[ https://issues.apache.org/jira/browse/YARN-2446?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Zhijie Shen updated YARN-2446: ------------------------------ Attachment: YARN-2446.1.patch This patch makes use of the namespace to control the user's access to the entities belonging to it. The system is going to have a default namespace, which allows every body to read and write entities. If the user doesn't specify the namespace id when putting an entity, it will be put into the default one. One thing it worth mentioning that the patch doesn't cover the part of entity identifier <type, id> isolation. In the initial proposal, we plan to allow the same entity identifier in different namespace. However, it will require fully refurnishing the current key space in leveldb timeline store, which makes the assumption <type, id> is unique globally. Moreover, the APIs need to be changed according. For example, getEntity is likely to return multiple entities of the same identifier unless we provide one more namespace param. On the other side, as the authenticated user in YARN cluster should be reasonable on creating the entity and its identifier, such that it's rare case of identifier collision unless the attacker intentionally does it. So we decided to postpone the identifier collision avoidance until some use case really wants it. > Using TimelineNamespace to shield the entities of a user > -------------------------------------------------------- > > Key: YARN-2446 > URL: https://issues.apache.org/jira/browse/YARN-2446 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelineserver > Reporter: Zhijie Shen > Assignee: Zhijie Shen > Attachments: YARN-2446.1.patch > > > Given YARN-2102 adds TimelineNamespace, we can make use of it to shield the > entities, preventing them from being accessed or affected by other users' > operations. -- This message was sent by Atlassian JIRA (v6.2#6252)