[jira] [Updated] (YARN-2894) When ACL's are enabled, if RM switches then application can not be viewed from web.
[ https://issues.apache.org/jira/browse/YARN-2894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vinod Kumar Vavilapalli updated YARN-2894: -- Fix Version/s: 2.6.1 Pulled this into 2.6.1. Ran into a couple of minor import issues in a couple of classes, fixed them. Pushed the patch after running compilation and running the tests TestRMWebServices,TestRMWebServicesApps,TestRMWebServicesAppsModification,TestRMWebServicesCapacitySched,TestRMWebServicesDelegationTokens,TestRMWebServicesFairScheduler,TestRMWebServicesNodeLabels and TestRMWebServicesNodes. > When ACL's are enabled, if RM switches then application can not be viewed > from web. > --- > > Key: YARN-2894 > URL: https://issues.apache.org/jira/browse/YARN-2894 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager >Affects Versions: 2.6.0 >Reporter: Rohith Sharma K S >Assignee: Rohith Sharma K S > Labels: 2.6.1-candidate > Fix For: 2.7.0, 2.6.1 > > Attachments: YARN-2894.1.patch, YARN-2894.patch > > > Binding aclManager to RMWebApp would cause problem if RM is switched. There > could be some validation check may fail. > I think , we should not bind aclManager for RMWebApp, instead we should get > from RM instance. > In RMWebApp, > {code} > if (rm != null) { > bind(ResourceManager.class).toInstance(rm); > bind(RMContext.class).toInstance(rm.getRMContext()); > bind(ApplicationACLsManager.class).toInstance( > rm.getApplicationACLsManager()); > bind(QueueACLsManager.class).toInstance(rm.getQueueACLsManager()); > } > {code} > and in AppBlock#render below check may fail(Need to test and confirm) > {code} >if (callerUGI != null > && !(this.aclsManager.checkAccess(callerUGI, > ApplicationAccessType.VIEW_APP, app.getUser(), appID) || > this.queueACLsManager.checkAccess(callerUGI, > QueueACL.ADMINISTER_QUEUE, app.getQueue( { > puts("You (User " + remoteUser > + ") are not authorized to view application " + appID); > return; > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-2894) When ACL's are enabled, if RM switches then application can not be viewed from web.
[ https://issues.apache.org/jira/browse/YARN-2894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vinod Kumar Vavilapalli updated YARN-2894: -- Labels: 2.6.1-candidate (was: ) > When ACL's are enabled, if RM switches then application can not be viewed > from web. > --- > > Key: YARN-2894 > URL: https://issues.apache.org/jira/browse/YARN-2894 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager >Affects Versions: 2.6.0 >Reporter: Rohith Sharma K S >Assignee: Rohith Sharma K S > Labels: 2.6.1-candidate > Fix For: 2.7.0 > > Attachments: YARN-2894.1.patch, YARN-2894.patch > > > Binding aclManager to RMWebApp would cause problem if RM is switched. There > could be some validation check may fail. > I think , we should not bind aclManager for RMWebApp, instead we should get > from RM instance. > In RMWebApp, > {code} > if (rm != null) { > bind(ResourceManager.class).toInstance(rm); > bind(RMContext.class).toInstance(rm.getRMContext()); > bind(ApplicationACLsManager.class).toInstance( > rm.getApplicationACLsManager()); > bind(QueueACLsManager.class).toInstance(rm.getQueueACLsManager()); > } > {code} > and in AppBlock#render below check may fail(Need to test and confirm) > {code} >if (callerUGI != null > && !(this.aclsManager.checkAccess(callerUGI, > ApplicationAccessType.VIEW_APP, app.getUser(), appID) || > this.queueACLsManager.checkAccess(callerUGI, > QueueACL.ADMINISTER_QUEUE, app.getQueue( { > puts("You (User " + remoteUser > + ") are not authorized to view application " + appID); > return; > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-2894) When ACL's are enabled, if RM switches then application can not be viewed from web.
