Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-2894

When ACL's are enabled, if RM switches then application can not be viewed from web.

    XMLWordPrintableJSON

Details

    • Reviewed

    Description

      Binding aclManager to RMWebApp would cause problem if RM is switched. There could be some validation check may fail.
      I think , we should not bind aclManager for RMWebApp, instead we should get from RM instance.
      In RMWebApp,

          if (rm != null) {
            bind(ResourceManager.class).toInstance(rm);
            bind(RMContext.class).toInstance(rm.getRMContext());
            bind(ApplicationACLsManager.class).toInstance(
                rm.getApplicationACLsManager());
            bind(QueueACLsManager.class).toInstance(rm.getQueueACLsManager());
          }
      

      and in AppBlock#render below check may fail(Need to test and confirm)

         if (callerUGI != null
              && !(this.aclsManager.checkAccess(callerUGI,
                      ApplicationAccessType.VIEW_APP, app.getUser(), appID) ||
                   this.queueACLsManager.checkAccess(callerUGI,
                      QueueACL.ADMINISTER_QUEUE, app.getQueue()))) {
            puts("You (User " + remoteUser
                + ") are not authorized to view application " + appID);
            return;
          }
      

      Attachments

        1. YARN-2894.1.patch
          36 kB
          Rohith Sharma K S
        2. YARN-2894.patch
          3 kB
          Rohith Sharma K S

        Activity

          People

            rohithsharma Rohith Sharma K S
            rohithsharma Rohith Sharma K S
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: