Thanks Vinod for sharing. On Tue, May 21, 2019 at 12:42 AM Vinod Kumar Vavilapalli <[email protected]> wrote:
> This is an old but known issue. I tried to search for JIRAs where we > discussed this but couldn't easily. > > We have so far only dealt with mistake by well behaved clients, not bad > users/clients. YARN-1545 was filed for some of this, but never reached > fruition. > > It will definitely have an impact if a malicious user does this. You > should be careful of the restart scenario where a client gets the > application-id from the old RM and submits the app to the new RM. If you > decide to fix this, you will need to make changes on YarnClient also to > address that case. > > Thanks > +Vinod > > On May 20, 2019, at 2:31 AM, Prabhu Joseph <[email protected]> > wrote: > > Hi, > > Have observed YARN Cluster Submit Applications API accepts any random > ApplicationId which is not provided by Cluster New Application API. There > is no enforcer to check if the ApplicationId is provided by RM. User can > pass applicationId with different clusterTimestamp, negative > clusterTimestamp, negative Id. Not sure if this will have any impact. But > as per the doc, ApplicationId must be obtained from New Application API. > > Cluster Applications API(Submit Application) > > The Submit Applications API can be used to submit applications. In case of > submitting applications, you must first obtain an application-id using the > Cluster > New Application API > <https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/ResourceManagerRest.html#Cluster_New_Application_API> > . > > Want to check if using random ApplicationIs is an expected behavior and > won't have any impact. > > Thanks, > Prabhu Joseph > > [image: Screen Shot 2019-05-20 at 2.54.17 PM.png] > > >
