-
Notifications
You must be signed in to change notification settings - Fork 28.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SPARK-4223] [CORE] Support * in acls.
SPARK-4223. Currently we support setting view and modify acls but you have to specify a list of users. It would be nice to support * meaning all users have access. Manual tests to verify that: "*" works for any user in: a. Spark ui: view and kill stage. Done. b. Spark history server. Done. c. Yarn application killing. Done. Author: zhuol <zhuol@yahoo-inc.com> Closes #8398 from zhuoliu/4223.
- Loading branch information
Showing
3 changed files
with
69 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -125,6 +125,47 @@ class SecurityManagerSuite extends SparkFunSuite { | |
|
||
} | ||
|
||
test("set security with * in acls") { | ||
val conf = new SparkConf | ||
conf.set("spark.ui.acls.enable", "true") | ||
conf.set("spark.admin.acls", "user1,user2") | ||
conf.set("spark.ui.view.acls", "*") | ||
conf.set("spark.modify.acls", "user4") | ||
|
||
val securityManager = new SecurityManager(conf) | ||
assert(securityManager.aclsEnabled() === true) | ||
|
||
// check for viewAcls with * | ||
assert(securityManager.checkUIViewPermissions("user1") === true) | ||
This comment has been minimized.
Sorry, something went wrong.
jaceklaskowski
Contributor
|
||
assert(securityManager.checkUIViewPermissions("user5") === true) | ||
assert(securityManager.checkUIViewPermissions("user6") === true) | ||
assert(securityManager.checkModifyPermissions("user4") === true) | ||
assert(securityManager.checkModifyPermissions("user7") === false) | ||
assert(securityManager.checkModifyPermissions("user8") === false) | ||
|
||
// check for modifyAcls with * | ||
securityManager.setModifyAcls(Set("user4"), "*") | ||
assert(securityManager.checkModifyPermissions("user7") === true) | ||
assert(securityManager.checkModifyPermissions("user8") === true) | ||
|
||
securityManager.setAdminAcls("user1,user2") | ||
securityManager.setModifyAcls(Set("user1"), "user2") | ||
securityManager.setViewAcls(Set("user1"), "user2") | ||
assert(securityManager.checkUIViewPermissions("user5") === false) | ||
assert(securityManager.checkUIViewPermissions("user6") === false) | ||
assert(securityManager.checkModifyPermissions("user7") === false) | ||
assert(securityManager.checkModifyPermissions("user8") === false) | ||
|
||
// check for adminAcls with * | ||
securityManager.setAdminAcls("user1,*") | ||
securityManager.setModifyAcls(Set("user1"), "user2") | ||
securityManager.setViewAcls(Set("user1"), "user2") | ||
assert(securityManager.checkUIViewPermissions("user5") === true) | ||
assert(securityManager.checkUIViewPermissions("user6") === true) | ||
assert(securityManager.checkModifyPermissions("user7") === true) | ||
assert(securityManager.checkModifyPermissions("user8") === true) | ||
} | ||
|
||
test("ssl on setup") { | ||
val conf = SSLSampleConfigs.sparkSSLConfig() | ||
val expectedAlgorithms = Set( | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Doh! Yet another magic "number". Could we introduce a constant and give it a helpful name? Please.