[
https://issues.apache.org/jira/browse/YARN-7982?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16904859#comment-16904859
]
Abhishek Modi commented on YARN-7982:
-------------------------------------
Thanks [~Prabhu Joseph] for the patch.
Some comments:
In TimelineReaderManager.java, I think we should still create a new context
while calling getEntityTypes to make sure that existing context is not modified.
In FilesystemTimelineReaderImpl, why do we need to set userId explicitly. In
line just above, we are calling context.getUserId.
> Do ACLs check while retrieving entity-types per application
> -----------------------------------------------------------
>
> Key: YARN-7982
> URL: https://issues.apache.org/jira/browse/YARN-7982
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Rohith Sharma K S
> Assignee: Prabhu Joseph
> Priority: Major
> Attachments: YARN-7982-001.patch, YARN-7982-002.patch,
> YARN-7982-003.patch
>
>
> REST end point {{/apps/$appid/entity-types}} retrieves all the entity-types
> for given application. This need to be guarded with ACL check
> {code}
> [yarn@yarn-ats-3 ~]$ curl
> "http://yarn-ats-3:8198/ws/v2/timeline/apps/application_1552297011473_0002?user.name=ambari-qa1";
> {"exception":"ForbiddenException","message":"java.lang.Exception: User
> ambari-qa1 is not allowed to read TimelineService V2
> data.","javaClassName":"org.apache.hadoop.yarn.webapp.ForbiddenException"}
> [yarn@yarn-ats-3 ~]$ curl
> "http://yarn-ats-3:8198/ws/v2/timeline/apps/application_1552297011473_0002/entity-types?user.name=ambari-qa1";
> ["YARN_APPLICATION_ATTEMPT","YARN_CONTAINER"]
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
