You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by jh...@apache.org on 2019/12/18 19:04:23 UTC
[hadoop] branch branch-3.1 updated: YARN-10039. Allow disabling app
submission from REST endpoints
This is an automated email from the ASF dual-hosted git repository.
jhung pushed a commit to branch branch-3.1
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/branch-3.1 by this push:
new 406c35d YARN-10039. Allow disabling app submission from REST endpoints
406c35d is described below
commit 406c35dd1213ef354570f8337e54a4fb4bbf5bad
Author: Jonathan Hung <jh...@linkedin.com>
AuthorDate: Wed Dec 18 10:48:05 2019 -0800
YARN-10039. Allow disabling app submission from REST endpoints
---
.../apache/hadoop/yarn/conf/YarnConfiguration.java | 4 ++++
.../src/main/resources/yarn-default.xml | 6 ++++++
.../resourcemanager/webapp/RMWebServices.java | 12 ++++++++++++
.../resourcemanager/webapp/TestRMWebServices.java | 21 ++++++++++++++++++++-
4 files changed, 42 insertions(+), 1 deletion(-)
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
index 0e4ca7e..bb92b5b 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
@@ -3646,6 +3646,10 @@ public class YarnConfiguration extends Configuration {
public static final boolean DEFAULT_DISPLAY_APPS_FOR_LOGGED_IN_USER =
false;
+ public static final String ENABLE_REST_APP_SUBMISSIONS =
+ "yarn.webapp.enable-rest-app-submissions";
+ public static final boolean DEFAULT_ENABLE_REST_APP_SUBMISSIONS = true;
+
// RM and NM CSRF props
public static final String REST_CSRF = "webapp.rest-csrf.";
public static final String RM_CSRF_PREFIX = RM_PREFIX + REST_CSRF;
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
index 4e0e28d..156e59b 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
@@ -3890,4 +3890,10 @@
<name>yarn.workflow-id.tag-prefix</name>
<value>workflowid:</value>
</property>
+
+ <property>
+ <description>Whether or not to allow application submissions via REST. Default is true.</description>
+ <name>yarn.webapp.enable-rest-app-submissions</name>
+ <value>true</value>
+ </property>
</configuration>
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/RMWebServices.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/RMWebServices.java
index 80b85ac..9369d6f 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/RMWebServices.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/RMWebServices.java
@@ -232,6 +232,7 @@ public class RMWebServices extends WebServices implements RMWebServiceProtocol {
@VisibleForTesting
boolean isCentralizedNodeLabelConfiguration = true;
private boolean filterAppsByUser = false;
+ private boolean enableRestAppSubmissions = true;
public final static String DELEGATION_TOKEN_HEADER =
"Hadoop-YARN-RM-Delegation-Token";
@@ -247,6 +248,9 @@ public class RMWebServices extends WebServices implements RMWebServiceProtocol {
this.filterAppsByUser = conf.getBoolean(
YarnConfiguration.FILTER_ENTITY_LIST_BY_USER,
YarnConfiguration.DEFAULT_DISPLAY_APPS_FOR_LOGGED_IN_USER);
+ this.enableRestAppSubmissions = conf.getBoolean(
+ YarnConfiguration.ENABLE_REST_APP_SUBMISSIONS,
+ YarnConfiguration.DEFAULT_ENABLE_REST_APP_SUBMISSIONS);
}
RMWebServices(ResourceManager rm, Configuration conf,
@@ -1471,6 +1475,10 @@ public class RMWebServices extends WebServices implements RMWebServiceProtocol {
@Override
public Response createNewApplication(@Context HttpServletRequest hsr)
throws AuthorizationException, IOException, InterruptedException {
+ if (!enableRestAppSubmissions) {
+ String msg = "App submission via REST is disabled.";
+ return Response.status(Status.FORBIDDEN).entity(msg).build();
+ }
UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
initForWritableEndpoints(callerUGI, false);
@@ -1491,6 +1499,10 @@ public class RMWebServices extends WebServices implements RMWebServiceProtocol {
public Response submitApplication(ApplicationSubmissionContextInfo newApp,
@Context HttpServletRequest hsr)
throws AuthorizationException, IOException, InterruptedException {
+ if (!enableRestAppSubmissions) {
+ String msg = "App submission via REST is disabled.";
+ return Response.status(Status.FORBIDDEN).entity(msg).build();
+ }
UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
initForWritableEndpoints(callerUGI, false);
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServices.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServices.java
index 94f50a3..49005bc 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServices.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServices.java
@@ -36,6 +36,7 @@ import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -64,6 +65,7 @@ import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.CapacityScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler;
+import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.ApplicationSubmissionContextInfo;
import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.AppsInfo;
import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.ClusterUserInfo;
import org.apache.hadoop.yarn.server.security.ApplicationACLsManager;
@@ -77,7 +79,6 @@ import org.apache.hadoop.yarn.webapp.JerseyTestBase;
import org.apache.hadoop.yarn.webapp.WebServicesTestUtils;
import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;
-import org.eclipse.jetty.server.Response;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
@@ -856,6 +857,24 @@ public class TestRMWebServices extends JerseyTestBase {
verifyClusterUserInfo(userInfo, "yarn", "admin");
}
+ @Test
+ public void testDisableRestAppSubmission() throws Exception {
+ Configuration conf = new YarnConfiguration();
+ conf.setBoolean(YarnConfiguration.ENABLE_REST_APP_SUBMISSIONS, false);
+ RMWebServices webSvc = new RMWebServices(mock(ResourceManager.class), conf,
+ mock(HttpServletResponse.class));
+ HttpServletRequest request = mock(HttpServletRequest.class);
+
+ Response response = webSvc.createNewApplication(request);
+ assertEquals(Status.FORBIDDEN.getStatusCode(), response.getStatus());
+ assertEquals("App submission via REST is disabled.", response.getEntity());
+
+ response = webSvc.submitApplication(
+ mock(ApplicationSubmissionContextInfo.class), request);
+ assertEquals(Status.FORBIDDEN.getStatusCode(), response.getStatus());
+ assertEquals("App submission via REST is disabled.", response.getEntity());
+ }
+
public void verifyClusterUserInfo(ClusterUserInfo userInfo,
String rmLoginUser, String requestedUser) {
assertEquals("rmLoginUser doesn't match: ",
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org