package org.apache.hadoop.yarn.server.resourcemanager;

import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.configuration2.tree.DefaultExpressionEngineSymbols;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.ha.HAServiceProtocol;
import org.apache.hadoop.ha.HAServiceStatus;
import org.apache.hadoop.ha.HealthCheckFailedException;
import org.apache.hadoop.ha.ServiceFailedException;
import org.apache.hadoop.ha.proto.HAServiceProtocolProtos;
import org.apache.hadoop.ha.protocolPB.HAServiceProtocolPB;
import org.apache.hadoop.ha.protocolPB.HAServiceProtocolServerSideTranslatorPB;
import org.apache.hadoop.ipc.ProtobufRpcEngine2;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.ipc.StandbyException;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.Groups;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AccessControlList;
import org.apache.hadoop.security.authorize.PolicyProvider;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.service.CompositeService;
import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting;
import org.apache.hadoop.yarn.api.records.NodeAttribute;
import org.apache.hadoop.yarn.api.records.NodeId;
import org.apache.hadoop.yarn.api.records.ResourceOption;
import org.apache.hadoop.yarn.conf.HAUtil;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.exceptions.YarnException;
import org.apache.hadoop.yarn.factories.RecordFactory;
import org.apache.hadoop.yarn.factory.providers.RecordFactoryProvider;
import org.apache.hadoop.yarn.ipc.RPCUtil;
import org.apache.hadoop.yarn.ipc.YarnRPC;
import org.apache.hadoop.yarn.nodelabels.NodeAttributesManager;
import org.apache.hadoop.yarn.security.ConfiguredYarnAuthorizer;
import org.apache.hadoop.yarn.security.YarnAuthorizationProvider;
import org.apache.hadoop.yarn.server.api.ResourceManagerAdministrationProtocol;
import org.apache.hadoop.yarn.server.api.protocolrecords.AddToClusterNodeLabelsRequest;
import org.apache.hadoop.yarn.server.api.protocolrecords.AddToClusterNodeLabelsResponse;
import org.apache.hadoop.yarn.server.api.protocolrecords.CheckForDecommissioningNodesRequest;
import org.apache.hadoop.yarn.server.api.protocolrecords.CheckForDecommissioningNodesResponse;
import org.apache.hadoop.yarn.server.api.protocolrecords.NodeToAttributes;
import org.apache.hadoop.yarn.server.api.protocolrecords.NodesToAttributesMappingRequest;
import org.apache.hadoop.yarn.server.api.protocolrecords.NodesToAttributesMappingResponse;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshAdminAclsRequest;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshAdminAclsResponse;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshClusterMaxPriorityRequest;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshClusterMaxPriorityResponse;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshNodesRequest;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshNodesResourcesRequest;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshNodesResourcesResponse;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshNodesResponse;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshQueuesRequest;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshQueuesResponse;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshServiceAclsRequest;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshServiceAclsResponse;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshSuperUserGroupsConfigurationRequest;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshSuperUserGroupsConfigurationResponse;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshUserToGroupsMappingsRequest;
import org.apache.hadoop.yarn.server.api.protocolrecords.RefreshUserToGroupsMappingsResponse;
import org.apache.hadoop.yarn.server.api.protocolrecords.RemoveFromClusterNodeLabelsRequest;
import org.apache.hadoop.yarn.server.api.protocolrecords.RemoveFromClusterNodeLabelsResponse;
import org.apache.hadoop.yarn.server.api.protocolrecords.ReplaceLabelsOnNodeRequest;
import org.apache.hadoop.yarn.server.api.protocolrecords.ReplaceLabelsOnNodeResponse;
import org.apache.hadoop.yarn.server.api.protocolrecords.UpdateNodeResourceRequest;
import org.apache.hadoop.yarn.server.api.protocolrecords.UpdateNodeResourceResponse;
import org.apache.hadoop.yarn.server.resourcemanager.nodelabels.NodeLabelsUtils;
import org.apache.hadoop.yarn.server.resourcemanager.reservation.ReservationSystem;
import org.apache.hadoop.yarn.server.resourcemanager.resource.DynamicResourceConfiguration;
import org.apache.hadoop.yarn.server.resourcemanager.rmnode.RMNode;
import org.apache.hadoop.yarn.server.resourcemanager.rmnode.RMNodeResourceUpdateEvent;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.MutableConfScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.security.authorize.RMPolicyProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/AdminService.class */
public class AdminService extends CompositeService implements HAServiceProtocol, ResourceManagerAdministrationProtocol {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AdminService.class);
    private final ResourceManager rm;
    private String rmId;
    private boolean autoFailoverEnabled;
    private RPC.Server server;
    private InetSocketAddress masterServiceBindAddress;
    private YarnAuthorizationProvider authorizer;
    private final RecordFactory recordFactory;
    private UserGroupInformation daemonUser;

    @VisibleForTesting
    boolean isCentralizedNodeLabelConfiguration;

    public AdminService(ResourceManager resourceManager) {
        super(AdminService.class.getName());
        this.recordFactory = RecordFactoryProvider.getRecordFactory(null);
        this.isCentralizedNodeLabelConfiguration = true;
        this.rm = resourceManager;
    }

