[SPARK-19033] HistoryServer still uses old ACLs even if ACLs are updated - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.1.0
Fix Version/s: 2.1.1, 2.2.0
Component/s: Spark Core
Labels:
None

Description

In the current implementation of HistoryServer, Application ACLs is picked from event log rather than configuration:

            val uiAclsEnabled = conf.getBoolean("spark.history.ui.acls.enable", false)
            ui.getSecurityManager.setAcls(uiAclsEnabled)
            // make sure to set admin acls before view acls so they are properly picked up
            ui.getSecurityManager.setAdminAcls(appListener.adminAcls.getOrElse(""))
            ui.getSecurityManager.setViewAcls(attempt.sparkUser,
              appListener.viewAcls.getOrElse(""))
            ui.getSecurityManager.setAdminAclsGroups(appListener.adminAclsGroups.getOrElse(""))
            ui.getSecurityManager.setViewAclsGroups(appListener.viewAclsGroups.getOrElse(""))

This will become a problem when ACLs is updated (newly added admin), only the new application can be effected, the old applications were still using the old ACLs. So these new admin still cannot check the logs of old applications.

It is hard to say this is a bug, but in our scenario this is not the expected behavior we wanted.

Attachments

Issue Links

links to

[Github] Pull Request #16470 (jerryshao)

Activity

People

Assignee:: Saisai Shao

Reporter:: Saisai Shao

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 30/Dec/16 06:28

Updated:: 06/Jan/17 16:09

Resolved:: 06/Jan/17 16:09