diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/ContainerManagerImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/ContainerManagerImpl.java index 01d70afc7ab..c299b68cbe9 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/ContainerManagerImpl.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/ContainerManagerImpl.java @@ -1387,11 +1387,13 @@ public StopContainersResponse stopContainers(StopContainersRequest requests) if (identifier == null) { throw RPCUtil.getRemoteException(INVALID_NMTOKEN_MSG); } + String remoteUser = remoteUgi.getUserName(); for (ContainerId id : requests.getContainerIds()) { try { Container container = this.context.getContainers().get(id); - authorizeGetAndStopContainerRequest(id, container, true, identifier); - stopContainerInternal(id); + authorizeGetAndStopContainerRequest(id, container, true, identifier, + remoteUser); + stopContainerInternal(id, remoteUser); succeededRequests.add(id); } catch (YarnException e) { failedRequests.put(id, SerializedException.newInstance(e)); @@ -1402,7 +1404,8 @@ public StopContainersResponse stopContainers(StopContainersRequest requests) } @SuppressWarnings("unchecked") - protected void stopContainerInternal(ContainerId containerID) + protected void stopContainerInternal(ContainerId containerID, + String remoteUser) throws YarnException, IOException { String containerIDStr = containerID.toString(); Container container = this.context.getContainers().get(containerID); @@ -1422,9 +1425,10 @@ protected void stopContainerInternal(ContainerId containerID) container.sendKillEvent(ContainerExitStatus.KILLED_BY_APPMASTER, "Container killed by the ApplicationMaster."); - NMAuditLogger.logSuccess(container.getUser(), - AuditConstants.STOP_CONTAINER, "ContainerManageImpl", containerID - .getApplicationAttemptId().getApplicationId(), containerID); + NMAuditLogger.logSuccess(remoteUser, AuditConstants.STOP_CONTAINER, + "ContainerManageImpl", + containerID.getApplicationAttemptId().getApplicationId(), + containerID); } } @@ -1443,9 +1447,11 @@ public GetContainerStatusesResponse getContainerStatuses( if (identifier == null) { throw RPCUtil.getRemoteException(INVALID_NMTOKEN_MSG); } + String remoteUser = remoteUgi.getUserName(); for (ContainerId id : request.getContainerIds()) { try { - ContainerStatus status = getContainerStatusInternal(id, identifier); + ContainerStatus status = getContainerStatusInternal(id, identifier, + remoteUser); succeededRequests.add(status); } catch (YarnException e) { failedRequests.put(id, SerializedException.newInstance(e)); @@ -1456,13 +1462,14 @@ public GetContainerStatusesResponse getContainerStatuses( } protected ContainerStatus getContainerStatusInternal(ContainerId containerID, - NMTokenIdentifier nmTokenIdentifier) throws YarnException { + NMTokenIdentifier nmTokenIdentifier, String remoteUser) + throws YarnException { String containerIDStr = containerID.toString(); Container container = this.context.getContainers().get(containerID); LOG.info("Getting container-status for " + containerIDStr); authorizeGetAndStopContainerRequest(containerID, container, false, - nmTokenIdentifier); + nmTokenIdentifier, remoteUser); if (container == null) { if (nodeStatusUpdater.isContainerRecentlyStopped(containerID)) { @@ -1508,7 +1515,8 @@ private void logContainerStatus(String prefix, ContainerStatus status) { @Private @VisibleForTesting protected void authorizeGetAndStopContainerRequest(ContainerId containerId, - Container container, boolean stopRequest, NMTokenIdentifier identifier) + Container container, boolean stopRequest, NMTokenIdentifier identifier, + String remoteUser) throws YarnException { if (identifier == null) { throw RPCUtil.getRemoteException(INVALID_NMTOKEN_MSG); @@ -1530,7 +1538,7 @@ protected void authorizeGetAndStopContainerRequest(ContainerId containerId, msg = identifier.getApplicationAttemptId() + " attempted to stop non-application container : " + containerId; - NMAuditLogger.logFailure("UnknownUser", AuditConstants.STOP_CONTAINER, + NMAuditLogger.logFailure(remoteUser, AuditConstants.STOP_CONTAINER, "ContainerManagerImpl", "Trying to stop unknown container!", nmTokenAppId, containerId); } else { diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/DummyContainerManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/DummyContainerManager.java index feabeb12fb0..1acf3e9a378 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/DummyContainerManager.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/DummyContainerManager.java @@ -207,7 +207,8 @@ protected void authorizeStartAndResourceIncreaseRequest( @Override protected void authorizeGetAndStopContainerRequest(ContainerId containerId, - Container container, boolean stopRequest, NMTokenIdentifier identifier) throws YarnException { + Container container, boolean stopRequest, NMTokenIdentifier identifier, + String remoteUser) throws YarnException { // do nothing } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeManagerResync.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeManagerResync.java index b3f4e1bcb86..25cca876ac6 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeManagerResync.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestNodeManagerResync.java @@ -591,7 +591,8 @@ protected ContainerManagerImpl createContainerManager(Context context, @Override protected void authorizeGetAndStopContainerRequest( ContainerId containerId, Container container, - boolean stopRequest, NMTokenIdentifier identifier) + boolean stopRequest, NMTokenIdentifier identifier, + String remoteUser) throws YarnException { // do nothing } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/BaseContainerManagerTest.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/BaseContainerManagerTest.java index 493aa4ca762..0dca7de0250 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/BaseContainerManagerTest.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/BaseContainerManagerTest.java @@ -238,10 +238,12 @@ public void setup() throws IOException { metrics, dirsHandler) { @Override - protected void authorizeGetAndStopContainerRequest(ContainerId containerId, - Container container, boolean stopRequest, NMTokenIdentifier identifier) throws YarnException { - // do nothing - } + protected void authorizeGetAndStopContainerRequest( + ContainerId containerId, Container container, boolean stopRequest, + NMTokenIdentifier identifier, String remoteUser) + throws YarnException { + // do nothing + } @Override protected void authorizeUser(UserGroupInformation remoteUgi, NMTokenIdentifier nmTokenIdentifier) { diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/TestContainerManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/TestContainerManager.java index d28340b5754..d179459b28d 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/TestContainerManager.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/TestContainerManager.java @@ -1723,7 +1723,8 @@ public void testNullTokens() throws Exception { strExceptionMsg = ""; try { - cMgrImpl.authorizeGetAndStopContainerRequest(null, null, true, null); + cMgrImpl.authorizeGetAndStopContainerRequest(null, null, true, null, + null); } catch(YarnException ye) { strExceptionMsg = ye.getMessage(); } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/TestContainerManagerRecovery.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/TestContainerManagerRecovery.java index a144adf47a7..aef1812e55c 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/TestContainerManagerRecovery.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/TestContainerManagerRecovery.java @@ -736,7 +736,8 @@ private ContainerManagerImpl createContainerManager(Context context, @Override protected void authorizeGetAndStopContainerRequest( ContainerId containerId, Container container, - boolean stopRequest, NMTokenIdentifier identifier) + boolean stopRequest, NMTokenIdentifier identifier, + String remoteUser) throws YarnException { if(container == null || container.getUser().equals("Fail")){ throw new YarnException("Reject this container");