    @Override // org.apache.hadoop.service.CompositeService, org.apache.hadoop.service.AbstractService
    public void serviceInit(Configuration configuration) throws Exception {
        this.autoFailoverEnabled = this.rm.getRMContext().isHAEnabled() && HAUtil.isAutomaticFailoverEnabled(configuration);
        this.masterServiceBindAddress = configuration.getSocketAddr(YarnConfiguration.RM_BIND_HOST, YarnConfiguration.RM_ADMIN_ADDRESS, YarnConfiguration.DEFAULT_RM_ADMIN_ADDRESS, YarnConfiguration.DEFAULT_RM_ADMIN_PORT);
        this.daemonUser = UserGroupInformation.getCurrentUser();
        this.authorizer = YarnAuthorizationProvider.getInstance(configuration);
        this.authorizer.setAdmins(getAdminAclList(configuration), this.daemonUser);
        this.rmId = configuration.get(YarnConfiguration.RM_HA_ID);
        this.isCentralizedNodeLabelConfiguration = YarnConfiguration.isCentralizedNodeLabelConfiguration(configuration);
        super.serviceInit(configuration);
    }

    private AccessControlList getAdminAclList(Configuration configuration) {
        AccessControlList accessControlList = new AccessControlList(configuration.get(YarnConfiguration.YARN_ADMIN_ACL, "*"));
        accessControlList.addUser(this.daemonUser.getShortUserName());
        return accessControlList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.service.CompositeService, org.apache.hadoop.service.AbstractService
    public void serviceStart() throws Exception {
        startServer();
        super.serviceStart();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.service.CompositeService, org.apache.hadoop.service.AbstractService
    public void serviceStop() throws Exception {
        stopServer();
        super.serviceStop();
    }

    protected void startServer() throws Exception {
        Configuration config = getConfig();
        this.server = (RPC.Server) YarnRPC.create(config).getServer(ResourceManagerAdministrationProtocol.class, this, this.masterServiceBindAddress, config, null, config.getInt(YarnConfiguration.RM_ADMIN_CLIENT_THREAD_COUNT, 1));
        if (config.getBoolean("hadoop.security.authorization", false)) {
            refreshServiceAcls(getConfiguration(config, YarnConfiguration.HADOOP_POLICY_CONFIGURATION_FILE), RMPolicyProvider.getInstance());
        }
        if (this.rm.getRMContext().isHAEnabled()) {
            RPC.setProtocolEngine(config, HAServiceProtocolPB.class, ProtobufRpcEngine2.class);
            this.server.addProtocol(RPC.RpcKind.RPC_PROTOCOL_BUFFER, HAServiceProtocol.class, HAServiceProtocolProtos.HAServiceProtocolService.newReflectiveBlockingService(new HAServiceProtocolServerSideTranslatorPB(this)));
        }
        this.server.start();
        config.updateConnectAddr(YarnConfiguration.RM_BIND_HOST, YarnConfiguration.RM_ADMIN_ADDRESS, YarnConfiguration.DEFAULT_RM_ADMIN_ADDRESS, this.server.getListenerAddress());
    }

    protected void stopServer() throws Exception {
        if (this.server != null) {
            this.server.stop();
        }
    }

    private UserGroupInformation checkAccess(String str) throws IOException {
        return RMServerUtils.verifyAdminAccess(this.authorizer, str, LOG);
    }

    private UserGroupInformation checkAcls(String str) throws YarnException {
        try {
            return checkAccess(str);
        } catch (IOException e) {
            throw RPCUtil.getRemoteException(e);
        }
    }

    private void checkHaStateChange(HAServiceProtocol.StateChangeRequestInfo stateChangeRequestInfo) throws AccessControlException {
        switch (stateChangeRequestInfo.getSource()) {
            case REQUEST_BY_USER:
                if (this.autoFailoverEnabled) {
                    throw new AccessControlException("Manual failover for this ResourceManager is disallowed, because automatic failover is enabled.");
                }
                return;
            case REQUEST_BY_USER_FORCED:
                if (this.autoFailoverEnabled) {
                    LOG.warn("Allowing manual failover from " + Server.getRemoteAddress() + " even though automatic failover is enabled, because the user specified the force flag");
                    return;
                }
                return;
            case REQUEST_BY_ZKFC:
                if (!this.autoFailoverEnabled) {
                    throw new AccessControlException("Request from ZK failover controller at " + Server.getRemoteAddress() + " denied since automatic failover is not enabled");
                }
                return;
            default:
                return;
        }
    }

    private synchronized boolean isRMActive() {
        return HAServiceProtocol.HAServiceState.ACTIVE == this.rm.getRMContext().getHAServiceState();
    }

    private void throwStandbyException() throws StandbyException {
        throw new StandbyException("ResourceManager " + this.rmId + " is not Active!");
    }

    @Override // org.apache.hadoop.ha.HAServiceProtocol
    public synchronized void monitorHealth() throws IOException {
        checkAccess("monitorHealth");
        if (isRMActive() && !this.rm.areActiveServicesRunning()) {
            throw new HealthCheckFailedException("Active ResourceManager services are not running!");
        }
    }

