You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Sunil G (JIRA)" <ji...@apache.org> on 2014/08/18 19:14:18 UTC
[jira] [Commented] (YARN-2310) Revisit the APIs in RM web services
where user information can make difference
[ https://issues.apache.org/jira/browse/YARN-2310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14100874#comment-14100874 ]
Sunil G commented on YARN-2310:
-------------------------------
YARN-1867 has added queue ACL checks, and hasAccess is already invoked by getApp and getApps api's. If queue ACL access is available, then information of an application such as *start/finished/elapsed time* and *AM container information* will be filled in to AppInfo object.
Do you mean some more extra information is taken from customized yarn filter added in YARN-2247, could you please help to give some more insight.
> Revisit the APIs in RM web services where user information can make difference
> ------------------------------------------------------------------------------
>
> Key: YARN-2310
> URL: https://issues.apache.org/jira/browse/YARN-2310
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager, webapp
> Affects Versions: 3.0.0, 2.5.0
> Reporter: Zhijie Shen
>
> After YARN-2247, RM web services can be sheltered by the authentication filter, which can help to identify who the user is. With this information, we should be able to fix the security problem of some existing APIs, such as getApp, getAppAttempts, getApps. We should use the user information to check the ACLs before returning the requested data to the user.
--
This message was sent by Atlassian JIRA
(v6.2#6252)