Bence Kosztolnik created YARN-11937:
---------------------------------------
Summary: Forward hadoop-jwt with YARN proxy
Key: YARN-11937
URL: https://issues.apache.org/jira/browse/YARN-11937
Project: Hadoop YARN
Issue Type: Improvement
Components: yarn
Affects Versions: 3.5.0
Reporter: Bence Kosztolnik
Assignee: Bence Kosztolnik
YARN web proxy not forwards hadoop-jwt token.
So if we
- have a YARN application (lets say spark)
- and we check the RM UI2 via KNOX proxy
- and we click the +ApplicationMaster+ link on the application page of the
spark app
The browser will be forwarded to the SparkAM ui
for example: /gateway/cdp-proxy/yarnuiv2/proxy/application_1771935206205_0001/
SparkAM wont receive the hadoop-jwt cookie, so will ask user to login.
Instead of this if we can pass the jwt cookie for the AM so the user can see
the AM UI after login state, and wont need to login again.
Security NOTE:
If user clicks on a non trusted application AM UI then the jwt token may leak,
but i dont think that is a valid case that non trusted application is running
on a cluster.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