    @Override // org.apache.hadoop.ha.HAServiceProtocol
    public synchronized void transitionToActive(HAServiceProtocol.StateChangeRequestInfo stateChangeRequestInfo) throws IOException {
        if (isRMActive()) {
            return;
        }
        try {
            refreshAdminAcls(false);
            UserGroupInformation checkAccess = checkAccess("transitionToActive");
            checkHaStateChange(stateChangeRequestInfo);
            try {
                refreshAll();
                try {
                    this.rm.transitionToActive();
                    RMAuditLogger.logSuccess(checkAccess.getShortUserName(), "transitionToActive", "RM");
                } catch (Exception e) {
                    RMAuditLogger.logFailure(checkAccess.getShortUserName(), "transitionToActive", "", "RM", "Exception transitioning to active");
                    throw new ServiceFailedException("Error when transitioning to Active mode", e);
                }
            } catch (Exception e2) {
                this.rm.getRMContext().getDispatcher().getEventHandler().handle(new RMFatalEvent(RMFatalEventType.TRANSITION_TO_ACTIVE_FAILED, e2, "failure to refresh configuration settings"));
                throw new ServiceFailedException("Error on refreshAll during transition to Active", e2);
            }
        } catch (YarnException e3) {
            throw new ServiceFailedException("Can not execute refreshAdminAcls", e3);
        }
    }

    @Override // org.apache.hadoop.ha.HAServiceProtocol
    public synchronized void transitionToStandby(HAServiceProtocol.StateChangeRequestInfo stateChangeRequestInfo) throws IOException {
        try {
            refreshAdminAcls(false);
            UserGroupInformation checkAccess = checkAccess("transitionToStandby");
            checkHaStateChange(stateChangeRequestInfo);
            try {
                this.rm.transitionToStandby(true);
                RMAuditLogger.logSuccess(checkAccess.getShortUserName(), "transitionToStandby", "RM");
            } catch (Exception e) {
                RMAuditLogger.logFailure(checkAccess.getShortUserName(), "transitionToStandby", "", "RM", "Exception transitioning to standby");
                throw new ServiceFailedException("Error when transitioning to Standby mode", e);
            }
        } catch (YarnException e2) {
            throw new ServiceFailedException("Can not execute refreshAdminAcls", e2);
        }
    }

    @Override // org.apache.hadoop.ha.HAServiceProtocol
    public synchronized void transitionToObserver(HAServiceProtocol.StateChangeRequestInfo stateChangeRequestInfo) throws IOException {
        throw new ServiceFailedException("Does not support transition to Observer");
    }

    @Override // org.apache.hadoop.ha.HAServiceProtocol
    public synchronized HAServiceStatus getServiceStatus() throws IOException {
        checkAccess("getServiceState");
        HAServiceProtocol.HAServiceState hAServiceState = this.rm.getRMContext().getHAServiceState();
        HAServiceStatus hAServiceStatus = new HAServiceStatus(hAServiceState);
        if (isRMActive() || hAServiceState == HAServiceProtocol.HAServiceState.STANDBY) {
            hAServiceStatus.setReadyToBecomeActive();
        } else {
            hAServiceStatus.setNotReadyToBecomeActive("State is " + hAServiceState);
        }
        return hAServiceStatus;
    }

    @Override // org.apache.hadoop.yarn.server.api.ResourceManagerAdministrationProtocol
    public RefreshQueuesResponse refreshQueues(RefreshQueuesRequest refreshQueuesRequest) throws YarnException, StandbyException {
        UserGroupInformation checkAcls = checkAcls("refreshQueues");
        checkRMStatus(checkAcls.getShortUserName(), "refreshQueues", "refresh queues.");
        RefreshQueuesResponse refreshQueuesResponse = (RefreshQueuesResponse) this.recordFactory.newRecordInstance(RefreshQueuesResponse.class);
        try {
            if (isSchedulerMutable()) {
                throw new IOException("Scheduler configuration is mutable. refreshQueues is not allowed in this scenario.");
            }
            refreshQueues();
            RMAuditLogger.logSuccess(checkAcls.getShortUserName(), "refreshQueues", "AdminService");
            return refreshQueuesResponse;
        } catch (IOException e) {
            throw logAndWrapException(e, checkAcls.getShortUserName(), "refreshQueues", "refresh queues.");
        }
    }

    protected Configuration loadNewConfiguration() throws IOException, YarnException {
        Configuration configuration = getConfiguration(new Configuration(false), YarnConfiguration.YARN_SITE_CONFIGURATION_FILE, YarnConfiguration.RESOURCE_TYPES_CONFIGURATION_FILE);
        configuration.size();
        return configuration;
    }

    @InterfaceAudience.Private
    public void refreshQueues() throws IOException, YarnException {
        Configuration loadNewConfiguration = loadNewConfiguration();
        this.rm.getRMContext().getScheduler().reinitialize(loadNewConfiguration, this.rm.getRMContext());
        ReservationSystem reservationSystem = this.rm.getRMContext().getReservationSystem();
        if (reservationSystem != null) {
            reservationSystem.reinitialize(loadNewConfiguration, this.rm.getRMContext());
        }
    }

    private boolean isSchedulerMutable() {
        ResourceScheduler scheduler = this.rm.getRMContext().getScheduler();
        return (scheduler instanceof MutableConfScheduler) && ((MutableConfScheduler) scheduler).isConfigurationMutable();
    }

