@Override public void refreshLogRetentionSettings() throws IOException { UserGroupInformation user = checkAcls("refreshLogRetentionSettings"); try { loginUGI.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws IOException { aggLogDelService.refreshLogRetentionSettings(); return null; } }); } catch (InterruptedException e) { throw new IOException(e); } HSAuditLogger.logSuccess(user.getShortUserName(), "refreshLogRetentionSettings", "HSAdminServer"); }
@Override public void refreshJobRetentionSettings() throws IOException { UserGroupInformation user = checkAcls("refreshJobRetentionSettings"); try { loginUGI.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws IOException { jobHistoryService.refreshJobRetentionSettings(); return null; } }); } catch (InterruptedException e) { throw new IOException(e); } HSAuditLogger.logSuccess(user.getShortUserName(), "refreshJobRetentionSettings", HISTORY_ADMIN_SERVER); }
private UserGroupInformation checkAcls(String method) throws IOException { UserGroupInformation user; try { user = UserGroupInformation.getCurrentUser(); } catch (IOException ioe) { LOG.warn("Couldn't get current user", ioe); HSAuditLogger.logFailure("UNKNOWN", method, adminAcl.toString(), HISTORY_ADMIN_SERVER, "Couldn't get current user"); throw ioe; } if (!adminAcl.isUserAllowed(user)) { LOG.warn("User " + user.getShortUserName() + " doesn't have permission" + " to call '" + method + "'"); HSAuditLogger.logFailure(user.getShortUserName(), method, adminAcl.toString(), HISTORY_ADMIN_SERVER, AuditConstants.UNAUTHORIZED_USER); throw new AccessControlException("User " + user.getShortUserName() + " doesn't have permission" + " to call '" + method + "'"); } LOG.info("HS Admin: " + method + " invoked by user " + user.getShortUserName()); return user; }
@Override public void refreshSuperUserGroupsConfiguration() throws IOException { UserGroupInformation user = checkAcls("refreshSuperUserGroupsConfiguration"); ProxyUsers.refreshSuperUserGroupsConfiguration(createConf()); HSAuditLogger.logSuccess(user.getShortUserName(), "refreshSuperUserGroupsConfiguration", HISTORY_ADMIN_SERVER); }
@Override public void refreshAdminAcls() throws IOException { UserGroupInformation user = checkAcls("refreshAdminAcls"); Configuration conf = createConf(); adminAcl = new AccessControlList(conf.get(JHAdminConfig.JHS_ADMIN_ACL, JHAdminConfig.DEFAULT_JHS_ADMIN_ACL)); HSAuditLogger.logSuccess(user.getShortUserName(), "refreshAdminAcls", HISTORY_ADMIN_SERVER); }
@Override public void refreshLoadedJobCache() throws IOException { UserGroupInformation user = checkAcls("refreshLoadedJobCache"); try { jobHistoryService.refreshLoadedJobCache(); } catch (UnsupportedOperationException e) { HSAuditLogger.logFailure(user.getShortUserName(), "refreshLoadedJobCache", adminAcl.toString(), HISTORY_ADMIN_SERVER, e.getMessage()); throw e; } HSAuditLogger.logSuccess(user.getShortUserName(), "refreshLoadedJobCache", HISTORY_ADMIN_SERVER); }
@Override public void refreshLogRetentionSettings() throws IOException { UserGroupInformation user = checkAcls("refreshLogRetentionSettings"); aggLogDelService.refreshLogRetentionSettings(); HSAuditLogger.logSuccess(user.getShortUserName(), "refreshLogRetentionSettings", "HSAdminServer"); }
@Override public void refreshJobRetentionSettings() throws IOException { UserGroupInformation user = checkAcls("refreshJobRetentionSettings"); jobHistoryService.refreshJobRetentionSettings(); HSAuditLogger.logSuccess(user.getShortUserName(), "refreshJobRetentionSettings", HISTORY_ADMIN_SERVER); }
