Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-2894

When ACL's are enabled, if RM switches then application can not be viewed from web.

    Details

    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      Binding aclManager to RMWebApp would cause problem if RM is switched. There could be some validation check may fail.
      I think , we should not bind aclManager for RMWebApp, instead we should get from RM instance.
      In RMWebApp,

          if (rm != null) {
            bind(ResourceManager.class).toInstance(rm);
            bind(RMContext.class).toInstance(rm.getRMContext());
            bind(ApplicationACLsManager.class).toInstance(
                rm.getApplicationACLsManager());
            bind(QueueACLsManager.class).toInstance(rm.getQueueACLsManager());
          }
      

      and in AppBlock#render below check may fail(Need to test and confirm)

         if (callerUGI != null
              && !(this.aclsManager.checkAccess(callerUGI,
                      ApplicationAccessType.VIEW_APP, app.getUser(), appID) ||
                   this.queueACLsManager.checkAccess(callerUGI,
                      QueueACL.ADMINISTER_QUEUE, app.getQueue()))) {
            puts("You (User " + remoteUser
                + ") are not authorized to view application " + appID);
            return;
          }
      

        Attachments

        1. YARN-2894.1.patch
          36 kB
          Rohith Sharma K S
        2. YARN-2894.patch
          3 kB
          Rohith Sharma K S

          Activity

            People

            • Assignee:
              rohithsharma Rohith Sharma K S
              Reporter:
              rohithsharma Rohith Sharma K S
            • Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: