GitHub user jerryshao opened a pull request:
https://github.com/apache/spark/pull/17582
[SPARK-20239][Core] Improve HistoryServer's ACL mechanism
## What changes were proposed in this pull request?
Current SHS (Spark History Server) two different ACLs:
* ACL of base URL, it is controlled by "spark.acls.enabled" or
"spark.ui.acls.enabled", and with this enabled, only user configured with
"spark.admin.acls" (or group) or "spark.ui.view.acls" (or group), or the user
who started SHS could list all the applications, otherwise none of them can be
listed. This will also affect REST APIs which listing the summary of all apps
and one app.
* Per application ACL. This is controlled by
"spark.history.ui.acls.enabled". With this enabled only history admin user and
user/group who ran this app can access the details of this app.
With this two ACLs, we may encounter several unexpected behaviors:
1. if base URL's ACL (`spark.acls.enable`) is enabled but user A has no
view permission. User "A" cannot see the app list but could still access
details of it's own app.
2. if ACLs of base URL (`spark.acls.enable`) is disabled. Then user "A"
could see the summary of all the apps, even some apps didn't run by user "A",
but can only access its own app's details.
3. if ACLs of base URL (`spark.acls.enable`) is disabled, then user "A"
could download any application's event log, even it is not run by user "A".
4. history admin ACL (if it is not also configured in `spark.admin.acls`)
has no permission to list all apps.
4. The changes of Live UI's ACL will affect History UI's ACL which share
the same conf file.
The unexpected behaviors is mainly because we have two different ACLs,
ideally we should have only one to manage all.
So to improve SHS's ACL mechanism, here in this PR proposed to:
1. Unify two different ACLs into one ("spark.history.ui.acl.enable").
2. Do not enable `SecurityFilter` in the base URL to do "all or nothing"
filter, leverage app base ACL to partially list apps which can be accessed by
user.
With this PR:
1. Admin user could see/download the list of all applications, as well as
application details.
2. Normal user could see/download the list of applications accessible by
him, as well as the details.
## How was this patch tested?
New UTs are added, also verified in real cluster.
CC @tgravescs @vanzin please help to review, this PR changes the semantics
you did previously. Thanks a lot.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/jerryshao/apache-spark SPARK-20239
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/spark/pull/17582.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #17582
----
commit bc1e53a2820ef999b910c81017c0b91dd4fbabbd
Author: jerryshao <[email protected]>
Date: 2017-04-10T02:57:06Z
Improve HistoryServer's ACL mechanism
Change-Id: I062161a90c0dc16630b578bcc45d38c96273cb99
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