    @Override // org.apache.hadoop.yarn.server.api.ResourceManagerAdministrationProtocol
    public RefreshNodesResponse refreshNodes(RefreshNodesRequest refreshNodesRequest) throws YarnException, StandbyException {
        UserGroupInformation checkAcls = checkAcls("refreshNodes");
        checkRMStatus(checkAcls.getShortUserName(), "refreshNodes", "refresh nodes.");
        try {
            Configuration configuration = getConfiguration(new Configuration(false), YarnConfiguration.YARN_SITE_CONFIGURATION_FILE);
            switch (refreshNodesRequest.getDecommissionType()) {
                case NORMAL:
                    this.rm.getRMContext().getNodesListManager().refreshNodes(configuration);
                    break;
                case GRACEFUL:
                    this.rm.getRMContext().getNodesListManager().refreshNodesGracefully(configuration, refreshNodesRequest.getDecommissionTimeout());
                    break;
                case FORCEFUL:
                    this.rm.getRMContext().getNodesListManager().refreshNodesForcefully();
                    break;
            }
            RMAuditLogger.logSuccess(checkAcls.getShortUserName(), "refreshNodes", "AdminService");
            return (RefreshNodesResponse) this.recordFactory.newRecordInstance(RefreshNodesResponse.class);
        } catch (IOException e) {
            throw logAndWrapException(e, checkAcls.getShortUserName(), "refreshNodes", "refresh nodes.");
        }
    }

    private void refreshNodes() throws IOException, YarnException {
        this.rm.getRMContext().getNodesListManager().refreshNodes(getConfiguration(new Configuration(false), YarnConfiguration.YARN_SITE_CONFIGURATION_FILE));
    }

    @Override // org.apache.hadoop.yarn.server.api.ResourceManagerAdministrationProtocol
    public RefreshSuperUserGroupsConfigurationResponse refreshSuperUserGroupsConfiguration(RefreshSuperUserGroupsConfigurationRequest refreshSuperUserGroupsConfigurationRequest) throws YarnException, IOException {
        UserGroupInformation checkAcls = checkAcls("refreshSuperUserGroupsConfiguration");
        checkRMStatus(checkAcls.getShortUserName(), "refreshSuperUserGroupsConfiguration", "refresh super-user-groups.");
        refreshSuperUserGroupsConfiguration();
        RMAuditLogger.logSuccess(checkAcls.getShortUserName(), "refreshSuperUserGroupsConfiguration", "AdminService");
        return (RefreshSuperUserGroupsConfigurationResponse) this.recordFactory.newRecordInstance(RefreshSuperUserGroupsConfigurationResponse.class);
    }

    private void refreshSuperUserGroupsConfiguration() throws IOException, YarnException {
        Configuration configuration = getConfiguration(new Configuration(false), YarnConfiguration.CORE_SITE_CONFIGURATION_FILE, YarnConfiguration.YARN_SITE_CONFIGURATION_FILE);
        RMServerUtils.processRMProxyUsersConf(configuration);
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
    }

    @Override // org.apache.hadoop.yarn.server.api.ResourceManagerAdministrationProtocol
    public RefreshUserToGroupsMappingsResponse refreshUserToGroupsMappings(RefreshUserToGroupsMappingsRequest refreshUserToGroupsMappingsRequest) throws YarnException, IOException {
        UserGroupInformation checkAcls = checkAcls("refreshUserToGroupsMappings");
        checkRMStatus(checkAcls.getShortUserName(), "refreshUserToGroupsMappings", "refresh user-groups.");
        refreshUserToGroupsMappings();
        RMAuditLogger.logSuccess(checkAcls.getShortUserName(), "refreshUserToGroupsMappings", "AdminService");
        return (RefreshUserToGroupsMappingsResponse) this.recordFactory.newRecordInstance(RefreshUserToGroupsMappingsResponse.class);
    }

    private void refreshUserToGroupsMappings() throws IOException, YarnException {
        Groups.getUserToGroupsMappingService(getConfiguration(new Configuration(false), YarnConfiguration.CORE_SITE_CONFIGURATION_FILE)).refresh();
    }

    @Override // org.apache.hadoop.yarn.server.api.ResourceManagerAdministrationProtocol
    public RefreshAdminAclsResponse refreshAdminAcls(RefreshAdminAclsRequest refreshAdminAclsRequest) throws YarnException, IOException {
        return refreshAdminAcls(true);
    }

    private RefreshAdminAclsResponse refreshAdminAcls(boolean z) throws YarnException, IOException {
        UserGroupInformation checkAcls = checkAcls("refreshAdminAcls");
        if (z) {
            checkRMStatus(checkAcls.getShortUserName(), "refreshAdminAcls", "refresh Admin ACLs.");
        }
        this.authorizer.setAdmins(getAdminAclList(getConfiguration(new Configuration(false), YarnConfiguration.YARN_SITE_CONFIGURATION_FILE)), this.daemonUser);
        RMAuditLogger.logSuccess(checkAcls.getShortUserName(), "refreshAdminAcls", "AdminService");
        return (RefreshAdminAclsResponse) this.recordFactory.newRecordInstance(RefreshAdminAclsResponse.class);
    }

