This is an automated email from the ASF dual-hosted git repository.
cnauroth pushed a commit to branch branch-3.3
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/branch-3.3 by this push:
new 290dc7817c0 YARN-11392 Audit Log missing in ClientRMService (#5250).
Contributed by Beibei Zhao.
290dc7817c0 is described below
commit 290dc7817c0ce6cf3015f829787bfab08c56303c
Author: curie71 <39853223+curi...@users.noreply.github.com>
AuthorDate: Wed Dec 28 07:58:53 2022 +0800
YARN-11392 Audit Log missing in ClientRMService (#5250). Contributed by
Beibei Zhao.
Signed-off-by: Chris Nauroth <cnaur...@apache.org>
(cherry picked from commit 9668a85d40a6a98514a24d5f25ab757501fe3423)
---
.../server/resourcemanager/ClientRMService.java | 47 +++++-----------------
.../yarn/server/resourcemanager/RMAuditLogger.java | 1 +
2 files changed, 11 insertions(+), 37 deletions(-)
diff --git
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java
index c725c2c0b36..7861a6b3e5f 100644
---
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java
+++
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ClientRMService.java
@@ -406,22 +406,11 @@ public class ClientRMService extends AbstractService
implements
throw new ApplicationNotFoundException("Invalid application id: null");
}
- UserGroupInformation callerUGI;
- try {
- callerUGI = UserGroupInformation.getCurrentUser();
- } catch (IOException ie) {
- LOG.info("Error getting UGI ", ie);
- throw RPCUtil.getRemoteException(ie);
- }
+ UserGroupInformation callerUGI = getCallerUgi(applicationId,
+ AuditConstants.GET_APP_REPORT);
- RMApp application = this.rmContext.getRMApps().get(applicationId);
- if (application == null) {
- // If the RM doesn't have the application, throw
- // ApplicationNotFoundException and let client to handle.
- throw new ApplicationNotFoundException("Application with id '"
- + applicationId + "' doesn't exist in RM. Please check "
- + "that the job submission was successful.");
- }
+ RMApp application = verifyUserAccessForRMApp(applicationId, callerUGI,
+ AuditConstants.GET_APP_REPORT, ApplicationAccessType.VIEW_APP, false);
boolean allowAccess = checkAccess(callerUGI, application.getUser(),
ApplicationAccessType.VIEW_APP, application);
@@ -881,13 +870,8 @@ public class ClientRMService extends AbstractService
implements
@Override
public GetApplicationsResponse getApplications(GetApplicationsRequest
request)
throws YarnException {
- UserGroupInformation callerUGI;
- try {
- callerUGI = UserGroupInformation.getCurrentUser();
- } catch (IOException ie) {
- LOG.info("Error getting UGI ", ie);
- throw RPCUtil.getRemoteException(ie);
- }
+ UserGroupInformation callerUGI = getCallerUgi(null,
+ AuditConstants.GET_APPLICATIONS_REQUEST);
Set<String> applicationTypes = getLowerCasedAppTypes(request);
EnumSet<YarnApplicationState> applicationStates =
@@ -1028,13 +1012,8 @@ public class ClientRMService extends AbstractService
implements
@Override
public GetQueueInfoResponse getQueueInfo(GetQueueInfoRequest request)
throws YarnException {
- UserGroupInformation callerUGI;
- try {
- callerUGI = UserGroupInformation.getCurrentUser();
- } catch (IOException ie) {
- LOG.info("Error getting UGI ", ie);
- throw RPCUtil.getRemoteException(ie);
- }
+ UserGroupInformation callerUGI = getCallerUgi(null,
+ AuditConstants.GET_QUEUE_INFO_REQUEST);
GetQueueInfoResponse response =
recordFactory.newRecordInstance(GetQueueInfoResponse.class);
@@ -1700,16 +1679,10 @@ public class ClientRMService extends AbstractService
implements
SignalContainerRequest request) throws YarnException, IOException {
ContainerId containerId = request.getContainerId();
- UserGroupInformation callerUGI;
- try {
- callerUGI = UserGroupInformation.getCurrentUser();
- } catch (IOException ie) {
- LOG.info("Error getting UGI ", ie);
- throw RPCUtil.getRemoteException(ie);
- }
-
ApplicationId applicationId = containerId.getApplicationAttemptId().
getApplicationId();
+ UserGroupInformation callerUGI = getCallerUgi(applicationId,
+ AuditConstants.SIGNAL_CONTAINER);
RMApp application = this.rmContext.getRMApps().get(applicationId);
if (application == null) {
RMAuditLogger.logFailure(callerUGI.getUserName(),
diff --git
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAuditLogger.java
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAuditLogger.java
index 854b6ca64e2..cc54d0b5861 100644
---
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAuditLogger.java
+++
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/RMAuditLogger.java
@@ -57,6 +57,7 @@ public class RMAuditLogger {
public static final String GET_APP_PRIORITY = "Get Application Priority";
public static final String GET_APP_QUEUE = "Get Application Queue";
public static final String GET_APP_ATTEMPTS = "Get Application Attempts";
+ public static final String GET_APP_REPORT = "Get Application Report";
public static final String GET_APP_ATTEMPT_REPORT
= "Get Application Attempt Report";
public static final String GET_CONTAINERS = "Get Containers";
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org
