[YARN-2894] When ACL's are enabled, if RM switches then application can not be viewed from web. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.6.0
Fix Version/s: 2.7.0, 2.6.1, 3.0.0-alpha1
Component/s: resourcemanager
Labels:
- 2.6.1-candidate

Target Version/s:

2.7.0
Hadoop Flags:

Reviewed

Description

Binding aclManager to RMWebApp would cause problem if RM is switched. There could be some validation check may fail.
I think , we should not bind aclManager for RMWebApp, instead we should get from RM instance.
In RMWebApp,

    if (rm != null) {
      bind(ResourceManager.class).toInstance(rm);
      bind(RMContext.class).toInstance(rm.getRMContext());
      bind(ApplicationACLsManager.class).toInstance(
          rm.getApplicationACLsManager());
      bind(QueueACLsManager.class).toInstance(rm.getQueueACLsManager());
    }

and in AppBlock#render below check may fail(Need to test and confirm)

   if (callerUGI != null
        && !(this.aclsManager.checkAccess(callerUGI,
                ApplicationAccessType.VIEW_APP, app.getUser(), appID) ||
             this.queueACLsManager.checkAccess(callerUGI,
                QueueACL.ADMINISTER_QUEUE, app.getQueue()))) {
      puts("You (User " + remoteUser
          + ") are not authorized to view application " + appID);
      return;
    }

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

YARN-2894.patch
26/Nov/14 16:27
3 kB
Rohith Sharma K S
YARN-2894.1.patch
02/Dec/14 05:29
36 kB
Rohith Sharma K S

Activity

People

Assignee:

Rohith Sharma K S

Reporter:

Rohith Sharma K S

Votes:

0 Vote for this issue

Watchers:

8 Start watching this issue

Dates

Created:

24/Nov/14 15:46

Updated:

30/Aug/16 01:29

Resolved:

03/Dec/14 01:18