    @Override // org.apache.hadoop.yarn.server.api.ResourceManagerAdministrationProtocol
    public RefreshServiceAclsResponse refreshServiceAcls(RefreshServiceAclsRequest refreshServiceAclsRequest) throws YarnException, IOException {
        if (!getConfig().getBoolean("hadoop.security.authorization", false)) {
            throw RPCUtil.getRemoteException(new IOException("Service Authorization (hadoop.security.authorization) not enabled."));
        }
        UserGroupInformation checkAcls = checkAcls("refreshServiceAcls");
        checkRMStatus(checkAcls.getShortUserName(), "refreshServiceAcls", "refresh Service ACLs.");
        refreshServiceAcls();
        refreshActiveServicesAcls();
        RMAuditLogger.logSuccess(checkAcls.getShortUserName(), "refreshServiceAcls", "AdminService");
        return (RefreshServiceAclsResponse) this.recordFactory.newRecordInstance(RefreshServiceAclsResponse.class);
    }

    private void refreshServiceAcls() throws IOException, YarnException {
        refreshServiceAcls(getConfiguration(new Configuration(false), YarnConfiguration.HADOOP_POLICY_CONFIGURATION_FILE), RMPolicyProvider.getInstance());
    }

    private void refreshActiveServicesAcls() throws IOException, YarnException {
        RMPolicyProvider rMPolicyProvider = RMPolicyProvider.getInstance();
        Configuration configuration = getConfiguration(new Configuration(false), YarnConfiguration.HADOOP_POLICY_CONFIGURATION_FILE);
        this.rm.getRMContext().getClientRMService().refreshServiceAcls(configuration, rMPolicyProvider);
        this.rm.getRMContext().getApplicationMasterService().refreshServiceAcls(configuration, rMPolicyProvider);
        this.rm.getRMContext().getResourceTrackerService().refreshServiceAcls(configuration, rMPolicyProvider);
    }

    private synchronized void refreshServiceAcls(Configuration configuration, PolicyProvider policyProvider) {
        this.server.refreshServiceAclWithLoadedConfiguration(configuration, policyProvider);
    }

    @Override // org.apache.hadoop.tools.GetUserMappingsProtocol
    public String[] getGroupsForUser(String str) throws IOException {
        try {
            checkRMStatus(checkAcls("getGroupsForUser").getShortUserName(), "getGroupsForUser", "get groups for user");
            return UserGroupInformation.createRemoteUser(str).getGroupNames();
        } catch (YarnException e) {
            throw new IOException(e);
        }
    }

    @Override // org.apache.hadoop.yarn.server.api.ResourceManagerAdministrationProtocol
    public UpdateNodeResourceResponse updateNodeResource(UpdateNodeResourceRequest updateNodeResourceRequest) throws YarnException, IOException {
        UserGroupInformation checkAcls = checkAcls("updateNodeResource");
        checkRMStatus(checkAcls.getShortUserName(), "updateNodeResource", "update node resource.");
        Map<NodeId, ResourceOption> nodeResourceMap = updateNodeResourceRequest.getNodeResourceMap();
        for (NodeId nodeId : nodeResourceMap.keySet()) {
            if (this.rm.getRMContext().getRMNodes().get(nodeId) == null) {
                LOG.error("Resource update get failed on all nodes due to change resource on an unrecognized node: " + nodeId);
                throw RPCUtil.getRemoteException("Resource update get failed on all nodes due to change resource on an unrecognized node: " + nodeId);
            }
        }
        boolean z = true;
        for (Map.Entry<NodeId, ResourceOption> entry : nodeResourceMap.entrySet()) {
            ResourceOption value = entry.getValue();
            NodeId key = entry.getKey();
            RMNode rMNode = this.rm.getRMContext().getRMNodes().get(key);
            if (rMNode == null) {
                LOG.warn("Resource update get failed on an unrecognized node: " + key);
                z = false;
            } else {
                this.rm.getRMContext().getDispatcher().getEventHandler().handle(new RMNodeResourceUpdateEvent(key, value));
                LOG.info("Update resource on node(" + rMNode.getNodeID() + ") with resource(" + value.toString() + DefaultExpressionEngineSymbols.DEFAULT_INDEX_END);
            }
        }
        if (z) {
            RMAuditLogger.logSuccess(checkAcls.getShortUserName(), "updateNodeResource", "AdminService");
        }
        return UpdateNodeResourceResponse.newInstance();
    }

