[jira] [Commented] (YARN-8455) Add basic acl check for all TS v2 REST APIs

Tue, 26 Jun 2018 10:03:28 -0700 


    [ 
https://issues.apache.org/jira/browse/YARN-8455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16523982#comment-16523982
 ] 

Sunil Govindan commented on YARN-8455:
--------------------------------------

I think this is the first step towards reaching to a complete ACL story in 
ATSv2. Its better to be more stricter in first place by allowing only flow/app 
owners  to see its own entities and admins could see all. Once the pure ACL 
story in place, this could be made relaxed and make it similar or more than 
YARN acl manager.

Some very minor comments

1. *checkAccess* could return a boolean and used in below place.
{code:java}
616     if (context.getUserId() != null) {
617     // TODO to be removed or modified once ACL story is played
618     checkAccess(timelineReaderManager, callerUGI, context.getUserId());
619     checkAccess = true;
620     }{code}
2. Some repeated code in side condition could be made outside 

*String uid*
{code:java}
634     if (TimelineEntityType.YARN_APPLICATION.matches(entityType)) {
635     String uid =
636     (String) entity.getInfo().get(TimelineReaderUtils.UID_KEY);
637     timelineReaderContext =
638     TimelineUIDConverter.APPLICATION_UID.decodeUID(uid);
639     } else {
640     String uid =
641     (String) entity.getInfo().get(TimelineReaderUtils.UID_KEY);
642     timelineReaderContext =
643     TimelineUIDConverter.GENERIC_ENTITY_UID.decodeUID(uid);
644     }{code}
 

> Add basic acl check for all TS v2 REST APIs
> -------------------------------------------
>
>                 Key: YARN-8455
>                 URL: https://issues.apache.org/jira/browse/YARN-8455
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: Rohith Sharma K S
>            Assignee: Rohith Sharma K S
>            Priority: Major
>         Attachments: YARN-8455.001.patch
>
>
> YARN-8319 filter check for flows pages. The same behavior need to be added 
> for all other REST API as long as ATS provides support for ACLs



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to