You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Rohith (JIRA)" <ji...@apache.org> on 2014/11/24 16:47:12 UTC

[jira] [Created] (YARN-2894) Disallow binding of aclManagers while starting RMWebApp

Rohith created YARN-2894:
----------------------------

             Summary: Disallow binding of aclManagers while starting RMWebApp
                 Key: YARN-2894
                 URL: https://issues.apache.org/jira/browse/YARN-2894
             Project: Hadoop YARN
          Issue Type: Bug
          Components: resourcemanager
    Affects Versions: 2.6.0
            Reporter: Rohith
            Assignee: Rohith
             Fix For: 2.7.0


Binding aclManager to RMWebApp would cause problem if RM is switched. There could be some validation check may fail.
I think , we should not bind aclManager for RMWebApp, instead we should get from RM instance.
In RMWebApp,
{code}
    if (rm != null) {
      bind(ResourceManager.class).toInstance(rm);
      bind(RMContext.class).toInstance(rm.getRMContext());
      bind(ApplicationACLsManager.class).toInstance(
          rm.getApplicationACLsManager());
      bind(QueueACLsManager.class).toInstance(rm.getQueueACLsManager());
    }
{code}

and in AppBlock#render below check may fail(Need to test and confirm)
{code}
   if (callerUGI != null
        && !(this.aclsManager.checkAccess(callerUGI,
                ApplicationAccessType.VIEW_APP, app.getUser(), appID) ||
             this.queueACLsManager.checkAccess(callerUGI,
                QueueACL.ADMINISTER_QUEUE, app.getQueue()))) {
      puts("You (User " + remoteUser
          + ") are not authorized to view application " + appID);
      return;
    }
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)