[ https://issues.apache.org/jira/browse/YARN-8455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16523982#comment-16523982 ]
Sunil Govindan commented on YARN-8455: -------------------------------------- I think this is the first step towards reaching to a complete ACL story in ATSv2. Its better to be more stricter in first place by allowing only flow/app owners to see its own entities and admins could see all. Once the pure ACL story in place, this could be made relaxed and make it similar or more than YARN acl manager. Some very minor comments 1. *checkAccess* could return a boolean and used in below place. {code:java} 616 if (context.getUserId() != null) { 617 // TODO to be removed or modified once ACL story is played 618 checkAccess(timelineReaderManager, callerUGI, context.getUserId()); 619 checkAccess = true; 620 }{code} 2. Some repeated code in side condition could be made outside *String uid* {code:java} 634 if (TimelineEntityType.YARN_APPLICATION.matches(entityType)) { 635 String uid = 636 (String) entity.getInfo().get(TimelineReaderUtils.UID_KEY); 637 timelineReaderContext = 638 TimelineUIDConverter.APPLICATION_UID.decodeUID(uid); 639 } else { 640 String uid = 641 (String) entity.getInfo().get(TimelineReaderUtils.UID_KEY); 642 timelineReaderContext = 643 TimelineUIDConverter.GENERIC_ENTITY_UID.decodeUID(uid); 644 }{code} > Add basic acl check for all TS v2 REST APIs > ------------------------------------------- > > Key: YARN-8455 > URL: https://issues.apache.org/jira/browse/YARN-8455 > Project: Hadoop YARN > Issue Type: Bug > Reporter: Rohith Sharma K S > Assignee: Rohith Sharma K S > Priority: Major > Attachments: YARN-8455.001.patch > > > YARN-8319 filter check for flows pages. The same behavior need to be added > for all other REST API as long as ATS provides support for ACLs -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org