[
https://issues.apache.org/jira/browse/YARN-8028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16401663#comment-16401663
]
Bibin A Chundatt commented on YARN-8028:
----------------------------------------
[~leftnoteasy]
{code}
2544 return Response.status(Status.BAD_REQUEST).entity(
2545 "Specified queueAclType=" + queueAclType
2546 + " is not a valid type, valid queue acl types={"
2547 + "SUBMIT_APPLICATIONS/ADMINISTER_QUEUE}").build();
{code}
# Can we use {{BadRequestException}}
{code}
2568 return Response.status(Status.FORBIDDEN).entity(
2569 "User=" + username + " doesn't have access to queue=" + queue
2570 + " with acl-type=" + queueAclType).build();
{code}
# {{ForbiddenException}} can be used
{code}
2535 LOG.debug("Check user=" + username + " has access to queue=" +
queue
2536 + " ACL_TYPE=" + queueAclType);
{code}
# I think we shouldnt directly log the params inputs this could cause *log
forging*
# Thoughts on allowing all queue rights similar to {{getQueueUserAcls}} this
would allow in different services to cache acl. In addition we should have
notification framework when queue is refreshed.
# One improvement could be instead be instead of querying scheduler we could
use {{YarnAuthorizationProvider}} so that we don't lock scheduler YARN-6727.
thoughts??
> Support authorizeUserAccessToQueue in RMWebServices
> ---------------------------------------------------
>
> Key: YARN-8028
> URL: https://issues.apache.org/jira/browse/YARN-8028
> Project: Hadoop YARN
> Issue Type: Improvement
> Reporter: Wangda Tan
> Assignee: Wangda Tan
> Priority: Major
> Attachments: YARN-8028.001.patch
>
>
> Currently we have {{QueueUserACLInfo}} in ApplicationClient, we should
> support similar API in REST API.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
