You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Shen Yinjie (JIRA)" <ji...@apache.org> on 2018/07/16 05:01:00 UTC
[jira] [Updated] (YARN-8539) TimelineWebService#getUser null leads
to empty entities list
[ https://issues.apache.org/jira/browse/YARN-8539?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shen Yinjie updated YARN-8539:
------------------------------
Summary: TimelineWebService#getUser null leads to empty entities list (was: TimelineWebService#getUser from HttpServletRequest may be null)
> TimelineWebService#getUser null leads to empty entities list
> ------------------------------------------------------------
>
> Key: YARN-8539
> URL: https://issues.apache.org/jira/browse/YARN-8539
> Project: Hadoop YARN
> Issue Type: Bug
> Components: timelineservice
> Reporter: Shen Yinjie
> Priority: Major
>
> When we integrate tez-ui with timeline server and set yarn.acl.enabled=true. tez-ui will invoke the timeline rest ** interface(ws/v1/timeline/TEZ_DAG_ID) to get all dags . But tez-ui shows "no records available" .
> after some digging, I find when tez-ui invoke ".../ws/v1/timeline/TEZ_DAG_ID". TimelineWebService#getUser(HttpServletRequest req) returns callerUgi = null
> In TimelineACLsManager#checkAccess()
> {code:java}
> ......
> if (callerUGI != null
> && (adminAclsManager.isAdmin(callerUGI) ||
> callerUGI.getShortUserName().equals(owner) ||
> domainACL.isUserAllowed(callerUGI))) {
> return true;
> }
> return false;
> }
> {code}
> Finally, Tez ui get nothing because of couldn't pass this checkAccess().
> I also refer to the similar code in RMWebServices
> {code} protected Boolean hasAccess(RMApp app, HttpServletRequest hsr) {
> // Check for the authorization.
> UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
> ......
> if (callerUGI != null
> && !(this.rm.getApplicationACLsManager().checkAccess(callerUGI,
> ApplicationAccessType.VIEW_APP, app.getUser(),
> app.getApplicationId())
> || this.rm.getQueueACLsManager().checkAccess(callerUGI,
> QueueACL.ADMINISTER_QUEUE, app, hsr.getRemoteAddr(),
> forwardedAddresses))) {
> return false;
> }
> return true;
> }
> {code}
>
> when callerUgi= null, hasAcces() returns true.
> So , I made a similar fix for TimelineWebServices.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org