Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-3267

Users are not authorised to restart Spark interpreter



    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 0.7.3
    • Fix Version/s: None
    • Component/s: Interpreters, security
    • Labels:
    • Environment:

      Apache Zeppelin 0.7.3

      Apache Spark 2.2 CDH

      YARN Cloudera 5.14


      Following on this issue which was merged long time ago:


      I have two problems with this way of "securing" endpoints especially in interpreters:

      1. If users are not supposed to access these 3 areas, shouldn't the UI be smarter and hide them as well? Not really ergonomic to display a choice and then say sorry you can't touch this.
      2. The bigger issue that I am just facing is users can't restart their Spark interpreter after securing `/api/interpreter/**`. It says you are not authorised to access /api/interpreters/settings/restart/xxxx.

      It is really important for users to start a fresh Spark context since the sessions are not terminated after some idle time (at least not in 0.7.3) like Livy. So users may need to create a fresh Spark context/session and destroy old variables/UI.


      Update: I am changing this to a bug as this is possible when the interpreter is Livy. Users can restart their own interpreter from their notebook without seeing the error.

      Here is the conf for shiro:

      /api/version = authc, roles[admin]
      /api/interpreter/** = authc, roles[admin]
      /api/configurations/** = authc, roles[admin]
      /api/credential/** = authc, roles[admin]
      /api/notebook-repositories/** = authc, roles[admin]
      /app/jobmanager/** = authc, roles[admin]
      /** = authc


      UPDATE2: I was wrong! The restart interpreter is not working for users no matter what (Spark or Livy).





            • Assignee:
              maziyar Maziyar PANAHI
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created: