[jira] [Updated] (YARN-3517) RM web ui for dumping scheduler logs should be for admins only
[
https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Varun Vasudev updated YARN-3517:
Attachment: YARN-3517.006.patch
{quote}
in RMWebServices.java we don't need the isSecurityEnabled check. Just remove
the entire check. My reasoning is that logLevel app does not do those checks,
it simply makes sure you are an admin.
+ if (UserGroupInformation.isSecurityEnabled() && callerUGI == null)
\{ + String msg = "Unable to obtain user name, user not authenticated"; + throw
new AuthorizationException(msg); + }
{quote}
Removed the check.
{quote}
in the test TestRMWebServices.java. We aren't actually asserting anything. we
should assert that the expected files exist. Personally I would also like to
see an assert that the expected exception occurred.
{quote}
Added explicit check for the exception being thrown as well as a check for the
log files existing.
> RM web ui for dumping scheduler logs should be for admins only
> --
>
> Key: YARN-3517
> URL: https://issues.apache.org/jira/browse/YARN-3517
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager, security
>Reporter: Varun Vasudev
>Assignee: Thomas Graves
>Priority: Blocker
> Labels: security
> Attachments: YARN-3517.001.patch, YARN-3517.002.patch,
> YARN-3517.003.patch, YARN-3517.004.patch, YARN-3517.005.patch,
> YARN-3517.006.patch
>
>
> YARN-3294 allows users to dump scheduler logs from the web UI. This should be
> for admins only.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (YARN-3517) RM web ui for dumping scheduler logs should be for admins only
[ https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Varun Vasudev updated YARN-3517: Attachment: YARN-3517.005.patch Uploaded a new patch to fix the whitespace and checkstyle errors. The test failure is unrelated to the patch. > RM web ui for dumping scheduler logs should be for admins only > -- > > Key: YARN-3517 > URL: https://issues.apache.org/jira/browse/YARN-3517 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager, security >Reporter: Varun Vasudev >Assignee: Varun Vasudev >Priority: Blocker > Labels: security > Attachments: YARN-3517.001.patch, YARN-3517.002.patch, > YARN-3517.003.patch, YARN-3517.004.patch, YARN-3517.005.patch > > > YARN-3294 allows users to dump scheduler logs from the web UI. This should be > for admins only. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-3517) RM web ui for dumping scheduler logs should be for admins only
[
https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Varun Vasudev updated YARN-3517:
Attachment: YARN-3517.004.patch
{quote}
We don't need the isSecurityEnabled check, just keep the one for
areAclsEnabled. This could be combined with the previous if, make this the else
if part but that isn't a big deal.
in QueuesBlock we are creating the AdminACLsManager every web page load.
Perhaps a better way would be to use the this.rm.getApplicationACLsManager()
and extend the ApplicationAclsManager to explose an isAdmin functionality
{quote}
Uploaded a new patch with changes. I also unset the affect version - the
original patch didn't make it into 2.7.
> RM web ui for dumping scheduler logs should be for admins only
> --
>
> Key: YARN-3517
> URL: https://issues.apache.org/jira/browse/YARN-3517
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager, security
>Reporter: Varun Vasudev
>Assignee: Varun Vasudev
>Priority: Blocker
> Labels: security
> Attachments: YARN-3517.001.patch, YARN-3517.002.patch,
> YARN-3517.003.patch, YARN-3517.004.patch
>
>
> YARN-3294 allows users to dump scheduler logs from the web UI. This should be
> for admins only.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (YARN-3517) RM web ui for dumping scheduler logs should be for admins only
[ https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Varun Vasudev updated YARN-3517: Affects Version/s: (was: 2.7.0) > RM web ui for dumping scheduler logs should be for admins only > -- > > Key: YARN-3517 > URL: https://issues.apache.org/jira/browse/YARN-3517 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager, security >Reporter: Varun Vasudev >Assignee: Varun Vasudev >Priority: Blocker > Labels: security > Attachments: YARN-3517.001.patch, YARN-3517.002.patch, > YARN-3517.003.patch > > > YARN-3294 allows users to dump scheduler logs from the web UI. This should be > for admins only. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-3517) RM web ui for dumping scheduler logs should be for admins only
[ https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Varun Vasudev updated YARN-3517: Attachment: YARN-3517.003.patch bq. If adminACLsManager.areACLsEnabled() is false, do we need above check? Fixed. bq. Can be changed as "Are you sure to generate" I think the current statement is ok. > RM web ui for dumping scheduler logs should be for admins only > -- > > Key: YARN-3517 > URL: https://issues.apache.org/jira/browse/YARN-3517 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager, security >Affects Versions: 2.7.0 >Reporter: Varun Vasudev >Assignee: Varun Vasudev >Priority: Blocker > Labels: security > Attachments: YARN-3517.001.patch, YARN-3517.002.patch, > YARN-3517.003.patch > > > YARN-3294 allows users to dump scheduler logs from the web UI. This should be > for admins only. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-3517) RM web ui for dumping scheduler logs should be for admins only
[ https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vinod Kumar Vavilapalli updated YARN-3517: -- Priority: Blocker (was: Major) Target Version/s: 2.8.0 This should go into 2.8.0 given YARN-3294 did. > RM web ui for dumping scheduler logs should be for admins only > -- > > Key: YARN-3517 > URL: https://issues.apache.org/jira/browse/YARN-3517 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager, security >Affects Versions: 2.7.0 >Reporter: Varun Vasudev >Assignee: Varun Vasudev >Priority: Blocker > Labels: security > Attachments: YARN-3517.001.patch, YARN-3517.002.patch > > > YARN-3294 allows users to dump scheduler logs from the web UI. This should be > for admins only. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-3517) RM web ui for dumping scheduler logs should be for admins only
[
https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Varun Vasudev updated YARN-3517:
Attachment: YARN-3517.002.patch
Uploaded a new patch to address Thomas's comments.
