[YARN-1935] Security for timeline server - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

Jira to track work to secure the ATS

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

Timeline_Kerberos_DT_ACLs.patch
16/May/14 18:57
129 kB
Zhijie Shen
Timeline Security Diagram.pdf
20/May/14 18:55
153 kB
Zhijie Shen
Timeline_Kerberos_DT_ACLs.2.patch
20/May/14 18:55
128 kB
Zhijie Shen

Issue Links

is blocked by

HADOOP-10596 HttpServer2 should apply the authentication filter to some urls instead of null

Resolved

relates to

YARN-1302 Add AHSDelegationTokenSecretManager for ApplicationHistoryProtocol

Resolved

YARN-1250 Generic history service should support application-acls

Closed

YARN-1530 [Umbrella] Store, manage and serve per-framework application-timeline data

Resolved

YARN-4006 YARN AltKerberos HTTP Authentication doesn't work

Open

Sub-Tasks

1.	Kerberos authentication for the timeline server	Closed	Zhijie Shen
2.	Delegation token stuff for the timeline sever	Closed	Zhijie Shen
3.	Secured timeline client	Closed	Zhijie Shen
4.	Add entity-level access control of the timeline data for owners only	Closed	Zhijie Shen
5.	Extend access control for admin acls	Closed	Zhijie Shen
6.	Enforce more restricted permissions for the directory of Leveldb store	Closed	Zhijie Shen
7.	Refactor the Timeline Server code for Kerberos + DT authentication	Resolved	Zhijie Shen
8.	Document the system filters of the timeline entity	Resolved	Zhijie Shen
9.	More generalized timeline ACLs	Closed	Zhijie Shen
10.	Type mismatch in contains() check of TimelineWebServices#injectOwnerInfo()	Closed	Ted Yu
11.	Close of Reader in TimelineAuthenticationFilterInitializer#initFilter() should be enclosed in finally block	Closed	Chen He
12.	TimelineAuthenticator#hasDelegationToken may throw NPE	Closed	Zhijie Shen
13.	Enabling HTTPS for the reader REST APIs of TimelineServer	Resolved	Zhijie Shen
14.	Enabling HTTPs for the writer REST API of TimelineServer	Closed	Zhijie Shen
15.	TimelineServer should load pseudo authentication filter when authentication = simple	Closed	Zhijie Shen
16.	Add UTs to cover timeline server authentication	Closed	Zhijie Shen
17.	Using TimelineNamespace to shield the entities of a user	Closed	Zhijie Shen
18.	Simplify the output when the user doesn't have the access for getDomain(s)	Closed	Zhijie Shen
19.	RM should put the application related timeline data into a secured domain	Open	Zhijie Shen
20.	Make distributed shell use the domain-based timeline ACLs	Closed	Zhijie Shen
21.	Timeline authentication filter should add support for proxy user	Closed	Zhijie Shen
22.	Timeline delegation tokens need to be automatically renewed by the RM	Closed	Zhijie Shen

Activity

People

Assignee:: Zhijie Shen

Reporter:: Arun Murthy

Votes:: 0 Vote for this issue

Watchers:: 17 Start watching this issue

Dates

Created:: 13/Apr/14 23:37

Updated:: 11/Apr/16 17:15

Resolved:: 01/May/15 21:15