diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAppManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAppManager.java index 49daedb692..136dee0437 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAppManager.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAppManager.java @@ -285,7 +285,7 @@ protected synchronized void checkAppNumCompletedLimit() { @SuppressWarnings("unchecked") protected void submitApplication( ApplicationSubmissionContext submissionContext, long submitTime, - String user) throws YarnException, AccessControlException { + String user) throws YarnException { ApplicationId applicationId = submissionContext.getApplicationId(); // Passing start time as -1. It will be eventually set in RMAppImpl @@ -336,8 +336,7 @@ protected void recoverApplication(ApplicationStateData appState, private RMAppImpl createAndPopulateNewRMApp( ApplicationSubmissionContext submissionContext, long submitTime, - String user, boolean isRecovery, long startTime) - throws YarnException, AccessControlException { + String user, boolean isRecovery, long startTime) throws YarnException { // Do queue mapping if (!isRecovery) { if (rmContext.getQueuePlacementManager() != null) { @@ -380,9 +379,9 @@ private RMAppImpl createAndPopulateNewRMApp( SchedulerUtils.toAccessType(QueueACL.ADMINISTER_QUEUE), applicationId.toString(), appName, Server.getRemoteAddress(), null))) { - throw new AccessControlException( + throw RPCUtil.getRemoteException(new AccessControlException( "User " + user + " does not have permission to submit " - + applicationId + " to queue " + submissionContext.getQueue()); + + applicationId + " to queue " + submissionContext.getQueue())); } } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestAppManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestAppManager.java index c3d04defb1..68f1e22842 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestAppManager.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/TestAppManager.java @@ -39,14 +39,18 @@ import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.io.DataOutputBuffer; +import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.Credentials; import org.apache.hadoop.service.Service; import org.apache.hadoop.yarn.MockApps; +import org.apache.hadoop.yarn.api.protocolrecords.SubmitApplicationRequest; import org.apache.hadoop.yarn.api.records.ApplicationAccessType; import org.apache.hadoop.yarn.api.records.ApplicationId; import org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext; import org.apache.hadoop.yarn.api.records.ContainerLaunchContext; +import org.apache.hadoop.yarn.api.records.Priority; import org.apache.hadoop.yarn.api.records.Resource; +import org.apache.hadoop.yarn.api.records.ResourceRequest; import org.apache.hadoop.yarn.conf.YarnConfiguration; import org.apache.hadoop.yarn.event.AsyncDispatcher; import org.apache.hadoop.yarn.event.Dispatcher; @@ -69,9 +73,11 @@ import org.apache.hadoop.yarn.server.resourcemanager.rmcontainer.ContainerAllocationExpirer; import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler; import org.apache.hadoop.yarn.server.resourcemanager.scheduler.YarnScheduler; +import org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.CapacityScheduler; import org.apache.hadoop.yarn.server.resourcemanager.security.ClientToAMTokenSecretManagerInRM; import org.apache.hadoop.yarn.server.resourcemanager.timelineservice.RMTimelineCollectorManager; import org.apache.hadoop.yarn.server.security.ApplicationACLsManager; +import org.apache.hadoop.yarn.util.Records; import org.apache.hadoop.yarn.util.resource.ResourceCalculator; import org.apache.hadoop.yarn.util.resource.Resources; import org.junit.After; @@ -280,6 +286,43 @@ public void testRMAppRetireNone() throws Exception { isA(RMApp.class)); } + @Test + public void testQueueSubmitWithNoPermission() throws IOException { + YarnConfiguration conf = new YarnConfiguration(); + conf.set(YarnConfiguration.RM_SCHEDULER, + CapacityScheduler.class.getCanonicalName()); + conf.set("yarn.scheduler.capacity.root.acl_submit_applications", " "); + conf.set("yarn.scheduler.capacity.root.acl_administer_queue", " "); + + conf.set("yarn.scheduler.capacity.root.default.acl_submit_applications", + " "); + conf.set("yarn.scheduler.capacity.root.default.acl_administer_queue", " "); + conf.set(YarnConfiguration.YARN_ACL_ENABLE, "true"); + MockRM mockRM = new MockRM(conf); + ClientRMService rmService = mockRM.getClientRMService(); + SubmitApplicationRequest req = + Records.newRecord(SubmitApplicationRequest.class); + ApplicationSubmissionContext sub = + Records.newRecord(ApplicationSubmissionContext.class); + sub.setApplicationId(appId); + ResourceRequest resReg = + ResourceRequest.newInstance(Priority.newInstance(0), + ResourceRequest.ANY, Resource.newInstance(1024, 1), 1); + sub.setAMContainerResourceRequest(resReg); + req.setApplicationSubmissionContext(sub); + try { + rmService.submitApplication(req); + } catch (Exception e) { + if (e instanceof YarnException) { + Assert.assertTrue(e.getCause() instanceof AccessControlException); + } else { + Assert.fail("Yarn exception is expected"); + } + } finally { + mockRM.close(); + } + } + @Test public void testRMAppRetireSome() throws Exception { long now = System.currentTimeMillis();