[jira] [Commented] (YARN-3401) [Data Model] users should not be able to create a generic TimelineEntity and associate arbitrary type
[ https://issues.apache.org/jira/browse/YARN-3401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14385992#comment-14385992 ] Zhijie Shen commented on YARN-3401: --- IMHO, I think we can use ACL to control users' access to certain resources, but I agree with Junping that we can come back to this issue after we have timeline service v2 functionality work done. > [Data Model] users should not be able to create a generic TimelineEntity and > associate arbitrary type > - > > Key: YARN-3401 > URL: https://issues.apache.org/jira/browse/YARN-3401 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelineserver >Reporter: Sangjin Lee >Assignee: Naganarasimha G R > > IIUC it is possible for users to create a generic TimelineEntity and set an > arbitrary entity type. For example, for a YARN app, the right entity API is > ApplicationEntity. However, today nothing stops users from instantiating a > base TimelineEntity class and set the application type on it. This presents a > problem in handling these YARN system entities in the storage layer for > example. > We need to ensure that the API allows only the right type of the class to be > created for a given entity type. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3401) [Data Model] users should not be able to create a generic TimelineEntity and associate arbitrary type
[ https://issues.apache.org/jira/browse/YARN-3401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14382794#comment-14382794 ] Junping Du commented on YARN-3401: -- [~sjlee0] and [~Naganarasimha], I think this belongs to prevent of malicious behaviors. I would suggest to get back to this until we are discussing support of YARN Security in TimelineService which shouldn't happen very soon. Just filed YARN-3402 to track security issue for new timeline service. > [Data Model] users should not be able to create a generic TimelineEntity and > associate arbitrary type > - > > Key: YARN-3401 > URL: https://issues.apache.org/jira/browse/YARN-3401 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelineserver >Reporter: Sangjin Lee >Assignee: Naganarasimha G R > > IIUC it is possible for users to create a generic TimelineEntity and set an > arbitrary entity type. For example, for a YARN app, the right entity API is > ApplicationEntity. However, today nothing stops users from instantiating a > base TimelineEntity class and set the application type on it. This presents a > problem in handling these YARN system entities in the storage layer for > example. > We need to ensure that the API allows only the right type of the class to be > created for a given entity type. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3401) [Data Model] users should not be able to create a generic TimelineEntity and associate arbitrary type
[ https://issues.apache.org/jira/browse/YARN-3401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14382575#comment-14382575 ] Sangjin Lee commented on YARN-3401: --- Thanks for reminding me of that discussion. Yes, we definitely discussed that, and we said that only YARN daemons are allowed to post system entities. If any non-YARN daemons (e.g. AMs, clients, tasks, etc.) try to post YARN system entities they would be rejected. That said, they can still refer to a YARN system entity. For example, if you're an MR AM then you might refer to the container id to post metrics for the container in which your tasks are running. So we need to be precise exactly what is disallowed. bq. if so if we add a check @ Timelineclient will it impact NM from posting container metrics & entities ? NM is a YARN daemon, so it should be able to post container metrics and entities with no issues. > [Data Model] users should not be able to create a generic TimelineEntity and > associate arbitrary type > - > > Key: YARN-3401 > URL: https://issues.apache.org/jira/browse/YARN-3401 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelineserver >Reporter: Sangjin Lee >Assignee: Naganarasimha G R > > IIUC it is possible for users to create a generic TimelineEntity and set an > arbitrary entity type. For example, for a YARN app, the right entity API is > ApplicationEntity. However, today nothing stops users from instantiating a > base TimelineEntity class and set the application type on it. This presents a > problem in handling these YARN system entities in the storage layer for > example. > We need to ensure that the API allows only the right type of the class to be > created for a given entity type. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3401) [Data Model] users should not be able to create a generic TimelineEntity and associate arbitrary type
[ https://issues.apache.org/jira/browse/YARN-3401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14382412#comment-14382412 ] Naganarasimha G R commented on YARN-3401: - Hi [~sjlee0], IIRC as part of the doc or some jira discussion we discussed that only RM/NM should be able to send the YARN system entities and other clients should not be able to send, right ? do we need to completely block it ? if so if we add a check @ Timelineclient will it impact NM from posting container metrics & entities ? > [Data Model] users should not be able to create a generic TimelineEntity and > associate arbitrary type > - > > Key: YARN-3401 > URL: https://issues.apache.org/jira/browse/YARN-3401 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelineserver >Reporter: Sangjin Lee >Assignee: Naganarasimha G R > > IIUC it is possible for users to create a generic TimelineEntity and set an > arbitrary entity type. For example, for a YARN app, the right entity API is > ApplicationEntity. However, today nothing stops users from instantiating a > base TimelineEntity class and set the application type on it. This presents a > problem in handling these YARN system entities in the storage layer for > example. > We need to ensure that the API allows only the right type of the class to be > created for a given entity type. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3401) [Data Model] users should not be able to create a generic TimelineEntity and associate arbitrary type
[ https://issues.apache.org/jira/browse/YARN-3401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14382406#comment-14382406 ] Junping Du commented on YARN-3401: -- We also need to make sure compatibility between old version application and new version timeline service. Typically, it won't be the case. But just put here as a reminder. > [Data Model] users should not be able to create a generic TimelineEntity and > associate arbitrary type > - > > Key: YARN-3401 > URL: https://issues.apache.org/jira/browse/YARN-3401 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelineserver >Reporter: Sangjin Lee >Assignee: Naganarasimha G R > > IIUC it is possible for users to create a generic TimelineEntity and set an > arbitrary entity type. For example, for a YARN app, the right entity API is > ApplicationEntity. However, today nothing stops users from instantiating a > base TimelineEntity class and set the application type on it. This presents a > problem in handling these YARN system entities in the storage layer for > example. > We need to ensure that the API allows only the right type of the class to be > created for a given entity type. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
