 33 ++++++++++++++------ 1 file changed, 23 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/3abc54fe/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java b/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java index e7fa109..53a8b10 100644 --- a/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java +++ b/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java @@ -766,6 +766,11 @@ public class SliderAppMaster extends AbstractSliderLaunchedService amRegistrationData.getClientToAMTokenMasterKey().array()); applicationACLs = amRegistrationData.getApplicationACLs(); + // fix up the ACLs if they are not set + String acls = getConfig().get(SliderXmlConfKeys.KEY_PROTOCOL_ACL); + if (acls == null) { + getConfig().set(SliderXmlConfKeys.KEY_PROTOCOL_ACL, "*"); + } //tell the server what the ACLs are rpcService.getServer().refreshServiceAcl(serviceConf, new SliderAMPolicyProvider()); @@ -1358,17 +1363,9 @@ public class SliderAppMaster extends AbstractSliderLaunchedService */ private void startSliderRPCServer(AggregateConf instanceDefinition) throws IOException, SliderException { + verifyIPCAccess(); + - // verify that if the cluster is authed, the ACLs are set. - boolean authorization = getConfig().getBoolean( - CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, - false); - String acls = getConfig().get(SliderXmlConfKeys.KEY_PROTOCOL_ACL); - if (authorization && SliderUtils.isUnset(acls)) { - throw new BadConfigException("Application has IPC authorization enabled in " + - CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION + - " but no ACLs in " + SliderXmlConfKeys.KEY_PROTOCOL_ACL); - } SliderClusterProtocolPBImpl protobufRelay = new SliderClusterProtocolPBImpl(this); BlockingService blockingService = SliderClusterAPI.SliderClusterProtocolPB @@ -1387,6 +1384,22 @@ public class SliderAppMaster extends AbstractSliderLaunchedService deployChildService(rpcService); } + /** + * verify that if the cluster is authed, the ACLs are set. + * @throws BadConfigException if Authorization is set without any ACL + */ + private void verifyIPCAccess() throws BadConfigException { + boolean authorization = getConfig().getBoolean( + CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, + false); + String acls = getConfig().get(SliderXmlConfKeys.KEY_PROTOCOL_ACL); + if (authorization && SliderUtils.isUnset(acls)) { + throw new BadConfigException("Application has IPC authorization enabled in " + + CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION + + " but no ACLs in " + SliderXmlConfKeys.KEY_PROTOCOL_ACL); + } + } + /* =================================================================== */ /* AMRMClientAsync callbacks */