Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
2.1.0
-
None
Description
In the current implementation of HistoryServer, Application ACLs is picked from event log rather than configuration:
val uiAclsEnabled = conf.getBoolean("spark.history.ui.acls.enable", false) ui.getSecurityManager.setAcls(uiAclsEnabled) // make sure to set admin acls before view acls so they are properly picked up ui.getSecurityManager.setAdminAcls(appListener.adminAcls.getOrElse("")) ui.getSecurityManager.setViewAcls(attempt.sparkUser, appListener.viewAcls.getOrElse("")) ui.getSecurityManager.setAdminAclsGroups(appListener.adminAclsGroups.getOrElse("")) ui.getSecurityManager.setViewAclsGroups(appListener.viewAclsGroups.getOrElse(""))
This will become a problem when ACLs is updated (newly added admin), only the new application can be effected, the old applications were still using the old ACLs. So these new admin still cannot check the logs of old applications.
It is hard to say this is a bug, but in our scenario this is not the expected behavior we wanted.