[jira] [Commented] (YARN-8028) Support authorizeUserAccessToQueue in RMWebServices

Fri, 16 Mar 2018 10:25:23 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-8028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16402222#comment-16402222
 ] 

Sunil G commented on YARN-8028:
-------------------------------

Approach looks fine.

Some minor ones.
 # Unused imports in RMWebServiceProtocol
 # In many cases in RMWebServices, when we get AccessControlException,  
FORBIDDEN is used. I think its correct when compared to BadRequest
 # Inline with Bibins thought, RMWebService api is common to all schedulers. I 
can see we use scheduler specific code in other places like below already. 
Could we reuse this like 
*queueACLsManager.checkAccess(callerUGI,QueueACL.SUBMIT_APPLICATIONS, 
application, Server.getRemoteAddress(), null, targetQueue)*
 

{code:java}
    if (scheduler instanceof CapacityScheduler) {

      CSQueue queue = ((CapacityScheduler) scheduler).getQueue(targetQueue);

      if (queue == null) {

        LOG.warn("Target queue " + targetQueue

            + " does not exist while trying to move "

            + app.getApplicationId());

        return false;

      }

      return authorizer.checkPermission(

          new AccessRequest(queue.getPrivilegedEntity(), callerUGI,

              SchedulerUtils.toAccessType(acl),

              app.getApplicationId().toString(), app.getName(),

              remoteAddress, forwardedAddresses));

    } else if (scheduler instanceof FairScheduler) {

      FSQueue queue = ((FairScheduler) scheduler).getQueueManager().

          getQueue(targetQueue);

      if (queue == null) {

        LOG.warn("Target queue " + targetQueue

            + " does not exist while trying to move "

            + app.getApplicationId());

        return false;

      }

      return scheduler.checkAccess(callerUGI, acl, targetQueue);

    }{code}

> Support authorizeUserAccessToQueue in RMWebServices
> ---------------------------------------------------
>
>                 Key: YARN-8028
>                 URL: https://issues.apache.org/jira/browse/YARN-8028
>             Project: Hadoop YARN
>          Issue Type: Improvement
>            Reporter: Wangda Tan
>            Assignee: Wangda Tan
>            Priority: Major
>         Attachments: YARN-8028.001.patch
>
>
> Currently we have {{QueueUserACLInfo}} in ApplicationClient, we should 
> support similar API in REST API.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to