bq. Could you also change it to not show the button if you aren't an admin?
Fixed.
{quote}
One other thing is could you add some css or something to make it look more
like a button. Right now it just looks like text and I didn't know it was
clickable at first. The placement of it seems a bit weird to me also but as
along as its only showing up for admins that is less of an issue.
{quote}
I've added some style elements to make it look better.
{quote}
I haven't looked at the patch if details but I see we are creating a new
AdminACLsManager each time. It would be nice if we didn't have to do that.
{quote}
Fixed.
> RM web ui for dumping scheduler logs should be for admins only
> --
>
> Key: YARN-3517
> URL: https://issues.apache.org/jira/browse/YARN-3517
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager, security
>Affects Versions: 2.7.0
>Reporter: Varun Vasudev
>Assignee: Varun Vasudev
> Labels: security
> Attachments: YARN-3517.001.patch, YARN-3517.002.patch
>
>
> YARN-3294 allows users to dump scheduler logs from the web UI. This should be
> for admins only.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (YARN-3517) RM web ui for dumping scheduler logs should be for admins only
[ https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Allen Wittenauer updated YARN-3517: --- Labels: security (was: ) > RM web ui for dumping scheduler logs should be for admins only > -- > > Key: YARN-3517 > URL: https://issues.apache.org/jira/browse/YARN-3517 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager, security >Affects Versions: 2.7.0 >Reporter: Varun Vasudev >Assignee: Varun Vasudev > Labels: security > Attachments: YARN-3517.001.patch > > > YARN-3294 allows users to dump scheduler logs from the web UI. This should be > for admins only. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-3517) RM web ui for dumping scheduler logs should be for admins only
[ https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Allen Wittenauer updated YARN-3517: --- Component/s: security > RM web ui for dumping scheduler logs should be for admins only > -- > > Key: YARN-3517 > URL: https://issues.apache.org/jira/browse/YARN-3517 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager, security >Affects Versions: 2.7.0 >Reporter: Varun Vasudev >Assignee: Varun Vasudev > Labels: security > Attachments: YARN-3517.001.patch > > > YARN-3294 allows users to dump scheduler logs from the web UI. This should be > for admins only. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-3517) RM web ui for dumping scheduler logs should be for admins only
[ https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Varun Vasudev updated YARN-3517: Attachment: YARN-3517.001.patch Uploaded patch with fix. > RM web ui for dumping scheduler logs should be for admins only > -- > > Key: YARN-3517 > URL: https://issues.apache.org/jira/browse/YARN-3517 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager >Affects Versions: 2.7.0 >Reporter: Varun Vasudev >Assignee: Varun Vasudev > Attachments: YARN-3517.001.patch > > > YARN-3294 allows users to dump scheduler logs from the web UI. This should be > for admins only. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-3517) RM web ui for dumping scheduler logs should be for admins only
[ https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Varun Vasudev updated YARN-3517: Affects Version/s: 2.7.0 > RM web ui for dumping scheduler logs should be for admins only > -- > > Key: YARN-3517 > URL: https://issues.apache.org/jira/browse/YARN-3517 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager >Affects Versions: 2.7.0 >Reporter: Varun Vasudev >Assignee: Varun Vasudev > > YARN-3294 allows users to dump scheduler logs from the web UI. This should be > for admins only. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
