diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/TimelineDataManager.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/TimelineDataManager.java index bd83149..062219c 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/TimelineDataManager.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/TimelineDataManager.java @@ -311,8 +311,7 @@ public void putDomain(TimelineDomain domain, /** * Get a single domain of the particular ID. If callerUGI is not the owner - * or the admin of the domain, we need to hide the details from him, and - * only allow him to see the ID. + * or the admin of the domain, null will be returned. */ public TimelineDomain getDomain(String domainId, UserGroupInformation callerUGI) throws YarnException, IOException { @@ -320,9 +319,6 @@ public TimelineDomain getDomain(String domainId, if (domain != null) { if (timelineACLsManager.checkAccess(callerUGI, domain)) { return domain; - } else { - hideDomainDetails(domain); - return domain; } } return null; @@ -330,34 +326,22 @@ public TimelineDomain getDomain(String domainId, /** * Get all the domains that belong to the given owner. If callerUGI is not - * the owner or the admin of the domain, we need to hide the details from - * him, and only allow him to see the ID. + * the owner or the admin of the domain, empty list is going to be returned. */ public TimelineDomains getDomains(String owner, UserGroupInformation callerUGI) throws YarnException, IOException { TimelineDomains domains = store.getDomains(owner); boolean hasAccess = true; - boolean isChecked = false; - for (TimelineDomain domain : domains.getDomains()) { - // The owner for each domain is the same, just need to check on - if (!isChecked) { - hasAccess = timelineACLsManager.checkAccess(callerUGI, domain); - isChecked = true; - } - if (!hasAccess) { - hideDomainDetails(domain); - } + if (domains.getDomains().size() > 0) { + // The owner for each domain is the same, just need to check one + hasAccess = timelineACLsManager.checkAccess( + callerUGI, domains.getDomains().get(0)); + } + if (hasAccess) { + return domains; + } else { + return new TimelineDomains(); } - return domains; - } - - private static void hideDomainDetails(TimelineDomain domain) { - domain.setDescription(null); - domain.setOwner(null); - domain.setReaders(null); - domain.setWriters(null); - domain.setCreatedTime(null); - domain.setModifiedTime(null); } private static boolean extendFields(EnumSet fieldEnums) { diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java index 472b93c..8b01703 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java @@ -686,7 +686,7 @@ public void testGetDomain() throws Exception { .get(ClientResponse.class); Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType()); TimelineDomain domain = response.getEntity(TimelineDomain.class); - verifyDomain(domain, "domain_id_1", true); + verifyDomain(domain, "domain_id_1"); } @Test @@ -702,7 +702,7 @@ public void testGetDomainYarnACLsEnabled() { .get(ClientResponse.class); Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType()); TimelineDomain domain = response.getEntity(TimelineDomain.class); - verifyDomain(domain, "domain_id_1", true); + verifyDomain(domain, "domain_id_1"); response = r.path("ws").path("v1").path("timeline") .path("domain").path("domain_id_1") @@ -710,8 +710,8 @@ public void testGetDomainYarnACLsEnabled() { .accept(MediaType.APPLICATION_JSON) .get(ClientResponse.class); Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType()); - domain = response.getEntity(TimelineDomain.class); - verifyDomain(domain, "domain_id_1", false); + Assert.assertEquals(ClientResponse.Status.NOT_FOUND, + response.getClientResponseStatus()); } finally { timelineACLsManager.setAdminACLsManager(oldAdminACLsManager); } @@ -730,7 +730,7 @@ public void testGetDomains() throws Exception { Assert.assertEquals(2, domains.getDomains().size()); for (int i = 0; i < domains.getDomains().size(); ++i) { verifyDomain(domains.getDomains().get(i), - i == 0 ? "domain_id_4" : "domain_id_1", true); + i == 0 ? "domain_id_4" : "domain_id_1"); } } @@ -750,7 +750,7 @@ public void testGetDomainsYarnACLsEnabled() throws Exception { Assert.assertEquals(2, domains.getDomains().size()); for (int i = 0; i < domains.getDomains().size(); ++i) { verifyDomain(domains.getDomains().get(i), - i == 0 ? "domain_id_4" : "domain_id_1", true); + i == 0 ? "domain_id_4" : "domain_id_1"); } response = r.path("ws").path("v1").path("timeline") @@ -761,11 +761,7 @@ public void testGetDomainsYarnACLsEnabled() throws Exception { .get(ClientResponse.class); Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType()); domains = response.getEntity(TimelineDomains.class); - Assert.assertEquals(2, domains.getDomains().size()); - for (int i = 0; i < domains.getDomains().size(); ++i) { - verifyDomain(domains.getDomains().get(i), - i == 0 ? "domain_id_4" : "domain_id_1", false); - } + Assert.assertEquals(0, domains.getDomains().size()); } finally { timelineACLsManager.setAdminACLsManager(oldAdminACLsManager); } @@ -857,22 +853,15 @@ public void testPutDomainYarnACLsEnabled() throws Exception { } } - private static void verifyDomain(TimelineDomain domain, - String domainId, boolean hasAccess) { + private static void verifyDomain(TimelineDomain domain, String domainId) { Assert.assertNotNull(domain); Assert.assertEquals(domainId, domain.getId()); // The specific values have been verified in TestMemoryTimelineStore - Assert.assertTrue(hasAccess && domain.getDescription() != null || - !hasAccess && domain.getDescription() == null); - Assert.assertTrue(hasAccess && domain.getOwner() != null || - !hasAccess && domain.getOwner() == null); - Assert.assertTrue(hasAccess && domain.getReaders() != null || - !hasAccess && domain.getReaders() == null); - Assert.assertTrue(hasAccess && domain.getWriters() != null || - !hasAccess && domain.getWriters() == null); - Assert.assertTrue(hasAccess && domain.getCreatedTime() != null || - !hasAccess && domain.getCreatedTime() == null); - Assert.assertTrue(hasAccess && domain.getModifiedTime() != null || - !hasAccess && domain.getModifiedTime() == null); + Assert.assertNotNull(domain.getDescription()); + Assert.assertNotNull(domain.getOwner()); + Assert.assertNotNull(domain.getReaders()); + Assert.assertNotNull(domain.getWriters()); + Assert.assertNotNull(domain.getCreatedTime()); + Assert.assertNotNull(domain.getModifiedTime()); } }