Beibei Zhao created YARN-11382:
----------------------------------
Summary: ClientRMService forget to record some audit logs after
accessCheck
Key: YARN-11382
URL: https://issues.apache.org/jira/browse/YARN-11382
Project: Hadoop YARN
Issue Type: Bug
Components: api, RM
Affects Versions: 3.3.4
Reporter: Beibei Zhao
ClientRMService forget to record some audit logs after accessCheck and just
throw an YarnException("User does not have privilege to do something……").
Here is an example in method "getContainers":
{code:java}
@Override public GetContainersResponse getContainers(GetContainersRequest
request)
throws YarnException, IOException {
......
boolean allowAccess = checkAccess(callerUGI, application.getUser(),
ApplicationAccessType.VIEW_APP, application);
GetContainersResponse response = null;
if (allowAccess) {
......
// a logSuccess should be called here.
} else {
// a logFailure should be called here.
throw new YarnException("User " + callerUGI.getShortUserName() + " does
not have privilege to see this application " + appId);
}
return response;
}{code}
And other methods(e.g. signalToContainer) in this class logSuccess or
logFailure after accessCheck.
I think the requests from users are very critical for auditing and audit logs
should be recorded here.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
