Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-19033

HistoryServer still uses old ACLs even if ACLs are updated

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.1.0
    • Fix Version/s: 2.1.1, 2.2.0
    • Component/s: Spark Core
    • Labels:
      None

      Description

      In the current implementation of HistoryServer, Application ACLs is picked from event log rather than configuration:

                  val uiAclsEnabled = conf.getBoolean("spark.history.ui.acls.enable", false)
                  ui.getSecurityManager.setAcls(uiAclsEnabled)
                  // make sure to set admin acls before view acls so they are properly picked up
                  ui.getSecurityManager.setAdminAcls(appListener.adminAcls.getOrElse(""))
                  ui.getSecurityManager.setViewAcls(attempt.sparkUser,
                    appListener.viewAcls.getOrElse(""))
                  ui.getSecurityManager.setAdminAclsGroups(appListener.adminAclsGroups.getOrElse(""))
                  ui.getSecurityManager.setViewAclsGroups(appListener.viewAclsGroups.getOrElse(""))
      

      This will become a problem when ACLs is updated (newly added admin), only the new application can be effected, the old applications were still using the old ACLs. So these new admin still cannot check the logs of old applications.

      It is hard to say this is a bug, but in our scenario this is not the expected behavior we wanted.

        Attachments

          Activity

            People

            • Assignee:
              jerryshao Saisai Shao
              Reporter:
              jerryshao Saisai Shao
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: