[02/13] git commit: SLIDER-557 ACL checks are stopping CI builds

Thu, 23 Oct 2014 03:37:09 -0700 

SLIDER-557 ACL checks are stopping CI builds


Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/3abc54fe
Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/3abc54fe
Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/3abc54fe

Branch: refs/heads/feature/SLIDER-460-stderr
Commit: 3abc54fe51163d2110455901f4a67c3f6d080645
Parents: 6be4bfa
Author: Steve Loughran <ste...@apache.org>
Authored: Wed Oct 22 21:43:03 2014 +0100
Committer: Steve Loughran <ste...@apache.org>
Committed: Wed Oct 22 21:43:03 2014 +0100

----------------------------------------------------------------------
 .../server/appmaster/SliderAppMaster.java       | 33 ++++++++++++++------
 1 file changed, 23 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/3abc54fe/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
----------------------------------------------------------------------
diff --git 
a/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
 
b/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
index e7fa109..53a8b10 100644
--- 
a/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
+++ 
b/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
@@ -766,6 +766,11 @@ public class SliderAppMaster extends 
AbstractSliderLaunchedService
             amRegistrationData.getClientToAMTokenMasterKey().array());
         applicationACLs = amRegistrationData.getApplicationACLs();
 
+        // fix up the ACLs if they are not set
+        String acls = getConfig().get(SliderXmlConfKeys.KEY_PROTOCOL_ACL);
+        if (acls == null) {
+          getConfig().set(SliderXmlConfKeys.KEY_PROTOCOL_ACL, "*");
+        }
         //tell the server what the ACLs are
         rpcService.getServer().refreshServiceAcl(serviceConf,
             new SliderAMPolicyProvider());
@@ -1358,17 +1363,9 @@ public class SliderAppMaster extends 
AbstractSliderLaunchedService
    */
   private void startSliderRPCServer(AggregateConf instanceDefinition)
       throws IOException, SliderException {
+    verifyIPCAccess();
+
 
-    // verify that if the cluster is authed, the ACLs are set.
-    boolean authorization = getConfig().getBoolean(
-        CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION,
-        false);
-    String acls = getConfig().get(SliderXmlConfKeys.KEY_PROTOCOL_ACL);
-    if (authorization && SliderUtils.isUnset(acls)) {
-      throw new BadConfigException("Application has IPC authorization enabled 
in " +
-          CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION +
-          " but no ACLs in " + SliderXmlConfKeys.KEY_PROTOCOL_ACL);
-    }
     SliderClusterProtocolPBImpl protobufRelay =
         new SliderClusterProtocolPBImpl(this);
     BlockingService blockingService = SliderClusterAPI.SliderClusterProtocolPB
@@ -1387,6 +1384,22 @@ public class SliderAppMaster extends 
AbstractSliderLaunchedService
     deployChildService(rpcService);
   }
 
+  /**
+   * verify that if the cluster is authed, the ACLs are set.
+   * @throws BadConfigException if Authorization is set without any ACL
+   */
+  private void verifyIPCAccess() throws BadConfigException {
+    boolean authorization = getConfig().getBoolean(
+        CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION,
+        false);
+    String acls = getConfig().get(SliderXmlConfKeys.KEY_PROTOCOL_ACL);
+    if (authorization && SliderUtils.isUnset(acls)) {
+      throw new BadConfigException("Application has IPC authorization enabled 
in " +
+          CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION +
+          " but no ACLs in " + SliderXmlConfKeys.KEY_PROTOCOL_ACL);
+    }
+  }
+
 
 /* =================================================================== */
 /* AMRMClientAsync callbacks */

Reply via email to