Github user tgravescs commented on the issue:
https://github.com/apache/spark/pull/17582
so we should definitely fix the /api/v1/applications/<app-id>/logs to go
through the acls. It looks like it should be protected in
ApiRootResource.java. You have the app id so it needs to do something like the
withSparkUI to get the acls included in that application.
Like I mentioned the listing (/api/v1/applications) and
/api/v1/applications/<app-id> (which is same info I believe as listing) were
intentionally left open. I don't really see a reason to change that but if
other people have a use case for it then perhaps we should make which pages are
protected by acls configurable.
on the history server I would expect spark.acls.enable=false and
spark.history.ui.acls.enable=true, I can see where that could be confusing,
perhaps we should document this better. spark.acls.enable on the history UI
really is protecting the root UI, not the app level ui's. We could explicitly
turn this off.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
