From a6220ff9076e5281ca2588b3e5408ecd566d0c99 Mon Sep 17 00:00:00 2001 From: Sunil G Date: Tue, 5 Sep 2017 20:02:07 +0530 Subject: [PATCH] YARN-7157 --- .../apache/hadoop/yarn/conf/YarnConfiguration.java | 8 ++++++++ .../hadoop/yarn/server/webapp/AppsBlock.java | 24 +++++++++++++++++++++- .../server/resourcemanager/webapp/RMAppsBlock.java | 2 +- 3 files changed, 32 insertions(+), 2 deletions(-) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java index 27ca957..427c5fa 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java @@ -3089,6 +3089,14 @@ public static boolean areNodeLabelsEnabled( public static final String NM_SCRIPT_BASED_NODE_LABELS_PROVIDER_SCRIPT_OPTS = NM_SCRIPT_BASED_NODE_LABELS_PROVIDER_PREFIX + "opts"; + /* + * Support to view apps for given user in secure cluster. + */ + public static final String DISPLAY_APPS_FOR_LOGGED_IN_USER = + RM_PREFIX + "display.per-user-apps"; + public static final boolean DEFAULT_DISPLAY_APPS_FOR_LOGGED_IN_USER = + false; + // RM and NM CSRF props public static final String REST_CSRF = "webapp.rest-csrf."; public static final String RM_CSRF_PREFIX = RM_PREFIX + REST_CSRF; diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppsBlock.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppsBlock.java index d836e64..2abb83d 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppsBlock.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppsBlock.java @@ -30,17 +30,22 @@ import java.security.PrivilegedExceptionAction; import java.util.Collection; import java.util.EnumSet; +import java.util.HashSet; +import java.util.Set; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.math.LongRange; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.CommonConfigurationKeys; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.util.StringUtils; import org.apache.hadoop.yarn.api.ApplicationBaseProtocol; import org.apache.hadoop.yarn.api.protocolrecords.GetApplicationsRequest; import org.apache.hadoop.yarn.api.records.ApplicationReport; import org.apache.hadoop.yarn.api.records.YarnApplicationState; +import org.apache.hadoop.yarn.conf.YarnConfiguration; import org.apache.hadoop.yarn.exceptions.YarnException; import org.apache.hadoop.yarn.server.webapp.dao.AppInfo; import org.apache.hadoop.yarn.webapp.BadRequestException; @@ -58,11 +63,21 @@ protected EnumSet reqAppStates; protected UserGroupInformation callerUGI; protected Collection appReports; + private boolean unsecuredUI = true; + private boolean displayPerUserApps = false; @Inject - protected AppsBlock(ApplicationBaseProtocol appBaseProt, ViewContext ctx) { + protected AppsBlock(ApplicationBaseProtocol appBaseProt, ViewContext ctx, + Configuration conf) { super(ctx); this.appBaseProt = appBaseProt; + // check if UI is unsecured. + String httpAuth = conf + .get(CommonConfigurationKeys.HADOOP_HTTP_AUTHENTICATION_TYPE); + this.unsecuredUI = (httpAuth != null) && httpAuth.equals("simple"); + this.displayPerUserApps = conf.getBoolean( + YarnConfiguration.DISPLAY_APPS_FOR_LOGGED_IN_USER, + YarnConfiguration.DEFAULT_DISPLAY_APPS_FOR_LOGGED_IN_USER); } protected void fetchData() throws YarnException, IOException, @@ -112,6 +127,13 @@ protected void fetchData() throws YarnException, IOException, if (callerUGI == null) { appReports = appBaseProt.getApplications(request).getApplicationList(); } else { + // In case of secured UI, only show the apps which this user could see + // given feature is enabled. + if (displayPerUserApps && !unsecuredUI) { + Set users = new HashSet(); + users.add(callerUGI.getShortUserName()); + request.setUsers(users); + } appReports = callerUGI .doAs(new PrivilegedExceptionAction>() { diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/RMAppsBlock.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/RMAppsBlock.java index ede71e3..c76dc10 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/RMAppsBlock.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/RMAppsBlock.java @@ -49,7 +49,7 @@ @Inject RMAppsBlock(ResourceManager rm, ApplicationBaseProtocol appBaseProt, View.ViewContext ctx) { - super(appBaseProt, ctx); + super(appBaseProt, ctx, rm.getConfig()); this.rm = rm; } -- 2.10.1 (Apple Git-78)