    @Override // org.apache.hadoop.yarn.server.api.ResourceManagerAdministrationProtocol
    public RefreshNodesResourcesResponse refreshNodesResources(RefreshNodesResourcesRequest refreshNodesResourcesRequest) throws YarnException, StandbyException {
        UserGroupInformation checkAcls = checkAcls("refreshNodesResources");
        checkRMStatus(checkAcls.getShortUserName(), "refreshNodesResources", "refresh nodes.");
        RefreshNodesResourcesResponse refreshNodesResourcesResponse = (RefreshNodesResourcesResponse) this.recordFactory.newRecordInstance(RefreshNodesResourcesResponse.class);
        try {
            Configuration configuration = new Configuration(getConfig());
            InputStream configurationInputStream = this.rm.getRMContext().getConfigurationProvider().getConfigurationInputStream(configuration, YarnConfiguration.DR_CONFIGURATION_FILE);
            DynamicResourceConfiguration dynamicResourceConfiguration = configurationInputStream != null ? new DynamicResourceConfiguration(configuration, configurationInputStream) : new DynamicResourceConfiguration(configuration);
            if (dynamicResourceConfiguration.getNodes() != null && dynamicResourceConfiguration.getNodes().length != 0) {
                updateNodeResource(UpdateNodeResourceRequest.newInstance(dynamicResourceConfiguration.getNodeResourceMap()));
            }
            this.rm.getRMContext().getResourceTrackerService().updateDynamicResourceConfiguration(dynamicResourceConfiguration);
            this.rm.getRMContext().getResourceTrackerService().updateHeartBeatConfiguration(getConfiguration(new Configuration(false), YarnConfiguration.YARN_SITE_CONFIGURATION_FILE));
            RMAuditLogger.logSuccess(checkAcls.getShortUserName(), "refreshNodesResources", "AdminService");
            return refreshNodesResourcesResponse;
        } catch (IOException e) {
            throw logAndWrapException(e, checkAcls.getShortUserName(), "refreshNodesResources", "refresh nodes.");
        }
    }

    private synchronized Configuration getConfiguration(Configuration configuration, String... strArr) throws YarnException, IOException {
        for (String str : strArr) {
            InputStream configurationInputStream = this.rm.getRMContext().getConfigurationProvider().getConfigurationInputStream(configuration, str);
            if (configurationInputStream != null) {
                configuration.addResource(configurationInputStream);
            }
        }
        return configuration;
    }

    @VisibleForTesting
    void refreshAll() throws ServiceFailedException {
        try {
            checkAcls("refreshAll");
            if (isSchedulerMutable()) {
                try {
                    ((MutableConfScheduler) this.rm.getRMContext().getScheduler()).getMutableConfProvider().reloadConfigurationFromStore();
                } catch (Exception e) {
                    throw new IOException("Failed to refresh configuration:", e);
                }
            }
            refreshQueues();
            refreshNodes();
            refreshSuperUserGroupsConfiguration();
            refreshUserToGroupsMappings();
            if (getConfig().getBoolean("hadoop.security.authorization", false)) {
                refreshServiceAcls();
            }
            refreshClusterMaxPriority();
        } catch (Exception e2) {
            throw new ServiceFailedException("RefreshAll operation failed", e2);
        }
    }

    @VisibleForTesting
    public AccessControlList getAccessControlList() {
        return ((ConfiguredYarnAuthorizer) this.authorizer).getAdminAcls();
    }

    @VisibleForTesting
    public RPC.Server getServer() {
        return this.server;
    }

    @Override // org.apache.hadoop.yarn.server.api.ResourceManagerAdministrationProtocol
    public AddToClusterNodeLabelsResponse addToClusterNodeLabels(AddToClusterNodeLabelsRequest addToClusterNodeLabelsRequest) throws YarnException, IOException {
        UserGroupInformation checkAcls = checkAcls("addToClusterNodeLabels");
        checkRMStatus(checkAcls.getShortUserName(), "addToClusterNodeLabels", "add labels.");
        AddToClusterNodeLabelsResponse addToClusterNodeLabelsResponse = (AddToClusterNodeLabelsResponse) this.recordFactory.newRecordInstance(AddToClusterNodeLabelsResponse.class);
        try {
            this.rm.getRMContext().getNodeLabelManager().addToCluserNodeLabels(addToClusterNodeLabelsRequest.getNodeLabels());
            RMAuditLogger.logSuccess(checkAcls.getShortUserName(), "addToClusterNodeLabels", "AdminService");
            return addToClusterNodeLabelsResponse;
        } catch (IOException e) {
            throw logAndWrapException(e, checkAcls.getShortUserName(), "addToClusterNodeLabels", "add labels.");
        }
    }

    @Override // org.apache.hadoop.yarn.server.api.ResourceManagerAdministrationProtocol
    public RemoveFromClusterNodeLabelsResponse removeFromClusterNodeLabels(RemoveFromClusterNodeLabelsRequest removeFromClusterNodeLabelsRequest) throws YarnException, IOException {
        UserGroupInformation checkAcls = checkAcls("removeFromClusterNodeLabels");
        checkRMStatus(checkAcls.getShortUserName(), "removeFromClusterNodeLabels", "remove labels.");
        RemoveFromClusterNodeLabelsResponse removeFromClusterNodeLabelsResponse = (RemoveFromClusterNodeLabelsResponse) this.recordFactory.newRecordInstance(RemoveFromClusterNodeLabelsResponse.class);
        try {
            this.rm.getRMContext().getNodeLabelManager().removeFromClusterNodeLabels(removeFromClusterNodeLabelsRequest.getNodeLabels());
            RMAuditLogger.logSuccess(checkAcls.getShortUserName(), "removeFromClusterNodeLabels", "AdminService");
            return removeFromClusterNodeLabelsResponse;
        } catch (IOException e) {
            throw logAndWrapException(e, checkAcls.getShortUserName(), "removeFromClusterNodeLabels", "remove labels.");
        }
    }

