[ 
https://issues.apache.org/jira/browse/YARN-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16509288#comment-16509288
 ] 

Sunil Govindan commented on YARN-8415:
--------------------------------------

Thanks [~suma.shivaprasad] 

Overall patch looks fine. Few minor nits

1.  {{throw new YarnException (callerUGI, }} Instead of printing callerUGI, its 
better to print callerUGI.getShortUserName(). Other wise it will be verbose.

2. Could we add a test for this?

> TimelineWebServices.getEntity should throw a ForbiddenException(403) instead 
> of 404 when ACL checks fail
> --------------------------------------------------------------------------------------------------------
>
>                 Key: YARN-8415
>                 URL: https://issues.apache.org/jira/browse/YARN-8415
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: Suma Shivaprasad
>            Assignee: Suma Shivaprasad
>            Priority: Major
>         Attachments: YARN-8415.1.patch, YARN-8415.2.patch
>
>
> {noformat}
> private TimelineEntity doGetEntity(
>       String entityType,
>       String entityId,
>       EnumSet<Field> fields,
>       UserGroupInformation callerUGI) throws YarnException, IOException {
>     TimelineEntity entity = null;
>     entity =
>         store.getEntity(entityId, entityType, fields);
>     if (entity != null) {
>       addDefaultDomainIdIfAbsent(entity);
>       // check ACLs
>       if (!timelineACLsManager.checkAccess(
>           callerUGI, ApplicationAccessType.VIEW_APP, entity)) {
>           entity = null;   //Should differentiate from an entity get failure 
> vs ACL check failure here by throwing an Exception.*
>       }
>     }
>     return entity;
>   }
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to