This is an old but known issue. I tried to search for JIRAs where we discussed this but couldn't easily.
We have so far only dealt with mistake by well behaved clients, not bad users/clients. YARN-1545 was filed for some of this, but never reached fruition. It will definitely have an impact if a malicious user does this. You should be careful of the restart scenario where a client gets the application-id from the old RM and submits the app to the new RM. If you decide to fix this, you will need to make changes on YarnClient also to address that case. Thanks +Vinod > On May 20, 2019, at 2:31 AM, Prabhu Joseph <[email protected]> wrote: > > Hi, > > Have observed YARN Cluster Submit Applications API accepts any random > ApplicationId which is not provided by Cluster New Application API. There is > no enforcer to check if the ApplicationId is provided by RM. User can pass > applicationId with different clusterTimestamp, negative clusterTimestamp, > negative Id. Not sure if this will have any impact. But as per the doc, > ApplicationId must be obtained from New Application API. > > Cluster Applications API(Submit Application) > > The Submit Applications API can be used to submit applications. In case of > submitting applications, you must first obtain an application-id using the > Cluster New Application API > <https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/ResourceManagerRest.html#Cluster_New_Application_API>. > > > Want to check if using random ApplicationIs is an expected behavior and won't > have any impact. > > Thanks, > Prabhu Joseph > >