    @Override // org.apache.hadoop.yarn.server.api.ResourceManagerAdministrationProtocol
    public ReplaceLabelsOnNodeResponse replaceLabelsOnNode(ReplaceLabelsOnNodeRequest replaceLabelsOnNodeRequest) throws YarnException, IOException {
        try {
            NodeLabelsUtils.verifyCentralizedNodeLabelConfEnabled("replaceLabelsOnNode", this.isCentralizedNodeLabelConfiguration);
            UserGroupInformation checkAcls = checkAcls("replaceLabelsOnNode");
            checkRMStatus(checkAcls.getShortUserName(), "replaceLabelsOnNode", "set node to labels.");
            ReplaceLabelsOnNodeResponse replaceLabelsOnNodeResponse = (ReplaceLabelsOnNodeResponse) this.recordFactory.newRecordInstance(ReplaceLabelsOnNodeResponse.class);
            if (replaceLabelsOnNodeRequest.getFailOnUnknownNodes()) {
                ArrayList arrayList = new ArrayList();
                for (NodeId nodeId : replaceLabelsOnNodeRequest.getNodeToLabels().keySet()) {
                    boolean z = false;
                    if (nodeId.getPort() == 0) {
                        Iterator<NodeId> it = this.rm.getRMContext().getRMNodes().keySet().iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            if (it.next().getHost().equals(nodeId.getHost())) {
                                z = true;
                                break;
                            }
                        }
                        if (!z) {
                            Iterator<NodeId> it2 = this.rm.getRMContext().getInactiveRMNodes().keySet().iterator();
                            while (true) {
                                if (!it2.hasNext()) {
                                    break;
                                }
                                if (it2.next().getHost().equals(nodeId.getHost())) {
                                    z = true;
                                    break;
                                }
                            }
                        }
                    } else if (this.rm.getRMContext().getRMNodes().containsKey(nodeId) || this.rm.getRMContext().getInactiveRMNodes().containsKey(nodeId)) {
                        z = true;
                    }
                    if (!z) {
                        arrayList.add(nodeId);
                    }
                }
                if (!arrayList.isEmpty()) {
                    RMAuditLogger.logFailure(checkAcls.getShortUserName(), "replaceLabelsOnNode", "", "AdminService", "Failed to replace labels as there are unknown nodes:" + Arrays.toString(arrayList.toArray()));
                    throw RPCUtil.getRemoteException(new IOException("Failed to replace labels as there are unknown nodes:" + Arrays.toString(arrayList.toArray())));
                }
            }
            try {
                this.rm.getRMContext().getNodeLabelManager().replaceLabelsOnNode(replaceLabelsOnNodeRequest.getNodeToLabels());
                RMAuditLogger.logSuccess(checkAcls.getShortUserName(), "replaceLabelsOnNode", "AdminService");
                return replaceLabelsOnNodeResponse;
            } catch (IOException e) {
                throw logAndWrapException(e, checkAcls.getShortUserName(), "replaceLabelsOnNode", "set node to labels.");
            }
        } catch (IOException e2) {
            throw RPCUtil.getRemoteException(e2);
        }
    }

    private void checkRMStatus(String str, String str2, String str3) throws StandbyException {
        if (isRMActive()) {
            return;
        }
        RMAuditLogger.logFailure(str, str2, "", "AdminService", "ResourceManager is not active. Can not " + str3);
        throwStandbyException();
    }

    private YarnException logAndWrapException(Exception exc, String str, String str2, String str3) throws YarnException {
        LOG.warn("Exception " + str3, (Throwable) exc);
        RMAuditLogger.logFailure(str, str2, "", "AdminService", "Exception " + str3);
        return RPCUtil.getRemoteException(exc);
    }

    @Override // org.apache.hadoop.yarn.server.api.ResourceManagerAdministrationProtocol
    public CheckForDecommissioningNodesResponse checkForDecommissioningNodes(CheckForDecommissioningNodesRequest checkForDecommissioningNodesRequest) throws IOException, YarnException {
        UserGroupInformation checkAcls = checkAcls("checkForDecommissioningNodes");
        checkRMStatus(checkAcls.getShortUserName(), "checkForDecommissioningNodes", "check for decommissioning nodes.");
        Set<NodeId> checkForDecommissioningNodes = this.rm.getRMContext().getNodesListManager().checkForDecommissioningNodes();
        RMAuditLogger.logSuccess(checkAcls.getShortUserName(), "checkForDecommissioningNodes", "AdminService");
        CheckForDecommissioningNodesResponse checkForDecommissioningNodesResponse = (CheckForDecommissioningNodesResponse) this.recordFactory.newRecordInstance(CheckForDecommissioningNodesResponse.class);
        checkForDecommissioningNodesResponse.setDecommissioningNodes(checkForDecommissioningNodes);
        return checkForDecommissioningNodesResponse;
    }