[ https://issues.apache.org/jira/browse/YARN-2894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rohith updated YARN-2894: - Attachment: YARN-2894.1.patch > When ACL's are enabled, if RM switches then application can not be viewed > from web. > --- > > Key: YARN-2894 > URL: https://issues.apache.org/jira/browse/YARN-2894 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager >Affects Versions: 2.6.0 >Reporter: Rohith >Assignee: Rohith > Fix For: 2.7.0 > > Attachments: YARN-2894.1.patch, YARN-2894.patch > > > Binding aclManager to RMWebApp would cause problem if RM is switched. There > could be some validation check may fail. > I think , we should not bind aclManager for RMWebApp, instead we should get > from RM instance. > In RMWebApp, > {code} > if (rm != null) { > bind(ResourceManager.class).toInstance(rm); > bind(RMContext.class).toInstance(rm.getRMContext()); > bind(ApplicationACLsManager.class).toInstance( > rm.getApplicationACLsManager()); > bind(QueueACLsManager.class).toInstance(rm.getQueueACLsManager()); > } > {code} > and in AppBlock#render below check may fail(Need to test and confirm) > {code} >if (callerUGI != null > && !(this.aclsManager.checkAccess(callerUGI, > ApplicationAccessType.VIEW_APP, app.getUser(), appID) || > this.queueACLsManager.checkAccess(callerUGI, > QueueACL.ADMINISTER_QUEUE, app.getQueue( { > puts("You (User " + remoteUser > + ") are not authorized to view application " + appID); > return; > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-2894) When ACL's are enabled, if RM switches then application can not be viewed from web.
[ https://issues.apache.org/jira/browse/YARN-2894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rohith updated YARN-2894: - Attachment: YARN-2894.patch > When ACL's are enabled, if RM switches then application can not be viewed > from web. > --- > > Key: YARN-2894 > URL: https://issues.apache.org/jira/browse/YARN-2894 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager >Affects Versions: 2.6.0 >Reporter: Rohith >Assignee: Rohith > Fix For: 2.7.0 > > Attachments: YARN-2894.patch > > > Binding aclManager to RMWebApp would cause problem if RM is switched. There > could be some validation check may fail. > I think , we should not bind aclManager for RMWebApp, instead we should get > from RM instance. > In RMWebApp, > {code} > if (rm != null) { > bind(ResourceManager.class).toInstance(rm); > bind(RMContext.class).toInstance(rm.getRMContext()); > bind(ApplicationACLsManager.class).toInstance( > rm.getApplicationACLsManager()); > bind(QueueACLsManager.class).toInstance(rm.getQueueACLsManager()); > } > {code} > and in AppBlock#render below check may fail(Need to test and confirm) > {code} >if (callerUGI != null > && !(this.aclsManager.checkAccess(callerUGI, > ApplicationAccessType.VIEW_APP, app.getUser(), appID) || > this.queueACLsManager.checkAccess(callerUGI, > QueueACL.ADMINISTER_QUEUE, app.getQueue( { > puts("You (User " + remoteUser > + ") are not authorized to view application " + appID); > return; > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-2894) When ACL's are enabled, if RM switches then application can not be viewed from web.
[ https://issues.apache.org/jira/browse/YARN-2894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rohith updated YARN-2894: - Summary: When ACL's are enabled, if RM switches then application can not be viewed from web. (was: Disallow binding of aclManagers while starting RMWebApp) I updated summary as per defect description. > When ACL's are enabled, if RM switches then application can not be viewed > from web. > --- > > Key: YARN-2894 > URL: https://issues.apache.org/jira/browse/YARN-2894 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager >Affects Versions: 2.6.0 >Reporter: Rohith >Assignee: Rohith > Fix For: 2.7.0 > > > Binding aclManager to RMWebApp would cause problem if RM is switched. There > could be some validation check may fail. > I think , we should not bind aclManager for RMWebApp, instead we should get > from RM instance. > In RMWebApp, > {code} > if (rm != null) { > bind(ResourceManager.class).toInstance(rm); > bind(RMContext.class).toInstance(rm.getRMContext()); > bind(ApplicationACLsManager.class).toInstance( > rm.getApplicationACLsManager()); > bind(QueueACLsManager.class).toInstance(rm.getQueueACLsManager()); > } > {code} > and in AppBlock#render below check may fail(Need to test and confirm) > {code} >if (callerUGI != null > && !(this.aclsManager.checkAccess(callerUGI, > ApplicationAccessType.VIEW_APP, app.getUser(), appID) || > this.queueACLsManager.checkAccess(callerUGI, > QueueACL.ADMINISTER_QUEUE, app.getQueue( { > puts("You (User " + remoteUser > + ") are not authorized to view application " + appID); > return; > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)