You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Rohith (JIRA)" <ji...@apache.org> on 2014/11/24 16:47:12 UTC
[jira] [Created] (YARN-2894) Disallow binding of aclManagers while
starting RMWebApp
Rohith created YARN-2894:
----------------------------
Summary: Disallow binding of aclManagers while starting RMWebApp
Key: YARN-2894
URL: https://issues.apache.org/jira/browse/YARN-2894
Project: Hadoop YARN
Issue Type: Bug
Components: resourcemanager
Affects Versions: 2.6.0
Reporter: Rohith
Assignee: Rohith
Fix For: 2.7.0
Binding aclManager to RMWebApp would cause problem if RM is switched. There could be some validation check may fail.
I think , we should not bind aclManager for RMWebApp, instead we should get from RM instance.
In RMWebApp,
{code}
if (rm != null) {
bind(ResourceManager.class).toInstance(rm);
bind(RMContext.class).toInstance(rm.getRMContext());
bind(ApplicationACLsManager.class).toInstance(
rm.getApplicationACLsManager());
bind(QueueACLsManager.class).toInstance(rm.getQueueACLsManager());
}
{code}
and in AppBlock#render below check may fail(Need to test and confirm)
{code}
if (callerUGI != null
&& !(this.aclsManager.checkAccess(callerUGI,
ApplicationAccessType.VIEW_APP, app.getUser(), appID) ||
this.queueACLsManager.checkAccess(callerUGI,
QueueACL.ADMINISTER_QUEUE, app.getQueue()))) {
puts("You (User " + remoteUser
+ ") are not authorized to view application " + appID);
return;
}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)