    @Override // org.apache.hadoop.yarn.server.api.ResourceManagerAdministrationProtocol
    public RefreshClusterMaxPriorityResponse refreshClusterMaxPriority(RefreshClusterMaxPriorityRequest refreshClusterMaxPriorityRequest) throws YarnException, IOException {
        UserGroupInformation checkAcls = checkAcls("refreshClusterMaxPriority");
        checkRMStatus(checkAcls.getShortUserName(), "refreshClusterMaxPriority", "refresh cluster max priority");
        try {
            refreshClusterMaxPriority();
            RMAuditLogger.logSuccess(checkAcls.getShortUserName(), "refreshClusterMaxPriority", "AdminService");
            return (RefreshClusterMaxPriorityResponse) this.recordFactory.newRecordInstance(RefreshClusterMaxPriorityResponse.class);
        } catch (YarnException e) {
            throw logAndWrapException(e, checkAcls.getShortUserName(), "refreshClusterMaxPriority", "refresh cluster max priority");
        }
    }

    private void refreshClusterMaxPriority() throws IOException, YarnException {
        this.rm.getRMContext().getScheduler().setClusterMaxPriority(getConfiguration(new Configuration(false), YarnConfiguration.YARN_SITE_CONFIGURATION_FILE));
    }

    @Override // org.apache.hadoop.yarn.server.api.ResourceManagerAdministrationProtocol
    public NodesToAttributesMappingResponse mapAttributesToNodes(NodesToAttributesMappingRequest nodesToAttributesMappingRequest) throws YarnException, IOException {
        UserGroupInformation checkAcls = checkAcls("mapAttributesToNodes");
        checkRMStatus(checkAcls.getShortUserName(), "mapAttributesToNodes", "Map Attributes to Nodes");
        List<NodeToAttributes> nodesToAttributes = nodesToAttributesMappingRequest.getNodesToAttributes();
        boolean failOnUnknownNodes = nodesToAttributesMappingRequest.getFailOnUnknownNodes();
        NodeAttributesManager nodeAttributesManager = this.rm.getRMContext().getNodeAttributesManager();
        try {
            Map<String, Set<NodeAttribute>> validateAndFetch = validateAndFetch(nodesToAttributes, failOnUnknownNodes);
            switch (nodesToAttributesMappingRequest.getOperation()) {
                case ADD:
                    nodeAttributesManager.addNodeAttributes(validateAndFetch);
                    break;
                case REMOVE:
                    validateAttributesExists(nodesToAttributes);
                    nodeAttributesManager.removeNodeAttributes(validateAndFetch);
                    break;
                case REPLACE:
                    nodeAttributesManager.replaceNodeAttributes(NodeAttribute.PREFIX_CENTRALIZED, validateAndFetch);
                    break;
                default:
                    throw new IOException("Invalid operation " + nodesToAttributesMappingRequest.getOperation() + " specified in the mapAttributesToNodes request ");
            }
            RMAuditLogger.logSuccess(checkAcls.getShortUserName(), "mapAttributesToNodes", "AdminService");
            return (NodesToAttributesMappingResponse) this.recordFactory.newRecordInstance(NodesToAttributesMappingResponse.class);
        } catch (IOException e) {
            throw logAndWrapException(e, checkAcls.getShortUserName(), "mapAttributesToNodes", "Map Attributes to Nodes");
        }
    }

    private void validateAttributesExists(List<NodeToAttributes> list) throws IOException {
        NodeAttributesManager nodeAttributesManager = this.rm.getRMContext().getNodeAttributesManager();
        for (NodeToAttributes nodeToAttributes : list) {
            String node = nodeToAttributes.getNode();
            if (node != null) {
                Set<NodeAttribute> keySet = nodeAttributesManager.getAttributesForNode(node).keySet();
                for (NodeAttribute nodeAttribute : nodeToAttributes.getNodeAttributes()) {
                    if (!keySet.contains(nodeAttribute)) {
                        throw new IOException("Node attribute [" + nodeAttribute.getAttributeKey() + "] doesn't exist on node " + nodeToAttributes.getNode());
                    }
                }
            }
        }
    }

    private Map<String, Set<NodeAttribute>> validateAndFetch(List<NodeToAttributes> list, boolean z) throws IOException {
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        for (NodeToAttributes nodeToAttributes : list) {
            String node = nodeToAttributes.getNode();
            if (validateForInvalidNode(node, z)) {
                List<NodeAttribute> nodeAttributes = nodeToAttributes.getNodeAttributes();
                if (!nodeAttributes.stream().allMatch(nodeAttribute -> {
                    return NodeAttribute.PREFIX_CENTRALIZED.equals(nodeAttribute.getAttributeKey().getAttributePrefix());
                })) {
                    throw new IOException("Invalid Attribute Mapping for the node " + node + ". Prefix should be " + NodeAttribute.PREFIX_CENTRALIZED);
                }
                hashMap.put(node, new HashSet(nodeAttributes));
            } else {
                arrayList.add(node);
            }
        }
        if (arrayList.isEmpty()) {
            return hashMap;
        }
        String str = " Following nodes does not exist : " + arrayList;
        LOG.error(str);
        throw new IOException(str);
    }

    private boolean validateForInvalidNode(String str, boolean z) {
        if (!z) {
            return true;
        }
        boolean anyMatch = this.rm.getRMContext().getRMNodes().keySet().stream().anyMatch(nodeId -> {
            return nodeId.getHost().equals(str);
        });
        if (!anyMatch) {
            anyMatch = this.rm.getRMContext().getInactiveRMNodes().keySet().stream().anyMatch(nodeId2 -> {
                return nodeId2.getHost().equals(str);
            });
        }
        return anyMatch;
    }
}
